SC-300テスト問題練習試そう!2025年に更新された346問あります [Q76-Q99]

Share

SC-300テスト問題練習試そう!2025年に更新された346問あります

更新された2025年12月プレミアムSC-300試験エンジンPDFで今すぐダウンロード!無料更新された346問あります


この試験は、一連の複数選択の質問と、候補者が自分の知識とスキルを実際のシナリオに適用する能力を実証することを要求するケーススタディで構成されています。この試験では、Azure ADの構成、Azure ADオブジェクトの管理、アクセスと認証の管理、条件付きアクセスポリシーの実装、IDガバナンスとコンプライアンスの管理など、幅広いトピックをカバーしています。候補者は、Azure Active Directory(Azure AD)、Microsoft 365、およびAzure Servicesを確実に理解することが期待されています。

 

質問 # 76
You have an Azure subscription that contains the resources shown in the following table.

The subscription contains the virtual machines shown in the following table.

Which identities can be assigned the Owner role for RG1, and to which virtual machines can you assign Managed2? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
Box1:Managed1, Managed2, VM1, and VM2 VM3
Box2: VM1, VM2, VM3, VM4 This article confirms that managed identities can be used acrossgeos:
https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq


質問 # 77
You have an Azure subscription that contains the custom roles shown in the following table.

You need to create a custom Azure subscription role named Role3 by using the Azure portal. Role3 will use the baseline permissions of an existing role. Which roles can you clone to create Role3?

  • A. built-in Azure subscription roles and built-in Azure AD roles only
  • B. built-in Azure subscription roles and Role2 only
  • C. Role1, Role2 built-in Azure subscription roles, and built-in Azure AD roles
  • D. Role2 only
  • E. built-in Azure subscription roles only

正解:A


質問 # 78
You need to configure app registration in Azure AD to meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles


質問 # 79
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
An administrator deletes User1.
You need to identity the following:
* How many days after the account of User1 is deleted can you restore the account?
* Which is the least privileged role that can be used to restore User1?
What should you identify? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 80
You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements. What should you configure?

  • A. trusted IPs that have a private IP address range
  • B. named locations that have a private IP address range
  • C. named locations that have a public IP address range
  • D. trusted IPs that have a public IP address range

正解:D

解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition Location offer your country set, IP ranges MFA trusted IP and corporate network VPN gateway IP address: This is the public IP address of the VPN device for your on-premises network. The VPN device requires an IPv4 public IP address. Specify a valid public IP address for the VPN device to which you want to connect. It must be reachable by Azure Client Address space: List the IP address ranges that you want routed to the local on-premises network through this gateway. You can add multiple address space ranges. Make sure that the ranges you specify here do not overlap with ranges of other networks your virtual network connects to, or with the address ranges of the virtual network itself.


質問 # 81
You need to meet the planned changes and technical requirements for App1.
What should you implement?

  • A. a policy set in Microsoft Endpoint Manager
  • B. an app configuratifon policy in Microsoft Endpoint Manager
  • C. Azure AD Application Proxy
  • D. an app registration in Azure AD

正解:D

解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
Topic 1, Contoso, Ltd
Overview
Contoso, Ltd is a consulting company that has a main office in Montreal offices in London and Seattle.
Contoso has a partnership with a company named Fabrikam, Inc Fabcricam has an Azure Active Diretory (Azure AD) tenant named fabrikam.com.
Existing Environment
The on-premises network of Contoso contains an Active Directory domain named contos.com. The domain contains an organizational unit (OU) named Contoso_Resources. The Contoso_Resoureces OU contains all users and computers.
The Contoso.com Active Directory domain contains the users shown in the following table.

Microsoft 365/Azure Environment
Contoso has an Azure AD tenant named Contoso.com that has the following associated licenses:
Microsoft Office 365 Enterprise E5
Enterprise Mobility + Security
Windows 10 Enterprise E5
Project Plan 3
Azure AD Connect is configured between azure AD and Active Directory Domain Serverless (AD DS). Only the Contoso Resources OU is synced.
Helpdesk administrators routinely use the Microsoft 365 admin center to manage user settings.
User administrators currently use the Microsoft 365 admin center to manually assign licenses, All user have all licenses assigned besides following exception:
The users in the London office have the Microsoft 365 admin center to manually assign licenses. All user have licenses assigned besides the following exceptions:
The users in the London office have the Microsoft 365 Phone System License unassigned.
The users in the Seattle office have the Yammer Enterprise License unassigned.
Security defaults are disabled for Contoso.com.
Contoso uses Azure AD Privileged identity Management (PIM) to project administrator roles.
Problem Statements
Contoso identifies the following issues:
* Currently, all the helpdesk administrators can manage user licenses throughout the entire Microsoft 365 tenant.
* The user administrators report that it is tedious to manually configure the different license requirements for each Contoso office.
* The helpdesk administrators spend too much time provisioning internal and guest access to the required Microsoft 365 services and apps.
* Currently, the helpdesk administrators can perform tasks by using the: User administrator role without justification or approval.
* When the Logs node is selected in Azure AD, an error message appears stating that Log Analytics integration is not enabled.
Planned Changes
Contoso plans to implement the following changes.
Implement self-service password reset (SSPR). Analyze Azure audit activity logs by using Azure Monitor-Simplify license allocation for new users added to the tenant. Collaborate with the users at Fabrikam on a joint marketing campaign. Configure the User administrator role to require justification and approval to activate.
Implement a custom line-of-business Azure web app named App1. App1 will be accessible from the internet and authenticated by using Azure AD accounts.
For new users in the marketing department, implement an automated approval workflow to provide access to a Microsoft SharePoint Online site, group, and app.
Contoso plans to acquire a company named Corporation. One hundred new A Datum users will be created in an Active Directory OU named Adatum. The users will be located in London and Seattle.
Technical Requirements
Contoso identifies the following technical requirements:
* AH users must be synced from AD DS to the contoso.com Azure AD tenant.
* App1 must have a redirect URI pointed to https://contoso.com/auth-response.
* License allocation for new users must be assigned automatically based on the location of the user.
* Fabrikam users must have access to the marketing department's SharePoint site for a maximum of 90 days.
* Administrative actions performed in Azure AD must be audited. Audit logs must be retained for one year.
* The helpdesk administrators must be able to manage licenses for only the users in their respective office.
* Users must be forced to change their password if there is a probability that the users' identity was compromised.


質問 # 82
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click the Exhibit tab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You create a separate access review for each role.
Does this meet the goal?

  • A. No
  • B. Yes

正解:A

解説:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review


質問 # 83
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
Attire AD Connect is installed on a server named Server 1.
You deploy a new server named Server? that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

1 - On Server2, run export for all connectors.
2 - On Server2, run delta synchronization for all connectors.
3 - On Server1, run export for all connectors.


質問 # 84
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as members to Group3?

  • A. User2 and Group2 only
  • B. User2, Group1, and Group2 only
  • C. User2 only
  • D. User1 and User2 only
  • E. User1, User2, Group1 and Group2

正解:C

解説:
Reference:
https://bitsizedbytes.wordpress.com/2018/12/10/distribution-security-and-office-365-groups-nesting/


質問 # 85
You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3.
You need to configure the users as shown in the following table.

Which portal should you use to configure each user? To answer, drag the appropriate portals to the correct users. Each portal may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 86
You have a new Microsoft 365 tenant that uses a domain name of contoso.onmicrosoft.com.
You register the name contoso.com with a domain registrar.
You need to use contoso.com as the default domain name for new Microsoft 365 users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

1 - Register a custom domain name of ...
2 - Create a new TXT record in DNS.
3 - Verify the domain name.
4 - Set the domain to primary.
Reference:
https://practical365.com/configure-a-custom-domain-in-office-365/


質問 # 87
Hotspot Question
You have an Azure Active Directory (Azure AD) tenant and an Azure web app named App1.
You need to provide guest users with self-service sign-up for App1. The solution must meet the following requirements:
* Guest users must be able to sign up by using a one-time password.
* The users must provide their first name, last name, city, and email address during the sign-up process.
What should you configure in the Azure Active Directory admin center for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
Box 1: Identity Provider
First you'll enable self-service sign-up for your tenant and federate with the identity providers you want to allow external users to use for sign-in.
Box 2: User Flow
Then you'll create and customize the sign-up user flow and assign your applications to it.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/identity-providers
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up- overview


質問 # 88
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:[email protected]
Microsoft 365 Password: =1122334455667788
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 99999999
You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.
To complete this task, sign in to the appropriate admin center.

正解:

解説:


質問 # 89
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. The domain contains the servers shown in the following table.

The domain controllers are prevented from communicating to the internet.
You implement Azure AD Password Protection on Server1 and Server2.
You deploy a new server named Server4 that runs Windows Server 2019.
You need to ensure that Azure AD Password Protection will continue to work if a single server fails.
What should you implement on Server4?

  • A. Azure AD Connect
  • B. the Azure AD Password Protection proxy service
  • C. Azure AD Application Proxy
  • D. Password Change Notification Service (PCNS)

正解:B

解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premisesdep


質問 # 90
You need to resolve the issue of IT.Group1. What should you do first?

  • A. Change Membership type of IT.Group1 to Dynamic Device
  • B. Recreate the IT_Group 1 group.
  • C. Change Membership type of IT.Group1 to Dynamic User
  • D. Add an owner to IT_Group1.

正解:A


質問 # 91
Hotspot Question
You have a Microsoft 365 E5 subscription that has a Conditional Access policy named Policy1.
You need to perform the following actions:
- Create a Conditional Access App Control custom policy named Custom1.
- Configure Policy1 to use Custom1.
What should you use to create Custom1, and in which settings of Policy1 should you enable Conditional Access App Control? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:
Box 1: Microsoft Entra admin center
The "Conditional Access App Control" custom policy is created within the Microsoft Entra admin center. Specifically, you'll find it under Protection > Conditional Access > Policies. You can also access it through Entra ID > Conditional Access.
Box 2: Session
Define Session controls:
Under the "Session" section, you can enable Conditional Access App Control. This allows you to leverage Microsoft Defender for Cloud Apps for session controls and custom policies.
Reference:
https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad


質問 # 92
You have an Azure subscription that contains the key vaults shown in the following table.

The subscription contains the users shown in the following table.

On June1, Admin4 performs the following actions:
* Deletes a certificate named Certificate! from Key Vault1
* Deletes a secret named Secret1 from KeyVault2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation


質問 # 93
Your company has a Microsoft 365 tenant.
All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant.
The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery.
You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices


質問 # 94
You have a Microsoft Entra tenant that contains the users shown in the following table.

You have a user risk policy that has the following settings:
* Assignments:
o Include: Group1
o Exclude: Group2
* Sign-in risk Medium and above
* Access controls:
o Grant access: Require password change
When the users attempt to sign in. user risk levels are detected as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

正解:

解説:

Explanation:


質問 # 95
You have an Azure AD tenant that contains a user named Admin1.
Admin1 uses the Require password change for high-risk user's policy template to create a new Conditional Access policy.
Who is included and excluded by default in the policy assignment? To answer, drag the appropriate options to the correct target. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation:


質問 # 96
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as members to Group3?

  • A. User2 and Group2 only
  • B. User2, Group1, and Group2 only
  • C. User2 only
  • D. User1 and User2 only
  • E. User1, User2, Group1 and Group2

正解:C

解説:
In the M365 admin center, only users can be added to the mail-enabled security group.
You can only add licensed users to the group, unlicensed users won't even show up on the member select page.
Reference:
https://bitsizedbytes.wordpress.com/2018/12/10/distribution-security-and-office-365-groups- nesting/


質問 # 97
You have an Azure AD tenant that contains the users shown in the following table.

The User settings for enterprise applications have the following configuration.
* Users can consent to apps accessing company data on their behalf:
* Users can consent to apps accessing company data for the groups they
* Users can request admin consent to apps they are unable to consent to: Yes
* Who can review admin consent requests: Admin2, User2
User1 attempts to add an app that requires consent to access company data.
Which user can provide consent?

  • A. User1
  • B. User2
  • C. Admin1
  • D. Admin2

正解:C


質問 # 98
You have the Azure resources show in the following table.

To Which identities can you assign the Contributor role for RG1?

  • A. User1 and Group1 only
  • B. User1 only
  • C. User1, VM1, and App1 only
  • D. User1 and VW1 only
  • E. User1, Group1, Vm1, and App1

正解:E


質問 # 99
......

正真正銘のSC-300問題集には100%合格率練習テスト問題集:https://www.goshiken.com/Microsoft/SC-300-mondaishu.html

Microsoft SC-300リアル試験問題保証付き更新された問題集にはGoShiken:https://drive.google.com/open?id=1Tlsfq8dl5QMdPlmEcPVKjaid79aJvsNI