SC-300 実際試験問題と解答 - 模擬練習 - 受験自信を増やす

Question No : 1
Your network contains an on-premises Active Directory domain that sync to an Azure Active Directory (Azure AD) tenant.
The tenant contains the shown in the following table.

All the users work remotely.
Azure AD Connect is configured in Azure as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost.
Which user can sign in to Azure AD?

A.User1 only
B.User1 and User 3 only
C.User1, and User2 only
D.User1, User2, and User3

正解:

Question No : 2
You have a Microsoft 365 tenant.
The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center.
You need to review access to the Exchange admin center at the end of each month and block sign-ins if
required.
What should you create?

A.an access package that targets users outside your directory
B.an access package that targets users in your directory
C.a group-based access review that targets guest users
D.an application-based access review that targets guest users

正解:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

Question No : 3
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate.
Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA).
Does this meet the goal?

A.Yes
B.No

正解:
Explanation:
The fraud alert feature lets users report fraudulent attempts to access their resources. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt using the Microsoft Authenticator app or through their phone.
The following fraud alert configuration options are available:
✑ Automatically block users who report fraud.
✑ Code to report fraud during initial greeting.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Question No : 4
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate.
Solution: From the Azure portal, you configure the Block/unblock users settings for multi-factor authentication (MFA).
Does this meet the goal?

A.Yes
B.No

正解:
Explanation:
You need to configure the fraud alert settings.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Question No : 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure AD, you modify the Diagnostics settings.
Does this meet the goal?

A.Yes
B.No

正解:

Question No : 6
HOTSPOT
You have a Microsoft 365 tenant.
You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)

You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)

You view the User administrator role assignments as shown in the Rote assignments exhibit. (Click the Role assignments lab.)

For each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

正解:

Question No : 7
You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:
• Require users to register when signing in: Yes
• Number of methods required to reset: 1
What is a valid authentication method available to users?

A.home prions
B.mobile app notification
C.a mobile app code
D.an email to an address in your organization

正解:

Question No : 8
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync.
What should you do in Azure AD Connect?

A.Create an inbound synchronization rule for the Windows Azure Active Directory connector.
B.Configure a Full Import run profile.
C.Create an inbound synchronization rule for the Active Directory Domain Services connector.
D.Configure an Export run profile.

正解:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-the-configuration

Question No : 9
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table.

In Azure AD. you add a new enterprise application named Appl.
Which groups can you assign to App1?

A.Group1 and Group
B.Group2 only
C.Group3 only
D.Group1 only
E.Group1 and Group4

正解:

Question No : 10
You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?

A.Group1 only
B.Group1 and Group4 only
C.Group1 and Group2 only
D.Group1, Group2, Group4, and Group5 only
E.Group1, Group2, Group3, Group4 and Group5

正解:
Explanation:
You cannot create access reviews for device groups.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

Question No : 11
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory
domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?

A.Azure AD Application Proxy
B.an Azure AD Password Protection proxy
C.Network Policy Server (NPS)
D.a pass-through authentication proxy

正解:

Question No : 12
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant-
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).
You need to configure the computers for Azure AD Seamless SSO.
What should you do?

A.Enable Enterprise State Roaming.
B.Configure Sign-in options.
C.Install the Azure AD Connect Authentication Agent.
D.Modify the Intranet Zone settings.

正解:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Question No : 13
You have a Microsoft 365 tenant.
All users have mobile phones and laptops.
The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.
You plan to implement multi-factor authentication (MFA).
Which MFA authentication method can the users use from the remote location?

A.a notification through the Microsoft Authenticator app
B.an app password
C.Windows Hello for Business
D.SMS

正解:
Explanation:
In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user's device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Windows Hello to authenticate users.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview

Question No : 14
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license.
The tenant contains the users shown in the following table.

You have the Device Settings shown in the following exhibit.

User1 has the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

正解:

Explanation:
Box 1: Yes
Users may join 5 devices to Azure AD.
Box 2: Yes
Box 3: No
An additional local device administrator has not been applied

Question No : 15
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the following group:
✑ Name: Group1
✑ Members: User1, User2
✑ Owner: User3
On January 15, 2021, you create an access review as shown in the exhibit. (Click the Exhibit tab.)

Users answer the Review1 question as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

正解:

Explanation:
A screenshot of a computer
Description automatically generated with low confidence

Microsoft SC-300 問題練習