최신 SC-300 무료덤프 - Microsoft Identity and Access Administrator
You have a Microsoft 365 subscription that contains the users shown in the following table.
From the tenan1, you configure a naming policy for groups.
Which users are affected by the naming policy?
From the tenan1, you configure a naming policy for groups.
Which users are affected by the naming policy?
정답: B
You have a Microsoft 36S subscription. The subscription contains users that use Microsoft Outlook 2016 and Outlook 2013 clients. You need to implement tenant restrictions. The solution must minimize administrative effort. What should you do first?
정답: D
You have a Microsoft 365 tenant.
All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.
You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.
Which policy type should you create?
All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.
You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.
Which policy type should you create?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription, a Google Cloud Platform (GCP) account, and an Amazon Web Services (AWS) account.
You need to recommend a solution to assess the risks associated with privilege assignments across all the platforms. The solution must minimize administrative effort What should you include in the recommendation?
You need to recommend a solution to assess the risks associated with privilege assignments across all the platforms. The solution must minimize administrative effort What should you include in the recommendation?
정답: D
You need to meet the technical requirements for the probability that user identifies were compromised.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
You have a Microsoft Entra tenant that contains a terms of use (ToU) named Terms1. You create a Conditional Access policy named Policy1 to deploy Terms1. You need to configure Policy1 to require users to accept Terms1. Which settings should you configure for Policy1?
정답: D
Task 5
You need to assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group.
You need to assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group.
정답:
See the Explanation for the complete step by step solution.
Explanation:
To assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group, you can follow these steps:
* Sign in to the Microsoft Entra admin center:
* Make sure you have the role of Global Administrator or License Administrator.
* Navigate to the licensing page:
* Go to Billing > Licenses1.
* Find the Windows 10/11 Enterprise E3 license:
* Look for the Windows 10/11 Enterprise E3 license in the list of available products.
* Assign licenses to the group:
* Select the license and then choose Assign licenses.
* Search for and select the Sg-Retail group.
* Confirm the assignment and make sure that the correct number of licenses is available for the group.
* Review and confirm the assignment:
* Ensure that the licenses have been properly assigned to the Sg-Retail group without affecting other groups or users.
* Monitor the license status:
* Check the license usage and status to ensure that the Sg-Retail group members can utilize the Windows 10/11 Enterprise E3 features.
By following these steps, the Sg-Retail group should now have the Windows 10/11 Enterprise E3 licenses assigned to them.
Explanation:
To assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group, you can follow these steps:
* Sign in to the Microsoft Entra admin center:
* Make sure you have the role of Global Administrator or License Administrator.
* Navigate to the licensing page:
* Go to Billing > Licenses1.
* Find the Windows 10/11 Enterprise E3 license:
* Look for the Windows 10/11 Enterprise E3 license in the list of available products.
* Assign licenses to the group:
* Select the license and then choose Assign licenses.
* Search for and select the Sg-Retail group.
* Confirm the assignment and make sure that the correct number of licenses is available for the group.
* Review and confirm the assignment:
* Ensure that the licenses have been properly assigned to the Sg-Retail group without affecting other groups or users.
* Monitor the license status:
* Check the license usage and status to ensure that the Sg-Retail group members can utilize the Windows 10/11 Enterprise E3 features.
By following these steps, the Sg-Retail group should now have the Windows 10/11 Enterprise E3 licenses assigned to them.
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.
You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.
You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package- request-policy
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package- create
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure Azure AD Password Protection.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure Azure AD Password Protection.
Does this meet the goal?
정답: A
You have a Microsoft 365 E5 subscription. You need to perform the following tasks:
* Identify the locations and IP addresses used by Azure AD users to sign in
* Review the Azure AD security settings and identify improvement recommendations.
* Identify changes to Azure AD users or service principle.
What should you use for each task? To answer, drag the appropriate resources to the correct requirements.
Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
* Identify the locations and IP addresses used by Azure AD users to sign in
* Review the Azure AD security settings and identify improvement recommendations.
* Identify changes to Azure AD users or service principle.
What should you use for each task? To answer, drag the appropriate resources to the correct requirements.
Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
정답:
Explanation:
You have a Microsoft Entra tenant that contains the users shown in the following table.
The tenant contains the identities shown in the following table.
Which users can create custom security attributes, and to which identities can the attributes be assigned? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
The tenant contains the identities shown in the following table.
Which users can create custom security attributes, and to which identities can the attributes be assigned? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?
정답: C
You have an Azure Active Directory (Azure AD) tenant.
You create an enterprise application collection named HR Apps that has the following settings:
* Applications: Appl. App?, App3
* Owners: Admin 1
* Users and groups: HRUsers
AH three apps have the following Properties settings:
* Enabled for users to sign in: Yes
* User assignment required: Yes
* Visible to users: Yes
Users report that when they go to the My Apps portal, they only sue App1 and App2-You need to ensure that the users can also see App3. What should you do from App3?
What should you do from App3?
You create an enterprise application collection named HR Apps that has the following settings:
* Applications: Appl. App?, App3
* Owners: Admin 1
* Users and groups: HRUsers
AH three apps have the following Properties settings:
* Enabled for users to sign in: Yes
* User assignment required: Yes
* Visible to users: Yes
Users report that when they go to the My Apps portal, they only sue App1 and App2-You need to ensure that the users can also see App3. What should you do from App3?
What should you do from App3?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
You need to ensure that User1 can create new catalogs and add resources to the catalogs they own.
What should you do?
You need to ensure that User1 can create new catalogs and add resources to the catalogs they own.
What should you do?
정답: C
You need to track application access assignments by using Identity Governance. The solution must meet the delegation requirements.
What should you do first?
What should you do first?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 ES subscription that contains a user named User1. User1 is eligible for the Application administrator role.
User1 needs to configure a new connector group for an application proxy.
What should you to activate the role for User1?
User1 needs to configure a new connector group for an application proxy.
What should you to activate the role for User1?
정답: B
You have an Azure AD tenant that contains the users shown in the following table.
The User settings for enterprise applications have the following configuration.
* Users can consent to apps accessing company data on their behalf:
* Users can consent to apps accessing company data for the groups they
* Users can request admin consent to apps they are unable to consent to: Yes
* Who can review admin consent requests: Admin2, User2
User1 attempts to add an app that requires consent to access company data.
Which user can provide consent?
The User settings for enterprise applications have the following configuration.
* Users can consent to apps accessing company data on their behalf:
* Users can consent to apps accessing company data for the groups they
* Users can request admin consent to apps they are unable to consent to: Yes
* Who can review admin consent requests: Admin2, User2
User1 attempts to add an app that requires consent to access company data.
Which user can provide consent?
정답: C
You need to support the planned changes and meet the technical requirements for MFA.
Which feature should you use, and how long before the users must complete the registration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Which feature should you use, and how long before the users must complete the registration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk.
Which type of policy should you create in the Microsoft Defender for Cloud Apps?
Which type of policy should you create in the Microsoft Defender for Cloud Apps?
정답: B
You have an Azure subscription that containes a registered app named App1.
You need to review the sign-in activity for App1. The solution must meet the following requirements:
* Identify the number of failed sign-ins.
* Identify the success rate of sign-ins.
* Minimize administrative effort.
What should you use?
You need to review the sign-in activity for App1. The solution must meet the following requirements:
* Identify the number of failed sign-ins.
* Identify the success rate of sign-ins.
* Minimize administrative effort.
What should you use?
정답: A