SC-300 Question #214: Real Exam Question with Answer & Explanation

Question

A user named User1 receives an error message when attempting to access the Microsoft Defender for Cloud Apps portal. You need to identify the cause of the error. The solution must minimize administrative effort. What should you use?

Options

• ALog Analytics
• Bsign-in logs
• Caudit logs
• Dprovisioning logs

Explanation

Sign-in logs (Option B) are the appropriate tool because they record authentication attempts, including failures, for specific users. When a user cannot access a portal like Microsoft Defender for Cloud Apps, the root cause is almost always an authentication or authorization issue - sign-in logs will show exactly why the login failed (e.g., MFA failure, Conditional Access policy block, or account issue) with minimal investigative effort.

Why the distractors are wrong:

• A. Log Analytics is a broader monitoring and query tool used for aggregating and analyzing resource/diagnostic logs - it requires more configuration and effort, violating the "minimize administrative effort" requirement.
• C. Audit logs track administrative actions and changes made within a service (e.g., policy changes, role assignments), not user login failures.
• D. Provisioning logs track whether user accounts have been successfully provisioned/synced between systems (e.g., Azure AD to a SaaS app) - relevant for access issues caused by sync problems, but not the first-line tool for login errors.

Memory Tip: Think of it this way - if a user can't get in, check the sign-in logs; if an admin changed something, check the audit logs. "Sign-in = getting in" is your quick mental shortcut for authentication troubleshooting questions. 🔑

No community discussion yet for this question.