Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC-300 > SC-300 Set 3 > Flashcards

SC-300 Set 3 Flashcards

1
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have an Azure subscription that contains an Azure Automation account named Automation1 and an Azure key vault named Vault1. Vault1 contains a secret named Secret1.

You enable a system-assigned managed identity for Automation1.

You need to ensure that Automation1 can read the contents of Secret1. The solution must meet the following requirements:

  • Prevent Automation1 from accessing other secrets stored in Vault1.
  • Follow the principle of least privilege.

What should you do?

A. From Vault1, configure the Access control (IAM) settings.
B. From Automation1, configure the Identity settings.
C. From Automation1, configure the Run as accounts settings.
D. From Secret1, configure the Access control (IAM) settings.

A

D. From Secret1, configure the Access control (IAM) settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?

A. Application Insights in Azure Monitor
B. access reviews in Azure AD
C. Cloud App Discovery in Microsoft Cloud App Security
D. enterprise applications in Azure AD

A

C. Cloud App Discovery in Microsoft Cloud App Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
A

All Users
All Users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have an Azure Active Directory (Azure AD) tenant.
You create an enterprise application collection named HR Apps that has the following settings:
✑ Applications: App1, App2, App3
✑ Owners: Admin1
✑ Users and groups: HRUsers
All three apps have the following Properties settings:
✑ Enabled for users to sign in: Yes
✑ User assignment required: Yes

Visible to users: Yes -

Users report that when they go to the My Apps portal, they only see App1 and App2.
You need to ensure that the users can also see App3.
What should you do from App3?

A. From Users and groups, add HRUsers.
B. From Single sign-on, configure a sign-on method.
C. From Properties, change User assignment required to No.
D. From Permissions, review the User consent permissions.

A

A. From Users and groups, add HRUsers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have an Azure Active Directory (Azure AD) tenant.
For the tenant, Users can register applications is set to No.
A user named Admin1 must deploy a new cloud app named App1.
You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to Admin1?

A. Managed Application Contributor for Subscription1.
B. Application developer in Azure AD.
C. Cloud application administrator in Azure AD.
D. App Configuration Data Owner for Subscription1.

A

B. Application developer in Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A

No
Yes
No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection enabled.
You need to implement a sign-in risk remediation policy without blocking user access.
What should you do first?

A. Configure access reviews in Azure AD.
B. Enforce Azure AD Password Protection.
C. Configure self-service password reset (SSPR) for all users.
D. Implement multi-factor authentication (MFA) for all users.

A

D. Implement multi-factor authentication (MFA) for all users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your company requires that users request access before they can access corporate applications.
You register a new enterprise application named MyApp1 in Azure Active Directory (Azure AD) and configure single sign-on (SSO) for MyApp1.
Which settings should you configure next for MyApp1?

A. Self-service
B. Provisioning
C. Application proxy
D. Roles and administrators

A

A. Self-service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
A

First, we need to register a new application
Then we need to add application permissions
And then we need to grant admin consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have an Azure Active Directory (Azure AD) tenant that contains cloud-based enterprise apps.
You need to group related apps into categories in the My Apps portal.
What should you create?

A. tags
B. collections
C. naming policies
D. dynamic groups

A

B. collections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A

D. Group1 and Group4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
A

C. Admin1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You have a Microsoft 365 subscription. The subscription contains users that use Microsoft Outlook 2016 and Outlook 2013 clients.
You need to implement tenant restrictions. The solution must minimize administrative effort.
What should you do first?

A. Configure the Outlook 2013 clients to use modern authentication.
B. Upgrade the Outlook 2013 clients to Outlook 2016.
C. From the Exchange admin center, configure Organization Sharing.
D. Upgrade all the Outlook clients to Outlook 2019.

A

A. Configure the Outlook 2013 clients to use modern authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You have a Microsoft 365 E5 subscription.

You need to create a Microsoft Defender for Cloud Apps session policy.

What should you do first?

A. From the Microsoft Defender for Cloud Apps portal, select User monitoring.
B. From the Microsoft Defender for Cloud Apps portal, select App onboarding/maintenance.
C. From the Azure Active Directory admin center, create a Conditional Access policy.
D. From the Microsoft Defender for Cloud Apps portal, create a continuous report.

A

C. From the Azure Active Directory admin center, create a Conditional Access policy.

19
Q
A

D. Admin1 and Admin2 only

20
Q

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.

You need to be notified if a user downloads more than 50 files in one minute from Site1.

Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?

A. session policy
B. activity policy
C. file policy
D. anomaly detection policy

A

B. activity policy

21
Q

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 hosts PDF files.

You need to prevent users from printing the files directly from Site1.

Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?

A. activity policy
B. access policy
C. file policy
D. session policy

A

D. session policy

22
Q

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies.

You need to block access to cloud apps when a user is assessed as high risk.

Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?

A. access policy
B. OAuth app policy
C. anomaly detection policy
D. activity policy

A

A. access policy

23
Q

You have a Microsoft 365 E5 subscription.

Users authorize third-party cloud apps to access their data.

You need to configure an alert that will be triggered when an app requires high permissions and is authorized by more than 20 users.

Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?

A. anomaly detection policy
B. OAuth app policy
C. access policy
D. activity policy

A

B. OAuth app policy

24
Q
A

B. User2

25
Q

You have an Azure AD tenant that contains a user named User1 and a registered app named App1.

User1 deletes the app registration of App1.

You need to restore the app registration.

What is the maximum number of days you have to restore the app registration from when it was deleted?

A. 14
B. 30
C. 60
D. 180

A

B. 30

26
Q
A
27
Q

You have an Azure AD tenant.

You configure User consent settings to allow users to provide consent to apps from verified publishers.

You need to ensure that the users can only provide consent to apps that require low impact permissions.

What should you do?

A. Create an enterprise application collection.
B. Create an access review.
C. Create an access package.
D. Configure permission classifications.

A

D. Configure permission classifications.

28
Q
A
29
Q

You have an Azure subscription.

You are evaluating enterprise software as a service (SaaS) apps.

You need to ensure that the apps support automatic provisioning of Azure AD users.

Which specification should the apps support?

A. OAuth 2.0
B. WS-Fed
C. SCIM 2.0
D. LDAP 3

A

C. SCIM 2.0

30
Q

You have an Azure AD tenant and a .NET web app named App1.

You need to register App1 for Azure AD authentication.

What should you configure for App1?

A. the executable name
B. the bundle ID
C. the package name
D. the redirect URI

A

D. the redirect URI

31
Q

You have a Microsoft 365 tenant.

All users have mobile phones and Windows 10 laptops.

The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptops to a wired network that has internet access.

You plan to implement multi-factor authentication (MFA).

Which MFA authentication method can the users use from the remote location?

A. a notification through the Microsoft Authenticator app
B. security questions
C. voice
D. Windows Hello for Business

A

D. Windows Hello for Business

32
Q

You have an Azure AD tenant.

You discover that a large number of new apps were added to the tenant.

You need to implement an approval process for new enterprise applications.

What should you do?

A. From the Microsoft Defender for Cloud Apps portal, create a Cloud Discovery anomaly detection policy.
B. From the Microsoft Entra admin center, configure the Admin consent settings.
C. From the Microsoft Defender for Cloud Apps portal, configure an app connector.
D. From the Microsoft Entra admin center, configure an access review.

A

B. From the Microsoft Entra admin center, configure the Admin consent settings.

33
Q

You have a Microsoft 365 E5 subscription.

You purchase the app governance add-on license.

You need to enable app governance integration.

Which portal should you use?

A. the Microsoft Defender for Cloud Apps portal
B. the Microsoft 365 admin center
C. Microsoft 365 Defender
D. the Azure Active Directory admin center
E. the Microsoft Purview compliance portal

A

C. Microsoft 365 Defender

34
Q

Your company purchases a new Microsoft 365 E5 subscription and an app named App1.

You need to create a Microsoft Defender for Cloud Apps access policy for App1.

What should you do you first?

A. Configure a Conditional Access policy to use app-enforced restrictions.
B. Configure a Token configuration for App1.
C. Add an API permission for App1.
D. Configure a Conditional Access policy to use Conditional Access App Control.

A

D. Configure a Conditional Access policy to use Conditional Access App Control.

35
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender.

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the Google Workspace app connector.

Does this meet the goal?

A. Yes
B. No

A

A. Yes

36
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender.

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector.

Does this meet the goal?

A. Yes
B. No

A

B. No

36
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender.

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the Amazon Web Services app connector.

Does this meet the goal?

A. Yes
B. No

A

B. No

37
Q

Your company purchases a Microsoft 365 E5 subscription.

A user named User1 is assigned the Security Administrator role.

You need to ensure that User1 can create Microsoft Defender for Cloud Apps session policies.

What should you do first?

A. Create a Conditional Access policy and select Require app protection policy.
B. Create a Conditional Access policy and select Use Conditional Access App Control.
C. Assign the Cloud Application Administrator role to User1.
D. Assign the Cloud App Security Administrator role to User1.

A

B. Create a Conditional Access policy and select Use Conditional Access App Control.

38
Q
A

A. Application Developer

39
Q
A
  • Managed1, Managed2, VM1, and VM2 only.
  • All VMs
40
Q

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You plan to increase app security for the subscription.

You need to identify which apps do NOT require user authentication.

What should you do in the Microsoft 365 Defender portal?

A. Review the cloud app catalog.
B. Create an OAuth policy and review alerts.
C. Create a snapshot Cloud Discovery report.
D. Create a discovered app query.

A

A. Review the cloud app catalog.

41
Q
A

system assigned
RBAC

42
Q

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity.

You need to ensure that AKS1 can access DB1. The solution must meet the following requirements:

  • Ensure that AKS1 uses the managed identity to access DB1.
  • Follow the principle of least privilege.

Which role should you assign to the managed identity of AKS1?

A. For Sub1, assign the Owner role.
B. For DB1, assign the Azure Cosmos DB Account Reader Role role.
C. For RG1, assign the Azure Cosmos DB Data Reader Role role.
D. For RG1, assign the Reader role.

A

B. For DB1, assign the Azure Cosmos DB Account Reader Role role.

43
Q

You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity.

You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.

What should you configure for storage1 in the Azure portal?

A. data protection
B. a shared access signature (SAS)
C. the Access control (IAM) settings
D. the File share settings
E. access keys

A

C. the Access control (IAM) settings

SC-300 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions