Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC-300 > SC-300 Set 4 > Flashcards

SC-300 Set 4 Flashcards

1
Q

You have a Microsoft 365 tenant.
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.
What should you configure?

A. an access policy in Microsoft Cloud App Security.
B. Terms and conditions in Microsoft Endpoint Manager.
C. a conditional access policy in Azure AD
D. a compliance policy in Microsoft Endpoint Manager

A

C. a conditional access policy in Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
A

E. Group1, Group2, Group3, Group4 and Group5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
A

B. User3 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

A. Expire eligible assignments after from the Role settings details
B. Expire active assignments after from the Role settings details
C. Assignment type to Active
D. Assignment type to Eligible

A

D. Assignment type to Eligible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have a Microsoft 365 tenant.
The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center.
You need to review access to the Exchange admin center at the end of each month and block sign-ins if required.
What should you create?

A. an access package that targets users outside your directory
B. an access package that targets users in your directory
C. a group-based access review that targets guest users
D. an application-based access review that targets guest users

A

C. a group-based access review that targets guest users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A

A. Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
You plan to create an emergency-access administrative account named Emergency1. Emergency1 will be assigned the Global administrator role in Azure AD.
Emergency1 will be used in the event of Azure AD functionality failures and on-premises infrastructure failures.
You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency.
What should you do?

A. Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.
B. Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for Emergency1.
C. Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate network.
D. Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.

A

A. Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com.
Fabrikam users must be removed automatically from the tenant when access is no longer required.
You need to configure the following settings:
✑ Block external user from signing in to this directory: No
✑ Remove external user: Yes
✑ Number of days before removing external user from this directory: 90
What should you configure on the Identity Governance blade?

A. Access packages
B. Entitlement management settings
C. Terms of use
D. Access reviews settings

A

B. Entitlement management settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have an Azure Active Directory (Azure AD) P1 tenant.
You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past.
For how long does Azure AD store events in the sign-in logs?

A. 14 days
B. 30 days
C. 90 days
D. 365 days

A

B. 30 days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
A

C. Group1, App1, Contributor, and Role1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A

B. User1 and Guest1 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.
You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.
You need to download the Azure AD log by using the administrative portal. The log file must contain changes to conditional access policies.
What should you export from Azure AD?

A. audit logs in CSV format
B. sign-ins in CSV format
C. audit logs in JSON format
D. sign-ins in JSON format

A

C. audit logs in JSON format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
A

1 No, because as it’s rolling “monthly” review cycle with an end date, the review period which is eligible for input or change is a 14 day period, since User 1 responded in the first period which started 15th Jan and ended 29th Jan, to respond 5th Feb would be outside of this scope.

2 Yes, Similar to #1 for User1, this is within the 14 day period of User2.

3 No, Reviews are for Group1, which User3 is not a member of.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
A

This question may be a little outdated. When creating an access package there is a ‘requests’ section where you can configure which connected organizations are allowed to request access. I think this is just an update that allows you to create the access package policy as a part of the access package creation process.
This would allow configuration of an access package that one specified domain can request access to and satisfy both requirements in one step.

Box1: An access package policy
Box2: An access package policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies enforced.
You create an Azure Sentinel instance and configure the Azure Active Directory connector.
You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection.
What should you do first?

A. Add a Microsoft Sentinel data connector.
B. Configure the Notify settings in Azure AD Identity Protection.
C. Create a Microsoft Sentinel playbook.
D. Modify the Diagnostics settings in Azure AD.

A

C. Create a Microsoft Sentinel playbook.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure AD, you create an assignment for the Insights administrator role.
Does this meet the goal?

A. Yes
B. No

A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure AD, you modify the Diagnostics settings.
Does this meet the goal?

A. Yes
B. No

A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure Monitor, you create a data collection rule.
Does this meet the goal?

A. Yes
B. No

A

B. No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You have an Azure Active Directory Premium P2 tenant.
You create a Log Analytics workspace.
You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first?

A. Run the Set-AzureADTenantDetail cmdlet.
B. Create an Azure AD workbook.
C. Modify the Diagnostics settings for Azure AD.
D. Run the Get-AzureADAuditDirectoryLogs cmdlet.

A

C. Modify the Diagnostics settings for Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
A

Yes - “On activation, require Azure MFA” is set to Yes
No - “Require approval to activate” is set to No
No - Privileged Authentication Administrator can’t assign roles (Privileged ROLE Administrator can!)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

You have a Microsoft 365 subscription that contains the following:
✑ An Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium P2 license
✑ A Microsoft SharePoint Online site named Site1
✑ A Microsoft Teams team named Team1
You need to create an entitlement management workflow to manage Site1 and Team1.
What should you do first?

A. Configure an app registration.
B. Create an Administrative unit.
C. Create an access package.
D. Create a catalog.

A

D. Create a catalog.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure Monitor, you modify the action group.
Does this meet the goal?

A. Yes
B. No

A

A. Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
A
28
Q

You have a Microsoft 365 E5 subscription that contains a web app named App1.
Guest users are regularly granted access to App1.
You need to ensure that the guest users that have NOT accessed App1 during the past 30 days have their access removed. The solution must minimize administrative effort.
What should you configure?

A. a Conditional Access policy
B. a compliance policy
C. a guest access review
D. an access review for application access

A

D. an access review for application access

29
Q
A

Group 1: 500 - Guest users (4th example in the link)
Group 2: 1

30
Q
A
31
Q

You have an Azure Active Directory (Azure AD) tenant named Contoso that contains a terms of use (Toll) named Terms1 and an access package. Contoso users collaborate with an external organization named Fabrikam. Fabrikam users must accept Terms1 before being allowed to use the access package.
You need to identify which users accepted or declined Terms1.
What should you use?

A. sign-in logs
B. the Usage and Insights report
C. provisioning logs
D. audit logs

A

D. audit logs

32
Q
A

B. User3 only

33
Q
A

No
Yes
Yes

34
Q
A

Box 1: Reviewers, Members (self)
Box 2: If reviewers don’t respond, Remove access
This is the least administrative effort.

35
Q
A
36
Q
A
  1. Sign-in logs
  2. Audit logs
  3. Identity secure score
36
Q
A
37
Q

You have an Azure AD tenant that contains two users named User1 and User2.

You plan to perform the following actions:

  • Create a group named Group1.
  • Add User1 and User2 to Group1.
  • Assign Azure AD roles to Group1.

You need to create Group1.

Which two settings can you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A. Group type: Microsoft 365 -
Membership type: Assigned
B. Group type: Security -
Membership type: Assigned
C. Group type: Security -
Membership type: Dynamic User
D. Group type: Microsoft 365 -
Membership type: Dynamic User
E. Group type: Security -
Membership type: Dynamic Device

A

A. Group type: Microsoft 365 -
Membership type: Assigned Most Voted
B. Group type: Security -
Membership type: Assigned

38
Q

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can create access reviews for Azure AD roles. The solution must use the principle of least privilege.

Which role should you assign to User1?

A. Privileged role administrator
B. Identity Governance Administrator
C. User administrator
D. User Access Administrator

A

A. Privileged role administrator

39
Q
A
  1. No - User 1 is not getting the request to approve. hence the request is always in a pending state. and unless approved, the role will not be added.
  2. No - User1 is not an approver for Role2
  3. Yes - User 1 needs to provide a justification while approving the requests.
40
Q
A

Admin 2
Application Dev

41
Q
A
42
Q

You have a Microsoft 365 E5 subscription that contains a user named User1. User is eligible for the Application administrator role.

User1 needs to configure a new connector group for an application proxy.

What should you use to activate the role for User1?

A. the Microsoft Defender for Cloud Apps portal
B. the Microsoft 365 admin center
C. the Azure Active Directory admin center / Entra ID
D. the Microsoft 365 Defender portal

A

C. the Azure Active Directory admin center

43
Q

You have an Azure subscription that contains a registered app named App1.

You need to review the sign-in activity for App1. The solution must meet the following requirements:

  • Identify the number of failed sign-ins.
  • Identify the success rate of sign-ins.
  • Minimize administrative effort.

What should you use?

A. Sign-in logs
B. Access reviews
C. Audit logs
D. Usage & insights

A

A. Sign-in logs

44
Q

Your company has an Azure AD tenant that contains a user named User1.

The company has two departments named marketing and finance.

You need to grant permissions to User1 to manage only the users in the marketing department. The solution must ensure that User1 does NOT have permissions to manage the users in the finance department.

What should you create first?

A. a management group
B. an administrative unit
C. a resource group
D. a Microsoft 365 group

A

B. an administrative unit

45
Q
A

D. User administrator

46
Q

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.

What should you do first?

A. Create a Conditional Access policy.
B. Create a Defender for Cloud Apps access policy.
C. Create an app configuration policy in Microsoft Endpoint Manager.
D. From the Microsoft Defender for Cloud Apps portal, unsanction Facebook.

A

B. Create a Defender for Cloud Apps access policy.

46
Q
A
47
Q

You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).

You need to identify users that are eligible for the Cloud Application Administrator role.

Which blade in the Privileged Identity Management settings should you use?

A. Azure resources
B. Privileged access groups
C. Review access
D. Azure AD roles

A

D. Azure AD roles

48
Q
A
49
Q

You have an Azure AD Premium P2 tenant.

You create a Log Analytics workspace.

You need to ensure that you can view Azure AD audit log information by using Azure Monitor.

What should you do first?

A. Modify the Diagnostics settings for Azure AD.
B. Run the Update-MgOrganization cmdlet.
C. Run the Update-MgDomain cmdlet.
D. Create an Azure AD workbook.

A

A. Modify the Diagnostics settings for Azure AD.

50
Q

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.

What should you do first?

A. From the Microsoft 365 Defender portal, unsanction Facebook.
B. Create a Defender for Cloud Apps access policy.
C. Create an app configuration policy in Microsoft Intune.
D. Create a Conditional Access policy.

A

A. From the Microsoft 365 Defender portal, unsanction Facebook.

51
Q
A

D. User3 and User4 only

52
Q
A

C. Admin3 only

53
Q
A

Box 1: App1, App2, App3 and App4
Box 2: App roles, Users and groups, client secrets and Self-service

54
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender.

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the GitHub app connector.

Does this meet the goal?

A. Yes
B. No

A

A. Yes

55
Q

You have an Azure AD tenant.

You plan to implement Azure AD Privileged Identity Management (PIM).

Which roles can you manage by using PIM?

A. Global Administrator only
B. Global Administrator and Security Administrator only
C. Global Administrator, Security Administrator, and Security Contributor only
D. Account Administrator, Global Administrator, Security Administrator, and Security Contributor only

A

B. Global Administrator and Security Administrator only

56
Q

You have a Microsoft 365 tenant.

In Microsoft Entra ID, you configure the terms of use.

You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.

What should you configure?

A. Terms and conditions in Microsoft Intune
B. an access policy in Microsoft Defender for Cloud Apps
C. a conditional access policy in Microsoft Entra ID
D. a compliance policy in Microsoft Intune

A

C. a conditional access policy in Microsoft Entra ID

57
Q

You have a Microsoft 365 E5 subscription that contains a user named User1. User1 is eligible for the Application Administrator role.

User1 needs to configure a new connector group for an application proxy.

What should you use to activate the role for User1?

A. the Microsoft 365 Defender portal
B. the Microsoft 365 admin center
C. the Microsoft Intune admin center
D. the Azure Active Directory admin center

A

D. the Azure Active Directory admin center

57
Q

You have accounts for the following cloud platforms:

  • Azure
  • Alibaba Cloud
  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)

You configure an Azure subscription to use Microsoft Entra Permissions Management to manage the permissions in Azure only.

Which additional cloud platforms can be managed by using Permissions Management?

A. AWS only
B. Alibaba Cloud and AWS only
C. Alibaba Cloud and GCP only
D. AWS and GCP only
E. Alibaba Cloud, AWS, and GCP

A

D. AWS and GCP only

58
Q

Your on-premises network contains an Active Directory Domain Services (AD DS) domain and a certification authority (CA) named CA1.

You have an Azure AD tenant.

You need to implement certificate-based authentication in Azure AD. The solution must ensure that users can sign in by using certificates issued by CA1. What should you do first?

A. Deploy an Azure key vault.
B. Add CA1 as a Certificate Authority to the Microsoft Entra ID tenant.
C. Enable auto-enrollment for CA1.
D. Deploy Windows Hello for Business.

A

B. Add CA1 as a Certificate Authority to the Microsoft Entra ID tenant.

59
Q

You have three Azure subscriptions that are linked to a single Microsoft Entra tenant.

You need to evaluate and remediate the risks associated with highly privileged accounts. The solution must minimize administrative effort.

What should you use?

A. Global Secure Access
B. Privileged Identity Management (PIM)
C. Microsoft Entra Permissions Management
D. Microsoft Entra Verified ID

A

B. Privileged Identity Management (PIM)

60
Q

You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management. Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1.

You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.

What should you do on the Remediation tab in Permissions Management?

A. From the Role/Policy Template subtab, create a template.
B. From the My Requests subtab, create a new request.
C. From the Roles/Policies subtab, create a role.
D. From the Permissions subtab, use a quick action.

A

C. From the Roles/Policies subtab, create a role.

61
Q

You have an Azure subscription that contains a user named User1. The subscription is onboarded to Microsoft Entra Permissions Management.

You need to provide User1 with access to Permissions Management. The solution must meet the following requirements:

  • Follow the principle of least privilege.
  • Minimize administrative effort.

What should you do first?

A. From the Role/Policy Template subtab of Permissions Management, create a template.
B. From the Microsoft Entra admin center, create a security group.
C. From the My Requests subtab of Permissions Management, create a new request.
D. From the Microsoft Entra admin center, assign a role to User1.

A

B. From the Microsoft Entra admin center, create a security group.

62
Q
A

For User1, the least privileged role is Key Vault Secrets Officer.

For User2, the least privileged role is Key Vault Secrets User.

63
Q
A

No - User1 is part of the group that can request access to sub1, not sub2
No - User1 can request access to Sub1 on behalf of other identities, not user2
Yes - User3’s group can approve access requests for all subscriptions

64
Q
A

Box1: Microsoft Entra Insights

Box2: Analytics

SC-300 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions