Question 19 - Microsoft Identity SC-300 Real Exam Questions [March 2026 Update]

Q: 19

HOTSPOT You have a Microsoft 365 tenant. You need to identify users who have leaked credentials. The solution must meet the following requirements. • Identity sign-Ins by users who ate suspected of having leaked credentials. • Rag the sign-ins as a high risk event. • Immediately enforce a control to mitigate the risk, while still allowing the user to access applications. What should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Your Answer

Correct Answer:

TO CLASSIFY LEAKED CREDENTIALS AS HIGH-RISK, USE: AZURE ACTIVE DIRECTORY (AZURE AD) IDENTITY PROTECTION

TO TRIGGER REMEDIATION, USE: USER RISK

TO MITIGATE THE RISK, SELECT: GRANT ACCESS BUT REQUIRE PASSWORD CHANGE

Explanation

Azure Active Directory (Azure AD) Identity Protection is the specific service designed to detect and remediate identity-based risks. It uses Microsoft's threat intelligence to identify vulnerabilities, including leaked credentials found on the dark web, and classifies them by severity (e.g., high-risk).

A User risk policy is used to trigger remediation. Identity Protection aggregates various risk detections (like leaked credentials) to calculate an overall risk level for a user account. A policy can be configured to take action when this user risk level reaches a certain threshold, such as 'High'. This is distinct from 'Sign-in risk', which assesses the risk of an individual sign-in session.

The control Grant access but require password change is the most appropriate mitigation. It directly addresses the problem of a compromised password by forcing the user to create a new one. This action remediates the risk while fulfilling the requirement to allow the user to regain access to applications.

References

Microsoft Entra ID Protection Documentation: "Microsoft works with law enforcement, researchers, and partners to find username and password pairs. Identity Protection can detect these leaked credentials and allow administrators to configure policy to automatically force users to change their passwords when their credentials are leaked."

Source: Microsoft. (n.d.). What is Identity Protection?. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection#risk-detections (See section on 'Risk detections' and the 'Leaked credentials' detection type).

Microsoft Documentation on Risk Policies: "A user risk policy detects the probability that a user account is compromised... Identity Protection can be configured to prompt users to register for Microsoft Entra multifactor authentication or change their password if they reach a certain level of risk."

Source: Microsoft. (n.d.). Configure and enable risk policies. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-risk-policies (See section on 'User risk policy').

Microsoft Documentation on Conditional Access Controls: "Require password change: This control is only available when user risk is detected as a condition. When this control is selected, users will be prompted to change their password to gain access to resources."

Source: Microsoft. (n.d.). Grant controls in Conditional Access policy. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant#require-password-change

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE