SC-300試験無料問題集「Microsoft Identity and Access Administrator 認定」
You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity.
You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.
What should you configure for storage1 in the Azure portal?
You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.
What should you configure for storage1 in the Azure portal?
正解:C
解答を投票する
You have Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.
Department has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Department has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.
You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.
You need to download the Azure AD log that contains conditional access policy data.
What should you export from Azure AD?
You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.
You need to download the Azure AD log that contains conditional access policy data.
What should you export from Azure AD?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 E5 subscription that contains two users named User1 and User2.
You need to ensure that User1 can create access reviews for groups, and that User2 can review the history report for all the completed access reviews. The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
You need to ensure that User1 can create access reviews for groups, and that User2 can review the history report for all the completed access reviews. The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
正解:
Explanation:
Task 6
You need to implement additional security checks before the members of the Sg-Executive can access any company apps. The members must meet one of the following conditions:
* Connect by using a device that is marked as compliant by Microsoft Intune.
* Connect by using client apps that are protected by app protection policies.
You need to implement additional security checks before the members of the Sg-Executive can access any company apps. The members must meet one of the following conditions:
* Connect by using a device that is marked as compliant by Microsoft Intune.
* Connect by using client apps that are protected by app protection policies.
正解:
See the Explanation for the complete step by step solution.
Explanation:
To implement additional security checks for the Sg-Executive group members before they can access any company apps, you can use Conditional Access policies in Microsoft Entra. Here's a step-by-step guide:
* Sign in to the Microsoft Entra admin center:
* Ensure you have the role of Global Administrator or Security Administrator.
* Navigate to Conditional Access:
* Go to Security > Conditional Access.
* Create a new policy:
* Select + New policy.
* Name the policy appropriately, such as "Sg-Executive Security Checks".
* Assign the policy to the Sg-Executive group:
* Under Assignments, select Users and groups.
* Choose Select users and groups and then Groups.
* Search for and select the Sg-Executive group.
* Define the application control conditions:
* Under Cloud apps or actions, select All cloud apps to apply the policy to any company app.
* Set the device compliance requirement:
* Under Conditions > Device state, configure the policy to include devices marked as compliant by Microsoft Intune.
* Set the app protection policy requirement:
* Under Conditions > Client apps, configure the policy to include client apps that are protected by app protection policies.
* Configure the access controls:
* Under Access controls > Grant, select Grant access.
* Choose Require device to be marked as compliant and Require approved client app.
* Ensure that the option Require one of the selected controls is enabled.
* Enable the policy:
* Set Enable policy to On.
* Review and save the policy:
* Review all settings to ensure they meet the requirements.
* Click Create to save and implement the policy.
By following these steps, you will ensure that the Sg-Executive group members can only access company apps if they meet one of the specified conditions, either by using a compliant device or a protected client app.
This enhances the security posture of your organization by enforcing stricter access controls for executive- level users.
Explanation:
To implement additional security checks for the Sg-Executive group members before they can access any company apps, you can use Conditional Access policies in Microsoft Entra. Here's a step-by-step guide:
* Sign in to the Microsoft Entra admin center:
* Ensure you have the role of Global Administrator or Security Administrator.
* Navigate to Conditional Access:
* Go to Security > Conditional Access.
* Create a new policy:
* Select + New policy.
* Name the policy appropriately, such as "Sg-Executive Security Checks".
* Assign the policy to the Sg-Executive group:
* Under Assignments, select Users and groups.
* Choose Select users and groups and then Groups.
* Search for and select the Sg-Executive group.
* Define the application control conditions:
* Under Cloud apps or actions, select All cloud apps to apply the policy to any company app.
* Set the device compliance requirement:
* Under Conditions > Device state, configure the policy to include devices marked as compliant by Microsoft Intune.
* Set the app protection policy requirement:
* Under Conditions > Client apps, configure the policy to include client apps that are protected by app protection policies.
* Configure the access controls:
* Under Access controls > Grant, select Grant access.
* Choose Require device to be marked as compliant and Require approved client app.
* Ensure that the option Require one of the selected controls is enabled.
* Enable the policy:
* Set Enable policy to On.
* Review and save the policy:
* Review all settings to ensure they meet the requirements.
* Click Create to save and implement the policy.
By following these steps, you will ensure that the Sg-Executive group members can only access company apps if they meet one of the specified conditions, either by using a compliant device or a protected client app.
This enhances the security posture of your organization by enforcing stricter access controls for executive- level users.
You have a Microsoft Entra tenant that contains two groups named Group! and Group2 and the users shown in the following table.
Group2 is a member of Group1.
You configure an access review that has the following settings:
* Name: Review 1
* Select what to review: Teams + Groups
* Review scope: Select Teams + groups
* Group: Group1
* Scope: Guest users only
* Select reviewers: Group owners(s)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Group2 is a member of Group1.
You configure an access review that has the following settings:
* Name: Review 1
* Select what to review: Teams + Groups
* Review scope: Select Teams + groups
* Group: Group1
* Scope: Guest users only
* Select reviewers: Group owners(s)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure AD tenant that contains two users named User1 and User2. You plan to perform the following actions:
* Create a group named Group 1.
* Add User1 and User 2 to Group1.
* Assign Azure AD roles to Group1.
You need to create Group1.
Which two settings can you use? Each correct answer presents a complete solution NOTE: Each correct selection is worth one point
* Create a group named Group 1.
* Add User1 and User 2 to Group1.
* Assign Azure AD roles to Group1.
You need to create Group1.
Which two settings can you use? Each correct answer presents a complete solution NOTE: Each correct selection is worth one point
正解:A,B
解答を投票する
You have an Azure AD tenant that contains an access package named Package1 and a user named User1.
Package1 is configured as shown in the following exhibit.
You need to ensure that User1 can modify the review frequency of Package1. The solution must use the principle of least privilege.
Which role should you assign to User1?
Package1 is configured as shown in the following exhibit.
You need to ensure that User1 can modify the review frequency of Package1. The solution must use the principle of least privilege.
Which role should you assign to User1?
正解:B
解答を投票する
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site!. Site!
hosts PDF files
You need to prevent users from printing the files directly from Sitel.
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?
hosts PDF files
You need to prevent users from printing the files directly from Sitel.
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?
正解:C
解答を投票する
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.
You have a Microsoft 365 ES subscription.
You create a user namedUser1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions.
Solution: You assign the Security Operator role User1.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.
You have a Microsoft 365 ES subscription.
You create a user namedUser1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions.
Solution: You assign the Security Operator role User1.
Does this meet the goal?
正解:A
解答を投票する
You have an Azure AD tenant named contoso.com that has Email one-time passcode for guests set to Yes.
You invite the guest users shown in the following table.
Which users will receive a one-time passcode, and how long will the passcode be valid? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You invite the guest users shown in the following table.
Which users will receive a one-time passcode, and how long will the passcode be valid? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You need to meet the technical requirements for the probability that user identifies were compromised.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You have a Microsoft 365 E5 subscription and an Azure subscription. You need to meet the following requirements:
* Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
* Delegate the ability to create new virtual machines.
What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
* Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
* Delegate the ability to create new virtual machines.
What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
Explanation:
You need to create the LWGroup1 group to meet the management requirements.
How should you complete the dynamic membership rule? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
How should you complete the dynamic membership rule? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Null
"Member"