Online Access Free SC-300 Exam Questions

No.# 500
1

No.# correction i am not sure about sharepoint admin

No.# Answer C

Both password hash sync and pass-through are enabled, no password change in the question, just login

Only on-premises domain to the internet is lost

User1 and User 3 are users that will log in with their hash in AAD, User3 is an AAD guest will log with his own credentials created guest on AAD, so IMHO answer must be C

Pass-through Authentication does not automatically failover to password hash synchronization. To avoid user sign-in failures, you should configure Pass-through Authentication for high availability.

The password hash synchronization process runs every 2 minutes.
When a user attempts to sign into Azure AD and enters their password, the password is run through the same MD4+salt+PBKDF2+HMAC-SHA256 process. If the resulting hash matches the hash stored in Azure AD, the user has entered the correct password and is authenticated.

No.# Selected Answer: B
The correct answer is B. collections.

According to the Microsoft Entra documentation, collections are a way to group related applications on the My Apps portal1. You can create collections and assign them to users or groups, and they will see a separate tab for each collection on the portal. Collections help you organize the applications for your users based on their job role, task, project, or any other criteria you choose.

No.# The Set-MsolUserLicense cmdlet is deprecated. You'd use Set-MgUserLicense now.

No.# Both The Answer is Correct
1) You have Go to Azure active directory > under Manage section Password reset blade > Authentication methods & check the Security Questions
2. Password writeback

No.# Correct: Enterprise App has option for SSO, App registration does not.Service1 support OAuth for Authentication & authorization, however service1 is published in Azure AD gallery, hence we will use An enterprise application in Azure AD blade to register for SSO.
Conditional access policy - to ensure users access from Azure AD joined computers.

No.# With read and write access, you can make changes and directly interact with identity secure score.

* Global Administrator
* Security Administrator
* Exchange Administrator
* SharePoint Administrator

No.# MFA registration policy
14 days

No.# When administrators require one method be used to reset a password, verification code is the only option available.
When administrators require two methods be used to reset a password, users are able to use notification OR verification code in addition to any other enabled methods.
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks
Explanation:
The following authentication methods are available for SSPR (self-service password reset)
- app notification
- Mobile app code
- Email
- Mobile phone
- Office phone (available only for tenants with paid subscriptions)
- Security questions

No.# Directly blocking legacy authentication
The easiest way to block legacy authentication across your entire organization is by configuring a Conditional Access policy that applies specifically to legacy authentication clients and blocks access.
Conditional Access policies apply to all client apps by default
Client apps
By default, all newly created Conditional Access policies will apply to all client app types even if the client apps condition is not configured.

No.# Add a Microsoft Sentinel Data connector is the wrong answer. Meant to mislead.
Because question itself mentions that AAD connector was added. Which seem to cover all AAD functionality including Identity Protection feature.
What you are asked to do is generate incidents based on the risk alerts.
For that you use playbooks in Sentinel. Which automates tasks that SOC engineers need to such as generte risk alerts. So answer is C.

No.# Tested and verified in the Lab.
YYN

No.# So correct answers are:
8 hours
Global administrators and privileged role administrators
So correct answers are:
8 hours
Global administrators and privileged role administrators

No.# what I should do first is:
From the Azure Active Directory admin center, create a Conditional Access policy.

No.# Azure AD Identity protection
User risk
Grant access but require password change

No.# Answer must be B - Helpdesk Administrators.

From the docs:
Authentication administrator: can reset passwords for non-admins but can't invalidate sessions. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-administrator

Helpdesk administrator: Users with this role can change passwords, invalidate refresh tokens, manage service requests, and monitor service health. Invalidating a refresh token forces the user to sign in again. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#helpdesk-administrator

Privileged Authentication Administrator: can reset all passwords (admins & non-admins) but can't invalidate any sessions. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#privileged-authentication-administrator

Security Operator: can't reset any passwords. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-operator

No.# Yes, modifying the action group in Azure Monitor will allow you to change the recipient of the email alerts for failed Azure AD user sign-in attempts.

No.# Delegate entitlement management
By default, only Global Administrators and User Administrators can create and manage catalogs, and can manage all catalogs. Users added to entitlement management as Catalog creators can also create catalogs and will become the owner of any catalogs they create.

No.# 1. NO - just, tested it. You cannot approve your own request, it is not even visable under "approve requests"
2. No of course.
3.Yes - can not approve without justificaiton