SC-300 Practice Questions — Page 17

Question 161

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1 that runs Windows Server and hosts a shared folder named Share1. The domain contains 500 devices that run Windows 11.

You have a Microsoft 365 E5 subscription that syncs with the domain.

From Global Secure Access, you enable the Private access profile and deploy the Global Secure Access client to all the devices.

You need to ensure that the devices can connect to Share1 remotely by using Global Secure Access.

Which three actions should you perform in sequence? To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question 162

Open question ↗

You have a Microsoft 365 subscription.

You have an Azure subscription that contains an Azure App Service web app named App1.

You have multiple devices that run Windows and are enrolled in Microsoft Intune.

You deploy the Global Secure Access client to the devices by using Intune.

You need to configure private access to App1.

What should you do next?

A.Create a remote network.
B.Configure a traffic forwarding profile.
C.Deploy a private network connector.
D.Create an application security group.

Question 163

Open question ↗

You have a Microsoft 365 subscription.

You configure a Global Secure Access security profile named SecurityProfile1.

You need to create a Conditional Access policy named CAPolicy1 that will use SecurityProfile1.

Which two settings should you configure to ensure that CAPolicy1 uses SecurityProfile1? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Question 164

Open question ↗

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains two Azure key vaults named KV1 and KV2 that use Azure role-based access control (Azure RBAC).

The subscription contains the users shown in the following table.

KV1 contains a secret named Secret1. KV2 contains a secret named Secret2.

Which users can read the values of each secret? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 165

Open question ↗

You have a Microsoft 365 E5 subscription that has a Conditional Access policy named Policy1.

You need to perform the following actions:

• Create a Conditional Access App Control custom policy named Custom1.

• Configure Policy1 to use Custom1.

What should you use to create Custom1, and in which settings of Policy1 should you enable Conditional Access App Control? To answer, select the appropriate options in the answer area,

NOTE: Each correct selection is worth one point.

Question 166

Open question ↗

You have multiple on-premises devices that run either Windows or Linux.

You have a Microsoft 365 E5 subscription.

You configure Microsoft Entra Internet Access.

You need to ensure that all the on-premises devices access the internet by using Global Secure Access.

What should you do in the Microsoft Entra admin center?

A.Create a remote network.
B.Create a named location.
C.Create an access package.
D.Deploy the Global Secure Access client.

Question 167

Open question ↗

You have a Microsoft 365 subscription that contains three users named User1, User2, and User3 and an enterprise app named App1. The subscription contains the devices shown in the following table.

The subscription contains the groups shown in the following table.

You create two Conditional Access policies that have the following settings:

• Name: Policy1

• Users:

o Include: Group1

o Exclude: Group3

• Target resources:

o Include: All resources

• Access controls: Block access

• Name: Policy2

• Users:

o Include: Group2

• Target resources:

o Include: App1

• Access controls:

o Grant access: Require device to be marked as compliant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 168

Open question ↗

You have a Microsoft 365 E5 subscription that contains three groups named Group1, Group2, and Group3, and the users shown in the following table.

You create a Conditional Access policy named CA1 that has the following settings:

• Users

o Include

- Users and groups: Group1

o Exclude

- Users and groups: Group2

- Directory roles: Global Administrator

o Target resources

- Include: All cloud apps

o Access controls

- Grant: Require multifactor authentication

You create a Conditional Access policy named CA2 that has the following settings:

• Users

o Include

- Users and groups: Group2

o Exclude

- Users and groups: Group3

o Target resources

- Include: All cloud apps

o Access controls

- Grant: Block access

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 169

Open question ↗

You have a Microsoft 365 E5 subscription.

You need to ensure that users can only access resources in the subscription from a device that has the Global Secure Access client connected.

What should you do first?

A.Enable Global Secure Access signaling.
B.Enable tagging to enforce tenant restrictions.
C.Create a named location.
D.Create a remote network.

Question 170

Open question ↗

You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant contains three users named User1, User2 and User3.

You have the devices shown in the following table.

You deploy a virtual machine that has the following configurations:

• Name: VM1

• Resource group: RG1

• Operating system: Windows Server

• Login with Microsoft Entra ID: Enabled

You have the Azure role assignments shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.