FEFreeExamDumps.in

SC-300 Practice Questions — Page 16

Question 151

Open question ↗

You have an Azure subscription named Sub1.

You plan to use Microsoft Entra Permissions Management to manage Sub1.

You need to ensure that Permissions Management can perform the following tasks:

• Identify unused permissions assigned to applications and managed identities.

• Provide users with recommendations about which permissions to remove.

• Remove unused permissions.

The solution must follow the principle of least privilege.

Which role should you assign to the service principal of Permissions Management, and what should you use to provide recommendations and remove unused permissions? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 151

Question 152

Open question ↗

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2. The subscription contains the users shown in the following table.

You create the following Conditional Access policies:

• Name: Policy1

• Users:

o Include: Group1

o Exclude: Group2

• Target resources:

o Include: All cloud apps

• Grant:

o Grant access: Require multi-factor authentication

• Session:

o Persistent browser session: Never persistent

• Name: Policy2

• Users:

o Include:

- Directory roles: Global Administrator

- Users and groups: User3

o Exclude: Group2

• Target resources:

o Include: All cloud apps

• Session:

o Sign-in frequency:

- Periodic authentication: 2 hours

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 152

Question 153

Open question ↗

You have a Microsoft 365 E5 subscription that contains a Microsoft Teams team named Team1 and two Microsoft 365 groups named Group1 and Group2. The subscription contains the users shown in the following table.

You create an access package that has the following settings:

• Name: Package1

• Resource roles:

o Team1: Owner

• Users who can request access: For users in your directory

o Specific Users and Groups: Group1

• Require approval: Yes

o Require requestor justification: No

o How many stages: 1

o First Approver: Team1, User3

o Require approver justification: Yes

• Enable new requests: Yes

• Expiration:

o Access package assignments expire: 7 days

o Users can request specific timeline: Yes

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 153

Question 154

Open question ↗

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and a Microsoft Teams team named Team1. The subscription contains five security groups named Group1, Group2, Group3, Group4, and Group5.

You need to implement access packages for Site1 and Team1. The solution must meet the following requirements:

• Members of Group3 must be able to request access to Site1 only.

• Members of Group1 must be able to request access to Site1 and Team1.

• Members of Group4 must be able to request access to Site1 and Team1.

• Only members of Group2 must be able to approve access package requests from Group1 members.

• Only members of Groups must be able to approve access package requests from Group3 and Group4 members.

What h the minimum number of access packages you should create?

  • A.2
  • B.3
  • C.4
  • D.5

Question 155

Open question ↗

You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps.

You have multiple third-party apps that access the resources in the subscription.

You need to monitor the access of the third-party apps.

What should you create?

  • A.an access policy
  • B.an app permission policy
  • C.an OAuth app policy
  • D.an endpoint protection policy

Question 156

Open question ↗

You have a Microsoft 365 E5 subscription.

You need to be able to create a Microsoft Defender for Cloud Apps session policy.

What should you do first?

  • A.From the Microsoft 365 Defender portal, select User monitoring.
  • B.From the Microsoft 365 Defender portal, select App onboarding/maintenance.
  • C.From the Microsoft Entra admin center, create a Conditional Access policy.
  • D.From the Microsoft 365 Defender portal, create a continuous report.

Question 157

Open question ↗

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs user accounts with a Microsoft 365 E5 subscription.

You need to ensure that on-premises account lockout policies are applied to Microsoft Entra sign-ins.

What should you configure?

  • A.Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO)
  • B.Microsoft Entra Cloud Sync
  • C.password hash synchronization
  • D.pass-through authentication

Question 158

Open question ↗

You have a Microsoft 365 tenant.

All users have mobile phones and Windows 10 laptops.

The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.

You plan to implement multi-factor authentication (MFA).

Which MFA authentication method can the users use from the remote location?

  • A.Windows Hello for Business
  • B.an app password
  • C.a notification through the Microsoft Authenticator app
  • D.security questions

Question 159

Open question ↗

You have an Azure subscription named Sub1 that contains two resource groups named RG1 and RG2. Sub1 contains the users shown in the following table.

Sub1 contains the resources shown in the following table.

You create the role-based access control (RBAQ role assignments shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 159

Question 160

Open question ↗

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.

The subscription contains a Conditional Access policy that has the following settings:

• Name: Policy1

• Assignments

o Include

- Users and Groups: Group1

- Directory roles: Global Administrator

o Exclude

- Users and Groups: Group2

o Target resources

- Include

- All cloud apps

- Access controls

- Grant

- Require multifactor authentication

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 160