Free Microsoft Identity SC-300 Actual Exam Questions - Question 13 Discussion
HOTSPOT You have an AzureAD tenant that contains the users shown in the following table. 
You have the locations shown in the following table. 
The tenantcontainsa named location that Das the following configurations: • Name: location1 • Mark as trusted location: Enabled • IPv4 range: 10.10.0.0/16 MFA has a trusted iPad dress range of 193.17.17.0/24. You have a Conditional Access policy that has the following settings: • Name: CAPolicy1 • Assignments o Users or workload identities: Group 1 o Cloud apps or actions: All cloud apps * Conditions * Locations All trusted locations • Access controls o Gant • Grant access: Require multi-factor authentication © Session: 0 controls selected • Enable policy: On For each of the following statements select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. 
I think the key here is that the policy applies to "All trusted locations" but also requires MFA. Normally, trusted locations bypass MFA, but this one explicitly requires it. So access from 10.10.0.0/16 should still trigger MFA because it's included in the trusted location, but the policy says to require MFA anyway. The different MFA trusted IP range (193.17.17.0/24) probably doesn’t affect this policy directly since it’s about Conditional Access not the MFA settings themselves.
The policy applies MFA when users are in trusted locations, but since trusted locations are usually excluded from MFA, I think users from 10.10.0.0/16 won’t need MFA, so I’d say No for that statement.
The policy targets trusted locations for MFA, so only IPs in 10.10.0.0/16 must do MFA, not 193.17.17.0/24.
If the policy applies MFA to all trusted locations, and the trusted location IP range differs from the MFA trusted IP, then access from 10.10.0.0/16 should indeed require MFA, making C likely Yes.
C and D are a bit confusing here.