최신 SC-300 무료덤프 - Microsoft Identity and Access Administrator
You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity.
You need to ensure that WebApp1 can read and write files to storage1 by using the system- assigned managed identity.
What should you configure for storage1 in the Azure portal?
You need to ensure that WebApp1 can read and write files to storage1 by using the system- assigned managed identity.
What should you configure for storage1 in the Azure portal?
정답: E
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
You have an Azure AD tenant.
You need to configure the following External Identities features:
- B2B collaboration
- Monthly active users (MAU)-based pricing
Which two settings should you configure? To answer, select the settings in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure AD tenant.
You need to configure the following External Identities features:
- B2B collaboration
- Monthly active users (MAU)-based pricing
Which two settings should you configure? To answer, select the settings in the answer area.
NOTE: Each correct selection is worth one point.
정답:
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure AD tenant.
You deploy a new enterprise application named App1.
When users attempt to provide App1 with access to the tenant, the attempt fails.
You need to ensure that the users can request admin consent for App1. The solution must follow the principle of least privilege.
What should you do first?
You deploy a new enterprise application named App1.
When users attempt to provide App1 with access to the tenant, the attempt fails.
You need to ensure that the users can request admin consent for App1. The solution must follow the principle of least privilege.
What should you do first?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 E5 subscription that contains a web app named App1.
Guest users are regularly granted access to App1.
You need to ensure that the guest users that have NOT accessed App1 during the past 30 days have their access removed. The solution must minimize administrative effort.
What should you configure?
Guest users are regularly granted access to App1.
You need to ensure that the guest users that have NOT accessed App1 during the past 30 days have their access removed. The solution must minimize administrative effort.
What should you configure?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 tenant that uses the domain name fabrikam.com.
The External collaboration settings are configured as shown in the Collaboration exhibit. (Click the Collaboration tab.)
The Email one-time passcode for guests setting is enabled for the tenant.
A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.
Which users will be emailed a passcode?
The External collaboration settings are configured as shown in the Collaboration exhibit. (Click the Collaboration tab.)
The Email one-time passcode for guests setting is enabled for the tenant.
A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.
Which users will be emailed a passcode?
정답: D
Hotspot Question
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.
You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.
You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-request-policy
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-create
You have an Azure Active Directory (Azure AD) Azure AD tenant.
You need to bulk create 25 new user accounts by uploading a template file.
Which properties are required in the template file?
You need to bulk create 25 new user accounts by uploading a template file.
Which properties are required in the template file?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
You have an Azure subscription that contains a resource group named RG1. RG1 contains two virtual machines named VM1 and VM2 that have Microsoft Entra ID login enabled.
The subscription contains the users shown in the following table.
Which users can sign in to VM1, and which users can sign in to VM2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a resource group named RG1. RG1 contains two virtual machines named VM1 and VM2 that have Microsoft Entra ID login enabled.
The subscription contains the users shown in the following table.
Which users can sign in to VM1, and which users can sign in to VM2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Case Study 3 - A. Datum Corp
Overview
A Datum Corporation is a consulting company in Montreal. A. Datum recently acquired a Vancouver-based company named Litware, Inc.
Existing Environment
A Datum Environment
The on-premises network of A. Datum contains an Active Directory Domain Services (AD DS) forest named adatum.com.
A Datum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect A. Datum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.
The tenant contains the users shown in the following table.
The tenant contains the groups shown in the following table.
Existing Environment
Litware Environment
Litware has an AD DS forest named litware.com
Existing Environment
Problem Statements
A Datum identifies the following issues:
- Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.
- A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.
- When you attempt to assign the Device Administrators role To IT_Group1, the group does NOT appear in the selection list.
- Anyone in the organization can invite guest users, including other guests and non- administrators.
- The helpdesk spends too much time resetting user passwords.
- Users currently use only passwords for authentication.
Requirements
Planned Changes
A Datum plans to implement the following changes;
- Configure self-service password reset {SSPR}.
- Configure multi-factor authentication (MFA) for all users.
- Configure an access review for an access package named Package1.
- Require admin approval for application access to organizational data.
- Sync the AD DS users and groupsoflitware.com with the Azure AD tenant.
- Ensure that only users that are assigned specific admin roles can invite guest users.
- Increase the maximum number of devices that can be joined or registered to Azure AD to 10.
Requirements
Technical Requirements
A Datum identifies the following technical requirements:
- Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.
- Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.
- Users must provide one authentication method to reset their password by using SSPR.
Available methods must include:
- Email
- Phone
- Security questions
- The Microsoft Authenticator app
- Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.
- The principle of least privilege must be used.
Hotspot Question
You implement the planned changes for SSPR.
What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Overview
A Datum Corporation is a consulting company in Montreal. A. Datum recently acquired a Vancouver-based company named Litware, Inc.
Existing Environment
A Datum Environment
The on-premises network of A. Datum contains an Active Directory Domain Services (AD DS) forest named adatum.com.
A Datum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect A. Datum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.
The tenant contains the users shown in the following table.
The tenant contains the groups shown in the following table.
Existing Environment
Litware Environment
Litware has an AD DS forest named litware.com
Existing Environment
Problem Statements
A Datum identifies the following issues:
- Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.
- A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.
- When you attempt to assign the Device Administrators role To IT_Group1, the group does NOT appear in the selection list.
- Anyone in the organization can invite guest users, including other guests and non- administrators.
- The helpdesk spends too much time resetting user passwords.
- Users currently use only passwords for authentication.
Requirements
Planned Changes
A Datum plans to implement the following changes;
- Configure self-service password reset {SSPR}.
- Configure multi-factor authentication (MFA) for all users.
- Configure an access review for an access package named Package1.
- Require admin approval for application access to organizational data.
- Sync the AD DS users and groupsoflitware.com with the Azure AD tenant.
- Ensure that only users that are assigned specific admin roles can invite guest users.
- Increase the maximum number of devices that can be joined or registered to Azure AD to 10.
Requirements
Technical Requirements
A Datum identifies the following technical requirements:
- Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.
- Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.
- Users must provide one authentication method to reset their password by using SSPR.
Available methods must include:
- Phone
- Security questions
- The Microsoft Authenticator app
- Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.
- The principle of least privilege must be used.
Hotspot Question
You implement the planned changes for SSPR.
What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: 2
Why: By default, administrator accounts are enabled for self-service password reset, and a strong default two-gate password reset policy is enforced.
Box 2: Email, phone and Microsoft Authenticator only
Why: The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number, and it prohibits security questions.
A two-gate policy applies in the following circumstances:
.....
Security administrator
Service support administrator
SharePoint administrator
Skype for Business administrator
User administrator
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr- policy#administrator-reset-policy-differences
Due to a recent company acquisition, you have inherited a new Azure tenant with 1 subscription associated that you have the manage. The security has been neglected and you are looking for a quick and easy way to enable various security settings like requiring users to Register for Multi- factor authentication, blocking legacy authentication protocols, and protecting privileged activities like access to the Azure portal. What is the best way to enforce these settings with the least amount of administrative effort.
정답: C
Hotspot Question
You have an Azure Active Directory (Azure AD) tenant and an Azure web app named App1.
You need to provide guest users with self-service sign-up for App1. The solution must meet the following requirements:
* Guest users must be able to sign up by using a one-time password.
* The users must provide their first name, last name, city, and email address during the sign-up process.
What should you configure in the Azure Active Directory admin center for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant and an Azure web app named App1.
You need to provide guest users with self-service sign-up for App1. The solution must meet the following requirements:
* Guest users must be able to sign up by using a one-time password.
* The users must provide their first name, last name, city, and email address during the sign-up process.
What should you configure in the Azure Active Directory admin center for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: Identity Provider
First you'll enable self-service sign-up for your tenant and federate with the identity providers you want to allow external users to use for sign-in.
Box 2: User Flow
Then you'll create and customize the sign-up user flow and assign your applications to it.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/identity-providers
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up- overview
Hotspot Question
You have a Microsoft Entra tenant named contoso.com that contains an administrative unit named AU1 and two users named User1 and User2. User1 is a member of AU1.
You need to perform the following role assignments:
- User1: Security Administrator
- User2: User Administrator
For which scopes can each user be assigned the role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant named contoso.com that contains an administrative unit named AU1 and two users named User1 and User2. User1 is a member of AU1.
You need to perform the following role assignments:
- User1: Security Administrator
- User2: User Administrator
For which scopes can each user be assigned the role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Your organization is a 100% Azure cloud based organization with no on-premise resources. You recently completed an acquisition of another company that is 100% on-premise with no cloud premise. You need to immediately provide your cloud users with access to a few of the acquired companies on-premise web applications. What service can you implement to ensure Azure Active Directory can still be used to authenticate to the on-premise applications?
정답: A
You have an Azure subscription that contains an Azure SQL database named db1.
You deploy an Azure App Service web app named App1 that provides product information to users that connect to App1 anonymously.
You need to provide App1 with access to db1. The solution must meet the following requirements:
- Credentials must only be available to App1.
- Administrative effort must be minimized.
Which type of credentials should you use?
You deploy an Azure App Service web app named App1 that provides product information to users that connect to App1 anonymously.
You need to provide App1 with access to db1. The solution must meet the following requirements:
- Credentials must only be available to App1.
- Administrative effort must be minimized.
Which type of credentials should you use?
정답: D
You have an Azure AD tenant that contains the external user shown in the following exhibit.
You update the email address of the user.
You need to ensure that the user can authenticate by using the updated email address.
What should you do for the user?
You update the email address of the user.
You need to ensure that the user can authenticate by using the updated email address.
What should you do for the user?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription named Sub1 that contains a user named User1.
You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege.
Which role should you assign to User1?
You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege.
Which role should you assign to User1?
정답: D
You have a Microsoft 365 tenant.
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant.
Other users must be denied access.
What should you configure?
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant.
Other users must be denied access.
What should you configure?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Drag and Drop Question
You have a Microsoft 365 E5 subscription. The subscription contains 500 devices that run Windows.
You deploy the Global Secure Access client to the devices.
You need to prevent users from accessing https://contoso.com from the devices.
Which three actions should you perform in sequence? To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a Microsoft 365 E5 subscription. The subscription contains 500 devices that run Windows.
You deploy the Global Secure Access client to the devices.
You need to prevent users from accessing https://contoso.com from the devices.
Which three actions should you perform in sequence? To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps.
You have multiple third-party apps that access the resources in the subscription.
You need to monitor the access of the third-party apps.
What should you create?
You have multiple third-party apps that access the resources in the subscription.
You need to monitor the access of the third-party apps.
What should you create?
정답: D