Valid SC-300 Dumps shared by PassLeader for Helping Passing SC-300 Exam! PassLeader now offer the newest SC-300 VCE dumps and SC-300 PDF dumps, the PassLeader SC-300 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader SC-300 dumps with VCE and PDF here: https://www.passleader.com/sc-300.html (401 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader SC-300 dumps from Cloud Storage: https://drive.google.com/drive/folders/1r63PflsI0kg5nq3xZf5SDNTwJZLMnGkF
NEW QUESTION 371
You have an Azure subscription that contains a storage account named storage1. You plan to deploy an app named App1 that will be hosted on multiple virtual machines. The virtual machines will authenticate to a third-party API by using secrets. You need to recommend an authentication solution for the virtual machines. The solution must meet the following requirements:
– Securely store secrets.
– Ensure that credentials do NOT need to be stored in the App1 code.
– Ensure that the virtual machines can access Azure resources by using Microsoft Entra authentication.
– Minimize administrative effort.
What should you include in the recommendation?
A. user accounts and Storage Service Encryption
B. user-assigned managed identities and Azure Key Vault
C. user accounts and Azure Key Vault
D. system assigned managed identities and Storage Service Encryption
Answer: B
Explanation:
Azure Key Vault for the 3rd party API creds, and a user assigned managed identity for the MULTIPLE VMs to access “Azure resources by using Entra authentication”.
NEW QUESTION 372
You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com. Several users use their contoso.com email address for self-service sign-up to Microsoft Entra. You gain global administrator privileges to the Microsoft Entra tenant that contains the self-signed users. You need to prevent the users from creating user accounts in the contoso.com Microsoft Entra tenant for self-service sign-up to Microsoft 365 services. Which PowerShell cmdlet should you run?
A. Update-MgPolicyAuthorizationPolicy
B. Update-MgDomain
C. Update-MgPolicyPermissionGrantPolicyExclude
D. Update-MgDomainFederationConfiguration
Answer: A
Explanation:
Use the “Update-MgPolicyAuthorizationPolicy” cmdlet with the “AllowedToSignUpEmailBasedSubscriptions” parameter set to False.
https://learn.microsoft.com/en-us/entra/identity/users/directory-self-service-signup
NEW QUESTION 373
You have an Azure AD tenant. You need to implement smart lockout with a lockout threshold of 10 failed sign-ins. What should you configure in the Azure AD admin center?
A. Authentication strengths.
B. Password protection.
C. User risk policy.
D. Sign-in risk policy.
Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout#manage-microsoft-entra-smart-lockout-values
NEW QUESTION 374
You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Linux. You need to configure enhanced security for VM1. The solution must meet the following requirements:
– Ensure that users can sign in to VM1 by using their Microsoft Entra credentials.
– Ensure that users authenticate by using multi-factor out-of-band.
– Prevent users from signing in to VM1 by using passwords.
Which two authentication methods can you include in the solution? (Each correct answer presents a complete solution. Choose two.)
A. the Microsoft Authenticator app
B. FIDO2 security keys
C. Temporary Access Pass
D. SMS
E. Windows Hello for Business
Answer: AB
NEW QUESTION 375
You have a Microsoft Entra tenant that contains a terms of use (ToU) named Terms1. You create a Conditional Access policy named Policy1 to deploy Terms1. You need to configure Policy1 to require users to accept Terms1. Which settings should you configure for Policy1?
A. Conditions.
B. Session.
C. Grant.
D. Target resources.
Answer: C
Explanation:
To enforce Terms of Use (ToU) acceptance in a Conditional Access policy, you must configure it under the Grant section.
https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-all-users-require-terms-of-use
NEW QUESTION 376
You have an Azure subscription that contains a virtual machine named VM1. VM1 has the following configurations:
– Private IP address: 172.16.1.5
– Public IP address: 108.143.161.25
– System-assigned managed identity status: On
You install an app named App1 on VM1. You need to configure App1 to request a managed identity app-only access token. Which IP address should App1 use for the request?
A. 108.143.161.25
B. 127.0.0.1
C. 169.254.169.254
D. 172.16.1.5
Answer: C
Explanation:
169.254.169.254 is the special IP address used for the Azure Instance Metadata Service (IMDS), which provides information about the VM and allows it to request tokens for managed identities.
NEW QUESTION 377
You have a Microsoft Entra tenant. You need to create a Conditional Access policy to manage administrative access to the tenant. The solution must ensure that administrators are authenticated by using a phishing-resistant multi-factor authentication (MFA) method. Which three authentication methods should you include in the solution? (Each correct answer presents a complete solution. Choose three.)
A. Windows Hello for Business
B. an FIDO2 security key
C. certificate-based authentication (multi-factor)
D. voice call
E. SMS
F. email OTP
G. certificate-based authentication (single-factor)
H. Microsoft Authenticator
Answer: ABC
NEW QUESTION 378
You have a Microsoft 365 E5 subscription. You need to be able to create a Microsoft Defender for Cloud Apps session policy. What should you do first?
A. From the Microsoft 365 Defender portal, select User monitoring.
B. From the Microsoft 365 Defender portal, select App onboarding/maintenance.
C. From the Microsoft Entra admin center, create a Conditional Access policy.
D. From the Microsoft 365 Defender portal, create a continuous report.
Answer: C
Explanation:
In order for your session policy to work, you must also have a Microsoft Entra ID Conditional Access policy, which creates the permissions to control traffic.
https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad
NEW QUESTION 379
You have a Microsoft Entra tenant. You configure self-service password reset (SSPR) by using the following settings:
– Require users to register when signing in: Yes
– Number of methods required to reset: 1
What is a valid authentication method available to users?
A. a Windows Hello PIN
B. a smartcard
C. a mobile app notification
D. an email to an address outside your organization
Answer: D
NEW QUESTION 380
You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant contains a registered app named App1. You have a partner organization that has a Microsoft Entra tenant. The tenant contains a registered app named App2. You need to ensure that App1 can access App2. Which two types of credentials can App1 use? (Each correct answer presents a complete solution. Choose two.)
A. certificate
B. managed identity
C. secret
D. user account
E. one-time password
Answer: AC
NEW QUESTION 381
You have a Microsoft Entra tenant that uses Microsoft Entra ID Premium licenses. You plan to configure a terms of use (ToU) for the tenant. You need to upload the ToU document. Which format should you use for the document?
A. HTML
B. RTF
C. PDF Most Voted
D. DOCX
Answer: C
Explanation:
https://learn.microsoft.com/en-us/entra/identity/conditional-access/terms-of-use
NEW QUESTION 382
You have a Microsoft 365 E5 subscription. You need to ensure that users are prompted to accept a custom terms of use (ToU) agreement when they sign in to the subscription. What should you configure?
A. an access package
B. a Conditional Access policy
C. a lifecycle workflow
D. an authentication method
Answer: B
Explanation:
Organizations can use terms of use along with Conditional Access policies to require employees or guests to accept your terms of use policy before getting access.
https://learn.microsoft.com/en-us/entra/identity/conditional-access/terms-of-use#add-terms-of-use
NEW QUESTION 383
You have a Microsoft 365 E5 subscription. You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant contains a user named User1. You plan to deploy Microsoft Entra Permissions Management. You need to ensure that User1 can onboard the Azure subscription to Permissions Management. The solution must follow the principle of least principle. Which Microsoft Entra role should you assign to User1?
A. Permissions Management Administrator
B. Global Administrator
C. Security Administrator
D. Application Administrator
Answer: A
Explanation:
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task#permissions-management
NEW QUESTION 384
You have an Azure subscription named Sub1. You purchase a Microsoft Entra Permissions Management license. You need to onboard Permissions Management. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Implement a Microsoft Entra application proxy.
B. From Microsoft Entra Permissions Management, configure data collection.
C. Create a role assignment for Sub1.
D. From the Microsoft Entra admin center, configure the Diagnostic settings.
E. From the Microsoft Entra admin center, create an app registration.
F. From the Azure portal, create a data collection rule (DCR).
Answer: BC
NEW QUESTION 385
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Microsoft Entra admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Set-MgUserLicense Cmdlet
B. the Identity Governance blade in the Microsoft Entra admin center
C. the Set-WindowsProductKey Cmdlet
D. the Administrative units blade in the Microsoft Entra admin center
Answer: A
NEW QUESTION 386
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Microsoft Entra admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Licenses blade in the Microsoft Entra admin center
B. the Set-WindowsProductKey cmdlet
C. the Identity Governance blade in the Microsoft Entra admin center
D. the Update-MgUser cmdlet
Answer: A
NEW QUESTION 387
You have a Microsoft 365 subscription. You have an Azure subscription that contains an Azure App Service web app named App1. You have multiple devices that run Windows and are enrolled in Microsoft Intune. You deploy the Global Secure Access client to the devices by using Intune. You need to configure private access to App1. What should you do next?
A. Create a remote network.
B. Configure a traffic forwarding profile.
C. Deploy a private network connector.
D. Create an application security group.
Answer: B
NEW QUESTION 388
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. You need to enable Microsoft Defender for Cloud Apps session control for Site1. Which type of policy should you create first?
A. access
B. app governance
C. session
D. conditional access
Answer: D
NEW QUESTION 389
You have a Microsoft 365 subscription that is onboarded to Microsoft Entra Permissions Management. You need to identify managed identities that are assigned permissions and remove any permissions that have been unused for 90 days. The solution must minimize administrative effort. What should you do in the Entra Permissions Management portal?
A. Configure an Autopilot rule.
B. Schedule a Permissions analytics report.
C. From Microsoft Entra Insights, review Service principals with privileged role assignments.
D. Run an audit query.
Answer: A
NEW QUESTION 390
You have a Microsoft 365 subscription. You need to create a Conditional Access policy that will use a Global Secure Access security profile. The solution must ensure that users are prevented from accessing websites that include the word gambling in the URL. What should you do first?
A. Create a web content filtering policy.
B. Create a named location.
C. Configure the Adaptive Access settings.
D. Create a network security group (NSG).
Answer: A
NEW QUESTION 391
HotSpot
You have an Azure subscription. From Entitlement management, you plan to create a catalog named Catalog1 that will contain a custom extension. What should you create first, and what should you use to distribute Catalog1? (To answer, select the appropriate options in the answer area.)
Answer:
NEW QUESTION 392
HotSpot
You have an Azure subscription named Sub1. You plan to deploy Microsoft Entra Permissions Management. You need to ensure that Permission Management can onboard Sub1. The solution must follow the principle of least privilege. How should you complete the PowerShell command? (To answer, select the appropriate options in the answer area.)
Answer:
NEW QUESTION 393
HotSpot
You have a Microsoft 365 subscription. You configure a Global Secure Access security profile named SecurityProfile1. You need to create a Conditional Access policy named CAPolicy1 that will use SecurityProfile1. Which two settings should you configure to ensure that CAPolicy1 uses SecurityProfile1? (To answer, select the appropriate settings in the answer area.)
Answer:
NEW QUESTION 394
Drag and Drop
You have a Microsoft 365 E5 subscription. The subscription contains 500 devices that run Windows. You deploy the Global Secure Access client to the devices. You need to prevent users from accessing https://contoso.com from the devices. Which three actions should you perform in sequence? (To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
NEW QUESTION 395
Drag and Drop
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1 that runs Windows Server and hosts a shared folder named Share1. The domain contains 500 devices that run Windows 11. You have a Microsoft 365 E5 subscription that syncs with the domain. From Global Secure Access, you enable the Private access profile and deploy the Global Secure Access client to all the devices. You need to ensure that the devices can connect to Share1 remotely by using Global Secure Access. Which three actions should you perform in sequence? (To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
NEW QUESTION 396
……
Get the newest PassLeader SC-300 VCE dumps here: https://www.passleader.com/sc-300.html (401 Q&As Dumps)
And, DOWNLOAD the newest PassLeader SC-300 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1r63PflsI0kg5nq3xZf5SDNTwJZLMnGkF