Valid SC-300 Dumps shared by PassLeader for Helping Passing SC-300 Exam! PassLeader now offer the newest SC-300 VCE dumps and SC-300 PDF dumps, the PassLeader SC-300 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader SC-300 dumps with VCE and PDF here: https://www.passleader.com/sc-300.html (231 Q&As Dumps –> 309 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader SC-300 dumps from Cloud Storage: https://drive.google.com/drive/folders/1r63PflsI0kg5nq3xZf5SDNTwJZLMnGkF
NEW QUESTION 211
You have a Microsoft 365 E5 subscription. You create a user named User1. You need to ensure that User1 can update the status of Identity Secure Score improvement actions.
Solution: You assign the Security Operator role to User1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
With read and write access, you can make changes and directly interact with identity secure score:
– Global administrator
– Security administrator
– Exchange administrator
– SharePoint administrator
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score#who-can-use-the-identity-secure-score
NEW QUESTION 212
You have a Microsoft 365 E5 subscription. You create a user named User1. You need to ensure that User1 can update the status of Identity Secure Score improvement actions.
Solution: You assign the SharePoint Administrator role to User1.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score#who-can-use-the-identity-secure-score
NEW QUESTION 213
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You needed to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Groups blade in the Azure Active Directory admin center
B. the Set-AzureAdUser cmdlet
C. the Identity Governance blade in the Azure Active Directory admin center
D. the Licenses blade in the Azure Active Directory admin center
Answer: D
NEW QUESTION 214
You have an Azure AD tenant that contains a user named Admin1. You need to ensure that Admin1 can perform only the following tasks:
– From the Microsoft 365 admin center, create and manage service requests.
– From the Microsoft 365 admin center, read and configure service health.
– From the Azure portal, create and manage support tickets.
The solution must minimize administrative effort. What should you do?
A. Create an administrative unit and add Admin1.
B. Enable Azure AD Privileged Identity Management (PIM) for Admin1.
C. Assign Admin1 the Helpdesk Administrator role.
D. Create a custom role and assign the role to Admin1.
Answer: C
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#helpdesk-administrator
NEW QUESTION 215
A user named User1 receives an error message when attempting to access the Microsoft Defender for Cloud Apps portal. You need to identify the cause of the error. The solution must minimize administrative effort. What should you use?
A. log analytics
B. sign-in logs
C. audit logs
D. provisioning logs
Answer: B
NEW QUESTION 216
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Yammer. You need prevent users from signing in to Yammer from high-risk locations. What should you do in the Microsoft Defender for Cloud Apps portal?
A. Create an access policy.
B. Create an activity policy.
C. Unsanction Yammer.
D. Create an anomaly detection policy.
Answer: A
Explanation:
https://learn.microsoft.com/en-us/defender-cloud-apps/access-policy-aad
NEW QUESTION 217
You have an Azure Active Directory (Azure AD) tenant. You configure self-service password reset (SSPR) by using the following settings:
– Require users to register when signing in: Yes.
– Number of methods required to reset: 1.
What is a valid authentication method available to users?
A. an email to an address outside your organization
B. a mobile app notification
C. an FIDO2 security token
D. an email to an address in your organization
Answer: A
Explanation:
When using a mobile app as a method for password reset, like the Microsoft Authenticator app, the following considerations apply:
– When administrators require one method be used to reset a password, verification code is the only option available.
– When administrators require two methods be used to reset a password, users are able to use notification OR verification code in addition to any other enabled methods.
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks#mobile-app-and-sspr
NEW QUESTION 218
You have an Azure AD tenant. You configure User consent settings to allow users to provide consent to apps from verified publishers. You need to ensure that the users can only provide consent to apps that require low impact permissions. What should you do?
A. Create an enterprise application collection.
B. Create an access review.
C. Create an access package.
D. Configure permission classifications.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-permission-classifications?pivots=portal
NEW QUESTION 219
You have an Azure subscription. You are evaluating enterprise software as a service (SaaS) apps. You need to ensure that the apps support automatic provisioning of Azure AD users. Which specification should the apps support?
A. OAuth 2.0
B. WS-Fed
C. SCIM 2.0
D. LDAP 3
Answer: C
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning
NEW QUESTION 220
You have a Microsoft 365 E5 subscription that contains a user named User1. You need to ensure that User1 can create access reviews for Azure AD roles. The solution must use the principle of least privilege. Which role should you assign to User1?
A. Privileged role administrator.
B. Identity Governance Administrator.
C. User administrator.
D. User Access Administrator.
Answer: C
Explanation:
To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources. To create access reviews for Azure AD roles, you must be assigned to the Global Administrator or the Privileged Role Administrator role.
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites
NEW QUESTION 221
You have a Microsoft 365 E5 subscription that contains a user named User1. User is eligible for the Application administrator role. User1 needs to configure a new connector group for an application proxy. What should you use to activate the role for User1?
A. the Microsoft Defender for Cloud Apps portal
B. the Microsoft 365 admin center
C. the Azure Active Directory admin center
D. the Microsoft 365 Defender portal
Answer: C
NEW QUESTION 222
You have an Azure subscription that contains a registered app named App1. You need to review the sign-in activity for App1. The solution must meet the following requirements:
– Identify the number of failed sign-ins.
– Identify the success rate of sign-ins.
– Minimize administrative effort.
What should you use?
A. Sign-in logs.
B. Access reviews.
C. Audit logs.
D. Usage & insights.
Answer: D
NEW QUESTION 223
Your company has an Azure AD tenant that contains a user named User1. The company has two departments named marketing and finance. You need to grant permissions to User1 to manage only the users in the marketing department. The solution must ensure that User1 does NOT have permissions to manage the users in the finance department. What should you create first?
A. a management group
B. an administrative unit
C. a resource group
D. a Microsoft 365 group
Answer: B
NEW QUESTION 224
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps. You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort. What should you do first?
A. Create a Conditional Access policy.
B. Create a Defender for Cloud Apps access policy.
C. Create an app configuration policy in Microsoft Endpoint Manager.
D. From the Microsoft Defender for Cloud Apps portal, unsanction Facebook.
Answer: D
Explanation:
Unsanctioning an app doesn’t block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps.
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
NEW QUESTION 225
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). You need to identify users that are eligible for the Cloud Application Administrator role. Which blade in the Privileged Identity Management settings should you use?
A. Azure resources.
B. Privileged access groups.
C. Review access.
D. Azure AD roles.
Answer: B
NEW QUESTION 226
HotSpot
You have an Azure AD tenant that contains a user named User1. User1 is assigned the User Administrator role. You need to configure External collaboration settings for the tenant to meet the following requirements:
– Guest users must be prevented from querying staff email addresses.
– Guest users must be able to access the tenant only if they are invited by User1.
Which three settings should you configure? (To answer, select the appropriate settings in the answer area.)
NEW QUESTION 227
HotSpot
You have a Microsoft 365 E5 subscription that contains a user named User1. You configure app governance integration. User1 needs to view the App governance dashboard. The solution must use the principle of the least privilege. Which role should you assign to User1, and which portal should User1 use to view the dashboard? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-get-started#roles
NEW QUESTION 228
HotSpot
You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3. You have two Azure AD roles that have the Activation settings shown in the following table:
The Azure AD roles have the Assignment settings shown in the following table:
The Azure AD roles have the eligible users shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NEW QUESTION 229
HotSpot
You have an Azure subscription. Azure AD logs are sent to a Log Analytics workspace. You need to query the logs and graphically display the number of sign-ins per user. How should you complete the query? (To answer, select the appropriate options in the answer area.)
NEW QUESTION 230
HotSpot
You have a Microsoft 365 E5 subscription. You need to create a dynamic user group that will include all the users that do NOT have a department defined in their user profile. How should you complete the membership rule? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership#use-of-null-values
NEW QUESTION 231
……
Get the newest PassLeader SC-300 VCE dumps here: https://www.passleader.com/sc-300.html (231 Q&As Dumps –> 309 Q&As Dumps)
And, DOWNLOAD the newest PassLeader SC-300 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1r63PflsI0kg5nq3xZf5SDNTwJZLMnGkF