SC-300 · Question #442
SC-300 Question #442: Real Exam Question with Answer & Explanation
This question tests knowledge of how Conditional Access policies interact with Global Secure Access traffic forwarding profiles and security profiles. Specifically, it distinguishes between policies targeting 'All internet resources' versus those using a custom Global Secure Acce
Question
Hotspot Question You have a Microsoft Entra tenant that contains 1,000 users. The users are assigned Microsoft Entra Suite licenses. You perform the following actions: Deploy Global Secure Access. Create a Global Secure Access security profile named Profile1. Create the following Conditional Access policies: - Name: CApolicy1 - Target resources: All internet resources with Global Secure Access - Name: CApolicy2 - Session: -- Use Global Secure Access security profile: Profile1 To which Global Secure Access traffic forwarding profiles is CAPolicy1 linked, and to which profile does Profile1 apply? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantdropdown
Explanation
This question tests knowledge of how Conditional Access policies interact with Global Secure Access traffic forwarding profiles and security profiles. Specifically, it distinguishes between policies targeting 'All internet resources' versus those using a custom Global Secure Access security profile.
Approach. CApolicy1 targets 'All internet resources with Global Secure Access,' which maps it to the Microsoft Entra Internet Access traffic forwarding profile - this is the profile that handles internet-bound traffic through Global Secure Access. Profile1 (a custom security profile applied via CApolicy2's session control 'Use Global Secure Access security profile') applies to the Microsoft Entra Internet Access traffic forwarding profile as well, because custom security profiles are associated with the Internet Access profile for filtering and enforcing web content policies. The Microsoft 365 Access profile handles Microsoft 365 traffic specifically, and the Private Access profile handles private/on-premises resources - neither CApolicy1 nor Profile1 are linked to those profiles in this scenario.
Concept tested. Global Secure Access Conditional Access integration: understanding which traffic forwarding profiles (Internet Access, Microsoft 365 Access, Private Access) are linked to Conditional Access policies targeting 'All internet resources with Global Secure Access' versus those using custom Global Secure Access security profiles in session controls.
Reference. https://learn.microsoft.com/en-us/entra/global-secure-access/concept-traffic-forwarding
Community Discussion
No community discussion yet for this question.