ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 45 discussion

Actual exam question from Microsoft's SC-300
Question #: 45
Topic #: 4
[All SC-300 Questions]

HOTSPOT
-

You have a hybrid Microsoft 365 subscription that contains the users shown in the following table.



You plan to deploy an on-premises app named App1. App1 will be registered in Azure AD and will use Azure AD Application Proxy.

You need to delegate the installation of the Application Proxy connector and ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.

Which user should perform the installation, and which role should you assign to User1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by stai at Aug. 20, 2023, 5:22 a.m.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Leacco99
Highly Voted 1 year, 5 months ago
Admin 2 Application Developer as per link below. https://learn.microsoft.com/en-us/azure/active-directory/develop/web-app-tutorial-01-register-application
upvoted 14 times
...
Leacco99
Highly Voted 1 year, 5 months ago
Admin 2 Application Dev
upvoted 12 times
...
YesPlease
Most Recent 3 days, 7 hours ago
Admin 2, because Cloud App Admin does not have the ability to install the connector App Developer because it has the least amount of permissions from the available options.
upvoted 1 times
...
Labelfree
4 months ago
Role for Installation: For this task, a role like Cloud App Admin could be more suitable than Global Admin, as it provides the necessary permissions for managing app-related configurations while being less extensive than Global Admin. Role for User1: Application Developer So, the best choices based on the principle of least privilege are: Cloud App Admin for installing the Application Proxy connector Application Developer for registering App1 in Azure AD
upvoted 2 times
rvln7
1 week, 3 days ago
totally wrong... box1-admin2-user that should perform the installation has to be application administrator (because it is an on-premises app), cloud application administrator can manage only cloud apps. box2-application developer-if we need a least-privilege role that can register apps in azure ad
upvoted 1 times
...
...
Sc300ExamDemo
9 months, 2 weeks ago
Box 1 - admin2( app admin) https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#application-administrator Users in this role can create and manage all aspects of enterprise applications, application registrations, and application proxy settings. Box2- application developer https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#application-developer Users in this role can create application registrations when the "Users can register applications" setting is set to No.
upvoted 3 times
...
Er_01
1 year, 1 month ago
App Admin has app proxy rights. App Dev does not. Admin 2 Application Developer
upvoted 2 times
...
haazybanj
1 year, 4 months ago
Admin 2 Application Dev
upvoted 3 times
...
JimboJones99
1 year, 4 months ago
Admin 2 and Cloud Application Administrator https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-app-roles#assign-built-in-application-admin-roles
upvoted 1 times
JimboJones99
1 year, 4 months ago
I mean Application Administrator. Cloud Application Admin cannot manage application proxy.
upvoted 2 times
...
...
JustAGuyCramsForCerts
1 year, 4 months ago
Guys, please stop messing up answers. Answer ---> Admin 2 + Application Administrator <--- Application Developer has rights ONLY for registering an app; Cloud Application Administrator has rights to register app and manage it in any ways (including removing etc.) but CAN'T set up App proxy!!! The only answer is Application Administrator, which CAN set up App proxy and manage app in any way possible. And this is a least privilege after Global Admin.
upvoted 1 times
JCkD4Ni3L
1 year, 4 months ago
You are wrong, Admin2 is an Application Administrator. However User1 has no roles, and the minimum role required to register an App is Application Developper. See doc: https://learn.microsoft.com/en-us/entra/identity-platform/web-app-tutorial-01-register-application#prerequisites
upvoted 4 times
...
Haerenhal
1 year, 3 months ago
You are right. Global Admins and Application Administrators are the only two roles who can setup Application Proxy. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#application-administrator
upvoted 2 times
...
...
shuhaidawahab
1 year, 5 months ago
The answer is: User who should perform the installation: User2 Role that should be assigned to User1: Application Administrator
upvoted 2 times
...
penatuna
1 year, 5 months ago
To my understanding, there are these two questions: 1) Create application proxy connectors Global admin & Application admin can do this. Application admin is least privileged. 2) Register App1 in Azure AD. Global admin, Application admin & Cloud application admin can do this. Cloud application admin is least privileged. It really depends if User1 needs the Application Proxy rights. I think that the question is pretty vague on that. Please correct me, if I'm wrong.
upvoted 1 times
penatuna
1 year, 5 months ago
The second answer might be Application developer. This MS Learn page says that you have to be at least a Cloud application administrator: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app However, another MS Learn page says that Application developer is enough: https://learn.microsoft.com/en-us/azure/active-directory/develop/web-app-tutorial-01-register-application I think I will go with Application developer, cause it's least privileged.
upvoted 6 times
...
...
Vince_MCT
1 year, 6 months ago
Admin 2 - App admin Keyword is to use least of privileges. so definitely not admin1 as it was GA.
upvoted 2 times
northgaterebel
1 year, 6 months ago
Agreed. https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application
upvoted 1 times
...
...
stai
1 year, 7 months ago
Admin1,Application Administrator Cloud Application Administrator can create and manage all aspects of app registrations and enterprise apps except App Proxy .https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
upvoted 2 times
Logitech
1 year, 5 months ago
Application Dev can register Apps and has least privileges.
upvoted 3 times
JustAGuyCramsForCerts
1 year, 4 months ago
Read the question carefully, you should configure Application Proxy -> you need Application Administrator for it. App Dev has no rights to configure App Proxy
upvoted 1 times
MarkElliott
1 year, 1 month ago
Your stupid, User 1 should register the app so App Dev can do this and least privileged
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
AI-102
Santiago, 1 minute ago