ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 42 discussion

Actual exam question from Microsoft's SC-300
Question #: 42
Topic #: 4
[All SC-300 Questions]

Case Study -


Overview -

ADatum Corporation is a consulting company in Montreal.

ADatum recently acquired a Vancouver-based company named Litware, Inc.

Existing Environment. ADatum Environment

The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com.

ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect.

ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.

The tenant contains the users shown in the following table.



The tenant contains the groups shown in the following table.



Existing Environment. Litware Environment

Litware has an AD DS forest named litware.com

Existing Environment. Problem Statements

ADatum identifies the following issues:

• Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.
• A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.
• When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list.
• Anyone in the organization can invite guest users, including other guests and non-administrators.
• The helpdesk spends too much time resetting user passwords.
• Users currently use only passwords for authentication.


Requirements. Planned Changes -

ADatum plans to implement the following changes:

• Configure self-service password reset (SSPR).
• Configure multi-factor authentication (MFA) for all users.
• Configure an access review for an access package named Package1.
• Require admin approval for application access to organizational data.
• Sync the AD DS users and groups of litware.com with the Azure AD tenant.
• Ensure that only users that are assigned specific admin roles can invite guest users.
• Increase the maximum number of devices that can be joined or registered to Azure AD to 10.

Requirements. Technical Requirements

ADatum identifies the following technical requirements:

• Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.
• Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.
• Users must provide one authentication method to reset their password by using SSPR. Available methods must include:
- Email
- Phone
- Security questions
- The Microsoft Authenticator app
• Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.
• The principle of least privilege must be used.


You need to modify the settings of the User administrator role to meet the technical requirements.

Which two actions should you perform for the role? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A. Select Require justification on activation.
  • B. Select Require ticket information on activation.
  • C. Modify the Expire eligible assignments after setting.
  • D. Set all assignments to Eligible.
  • E. Set all assignments to Active.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by Tanidanindo at July 26, 2023, 4:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Obi_Wan_Jacoby
1 month ago
Selected Answer: CD
C. Modify the Expire eligible assignments after setting. This allows you to set the maximum duration for which a user can be eligible to activate the role. Since the requirement is "up to one year," you would configure this setting accordingly. D. Set all assignments to Eligible. This ensures that users do not have permanent access to the role but can activate it when needed, aligning with the principle of least privilege.
upvoted 1 times
...
2c53bdd
8 months, 1 week ago
Users assigned the User administrator role must be able to request permission to use the role hence A should be included
upvoted 1 times
...
cgonIT
1 year, 7 months ago
Selected Answer: CD
C. Modify the Expire eligible assignments after setting. "Users assigned the User administrator role must be able to request permission to use the role when needed " It's the only way to "be able to request permission", making it Eleible. If it were "active", there won't be able to "ask for" anything. D. Set all assignments to Eligible. " up to one year." So there is needed to set an expiration date to be elegible and not active all time.
upvoted 1 times
...
Logitech
1 year, 8 months ago
Where can i find the "Expire eligible assignments after setting." ?
upvoted 1 times
...
ServerBrain
1 year, 9 months ago
Selected Answer: CD
no debate on this answer
upvoted 1 times
...
Tanidanindo
1 year, 10 months ago
Selected Answer: CD
correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel