SC-300 Practice Questions — Page 14

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.

The users have the devices shown in the following table.

You create the following two Conditional Access policies:

• Name: CAPolicy1

• Assignments

o Users or workload identities: Group1

o Cloud apps or actions: Office 365 SharePoint Online

o Conditions

Filter for devices: Exclude filtered devices from the policy

Rule syntax: device.displayName -startsWith “Device”

o Access controls

Grant: Block access

Session: 0 controls selected

o Enable policy: On

• Name: CAPolicy2

• Assignments

o Users or workload identities: Group2

o Cloud apps or actions: Office 365 SharePoint Online

o Conditions: 0 conditions selected

• Access controls

o Grant: Grant access

Require multifactor authentication

o Session: 0 controls selected

• Enable policy: On

All users confirm that they can successfully authenticate using MFA.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3 and a Microsoft SharePoint Online site named Site1.

The subscription contains the devices shown in the following table.

The users sign in to the devices as shown in the following table.

You have a Conditional Access policy that has the following settings:

• Name: CA1

• Assignments

o Users and groups: User1, User2, User3

o Cloud apps or actions: SharePoint - Site1

• Access controls

o Session: Use app enforced restrictions

From the SharePoint admin center, you configure Access control for unmanaged devices to allow limited, web-only access.

Which users will have full access to Site1?

You have an Azure subscription that is linked to an Azure AD tenant named contoso.com. The subscription contains a group named Group1 and a virtual machine named VM1.

You need to meet the following requirements:

• Enable a system-assigned managed identity for VM1.

• Add VM1 to Group1.

How should you complete the PowerShell script? To answer, drag the appropriate cmdlets to the correct targets. Each cmdlet may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You have an Azure AD tenant.

You deploy a new enterprise application named App1.

When users attempt to provide App1 with access to the tenant, the attempt fails.

You need to ensure that the users can request admin consent for App1. The solution must follow the principle of least privilege.

What should you do first?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

You need to block the users automatically when they report an MFA request that they did not initiate.

Solution: From the Azure Active Directory admin center, you configure the Block/unblock users settings for multi-factor authentication (MFA).

Does this meet the goal?

You have a Microsoft Entra tenant that contains the users shown in the following table.

You have a user risk policy that has the following settings:

• Assignments:

o Include: Group1

o Exclude: Group2

• Sign-in risk: Medium and above

• Access controls:

o Grant access: Require password change

When the users attempt to sign in, user risk levels are detected as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a resource group named RG1 and four users named User1, User2, User3, and User4.

You plan to assign the users the following roles for RG1:

• User1: Reader

• User2: Contributor

• User3: Storage Blob Data Reader

• User4: Virtual Machine Contributor

You are evaluating the use of attribute-based access control (ABAC).

Which user's role will support the use of ABAC?