ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 7 discussion

Actual exam question from Microsoft's SC-300
Question #: 7
Topic #: 4
[All SC-300 Questions]

You have a Microsoft 365 tenant.
The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center.
You need to review access to the Exchange admin center at the end of each month and block sign-ins if required.
What should you create?

  • A. an access package that targets users outside your directory
  • B. an access package that targets users in your directory
  • C. a group-based access review that targets guest users
  • D. an application-based access review that targets guest users
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Beitran at May 11, 2021, 12:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
melatocaroca
Highly Voted 2 years, 11 months ago
Answer: C You can target a group with a conditional policy to detect and remediate the login at the end of each month Not valid, A, B, D D admin is not using an app is using a privileged role to use Exchange admin center A and B No An access package. A bundle of resources that a team or project needs and is governed with policies. Access packages are defined in containers called catalogs. To reduce the risk of stale access, you should enable periodic reviews of users who have active assignments to an access package in Azure AD entitlement management
upvoted 18 times
Frank9020
4 months, 3 weeks ago
a group-based access review that targets guest users: This approach is useful for reviewing access to groups or roles that may grant access to various resources, including the Exchange admin center. However, it isn't directly tied to the Exchange admin center itself, but rather to the broader set of permissions associated with group memberships.
upvoted 1 times
...
...
hhaywood
Highly Voted 3 years ago
Should be D - Application Based review with Guest users - https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review#create-one-or-more-access-reviews
upvoted 7 times
hhaywood
3 years ago
Ok after some testing I was wrong! Although app base review sounds right its for registered apps not MS EOL - I assume you would have to create a group specifically for EOL management and assign the review to that - poorly worded question
upvoted 6 times
sezza_blunt
3 years ago
Yes, you're right. You'd need to create a group first and apply the access review to the group. You can't do an app-based review on Exchange Online.
upvoted 6 times
...
sapien45
1 year, 11 months ago
Thank you so much, I was having headaches trying to figure out why not D
upvoted 2 times
...
...
...
Obi_Wan_Jacoby
Most Recent 1 month, 2 weeks ago
Selected Answer: D
Answer D (Application based): While answer C would technicially work, Answer D (Application based access review) would allow you to choose Exchange Admin Center (which is eefectively a user principal) as an enterprise application. This way you can pinpoint the access you are wanting to review. For the group based review, you would still have digging to do.
upvoted 1 times
Obi_Wan_Jacoby
1 month, 2 weeks ago
How to find the Exchange Admin Center service principal: When creating a new access review and selecting "Application", you'll see a "Select application(s)" option. In the search bar, try searching for terms like: "Exchange Admin Center" "Microsoft Exchange Online" You might also see it listed with an application ID. Look for an entry that clearly corresponds to the Exchange Online service. By selecting this service principal, your access review will focus on the users (including guest users) who have been granted permissions to interact with the Exchange Admin Center. This directly addresses your need to review who has administrative access to your Exchange environment.
upvoted 1 times
...
...
csi_2025
3 months, 1 week ago
Selected Answer: C
Badly worded question. 1) The contractor could have a member account instead of being invited as a guest, thankfully for the answer this is not important. 2) They ask what you should create to review access to the EXO Admin Center. Therefore, logically speaking, it would be insufficient to make a group based access review since there could be users accessing the Admin Center which are not in the group.
upvoted 1 times
...
Frank9020
4 months, 3 weeks ago
Selected Answer: D
Correct answer is D: The question clearly states that you need to review access to the EXCHANGE ADMIN CENTER at the end of each month and block sign-ins if required. Given this fact that you want to specifically review access to the Exchange admin center, D. an application-based access review is the most precise and appropriate option in this case.
upvoted 1 times
...
haazybanj
7 months, 1 week ago
Selected Answer: C
To review access to the Exchange admin center at the end of each month and block sign-ins if required, you should create a group-based access review that targets guest users. By creating a group-based access review, you can specifically target the guest users in your Microsoft 365 tenant, which includes external contractors. This allows you to regularly review their access to the Exchange admin center and make necessary adjustments or block their sign-ins if required.
upvoted 3 times
...
shuhaidawahab
8 months ago
The correct answer is D. an application-based access review that targets guest users. According to the Microsoft Entra article on creating an access review of groups and applications1, you can create an access review for any group or application that is connected to Microsoft Entra ID. This includes security groups, Microsoft 365 groups, distribution lists, and Azure AD enterprise applications. You can also create an access review for multiple resources in access packages by using Microsoft Entra entitlement management
upvoted 3 times
...
EmnCours
10 months ago
Selected Answer: C
Answer: C
upvoted 1 times
...
dule27
11 months, 3 weeks ago
Selected Answer: C
C. a group-based access review that targets guest users
upvoted 1 times
...
LeTrinh
1 year, 4 months ago
D can be right to. See the link: https://www.rebeladmin.com/2019/03/step-step-guide-azure-ad-access-reviews-applications/
upvoted 1 times
LeTrinh
1 year, 3 months ago
My bad, answer is C -> ONLY choosing group-based access review can target guest users.
upvoted 1 times
...
...
AWS56
1 year, 4 months ago
Selected Answer: C
C is the right answer
upvoted 2 times
...
Yelad
2 years, 2 months ago
On the exam - March 28, 2022
upvoted 1 times
...
Jun143
2 years, 2 months ago
just pass the exam today. This came in the question.
upvoted 1 times
...
TonytheTiger
2 years, 3 months ago
On the exam today - March 4, 2022
upvoted 2 times
...
zmlapq99
2 years, 4 months ago
On exam few days ago.
upvoted 1 times
...
Pravda
2 years, 4 months ago
On the exam 1/20/2022
upvoted 1 times
...
007Ali
2 years, 5 months ago
After looking in a lab at each of the options, I believe this is getting at the following settings: Identity Governance -> New Access Review -> Review Type -> "Select Review Scope" and "Scope". Therefore C is the correct answer.
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel