ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 78 discussion

Actual exam question from Microsoft's SC-300
Question #: 78
Topic #: 2
[All SC-300 Questions]

You have an Azure AD tenant named contoso.com that contains the resources shown in the following table.



You create a user named Admin1.

You need to ensure that Admin1 can enable Security defaults for contoso.com.

What should you do first?

  • A. Delete Package1.
  • B. Delete CAPolicy1.
  • C. Assign Admin1 the Authentication Administrator role for Au1.
  • D. Configure Identity Governance.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by LC_90 at Oct. 2, 2023, 7:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
YesPlease
5 months, 3 weeks ago
Selected Answer: B
Answer B) Delete CAPolicy1 To use Conditional Policies, you must first disable "security defaults". So to use the security defaults again, you will need to remove Conditional Access Policies that may conflict. Of all the choices provided, this is the one that makes the most sense.
upvoted 2 times
...
OrangeSG
9 months, 1 week ago
Selected Answer: B
To configure security defaults in your directory, you must be assigned at least the Security Administrator role. By default the first account in any directory is assigned a higher privileged role known as Global Administrator. Organizations that choose to implement Conditional Access policies that replace security defaults must disable security defaults. (Imply that Conditional Access policies has conflict with security defaults) https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults
upvoted 1 times
...
JCkD4Ni3L
9 months, 3 weeks ago
Selected Answer: B
B is Correct.
upvoted 1 times
...
DasChi_cken
10 months ago
Selected Answer: B
To enable capolicies you need to disable Security defaults therefore you need to do it viceversa If you want to Go back to Security defaults
upvoted 2 times
...
shuhaidawahab
10 months, 1 week ago
The correct answer is B. Delete CAPolicy1. To enable Security defaults for contoso.com, Admin1 must be assigned at least the Security Administrator role1. However, this role is not available in the list of roles for Au1, which is the only authentication method for contoso.com. This is because Au1 has a Conditional Access policy named CAPolicy1 that blocks legacy authentication protocols2. Security defaults also block legacy authentication protocols, so they cannot be enabled if there is an existing Conditional Access policy that does the same3. Therefore, to enable Security defaults, Admin1 must first delete CAPolicy1 from Au1. This will allow Admin1 to sign in to contoso.com using a legacy authentication protocol and then assign themselves the Security Administrator role. After that, Admin1 can enable Security defaults for contoso.com.
upvoted 1 times
...
cgonIT
10 months, 1 week ago
Selected Answer: B
A. Delete Package1 --> no sense for me. C. Assign Admin1 the Authentication Administrator role for Au1. --> The role neded on that case, is Security Administrator role. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-defaults#enabling-security-defaults D. Configure Identity Governance. --> no sense for me. So B. Delete CAPolicy1 is the correct one.
upvoted 1 times
...
LC_90
10 months, 2 weeks ago
Selected Answer: B
Correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel