Microsoft SC-300 Exam Questions Instant Access

Question 1

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.

What should you do first?

AFrom the Microsoft Defender for Cloud Apps portal, unsanctioned Facebook.

BCreate an app configuration policy in Microsoft Endpoint Manager.

CCreate a Defender for Cloud Apps access policy.

DCreate a Conditional Access policy.

Answer : A

Question 2

SIMULATION

Task 9

You need to ensure that when users in the Sg-Operations group go to the My Apps portal a tab named Operations appears that contains only the following applications:

* Unkedln

* Box

ASee the Explanationfor the complete step by step solution

Answer : A

To ensure that users in the Sg-Operations group see a tab named ''Operations'' containing only LinkedIn and Box applications in the My Apps portal, you can create a collection with these specific applications. Here's how to do it:

Make sure you have one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.

Navigate to App launchers:

Go to Identity > Applications > Enterprise applications.

Under Manage, select App launchers.

Create a new collection:

Click on New collection.

Enter ''Operations'' as the Name for the collection.

Provide a Description if necessary.

Add applications to the collection:

Select the Applications tab within the new collection.

Click on + Add application.

Search for and select LinkedIn and Box applications.

Click Add to include them in the collection.

Assign the collection to the Sg-Operations group:

Select the Users and groups tab.

Click on + Add users and groups.

Search for and select the Sg-Operations group.

Click Select to assign the collection to the group.

Review and create the collection:

Select Review + Create to check the configuration.

If everything is correct, click Create to finalize the collection.

By following these steps, when users in the Sg-Operations group visit the My Apps portal, they will see a new tab named ''Operations'' that contains only the LinkedIn and Box applications1.

Please note that to create collections on the My Apps portal, you need a Microsoft Entra ID P1 or P2 license1.

Question 3

SIMULATION

Task 7

You need to lock out accounts for five minutes when they have 10 failed sign-in attempts.

ASee the Explanationfor the complete step by step solution

Answer : A

To configure the account lockout settings so that accounts are locked out for five minutes after 10 failed sign-in attempts, you can follow these steps:

Open the Microsoft Entra admin center:

Navigate to the lockout settings:

Go to Security > Authentication methods > Password protection.

Adjust the Smart Lockout settings:

Set the Lockout threshold to 10 failed sign-in attempts.

Set the Lockout duration (in minutes) to 5.

Please note that by default, smart lockout locks an account from sign-in after 10 failed attempts in Azure Public and Microsoft Azure operated by 21Vianet tenants1. The lockout period is one minute at first, and longer in subsequent attempts.However, you can customize these settings tomeet your organization's requirements if you have Microsoft Entra ID P1 or higher licenses for your users1.

Question 4

You have a Microsoft 365 subscription.

You need to ensure that users can grant enterprise applications access to their profile. The solution must ensure that the users can consent only to the User. Read and profile delegated permissions.

What should you configure first?

ASecurity defaults

BAdmin consent settings

CPermission classifications

DIdentity Protection settings

Answer : B

Topic 5,

SIMULATIONS and TASK

Question 5

You have a Microsoft 365 E5 subscription.

You need to create a Microsoft Defender for Cloud Apps session policy.

What should you do first?

AFrom the Microsoft Defender for Cloud Apps portal, select User monitoring.

BFrom the Microsoft Defender for Cloud Apps portal, select App onboarding/maintenance

CFrom the Azure Active Directory admin center, create a Conditional Access policy.

DFrom the Microsoft Defender for Cloud Apps portal, create a continuous report.

Answer : C

Question 6

You have an Azure AD tenant that contains an access package named Package1 and a user named User1. Package1 is configured as shown in the following exhibit.

You need to ensure that User1 can modify the review frequency of Package1. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BUser administrator

CExternal Identity Provider administrator

DSecurity administrator

Answer : B

Question 7

You have an Azure Ad tenant that contains the users show in the following table.

You create a dynamic user group and configure the following rule syntax.

Which users will be added to the group?

AUser1 only

BUser2 only

CUser3 only

DUser1 and User2 only

EUser1 and User3 only

FUser1, User2, and User3

Answer : D

Microsoft Identity and Access Administrator SC-300 Exam Questions