SC-300 無料問題集「Microsoft Identity and Access Administrator」

You have an Azure AD tenant named contoso.com that contains the resources shown in the following table.
You create a user named Admin 1.

You need to ensure that Admin can enable Security defaults for contoso.com.
What should you do first?

解説: (JPNTest メンバーにのみ表示されます)
You have an Azure Active Directory (Azure AD) tenant that contains cloud-based enterprise apps.
You need to group related apps into categories in the My Apps portal.
What should you create?

解説: (JPNTest メンバーにのみ表示されます)
Your on-premises network contains an Active Directory domain that uses Azure AD Connect to sync with an Azure AD tenant. You need to configure Azure AD Connect to meet the following requirements:
* User sign-ins to Azure AD must be authenticated by an Active Directory domain controller.
* Active Directory domain users must be able to use Azure AD self-service password reset (SSPR).
What should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:

Explanation:
You have an Azure Ad tenant that contains the users show in the following table.

You create a dynamic user group and configure the following rule syntax.

Which users will be added to the group?

You create a conditional access policy that blocks access when a user triggers a high-seventy sign-in alert.
You need to test the policy under the following conditions;
* A user signs in from another country.
* A user triggers a sign-in risk.
What should you use to complete the test?

You implement the planned changes for SSPR.
What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
See the answer below in explanation.
Explanation:
Answer is
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create a user named User1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions.
Solution: You assign the SharePoint Administrator role to User1
Does this meet the goal?

You have an Azure AD tenant that contains a user named User1
User1 needs to manage license assignments and reset user passwords.
Which role should you assign to User1?

You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server.
You enable Microsoft Entra login for the virtual machines.
Users report that they cannot sign in to the virtual machines by using their Microsoft Entra credentials.
You need to ensure that the users can sign in to the virtual machines.
What should you do first?

Task 4
You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.
正解:
See the Explanation for the complete step by step solution.
Explanation:
To ensure that all users can consent to apps that require permission to read their user profile and prevent them from consenting to apps that require any other permissions, you can configure the user consent settings in the Microsoft Entra admin center. Here's how you can do it:
* Sign in as a Global Administrator:
* Access the Microsoft Entra admin center with Global Administrator privileges.
* Navigate to user consent settings:
* Go to Identity > Applications > Enterprise applications > Consent and permissions > User consent settings1.
* Configure the consent settings:
* Under User consent for applications, select the option that allows users to consent to apps that only require permission to read their user profile.
* Ensure that all other permissions are set to require administrator consent, thus preventing users from consenting to apps that require additional permissions1.
* Save the settings:
* After configuring the consent settings, select Save to apply the changes.
By following these steps, you will have configured the system to allow user consent for apps that need to read the user profile while blocking consent for apps that require additional permissions. This setup helps maintain user autonomy where appropriate while safeguarding against unauthorized access to broader permissions.
You have an Azure subscription that contains an Azure Automation account named Automation1 and an Azure key vault named Vault1. Vault1 contains a secret named Secret 1.
You enable a system-assigned managed identity for Automation1.
You need to ensure that Automation! can read the contents of Secret1. The solution must meet the following requirements:
* Prevent Automation1 from accessing other secrets stored in Vault1.
* Follow the principle of least privilege.
What should you do?

You create a new Microsoft 365 E5 tenant.
You need to ensure that when users connect to the Microsoft 365 portal from an anonymous IP address, they are prompted to use multi-factor authentication (MFA).
What should you configure?

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. The tenant- uses through authentication.
A corporate security policy states the following:
* Domain controllers must never communicate directly to the internet.
* Only required software must be- installed on servers.
The Active Directory domain contains the on-premises servers shown in the following table.

You need to ensure that users can authenticate to Azure AD if a server fails.
On which server should you install an additional pass-through authentication agent?

解説: (JPNTest メンバーにのみ表示されます)
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
An administrator deletes User1.
You need to identity the following:
* How many days after the account of User1 is deleted can you restore the account?
* Which is the least privileged role that can be used to restore User1?
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:

Explanation:

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡