ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 118 discussion

Actual exam question from Microsoft's SC-300
Question #: 118
Topic #: 2
[All SC-300 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.



The subscription contains a Conditional Access policy that has the following settings:

• Name: Policy1
• Assignments
o Include
- Users and Groups: Group1
- Directory roles: Global Administrator
o Exclude
- Users and Groups: Group2
o Target resources
- Include
- All cloud apps
- Access controls
- Grant
- Require multifactor authentication

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by YesPlease at Feb. 26, 2025, 9:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Obi_Wan_Jacoby
3 weeks, 1 day ago
YNY (same as others mentioned). Reason being conditional access first apply inclusions, then apply exclusions. Exclusions overlap inclusions and take precedence.
upvoted 1 times
...
Fijii
2 months ago
I think Y/N/Y The policy includes all users, but excludes group 2 (so user2 and user3) User1 - is explicitly asked for MFA User2 - is excluded, so no MFA requirement User3 - is excluded but has admin role, all admins are required to use MFA unless specified otherwise, the policy is not supposed to bypass this (I think)
upvoted 1 times
...
rvln7
2 months ago
Y N Y Direct assignments take precedence over exclusions. Key Rule: ✅ If a user is included via a group and also a member of an excluded group, they are excluded. ❌ If a user is directly assigned, exclusions do not apply. If Global Administrator was both members of Group1 (included) and Group2 (excluded), then both would be excluded from the policy because his inclusion comes from group membership, and exclusions apply to users included via groups. Since Global Administrator is directly assigned via directory role, the exclusion does not apply, and he will still receive the policy.
upvoted 2 times
...
YesPlease
2 months ago
Answer is correct. YES) User1 is affected by the Custom Conditional Access Policy. NO) User2 is excluded from the Custom Conditional Access Policy. NO) Although User3 is already a Global Administrator, they are not affected by the Custom Conditional Access Policy to require MFA. ***It is Microsoft Best-Practice for ALL admins to have MFA ENABLED, but not required.
upvoted 1 times
rvln7
1 month, 4 weeks ago
User3 has is not excluded because it is directly assigned via directory role...Tested
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago