SC-300 Azure AD Conditional Access 2

Question 1

Which Conditional Access condition evaluates the likelihood that a sign-in event is not performed by the legitimate owner of the account?

Accepted Answer

Sign-in risk

Answer

User risk

Answer

Device compliance

Answer

Location

Question 2

You need to enforce Conditional Access on legacy authentication protocols such as IMAP and POP3. Which condition should you configure?

Accepted Answer

Client apps > Exchange ActiveSync clients and other clients

Answer

Device platforms

Answer

Locations

Answer

Sign-in risk

Question 3

What is the minimum Azure AD license required to create and use Conditional Access policies?

Accepted Answer

Azure AD Premium P1

Answer

Azure AD Free

Answer

Azure AD Premium P2

Answer

Microsoft 365 Business Basic

Question 4

An administrator configures a Conditional Access policy with the 'Require approved client app' grant control. Which scenario will this control block?

Accepted Answer

A user accessing Exchange Online from a native mail app that is not Intune-managed

Answer

A user signing in from a non-compliant device

Answer

A user signing in from an anonymous IP address

Answer

A user with a high user risk score

Question 5

Which feature allows Conditional Access policies to revoke access tokens in near real-time when a user's risk level changes?

Accepted Answer

Continuous access evaluation (CAE)

Answer

Sign-in frequency

Answer

Persistent browser session

Answer

Token protection

Question 6

A Conditional Access policy is configured to require MFA for all users. A new emergency access (break-glass) account must bypass this policy. What is the recommended approach?

Accepted Answer

Add the emergency access account to the policy's user exclusion list

Answer

Delete the Conditional Access policy temporarily

Answer

Disable MFA for all Global Administrators

Answer

Change the policy to target specific groups only