Exam SC-300 All QuestionsBrowse all questions from this exam
Go to Exam
Question 136

DRAG DROP

-

Case Study

-

Overview

-

ADatum Corporation is a consulting company in Montreal.

ADatum recently acquired a Vancouver-based company named Litware, Inc.

Existing Environment. ADatum Environment

The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com.

ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect.

ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.

The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Existing Environment. Litware Environment

Litware has an AD DS forest named litware.com

Existing Environment. Problem Statements

ADatum identifies the following issues:

• Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.

• A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.

• When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list.

• Anyone in the organization can invite guest users, including other guests and non-administrators.

• The helpdesk spends too much time resetting user passwords.

• Users currently use only passwords for authentication.

Requirements. Planned Changes

-

ADatum plans to implement the following changes:

• Configure self-service password reset (SSPR).

• Configure multi-factor authentication (MFA) for all users.

• Configure an access review for an access package named Package1.

• Require admin approval for application access to organizational data.

• Sync the AD DS users and groups of litware.com with the Azure AD tenant.

• Ensure that only users that are assigned specific admin roles can invite guest users.

• Increase the maximum number of devices that can be joined or registered to Azure AD to 10.

Requirements. Technical Requirements

ADatum identifies the following technical requirements:

• Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.

• Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.

• Users must provide one authentication method to reset their password by using SSPR. Available methods must include:

- Email

- Phone

- Security questions

- The Microsoft Authenticator app

• Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.

• The principle of least privilege must be used.

You need to resolve the recent security incident issues.

What should you configure for each incident? To answer, drag the appropriate policy types to the correct issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
ACSC

Box 1: User risk policy Box 2: Sign-in risk policy Box 3: Sign-in risk policy https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#sign-in-risk-detections

thoemes

i think user risk, sign in risk & conditional Access for anonymous IP

1c67a2c

It could be all conditional access policy. Microsoft is recommending to migrate user and sign in risk policies to conditional access. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies#migrate-risk-policies-from-identity-protection-to-conditional-access

penatuna

So it could be either the suggested answer or Conditional access to all. I would use conditional access, but i suspect that in Microsoft's mind the suggested answer is correct one. Go figure...

penatuna

BTW, here's a good video about the subject. https://youtu.be/zV_MBngLNDo

JCkD4Ni3L

You are right, however it depends on the references in the Exam, should you see Entra ID, means the exam is updated and it should conditional access policy, should you see Azure AD, then it would be Sign-in/User Risk policies... no?

JCkD4Ni3L

Actually you can read on the SC-300 web page that this exam will be updated on Oct 30th 2023. So if you pass this exam after this point, it's safe to asume it's Conditional Access Policy. Exam page: https://learn.microsoft.com/en-us/credentials/certifications/exams/sc-300/ The important notice states: "The English language version of this exam will be updated on October 30, 2023."

madysonwyman

Get SC 300 free exam questions: https://www.dumpsgeek.com/SC-300-pdf-dumps.html

Panama469

don't waste time looking at the link, crappy pdf file with a few incomplete questions trying to make you pay for more.

EmnCours

Correct