New 2021 Microsoft SC-300 exam questions from Lead4Pass SC-300 dumps!
Welcome to download the newest Lead4Pass SC-300 dumps VCE and PDF: https://www.leads4pass.com/sc-300.html (118 Q&As)
P.S. Free 2021 Microsoft SC-300 Dumps are available on Google Drive shared by Lead4Pass: https://drive.google.com/file/d/1HD_400i9Fao3h9gKiJ1kA0aTUuXRZt1s/
Free Microsoft SC-300 exam questions and answers
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it.
As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click the Exhibit tab.)
You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You add each manager as a fallback reviewer.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
QUESTION 2
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group Scope: Everyone Group: Group1 Reviewers: Members (self)
Which users can perform access reviews for User3?
A. User1, User2, and User3
B. User3 only
C. User1 only
D. User1 and User2 only
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-startsecurity-review
QUESTION 3
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that has Security defaults disabled.
You are creating a conditional access policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 4
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to bulk invite Azure AD business-to-business (B2B) collaboration users.
Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the
solution
NOTE: Each correct selection is worth one point.
A. email address
B. redirection URL
C. username
D. shared key
E. password
Correct Answer: AB
Reference: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite
QUESTION 5
HOTSPOT
You have a Microsoft 365 tenant and an Active Directory domain named adatum.com.
You deploy Azure AD Connect by using the Express Settings.
You need to configure self-service password reset (SSPR) to meet the following requirements:
1.
When users reset their password, they must be prompted to respond to a mobile app notification or answer three
predefined security questions.
2.
Passwords must be synced between the tenant and the domain regardless of where the password was reset.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-security-questions
QUESTION 6
HOTSPOT
You need to implement on-premises application and SharePoint Online restrictions to meet the authentication
requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/sharepoint/app-enforced-restrictions https://docs.microsoft.com/enus/azure/active-directory/conditional-access/concept-conditional-access-session
QUESTION 7
HOTSPOT
You have an on-premises datacenter that contains the hosts shown in the following table.
You have an Azure Active Directory (Azure AD) tenant that syncs to the Active Directory forest. Multi-factor
authentication (MFA) is enforced for Azure AD.
You need to ensure that you can publish App1 to Azure AD users.
What should you configure on Server and Firewall1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 8
HOTSPOT
You have a Microsoft 365 tenant named contoso.com.
Guest user access is enabled.
Users are invited to collaborate with contoso.com as shown in the following table.
From the External collaboration settings in the Azure Active Directory admin center, you configure the Collaboration
restrictions settings as shown in the following exhibit.
From a Microsoft SharePoint Online site, a user invites [email protected] to the site.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
Invitations can only be sent to outlook.com. Therefore, User1 can accept the invitation and access the application.
Box 2. Yes
Invitations can only be sent to outlook.com. However, User2 has already received and accepted an invitation so User2
can access the application.
Box 3. No
Invitations can only be sent to outlook.com. Therefore, User3 will not receive an invitation.
QUESTION 9
You need to meet the authentication requirements for leaked credentials. What should you do?
A. Enable password hash synchronization in Azure AD Connect.
B. Configure Azure AD Password Protection.
C. Configure an authentication method policy in Azure AD.
D. Enable federation with PingFederate in Azure AD Connect.
Correct Answer: A
QUESTION 10
HOTSPOT
You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing
requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Litware recently added a custom user attribute named LWLicenses to the litware.com Active Directory forest. Litware
wants to manage the assignment of Azure AD licenses by modifying the value of the LWLicenses attribute. Users who
have the appropriate value for LWLicenses must be added automatically to a Microsoft 365 group that has the
appropriate licenses assigned.
QUESTION 11
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc.
Fabrikam uses a domain named fabrikam.com.
Fabrikam users must be removed automatically from the tenant when access is no longer required.
You need to configure the following settings:
1.
Block external user from signing in to this directory: No
2.
Remove external user: Yes
3.
Number of days before removing external user from this directory: 90 What should you configure on the Identity
Governance blade?
A. Access packages
B. Settings
C. Terms of use
D. Access reviews
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-externalusers
QUESTION 12
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD)
tenant. The tenant contains the users shown in the following table.
All the users work remotely.
Azure AD Connect is configured in Azure AD as shown in the following exhibit.
Connectivity from the on-premises domain to the internet is lost. Which users can sign in to Azure AD?
A. User1 and User3 only
B. User1 only
C. User1, User2, and User3
D. User1 and User2 only
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-current-limitations
QUESTION 13
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
You plan to create an emergency-access administrative account named Emergency1. Emergency1 will be assigned the
Global administrator role in Azure AD. Emergency1 will be used in the event of Azure AD functionality failures and onpremises infrastructure failures.
You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency.
What should you do?
A. Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.
B. Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for Emergency1.
C. Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate network.
D. Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.
Correct Answer: A
Continue to follow to get more free updates…
New 2021 Microsoft SC-300 exam questions from Lead4Pass SC-300 Dumps! Welcome to download the newest Lead4Pass SC-300 VCE and PDF dumps: https://www.leads4pass.com/sc-300.html (118 Q&As)
P.S. Free 2021 Microsoft SC-300 Dumps are available on Google Drive shared by Lead4Pass: https://drive.google.com/file/d/1HD_400i9Fao3h9gKiJ1kA0aTUuXRZt1s/