ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 100 discussion

Actual exam question from Microsoft's SC-300
Question #: 100
Topic #: 2
[All SC-300 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2. The subscription contains the users shown in the following table.



You create the following Conditional Access policies:

• Name: Policy1
• Users:
o Include: Group1
o Exclude: Group2
• Target resources:
o Include: All cloud apps
• Grant:
o Grant access: Require multi-factor authentication
• Session:
o Persistent browser session: Never persistent

• Name: Policy2
• Users:
o Include:
- Directory roles: Global Administrator
- Users and groups: User3
o Exclude: Group2
• Target resources:
o Include: All cloud apps
• Session:
o Sign-in frequency:
- Periodic authentication: 2 hours

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by nicolaslindt at Jan. 22, 2025, 12:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
perkp
Highly Voted 5 months, 1 week ago
N,N,N When you have the 'Stay signed in' setting enabled in the company branding pane, users are typically prompted with the 'Stay signed in?' option after they sign in. However, if you also have a Conditional Access policy set to 'Persistent browser session: Never persistent', this policy will override the 'Stay signed in' setting. In this case, users will not be prompted with the 'Stay signed in?' option when they sign in to the M365 portal. The Conditional Access policy ensures that browser sessions are never persistent, meaning users will need to sign in again after closing and reopening their browser
upvoted 5 times
Giuseppe_Geraci
3 weeks, 4 days ago
you are wrong about first point. Persistent browser session: Never persistent" in Conditional Access Does not hide the prompt. Instead, it makes the response to the prompt meaningless. Even if a user clicks “Yes”, the session will not persist — they will be signed out when closing the browser. So the first is Yes
upvoted 1 times
...
rvln7
4 months, 1 week ago
N Y Y Direct assignments take precedence over exclusions. Key Rule: ✅ If a user is included via a group and also a member of an excluded group, they are excluded. ❌ If a user is directly assigned, exclusions do not apply. If User3 and Global Administrator were both members of Group1 (included) and Group2 (excluded), then both would be excluded from the policy because their inclusion comes from group membership, and exclusions apply to users included via groups. Since they are directly assigned (User3 explicitly and Global Administrator via directory role), the exclusion does not apply, and they will still receive the policy.
upvoted 4 times
...
...
psp65
Most Recent 1 month, 2 weeks ago
YNN - in a CA direct inclusion will win on indirect one User1 is directly targeted by Policy1, hes session is forced not persistent, so he will not be asked to stay signed in User2 is directly targeted by Policy2 because he is a Global Admin User3 is directly targeted too
upvoted 2 times
...
Giuseppe_Geraci
1 month, 2 weeks ago
for me N - N - Y Policy1 applies to Group1 (which includes User1). Persistent browser session is set to Never persistent in Policy1.This setting disables the “Stay signed in?” prompt. Policy2 targets users with the Global Administrator role. User2 is a Global Administrator. Policy2 enforces a sign-in frequency of 2 hours. User2 is a member of Group2, but Policy2 excludes Group2. Therefore, User2 is excluded from Policy2. Statement 3: User3 must reauthenticate to Microsoft 365 Apps every two hours. User3 is explicitly included in Policy2. Although User3 is a member of Group2, the exclusion in Policy2 is by Group2, not by user. Explicit inclusion overrides group-based exclusion in Conditional Access. So, Policy2 applies to User3, and the 2-hour sign-in frequency is enforced.
upvoted 1 times
...
nicolaslindt
5 months, 2 weeks ago
for me it's N/N/N
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel