What Highest Quality SC-300 Test Is

NEW QUESTION 1

You need to meet the authentication requirements for leaked credentials. What should you do?

• A. Enable federation with PingFederate in Azure AD Connect.
• B. Configure Azure AD Password Protection.
• C. Enable password hash synchronization in Azure AD Connect.
• D. Configure an authentication method policy in Azure AD.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity

NEW QUESTION 2

You have an Azure Active Directory (Azure AD) tenant. You open the risk detections report.
Which risk detection type is classified as a user risk?

• A. impossible travel
• B. anonymous IP address
• C. atypical travel
• D. leaked credentials

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks

NEW QUESTION 3

You have a Microsoft 365 tenant.
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.
What should you configure?

• A. an access policy in Microsoft Cloud App Security.
• B. Terms and conditions in Microsoft Endpoint Manager.
• C. a conditional access policy in Azure AD
• D. a compliance policy in Microsoft Endpoint Manager

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use

NEW QUESTION 4

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

• A. Expire eligible assignments afterfrom the Role settings details
• B. Expire active assignments afterfrom the Role settings details
• C. Assignment type toActive
• D. Assignment type toEligible

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 5

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure monitor, you create a data collection rule.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click theExhibittab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You modify the properties of the IT administrator user accounts. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Reference:
D18912E1457D5D1DDCBD40AB3BF70D5D
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 7

You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.
You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.
You need to download the Azure AD log that contains conditional access policy data. What should you export from Azure AD?

• A. sign-ins in JSON format
• B. sign-ins in CSV format
• C. audit logs in JSON format
• D. audit logs in CSV format

Answer: C

NEW QUESTION 8

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group
Scope: Everyone
Group: Group1
Reviewers: Members (self)
Which users can perform access reviews for User3?

• A. User1, User2, and User3
• B. User3 only
• C. User1 only
• D. User1 and User2 only

Answer: B

NEW QUESTION 9

You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

NEW QUESTION 10

You have a Microsoft 365 tenant.
You need to identify users who have leaked credentials. The solution must meet the following requirements.
• Identity sign-Ins by users who ate suspected of having leaked credentials.
• Rag the sign-ins as a high risk event.
• Immediately enforce a control to mitigate the risk, while still allowing the user to access applications. What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 11

You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative
users. The solution must use the principle of least privilege. Which role should you assign to SecAdmin1?

• A. Authentication administrator
• B. Helpdesk administrator
• C. Privileged authentication administrator
• D. Security operator

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

NEW QUESTION 12

You need to configure the detection of multi staged attacks to meet the monitoring requirements. What should you do?

• A. Customize the Azure Sentinel rule logic.
• B. Create a workbook.
• C. Add an Azure Sentinel playbook.
• D. Add Azure Sentinel data connectors.

Answer: D

NEW QUESTION 13

You have a Microsoft 365 tenant.
Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD).
You need to receive an alert if a registered application gains read and write access to the users’ email. What should you do? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/app-permission-policy

NEW QUESTION 14

You have a Microsoft 36S tenant.
You create a named location named HighRiskCountries that contains a list of high-risk countries.
You need to limit the amount of time a user can stay authenticated when connecting from a high-risk country. What should you configure in a conditional access policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 15

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

• A. User1 only
• B. User1 and Identity1 only
• C. User1. Guest1, and Identity
• D. User1 and Guest1 only

Answer: A

NEW QUESTION 16

Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table.

users can request access by using package 1.
Users at Fabrikam and Litware use ail then respective domain names for email addresses.
You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users.
You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.
What is the minimum of connected organization that you should create.

• A. 1
• B. 2
• C. 3
• D. 4

Answer: C

NEW QUESTION 17

Your company has a Microsoft 365 tenant.
The company has a call center that contains 300 users. In the call center, the users share desktop computers and might use a different computer every day. The call center computers areNOTconfigured for biometric identification.
The users are prohibited from having a mobile phone in the call center.
You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365
services.
What should you include in the solution?

• A. a named network location
• B. the Microsoft Authenticator app
• C. Windows Hello for Business authentication
• D. FIDO2 tokens

Answer: D

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

NEW QUESTION 18

You configure a new Microsoft 36S tenant to use a default domain name of contosso.com.
You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy. What should you do first?

• A. Disable the User consent settings.
• B. Disable Security defaults.
• C. Configure a multi-factor authentication (Ml A) registration policy1.
• D. Configure password protection for Windows Server Active Directory.

Answer: B

NEW QUESTION 19

You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication
(MFA).
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 20

You have an Azure Active Directory (Azure AD) tenant named conto.so.com that has Azure AD Identity Protection enabled. You need to Implement a sign-in risk remediation policy without blocking access.
What should you do first?

• A. Configure access reviews in Azure AD.
• B. Enforce Azure AD Password Protection.
• C. implement multi-factor authentication (MFA) for all users.
• D. Configure self-service password reset (SSPR) for all users.

Answer: D

NEW QUESTION 21

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure pass-through authentication. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

NEW QUESTION 22

Your company has an Azure Active Directory (Azure AD) tenant named Contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwarein.com Both domain names are sued for Fabrikam email addresses.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 23

You have an Azure subscription that contains the resource shown in the following table.

For which resources can you create an access review?

• A. Group1, App1, Contributor, and Role1
• B. Hotel and Contributor only
• C. Group1, Role1, and Contributor only
• D. Group1 only

Answer: D

NEW QUESTION 24

You create the Azure Active Directory (Azure AD) users shown in the following table.

On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.

The users authentication to Azure AD on their devices as shown in the following table.

On February 26, 2021, what will the multi-factor auth status be for each user?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 25
......