MSC-300

You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements. What should you do?. For on-premises applications. For Sharepoint Online.

You need to configure the detection of multi-staged attacks to meet the monitoring requirements. What should you do?. Customize the Azure Sentinel rule logic. Create a workbook. Add Azure Sentinel data connectors. Add an Azure Sentinel playbook.

You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. To Manage Azure AD built-in role assignment, use. To manage Azure buil-in role assignments, use:.

You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements. What should you configure?. named locations that have a private IP address range. named locations that have a public IP address range. trusted IPs that have a public IP address range. trusted IPs that have a private IP address range.

You need to implement password restrictions to meet the authentication requirements. You install the Azure AD password Protection DC agent on DC1. What should you do next?. Configure the Azure AD password protection proxy service on. Configure the password list.

You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements. What should you do?. Azure AD connect settings to modify. Assign Azure AD license to.

You have an Azure Active Directory (Azure AD) tenant named conto.so.com that has Azure AD Identity Protection enabled. You need to Implement a sign-in risk remediation policy without blocking access. What should you do first?. Configure access reviews in Azure AD. Enforce Azure AD Password Protection. Implement multi-factor authentication (MFA) for all users. Configure self-service password reset (SSPR) for all users.

You have a Microsoft 365 tenant. You need to ensure that you tan view Azure Active Directory (Azure AD) audit log information by using Azure Monitor. What should you do first?. Run the Get-AzureADAuditDirectoryLogs cmdlet. Create an Azure AD workbook. Run the Set-AzureADTenantDetail cmdlet. Modify the Diagnostics settings for Azure AD.

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights. You need to ensure that the IT department users only have access to the Security administrator role when required. What should you configure for the Security administrator role assignment?. Expire eligible assignments afte rfrom the Role settings details. Expire active assignments after from the Role settings details. Assignment type to Active. Assignment type to Eligible.

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure monitor, you create a data collection rule. Does this meet the goal?. Yes. No.

You have a Microsoft 365 tenant. All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services. Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request. You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Block/unblock users settings for multi-factor authentication (MFA). Does this meet the goal?. Yes. NO.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. All users who run applications registered in Azure AD are subject to conditional access policies. You need to prevent the users from using legacy authentication. What should you include in the conditional access policies to filter out legacy authentication attempts?. A cloud apps or actions condition. a user risk condition. a client apps condition. a sign-in risk condition.

You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click theExhibittab.) You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You set Reviewers to Member (self). Does this meet the goal?. Yes. No.

You have an Azure subscription that contains the resource shown in the following table. For which resources can you create an access review?. Group1, App1, Contributor, and Role1. Hotel and Contributor only. Group1, Role1, and Contributor only. Group1 only.

You have a Microsoft Exchange organization that uses an SMTP' address space of contoso.com. Several users use their contoso.com email address for self-service sign up to Azure Active Directory (Azure AD). You gain global administrator privileges to the Azure AD tenant that contains the self-signed users. You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services. Which PowerShell cmdlet should you run?. Set-MsolCompanySettings. Set-MsolDomainFederationSettings. Update-MsolfederatedDomain. Set-MsolDomain.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure password writeback. Does this meet the goal?. Yes. No.

You have a Microsoft 365 tenant. All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services. Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request. You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication (MFA). Does this meet the goal?. Yes. No.

You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies. You plan to use third-party security information and event management (SIEM) to analyze conditional access usage. You need to download the Azure AD log that contains conditional access policy data. What should you export from Azure AD?. sign-ins in JSON format. sign-ins in CSV format. audit logs in JSON format. audit logs in CSV format.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU). What should you configure?. an access review. The terms or use. a linked subscription. a user flow.

You have an Azure Active Directory (Azure Azure) tenant that contains the objects shown in the following table. • A device named Device1 • Users named User1, User2, User3, User4, and User5 • Five groups named Group1, Group2, Group3, Ciroup4, and Group5 The groups are configured as shown in the following table. How many licenses are used if you assign the Microsoft Office 365 Enterprise E5 license to Group1?. 1. 2. 3. 4.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain. The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server doesNOTsupport Azure MultiFactor Authentication (MFA). You need to recommend a solution to provide Azure MFA for VPN connections. What should you include in the recommendation?. Azure AD Application Proxy. an Azure AD Password Protection proxy. Network Policy Server (NPS). a pass-through authentication proxy.

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?. the Identity Governance blade in the Azure Active Directory admin center. theSet-AzureAdUsercmdlet. the Licenses blade in the Azure Active Directory admin center. TheSet-WindowsProductKeycmdlet.

You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role. SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal. You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative users. The solution must use the principle of least privilege. Which role should you assign to SecAdmin1?. Authentication administrator. Helpdesk administrator. Privileged authentication administrator. Security operator.

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you create an assignment for the Insights at administrator role. Does this meet the goal?. Yes. No.

You have a Microsoft 365 tenant. You currently allow email clients that use Basic authentication to conned to Microsoft Exchange Online. You need to ensure that users can connect t to Exchange only run email clients that use Modern authentication protocols. What should you implement? You need to ensure that use Modern authentication. a compliance policy in Microsoft Endpoint Manager. a conditional access policy in Azure Active Directory (Azure AD). an application control profile in Microsoft Endpoint Manager. an OAuth policy in Microsoft Cloud App Security.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to bulk invite Azure AD business-to-business (B2B) collaboration users. Which two parameters must you include when you create the bulk invite?. email address. redirection URL. username. shared key. password.