[24-May-2021 Update] Exam SC-300 VCE Dumps and SC-300 PDF Dumps from PassLeader

Valid SC-300 Dumps shared by PassLeader for Helping Passing SC-300 Exam! PassLeader now offer the newest SC-300 VCE dumps and SC-300 PDF dumps, the PassLeader SC-300 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader SC-300 dumps with VCE and PDF here: https://www.passleader.com/sc-300.html (73 Q&As Dumps –> 127 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader SC-300 dumps from Cloud Storage: https://drive.google.com/drive/folders/1r63PflsI0kg5nq3xZf5SDNTwJZLMnGkF

NEW QUESTION 61
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1. A contractor uses the credentials of [email protected] You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected] What should you do?

A.    Run the New-AzADUser cmdlet.
B.    Configure the External collaboration settings.
C.    Add a WS-Fed identity provider.
D.    Create a guest user account in contoso.com.

Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal

NEW QUESTION 62
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect. You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync. What should you do in Azure AD Connect?

A.    Create an inbound synchronization rule for the Windows Azure Active Directory connector.
B.    Configure a Full Import run profile.
C.    Create an inbound synchronization rule for the Active Directory Domain Services connector.
D.    Configure an Export run profile.

Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration

NEW QUESTION 63
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure Azure AD Password Protection.
Does this meet the goal?

A.    Yes
B.    No

Answer: B

NEW QUESTION 64
You have an Azure Active Directory (Azure AD) tenant. For the tenant, Users can register applications is set to No. A user named Admin1 must deploy a new cloud app named App1. You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege. Which role should you assign to Admin1?

A.    Managed Application Contributor for Subscription1.
B.    Application developer in Azure AD.
C.    Cloud application administrator in Azure AD.
D.    App Configuration Data Owner for Subscription1.

Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles

NEW QUESTION 65
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection enabled. You need to implement a sign-in risk remediation policy without blocking user access. What should you do first?

A.    Configure access reviews in Azure AD.
B.    Enforce Azure AD Password Protection.
C.    Configure self-service password reset (SSPR) for all users.
D.    Implement multi-factor authentication (MFA) for all users.

Answer: D
Explanation:
MFA and SSPR are both required. However, MFA is required first.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment

NEW QUESTION 66
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com. Fabrikam users must be removed automatically from the tenant when access is no longer required. You need to configure the following settings:
– Block external user from signing in to this directory: No.
– Remove external user: Yes.
– Number of days before removing external user from this directory: 90.
What should you configure on the Identity Governance blade?

A.    Access packages.
B.    Settings.
C.    Terms of use.
D.    Access reviews.

Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

NEW QUESTION 67
You have an Azure Active Directory (Azure AD) tenant. You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past. For how long does Azure AD store events in the sign-in logs?

A.    14 days
B.    30 days
C.    90 days
D.    365 days

Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data

NEW QUESTION 68
You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies. You plan to use third-party security information and event management (SIEM) to analyze conditional access usage. You need to download the Azure AD log by using the administrative portal. The log file must contain changes to conditional access policies. What should you export from Azure AD?

A.    audit logs in CSV format
B.    sign-ins in CSV format
C.    audit logs in JSON format
D.    sign-ins in JSON format

Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs

NEW QUESTION 69
You have an Azure Active Directory (Azure AD) tenant that contains the following objects.
– A device named Devie1.
– Users named User1, User2, User3, User4, and User5.
– Five groups named Group1, Group2, Group3, Group4, and Group5.
The groups are configured as shown in the following table:
SC-300-Exam-Questions-691
How many licenses are used if you assign the Microsoft 365 Enterprise E5 license to Group1?

A.    0
B.    2
C.    3
D.    4

Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced

NEW QUESTION 70
You have an Azure subscription that contains the resources shown in the following table:
SC-300-Exam-Questions-701
For which resources can you create an access review?

A.    Group1, Role1, and Contributor only.
B.    Group1 only.
C.    Group1, App1, Contributor, and Role1.
D.    Role1 and Contributor only.

Answer: C
Explanation:
1. Access reviews require an Azure AD Premium P2 license.
2. Access reviews for Group1 and App1 can be configured in Azure AD Access Reviews.
3. Access reviews for the Contributor role and Role1 would need to be configured in Privileged Identity Management (PIM). PIM is included in Azure AD Premium P2.
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review?toc=/azure/active-directory/governance/toc.json
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

NEW QUESTION 71
HotSpot
You have a Microsoft 365 tenant and an Active Directory domain named adatum.com. You deploy Azure AD Connect by using the Express Settings. You need to configure self-service password reset (SSPR) to meet the following requirements:
– When users reset their password, they must be prompted to respond to a mobile app notification or answer three predefined security questions.
– Passwords must be synced between the tenant and the domain regardless of where the password was reset.
What should you do? (To answer, select the appropriate options in the answer area.)
SC-300-Exam-Questions-711

Answer:
SC-300-Exam-Questions-712
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-security-questions

NEW QUESTION 72
Drag and Drop
You have a Microsoft 365 E5 tenant. You purchase a cloud app named App1. You need to enable real-time session-level monitoring of App1 by using Microsoft Cloud App Security. In which order should you perform the actions? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
SC-300-Exam-Questions-721

Answer:
SC-300-Exam-Questions-722
Explanation:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-any-app
https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad

NEW QUESTION 73
……


Get the newest PassLeader SC-300 VCE dumps here: https://www.passleader.com/sc-300.html (73 Q&As Dumps –> 127 Q&As Dumps)

And, DOWNLOAD the newest PassLeader SC-300 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1r63PflsI0kg5nq3xZf5SDNTwJZLMnGkF