ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 2 question 45 discussion

Actual exam question from Microsoft's SC-300
Question #: 45
Topic #: 2
[All SC-300 Questions]

HOTSPOT
-

You have a Microsoft 365 tenant.

You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)



You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)



You view the User administrator role assignments as shown in the Role assignments exhibit. (Click the Role assignments tab.)



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Halwagy at Jan. 19, 2023, 6:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Halwagy
Highly Voted 2 years, 3 months ago
Correct
upvoted 18 times
SFAY
1 year, 3 months ago
Tested and verified in the Lab. YYN
upvoted 3 times
...
...
chikorita
Highly Voted 2 years, 1 month ago
i think it should be YYY cuz if admin 3 signs-in first, conditional access policy is applied first- which enforces MFA later, during role activation, MFA is required to activate the role so MFA authentication is done TWICE
upvoted 7 times
cris_exam
2 years, 1 month ago
I would also go with YYY as you explained, it makes sense.
upvoted 1 times
cris_exam
2 years, 1 month ago
take back what I said - Require MFA on Active assignment is set to NO. so it's YYN.
upvoted 3 times
chikorita
2 years, 1 month ago
thats for Active assignment but Admin3 falls under Eligible assignment well, for eligible users to activate roles; we need to check "on activation, require Azure MFA" which is set to YES. i still believe its YYY
upvoted 3 times
jinxie
1 year, 9 months ago
If you have already validated with the correct MFA before then you will not be asked again. The exception to this is if you use Authentication Strengths and have a higher MFA requirement for that MFA role then you logged in with. e.g. you performed SMS MFA, enabled the role but the Conditional Access role expects users with that role to have use MSAuthenticator, then you would get another MFA request but that is not the case here so YYN
upvoted 5 times
...
...
...
...
Holii
1 year, 10 months ago
Tested in my own tenant. Settings replicated to match the User Administrator MFA requirements and Conditional Access Policy MFA requirements. User did not need to authenticate using MFA twice. This is part of Microsoft's approach to reduce MFA exhaustion, the Primary Refresh Token (PRT) for the user will still contain the MFA information.
upvoted 9 times
Ammyg
7 months, 2 weeks ago
Yes, its menitioned in this doc. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-how-to-change-default-settings#on-activation-require-multi-factor-authentication
upvoted 1 times
...
...
...
Rackup
Most Recent 1 month, 3 weeks ago
It says in the policy on activation require MFA so Y/Y/Y.
upvoted 1 times
...
Siraf
1 year, 3 months ago
Correct Answer is: Yes/Yes/No On activation, require multifactor authentication: You can require users who are eligible for a role to prove who they are by using the multifactor authentication feature in Microsoft Entra ID before they can activate. Multifactor authentication helps safeguard access to data and applications. It provides another layer of security by using a second form of authentication. Users might not be prompted for multifactor authentication if they authenticated with strong credentials or provided multifactor authentication earlier in the session. The word "might" implies that Yes/Yes/Yes can also be accepted as answer. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-how-to-change-default-settings#on-activation-require-multi-factor-authentication
upvoted 4 times
...
Nivos23
1 year, 5 months ago
Correct
upvoted 1 times
...
EmnCours
1 year, 9 months ago
Yes Yes No
upvoted 3 times
...
Heshan
1 year, 9 months ago
On the exam, 09/07/2023
upvoted 2 times
...
dule27
1 year, 10 months ago
Yes Yes No
upvoted 3 times
...
217f3c9
2 years ago
It is YYN. The first conditional access screen shows that every user MUST provide MFA. This is stored in the token. If the same user is asked for MFA it will be provided by the token non-interactively.
upvoted 6 times
Holii
1 year, 10 months ago
Tested and confirmed. YYN.
upvoted 1 times
...
...
f2bf85a
2 years ago
Its Yes Yes No User may not be prompted for multi-factor authentication if they authenticated with strong credentials, or provided multi-factor authentication earlier in this session. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings#on-activation-require-multi-factor-authentication
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago