SC-300 無料問題集「Microsoft Identity and Access Administrator」
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.
You install Microsoft Entra Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.)
You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You install Microsoft Entra Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.)
You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate.
Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA).
Does this meet the goal?
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate.
Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA).
Does this meet the goal?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure AD tenant that contains a user named User1. User1 is assigned the User Administrator role.
You need to configure External collaboration settings for the tenant to meet the following requirements: |
*Guest users must be prevented from querying staff email addresses.
*Guest users must be able to access the tenant only if they are invited by User1.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.
You need to configure External collaboration settings for the tenant to meet the following requirements: |
*Guest users must be prevented from querying staff email addresses.
*Guest users must be able to access the tenant only if they are invited by User1.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.
正解:
Explanation:
Box1 = User access is restricted to properties and memberships of their own directory objects (most restrictive). This setting ensures that guest users are prevented from querying staff email addresses and can access the tenant only if they are invited by User1.
Box2 =Only users assigned to specific admin roles can invite guest users. This setting ensures that guest users can access the tenant only if they are invited by User1.
Box3 = This setting enables guest users to sign up for the tenant only if they are invited by User1.
You create a conditional access policy that blocks access when a user triggers a high-seventy sign-in alert.
You need to test the policy under the following conditions;
* A user signs in from another country.
* A user triggers a sign-in risk.
What should you use to complete the test?
You need to test the policy under the following conditions;
* A user signs in from another country.
* A user triggers a sign-in risk.
What should you use to complete the test?
正解:A
解答を投票する
You have a Microsoft Entra tenant that contains a user named User1.
An administrator deletes User1. You need to identify the following:
* What is the maximum number of days for which you have the option to restore the User1 account?
* Which is the least privileged role that can be used to restore User1?
To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
An administrator deletes User1. You need to identify the following:
* What is the maximum number of days for which you have the option to restore the User1 account?
* Which is the least privileged role that can be used to restore User1?
To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.
Department has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Department has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant contains a registered app named App1. You have a partner organization that has a Microsoft Entra tenant. The tenant contains a registered app named App2. You need to ensure that App1 can access App2.
Which two types of credentials can App1 use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Which two types of credentials can App1 use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:A、B
解答を投票する
You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity.
You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.
What should you configure for storage1 in the Azure portal?
You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.
What should you configure for storage1 in the Azure portal?
正解:A
解答を投票する
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant. You need to ensure that user authentication always occurs by validating passwords against the AD DS domain. What should you configure, and what should you use? To answer, select the appropriate options in the answer area. NOTE: Each coned selection is worth one point.
正解:
Explanation:
You implement the planned changes for SSPR.
What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
See the answer below in explanation.
Explanation:
Answer is
Explanation:
Answer is
You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management. Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1.
You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.
What should you do on the Remediation tab in Permissions Management?
You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.
What should you do on the Remediation tab in Permissions Management?
正解:D
解答を投票する