microsoft sc-300 practice test

DRAG DROP

Your network contains an on-premises Active Directory domain named contoso.com that syncs with Microsoft Entra ID by using Microsoft Entra Connect. The domain contains the users shown in the following table.



From Active Directory Users and Computers, you add the following user:

Name: User3
UPN: [email protected]
Proxy addresses: smtp: [email protected]

From Active Directory Users and Computers, you update the proxyAddresses attribute for each user as shown in the following table.



You trigger a manual synchronization.

Which sync status will Microsoft Entra Connect sync return for each user? To answer, drag the appropriate status to the correct users. Each status may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of non-administrative users. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?

• A. Authentication administrator
• B. Helpdesk administrator
• C. Privileged authentication administrator
• D. Security operator

You have an Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server does NOT support Azure MultiFactor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?

• A. Azure AD Application Proxy
• B. an Azure AD Password Protection proxy
• C. Network Policy Server (NPS)
• D. a pass-through authentication proxy

DRAG DROP

You have a Microsoft 365 E5 subscription and an Azure subscription.

You need to meet the following requirements:

Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
Delegate the ability to create new virtual machines.

What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Case Study

Overview
ADatum Corporation is a consulting company in Montreal.

ADatum recently acquired a Vancouver-based company named Litware, Inc.

Existing Environment. ADatum Environment

The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com.

ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect.

ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.

The tenant contains the users shown in the following table.



The tenant contains the groups shown in the following table.



Existing Environment. Litware Environment

Litware has an AD DS forest named litware.com

Existing Environment. Problem Statements

ADatum identifies the following issues:

Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.
A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.
When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list.
Anyone in the organization can invite guest users, including other guests and non-administrators.
The helpdesk spends too much time resetting user passwords.
Users currently use only passwords for authentication.


Requirements. Planned Changes
ADatum plans to implement the following changes:

Configure self-service password reset (SSPR).
Configure multi-factor authentication (MFA) for all users.
Configure an access review for an access package named Package1.
Require admin approval for application access to organizational data.
Sync the AD DS users and groups of litware.com with the Azure AD tenant.
Ensure that only users that are assigned specific admin roles can invite guest users.
Increase the maximum number of devices that can be joined or registered to Azure AD to 10.

Requirements. Technical Requirements

ADatum identifies the following technical requirements:

Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.
Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.
Users must provide one authentication method to reset their password by using SSPR. Available methods must include:
- Email
- Phone
- Security questions
- The Microsoft Authenticator app
Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.
The principle of least privilege must be used.


You need to implement the planned changes for Package1.

Which users can create and manage the access review?

• A. User3 only
• B. User4 only
• C. User5 only
• D. User3 and User4
• E. User3 and User5
• F. User4 and User5

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You plan to increase app security for the subscription.

You need to identify which apps do NOT require user authentication.

What should you do in the Microsoft 365 Defender portal?

• A. Review the cloud app catalog.
• B. Create an OAuth policy and review alerts.
• C. Create a snapshot Cloud Discovery report.
• D. Create a discovered app query.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com.
Fabrikam users must be removed automatically from the tenant when access is no longer required.
You need to configure the following settings:
Block external user from signing in to this directory: No
Remove external user: Yes
Number of days before removing external user from this directory: 90
What should you configure on the Identity Governance blade?

• A. Access packages
• B. Entitlement management settings
• C. Terms of use
• D. Access reviews settings

HOTSPOT You have an Azure Active Directory (Azure AD) tenant that contains Azure AD Privileged Identity Management (PIM) role settings for the User administrator role as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create a user named User1.

You need to ensure that User1 can update the status of Identity Secure Score improvement actions.

Solution: You assign the User Administrator role to User1.

Does this meet the goal?

• A. Yes
• B. No

You have an Azure AD tenant that has multi-factor authentication (MFA) enforced and self-service password reset (SSPR) enabled.

You enable combined registration in interrupt mode.

You create a new user named User1.

Which two authentication methods can User1 use to complete the combined registration process? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

• A. a FIDO2 security key
• B. a hardware token
• C. a one-time passcode email
• D. Windows Hello for Business
• E. the Microsoft Authenticator app