SC-300-KR 무료 덤프문제 온라인 액세스

Azure 구독이 있습니다.
Azure AD 로그는 Log Analytics 작업 영역으로 전송됩니다.
로그를 쿼리하여 사용자당 로그인 수를 그래픽으로 표시해야 합니다.
질의를 어떻게 작성해야 하나요? 답변하려면 답변 영역에서 적절한 옵션을 선택하세요.

정답:

Explanation:
Box 1 =
SigninLogs
| where ResultType == 0
| summarize login_count = count() by identity
| render piechart
This query retrieves the sign-in logs, filters the successful sign-ins,summarizesthe count of sign-ins per user, and renders the result as a pie chart.
Box 2 = Render
In Microsoft Entra ID (Azure AD), the SigninLogs table in Azure Monitor Logs (Log Analytics workspace) contains data about user sign-ins. When you want to query and graphically display the number of sign-ins per user, you use Kusto Query Language (KQL) - the same language that powers Log Analytics, Azure Monitor, and Microsoft Sentinel.
The correct syntax must first aggregate the data and then visualize it:
* where ResultType == 0 filters for successful sign-ins (since 0 indicates success).
* summarize login_count = count() by Identity aggregates (counts) all sign-in events per user (Identity field). The summarize operator in KQL is specifically used to group and aggregate data.
* render columnchart graphically displays the summarized results as a column chart. The render operator is used to visualize query output in supported formats such as timechart, piechart, or columnchart.
Therefore, the correct operators to fill in are:
* First blank: summarize
* Second blank: render
According to the Microsoft SC-300 Study Guide and Microsoft Learn module "Query and visualize sign-in logs with Kusto Query Language", the recommended method to display sign-in frequency per user is:
"Use the summarize operator to aggregate sign-in counts by user, followed by render to visualize results."
# Final Query Answer:
SigninLogs
| where ResultType == 0
| summarize login_count = count() by Identity
| render columnchart

귀하의 회사에는 contoso.com이라는 Azure Active Directory(Azure AD) 테넌트가 있습니다.
이 회사는 App1이라는 웹 서비스를 개발하고 있습니다.
App1이 Microsoft Graph를 사용하여 contoso.com의 디렉터리 데이터를 읽을 수 있는지 확인해야 합니다.
어떤 세 가지 동작을 순서대로 수행해야 할까요? 답하려면 동작 목록에서 해당 동작을 정답 영역으로 옮겨 올바른 순서대로 정리하세요.

정답:

Explanation:

According to the Microsoft SC-300: Identity and Access Administrator Study Guide and Microsoft Learn module "Implement and manage enterprise applications," when developing an application that needs to access Microsoft Graph or other protected APIs on behalf of an organization, you must perform several configuration steps within Azure Active Directory (Azure AD).
Step 1 - Create an app registration:
Every application that requires access to Microsoft Graph must be registered in Azure AD. The registration process establishes an identity for the app and generates an Application (client) ID and a directory (tenant) ID.
This is done in Azure portal # Azure Active Directory # App registrations # New registration. This enables Azure AD to issue tokens to the app.
Step 2 - Add app permissions:
After registration, you must configure permissions under API permissions in the app's registration settings.
For server-to-server access (no user sign-in), Application permissions are used; for delegated access (on behalf of a user), Delegated permissions are added. In this case, since App1 will read directory data from Microsoft Graph, you assign the Microsoft Graph # Directory.Read.All permission.
Step 3 - Grant admin consent:
Application permissions require admin consent before the app can access directory data. An Azure AD administrator must grant these permissions by selecting "Grant admin consent for contoso.com." This allows the app to use the permissions organization-wide.
From Microsoft's documentation:
"To enable an application to call Microsoft Graph, register the app, configure required API permissions, and grant admin consent for those permissions."
# Correct Answer Order:
* Create an app registration
* Add app permissions
* Grant admin consent

다음 표에 표시된 사용자가 포함된 Azure Active Directory(Azure AD) 테넌트가 있습니다.

Azure AD에서 어떤 사용자에 대해 직함 속성과 사용 위치 속성을 구성할 수 있나요? 답변 영역에서 적절한 옵션을 선택하여 답변하세요.
참고: 정답 하나당 1점입니다.

정답:

Explanation:
< Job title property: # User2 only
Usage location property: # User2 and User3 only
According to the Microsoft SC-300: Microsoft Identity and Access Administrator Study Guide and Microsoft Learn documentation on Azure Active Directory user management, the ability to modify user attributes such as Job title and Usage location depends on whether the user is:
* Directory-synced (from on-premises Active Directory), or
* Cloud-only (created directly in Azure AD), or
* Guest (external B2B user)
Here's the explanation for each scenario based on the user table provided:
Name
Type
Directory Synced
User1
Member
Yes
User2
Member
No
User3
Guest
No
* The Job title attribute is read-only for users synchronized from on-premises Active Directory.For directory-synced users like User1, the attribute must be managed in on-premises AD and synchronized via Azure AD Connect.
* For cloud-only users (like User2) and guest users (like User3), the attribute can be modified in Azure AD.However, Microsoft restricts certain profile fields, including Job title, for guest users unless they are given specific permissions.
# Therefore, only User2 (a cloud-only member) can have the Job title property configured directly in Azure AD.
* The Usage location property determines licensing restrictions (for example, Microsoft 365 services available by country).
* This property is editable for cloud-only users (User2) and guest users (User3).
* For directory-synced users (User1), the value is controlled from on-premises AD, and cannot be modified in Azure AD.
# Therefore, User2 and User3 can have the Usage location property configured in Azure AD.
* Job title property: User2 only
* Usage location property: User2 and User3 only
Reference (Microsoft Official Documentation Extracts):
"For synchronized users, attribute values such as Job title and Department are managed in the on-premises Active Directory and cannot be edited in Azure AD."
"Usage location must be specified in Azure AD for cloud-only and guest users to assign licenses correctly."

Azure 구독이 있습니다.
Microsoft Entra 권한 관리를 사용하여 권한을 자동으로 모니터링하고 적절한 규모의 역할을 생성 및 구현해야 합니다. 솔루션은 최소 권한 원칙을 따라야 합니다.
권한 관리 서비스 주체에게 어떤 역할을 할당해야 합니까?

• A.사용자 액세스 관리자
• B.독자
• C.기여자
• D.소유자

Microsoft Entra 테넌트가 있습니다.
테넌트에 많은 수의 새로운 앱이 추가된 것을 발견했습니다.
새로운 기업용 애플리케이션에 대한 승인 프로세스를 구현해야 합니다. 어떻게 해야 할까요?

• A.Microsoft Entra 관리 센터에서 액세스 검토를 구성합니다.
• B.Microsoft Entra 관리 센터에서 관리자 동의 설정을 구성합니다.
• C.Microsoft Defender 포털에서 Cloud Discovery 이상 탐지 정책을 만듭니다.
• D.Microsoft Defender 포털에서 앱 커넥터를 구성합니다.