SC-100 Question #75: Real Exam Question with Answer & Explanation

Question

A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications. The customer discovers that several endpoints are infected with malware. The customer suspends access attempts from the infected endpoints. The malware is removed from the end point. Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options

• AMicrosoft Defender for Endpoint reports the endpoints as compliant.
• BMicrosoft Intune reports the endpoints as compliant.
• CA new Microsoft Entra Conditional Access policy is enforced.
• DThe client access tokens are refreshed.

Explanation

{"question_number": 4, "correct_answer": "B, D", "explanation": "Under the Zero Trust model of 'never trust, always verify,' two conditions must be satisfied after malware removal. First, Microsoft Intune must report the endpoints as compliant (B) - Intune enforces device compliance policies, and until the device is confirmed clean and meets all compliance rules (e.g., antivirus up to date, encryption enabled), access should remain suspended. Second, the client access tokens must be refreshed (D) - tokens issued while the device was compromised cannot be trusted; new tokens must be obtained after re-authentication to ensure the session reflects the current, clean device state. Microsoft Defender for Endpoint (A) reports threat status but device compliance is managed by Intune, not MDE directly in this context. A new Conditional Access policy (C) is not required - the existing policy is sufficient; what matters is that the device re-satisfies it.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.