SC-300 Question #450: Real Exam Question with Answer & Explanation

Question

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk. Which type of policy should you create in the Microsoft Defender for Cloud Apps?

Options

• Aapp discovery policy
• BOAuth app policy
• Cactivity policy
• Daccess policy

Explanation

• activity policy * anomaly detection policy * app discovery policy * OAuth app policy Access policies provide you with real-time monitoring and control over user logins to your cloud Category: Conditional access Microsoft Defender for Cloud Apps access policies enable real-time monitoring and control over access to cloud apps based on user, location, device, and app. You can create access policies for any device, including devices that aren't Hybrid Azure AD Join, and not managed by Microsoft Intune by rolling’out client certificates to managed devices or by using existing certificates, such as third-party MDM certificates. For example, you can deploy client certificates to managed devices, and then block access from devices without a certificate. * OAuth app policies enable you to investigate which permissions each OAuth app requested and automatically approve or revoke it. These are built-in policies that come with Defender for Cloud Apps and can't be created. * Anomaly detection policies enable you to look for unusual activities on your cloud. Detection is based on the risk factors you set to alert you when something happens that is different from the baseline of your organization or from the user's regular activity. * activity policy Activity policies allow you to ’nforce a wide range of automated processes using the app provider's APIs. These policies enable you to monitor specific activities carri’d out by various users, or follow unexpectedly high rates of a certain type of activity. * App Discovery Policy An App Discovery Policy (within Microsoft Defender for Cloud Apps) defines rules to automatically detect, analyze, and alert on unauthorized or risky cloud applications (Shadow IT) used within your organization, helping you gain visibility, assess risk, and enforce governance by tagging apps as sanctioned, unsanctioned, or monitored. These policies trigger alerts based on traffic volume, specific apps, or risk levels, integrating with log data from firewalls or Microsoft Defender https://learn.microsoft.com/en-us/defender-cloud-apps/access-policy-aad https://learn.microsoft.com/en-us/defender-cloud-apps/control-cloud-apps-with-policies

No community discussion yet for this question.