The Renew Guide To SC-300 Free Practice Questions

NEW QUESTION 1

You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com. You discover that users use their email address for self-service sign-up to Microsoft 365 services.
You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/domains-admin-takeover

NEW QUESTION 2

Your company has an Azure Active Directory (Azure AD) tenant named Contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwarein.com Both domain names are sued for Fabrikam email addresses.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click theExhibittab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You create a separate access review for each role.
Does this meet the goal?

• A. Yes
• B. NoD18912E1457D5D1DDCBD40AB3BF70D5D

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 4

You need to meet the authentication requirements for leaked credentials. What should you do?

• A. Enable federation with PingFederate in Azure AD Connect.
• B. Configure Azure AD Password Protection.
• C. Enable password hash synchronization in Azure AD Connect.
• D. Configure an authentication method policy in Azure AD.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity

NEW QUESTION 5

You have an Azure Active Directory (Azure AD) tenant. For the tenant. Users can register applications Is set to No.
A user named Admin1 must deploy a new cloud app named App1.
You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to Admin1?

• A. Application developer in Azure AD
• B. App Configuration Data Owner for Subscription!
• C. Managed Application Contributor for Subscription!
• D. Cloud application administrator in Azure AD

Answer: A

NEW QUESTION 6

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server doesNOTsupport Azure Multi-Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections. What should you include in the recommendation?

• A. Azure AD Application Proxy
• B. an Azure AD Password Protection proxy
• C. Network Policy Server (NPS)
• D. a pass-through authentication proxy

Answer: C

NEW QUESTION 7

You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled. The account lockout settings are configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 8

You have an Azure Active Directory (Azure AD) tenant that contains three users named User1, User1, and User3,
You create a group named Group1. You add User2 and User3 to Group1.
You configure a role in Azure AD Privileged identity Management (PIM) as shown in the application administrator exhibit. (Click the application Administrator tab.)

Group1 is configured as the approver for the application administrator role. You configure User2to be eligible for the application administrator role.
For User1, you add an assignment to the Application administrator role as shown in the Assignment exhibit. (Click Assignment tab)

For each of the following statement, select Yes if the statement is true, Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 9

You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication
(MFA).
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 10

You have a Microsoft 365 tenant.
You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)

You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)

You view the User administrator role assignments as shown in the Rote assignments exhibit. (Click the Role assignments lab.)

For each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 11

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU). What should you configure?

• A. an access review
• B. the terms or use
• C. a linked subscription
• D. a user flow

Answer: D

NEW QUESTION 12

You configure a new Microsoft 36S tenant to use a default domain name of contosso.com.
You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy. What should you do first?

• A. Disable the User consent settings.
• B. Disable Security defaults.
• C. Configure a multi-factor authentication (Ml A) registration policy1.
• D. Configure password protection for Windows Server Active Directory.

Answer: B

NEW QUESTION 13

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
All users who run applications registered in Azure AD are subject to conditional access policies. You need to prevent the users from using legacy authentication.
What should you include in the conditional access policies to filter out legacy authentication attempts?

• A. a cloud apps or actions condition
• B. a user risk condition
• C. a client apps condition
• D. a sign-in risk condition

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication

NEW QUESTION 14

Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table.

users can request access by using package 1.
Users at Fabrikam and Litware use ail then respective domain names for email addresses.
You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users.
You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.
What is the minimum of connected organization that you should create.

• A. 1
• B. 2
• C. 3
• D. 4

Answer: C

NEW QUESTION 15

You have a Microsoft 36S tenant.
You create a named location named HighRiskCountries that contains a list of high-risk countries.
You need to limit the amount of time a user can stay authenticated when connecting from a high-risk country. What should you configure in a conditional access policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 16

You configure Azure Active Directory (Azure AD) Password Protection as shown in the exhibit. (Click theExhibittab.)

You are evaluating the following passwords:
Pr0jectlitw@re
T@ilw1nd
C0nt0s0
Which passwords will be blocked?

• A. Pr0jectlitw@re and T@ilw1nd only
• B. C0nt0s0 only
• C. C0nt0s0, Pr0jectlitw@re, and T@ilw1nd
• D. C0nt0s0 and T@ilw1nd only
• E. C0nt0s0 and Pr0jectlitw@re only

Answer: C

Explanation:
Reference:
https://blog.enablingtechcorp.com/azure-ad-password-protection-password-evaluation

NEW QUESTION 17

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.
From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.
You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.
What should you use?

• A. the Identity Governance blade in the Azure Active Directory admin center
• B. theSet-AzureAdUsercmdlet
• C. the Licenses blade in the Azure Active Directory admin center
• D. theSet-WindowsProductKeycmdlet

Answer: C

NEW QUESTION 18

You have a Microsoft Exchange organization that uses an SMTP' address space of contoso.com.
Several users use their contoso.com email address for self-service sign up to Azure Active Directory (Azure AD).
You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.
You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.
Which PowerShell cmdlet should you run?

• A. Set-MsolCompanySettings
• B. Set-MsolDomainFederationSettings
• C. Update-MsolfederatedDomain
• D. Set-MsolDomain

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-signup

NEW QUESTION 19

You have an on-premises datacenter that contains the hosts shown in the following table.

You have an Azure Active Directory (Azure AD) tenant that syncs to the Active Directory forest. Multi-factor authentication (MFA) is enforced for Azure AD.
You need to ensure that you can publish App1 to Azure AD users.
What should you configure on Server and Firewall1? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy

NEW QUESTION 20

You have a Microsoft 365 tenant.
Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD).
You need to receive an alert if a registered application gains read and write access to the users’ email. What should you do? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/app-permission-policy

NEW QUESTION 21

You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?

• A. Group1 only
• B. Group1 and Group4 only
• C. Group1 and Group2 only
• D. Group1, Group2, Group4, and Group5 only
• E. Group1, Group2, Group3, Group4 and Group5

Answer: D

Explanation:
You cannot create access reviews for device groups. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 22

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure monitor, you modify the action group.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 23

You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:
• Require users to register when signing in: Yes
• Number of methods required to reset: 1
What is a valid authentication method available to users?

• A. home prions
• B. mobile app notification
• C. a mobile app code
• D. an email to an address in your organization

Answer: A

NEW QUESTION 24

Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?

• A. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
• B. Configure Azure AD Application Proxy in the Contoso West tenant.
• C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync theContoso East Active Directory forest to the Contoso West tenant.
• D. Create guest accounts for all the Contoso East users in the West tenant.

Answer: D

NEW QUESTION 25

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. The tenant-uses through authentication.
A corporate security policy states the following:
Domain controllers must never communicate directly to the internet.
Only required software must be- installed on servers.
The Active Directory domain contains the on-premises servers shown in the following table.

You need to ensure that users can authenticate to Azure AD if a server fails.
On which server should you install an additional pass-through authentication agent?

• A. Server2
• B. Server4
• C. Server1
• D. Server3

Answer: C

NEW QUESTION 26
......