최신 SC-300 무료덤프 - Microsoft Identity and Access Administrator

Hotspot Question
You have an Azure subscription that contains the resources shown in the following table.

You create a Microsoft Entra user named User1.
Which identities can you add to VM1 and App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct answer is worth one point.
정답:
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU).
What should you configure?

정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Case Study 3 - A Datum Corp
Overview
A Datum Corporation is a consulting company in Montreal. A Datum recently acquired a Vancouver-based company named Litware, Inc.
Existing Environment
A Datum Environment
The on-premises network of A Datum contains an Active Directory Domain Services (AD DS) forest named adatum.com.
A Datum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect A Datum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.
The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Existing Environment
Litware Environment
Litware has an AD DS forest named litware.com
Existing Environment
Problem Statements
A Datum identifies the following issues:
- Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.
- A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.
- When you attempt to assign the Device Administrators role To IT_Group1, the group does NOT appear in the selection list.
- Anyone in the organization can invite guest users, including other guests and non- administrators.
- The helpdesk spends too much time resetting user passwords.
- Users currently use only passwords for authentication.
Requirements
Planned Changes
A Datum plans to implement the following changes;
- Configure self-service password reset {SSPR}.
- Configure multi-factor authentication (MFA) for all users.
- Configure an access review for an access package named Package1.
- Require admin approval for application access to organizational data.
- Sync the AD DS users and groupsoflitware.com with the Azure AD tenant.
- Ensure that only users that are assigned specific admin roles can invite guest users.
- Increase the maximum number of devices that can be joined or registered to Azure AD to 10.
Requirements
Technical Requirements
A Datum identifies the following technical requirements:
- Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.
- Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.
- Users must provide one authentication method to reset their password by using SSPR.
Available methods must include:
- Email
- Phone
- Security questions
- The Microsoft Authenticator app
- Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.
- The principle of least privilege must be used.
Hotspot Question
You implement the planned changes for SSPR.
What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:

Explanation:
Box 1: 2
Why: By default, administrator accounts are enabled for self-service password reset, and a strong default two-gate password reset policy is enforced.
Box 2: Email, phone and Microsoft Authenticator only
Why: The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number, and it prohibits security questions.
A two-gate policy applies in the following circumstances:
.....
Security administrator
Service support administrator
SharePoint administrator
Skype for Business administrator
User administrator
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-policy-differences
Hotspot Question
You have an Azure Active Directory (Azure AD) tenant that contains the following group:
Name: Group1
Members: User1, User2
Owner: User3
On January 15, 2021, you create an access review as shown in the exhibit. (Click the Exhibit tab.)

Users answer the Review1 question as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:

Explanation:
Box 1: No
The review end date is 14 days after the start (January 15), the end of the review cycle for the month is January 29. After that date, the review cycle will not start again until February 15.
Box 2: Yes
The user will not be removed from the group until the end of the access review period.
Box 3: No
Reviews are for Group1, which User3 is not a member of.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/review-your-access
Case Study 2 - Litware, Inc
Overview
Litware, Inc. is a pharmaceutical company that has a subsidiary named Fabrikam, Inc.
Litware has offices in Boston and Seattle, but has employees located across the United States.
Employees connect remotely to either office by using a VPN connection.
Existing Environment. Identify Environment
The network contains an Active Directory forest named litware.com that is linked to an Azure Active Directory (Azure AD) tenant named litware.com. Azure AD Connect uses pass-through authentication and has password hash synchronization disabled.
Litware.com contains a user named User1 who oversees all application development.
Litware implements Azure AD Application Proxy.
Fabrikam has an Azure AD tenant named fabrikam.com. The users at Fabrikam access the resources in litware.com by using guest accounts in the litware.com tenant.
Existing Environment. Cloud Environment
All the users at Litware have Microsoft 365 Enterprise E5 licenses. All the built-in anomaly detection policies in Microsoft Cloud App Security are enabled.
Litware has an Azure subscription associated to the litware.com Azure AD tenant. The subscription contains an Azure Sentinel instance that uses the Azure Active Directory connector and the Office 365 connector. Azure Sentinel currently collects the Azure AD sign-ins logs and audit logs.
Existing Environment. On-premises Environment
The on-premises network contains the servers shown in the following table.

Both Litware offices connect directly to the internet. Both offices connect to virtual networks in the Azure subscription by using a site-to-site VPN connection. All on-premises domain controllers are prevented from accessing the internet.
Requirements. Delegation Requirements
Litware identifies the following delegation requirements:
* Delegate the management of privileged roles by using Azure AD Privileged Identity Management (PIM).
* Prevent nonprivileged users from registering applications in the litware.com Azure AD tenant.
* Use custom catalogs and custom programs for Identity Governance.
* Ensure that User1 can create enterprise applications in Azure AD.
* Use the principle of least privilege.
Requirements. Licensing Requirements
Litware recently added a custom user attribute named LWLicensesto the litware.com Active Directory forest. Litware wants to manage the assignment of Azure AD licenses by modifying the value of the LWLicensesattribute. Users who have the appropriate value for LWLicensesmust be added automatically to a Microsoft 365 group that has the appropriate licenses assigned.
Requirements. Management Requirements
Litware wants to create a group named LWGroup1 that will contain all the Azure AD user accounts for Litware but exclude all the Azure AD guest accounts.
Requirements. Authentication Requirements
Litware identifies the following authentication requirements:
* Implement multi-factor authentication (MFA) for all Litware users.
* Exempt users from using MFA to authenticate to Azure AD from the Boston office of Litware.
* Implement a banned password list for the litware.com forest.
* Enforce MFA when accessing on-premises applications.
* Automatically detect and remediate externally leaked credentials.
Requirements. Access Requirements
Litware identifies the following access requirements:
* Control all access to all Azure resources and Azure AD applications by using conditional access policies.
* Implement a conditional access policy that has session controls for Microsoft SharePoint Online.
* Control privileged access to applications by using access reviews in Azure AD.
Requirements. Monitoring Requirements
Litware wants to use the Fusion rule in Azure Sentinel to detect multi-staged attacks that include a combination of suspicious Azure AD sign-ins followed by anomalous Microsoft Office 365 activity.
You need to configure the detection of multi-staged attacks to meet the monitoring requirements.
What should you do?

정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft Entra tenant named contoso.com that contains an enterprise application named App1.
A contractor uses the credentials of [email protected].
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected].
What should you do?

정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
The tenant uses pass-through authentication.
A corporate security policy states the following:
* Domain controllers must never communicate directly to the internet.
* Only required software must be installed on servers.
The Active Directory domain contains the on-premises servers shown in the following table.

You need to ensure that users can authenticate to Azure AD if a server fails.
On which server should you install an additional pass-through authentication agent?

정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Hotspot Question
You have an Azure subscription named Sub1.
You plan to deploy Microsoft Entra Permissions Management.
You need to ensure that Permission Management can onboard Sub1. The solution must follow the principle of least privilege.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:[email protected]
Microsoft 365 Password: =1122334455667788
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 99999999
You need to implement additional security checks before the members of the sg-Executive can access any company apps. The members must meet one of the following conditions:
- Connect by using a device that is marked as compliant by Microsoft Intune.
- Connect by using client apps that are protected by app protection policies.
To complete this task, sign in to the appropriate admin center.
정답:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure pass-through authentication.
Does this meet the goal?

정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You recently created a new Azure AD Tenant for your organization, Pass4test Inc and you were assigned a default domain of pass4test.onmicorosft.com. You want to use your own custom domain of pass4test.com. You added the custom domain via the Azure portal and now you have to validate that you are the owner of the custom domain through your registrar. What type of record will you need to add to your domain registrar?

정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You work for a company named Contoso, Ltd. that has a Microsoft Entra tenant named contoso.com.
Contoso is working on a project with the following two partner companies:
- A company named A Datum Corporation that has a Microsoft Entra
tenant named adatum.com.
- A company named Fabrikam, Inc. that has a Microsoft Entra tenant
named fabrikam.com.
When you attempt to invite a new guest user from adatum.com to contoso.com, you receive an error message.
You can successfully invite a new guest user from fabnkam.com to contoso.com.
You need to be able to invite new guest users from adatum.com to contoso.com.
What should you configure?

정답: D
설명: (DumpTOP 회원만 볼 수 있음)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not initiate.
Solution: From the Azure portal, you configure the Block/unblock users settings for multi-factor authentication (MFA).
Does this meet the goal?

정답: A
설명: (DumpTOP 회원만 볼 수 있음)

우리와 연락하기

문의할 점이 있으시면 메일을 보내오세요. 12시간이내에 답장드리도록 하고 있습니다.

근무시간: ( UTC+9 ) 9:00-24:00
월요일~토요일

서포트: 바로 연락하기