exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam

Exam SC-300 topic 4 question 52 discussion

Actual exam question from Microsoft's SC-300
Question #: 52
Topic #: 4
[All SC-300 Questions]

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.

What should you do first?

  • A. Create a Conditional Access policy.
  • B. Create a Defender for Cloud Apps access policy.
  • C. Create an app configuration policy in Microsoft Endpoint Manager.
  • D. From the Microsoft Defender for Cloud Apps portal, unsanction Facebook.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
kanag1
Highly Voted 1 year, 7 months ago
Selected Answer: D
Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps. https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 9 times
Alcpt
10 months ago
correct answer. Easiest configuration for monitoring is D vs B. this question says nothing about blocking the app.
upvoted 1 times
...
Doinitza
1 year, 1 month ago
If you unsanction an app, the next message is shown: "Tag as unsanctioned? Apps with the Unsanctioned tag will be blocked by Microsoft Defender for Endpoint. Configure the integration settings here".
upvoted 1 times
...
...
MacDanorld
Highly Voted 1 year, 3 months ago
Selected Answer: B
How does unsanctioning an app which effectively block access to the app give you an insight to which users access it on their device? i dont see how D is the answer to this question. I believe creating a CLOUD APP ACCESS POLICY is what is needed. Please correct me if i am wrong
upvoted 8 times
Alcpt
10 months ago
why do u want to block Facebook? This question says nothing about blocking the app? Dont lose context of the question
upvoted 1 times
...
Haerenhal
1 year, 3 months ago
Yes B is the answer. Create a Defender for Cloud Apps access policy: Creating a Defender for Cloud Apps access policy allows you to define conditions and settings to monitor and control access to specific cloud applications, such as Facebook. This approach helps you gain insights into user activities related to Facebook without immediately blocking or unsanctioning the application.
upvoted 5 times
...
...
YesPlease
Most Recent 2 days, 13 hours ago
Selected Answer: D
Answer D) From the Microsoft Defender for Cloud Apps portal, unsanction Facebook. https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 1 times
...
vixxx83
4 months ago
Selected Answer: D
You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. Then select Unsanctioned. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the cloud discovery filters.
upvoted 3 times
...
Labelfree
4 months ago
I'm going B - In response to those saying D because of administrative effort: Why Access Policy Minimizes Administrative Effort: Automated Monitoring: Once the access policy is set up, it automatically tracks and logs user activity, reducing the need for manual monitoring. Real-Time Alerts: Access policies can be configured to provide real-time alerts on specific activities, enabling proactive management. Comprehensive Reporting: Provides detailed reports on user activity, making it easier to identify and analyze usage patterns. In comparison, unsanctioning Facebook (option D) would involve more ongoing manual effort to monitor and interpret usage data without the same level of automation and control.
upvoted 1 times
...
Matt19
5 months, 1 week ago
Selected Answer: B
Need to create a policy first so we can monitor the logs and take action, I guess B is the right option here
upvoted 2 times
...
hml_2024
6 months, 1 week ago
Selected Answer: B
o identify which users are accessing Facebook from their devices and browsers while minimizing administrative effort, you should first: B. Create a Defender for Cloud Apps access policy. A Defender for Cloud Apps access policy allows you to monitor and control user activities in cloud apps, including identifying access to unsanctioned apps like Facebook. By creating this policy, you can track user access to Facebook and enforce conditional rules if necessary.
upvoted 2 times
...
rameshms85
11 months ago
Selected Answer: D
Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters
upvoted 3 times
...
klayytech
11 months ago
Selected Answer: B
B. Create a Defender for Cloud Apps access policy to monitor Facebook access. This policy will track user activity on Facebook without needing extensive configuration on individual devices.
upvoted 2 times
klayytech
11 months ago
1. Unsanctioning Facebook (Discovery): This is the first step to enable monitoring. Log in to the Microsoft Defender for Cloud Apps portal. Navigate to Cloud Apps and then Governance. Locate Facebook in the list of apps. Click the three dots next to Facebook and select Unsanctioned.
upvoted 1 times
...
...
KRISTINMERIEANN
11 months, 1 week ago
Selected Answer: D
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 4 times
...
337257e
12 months ago
yall are stupid asf. its D. read MS documentation before coming in here and giving wrong answers like little monkeys https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 3 times
...
Siraf
1 year ago
Correct Answer is D: Sanctioning/unsanctioning an app: You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. Then select Unsanctioned. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps. https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 1 times
...
jbraxton7
1 year, 1 month ago
I mean it does say here on the Microsoft page itself that "Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters." Therefore I am leaning more to answer D. https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 1 times
...
Sneekygeek
1 year, 1 month ago
Selected Answer: B
Question clearly asks to get insights into the activity not block it, which un-sanctioning would do.
upvoted 3 times
[Removed]
12 months ago
Unsanctioning doesn't auto block it, so I don't think you're correct - https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 1 times
...
...
cpaljchc4
1 year, 1 month ago
Selected Answer: B
Agree with McDonald, I’m going to balance it up
upvoted 3 times
...
ACSC
1 year, 5 months ago
Selected Answer: D
https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#sanctioningunsanctioning-an-app
upvoted 3 times
...
Logitech
1 year, 5 months ago
such a stupid question. First you can see it anyway dont need to unsanctioned the app. I can add a random Tag too. If you have MDE Integration, what you normal have if you are using CAS. Then you block unsancitoned apps automaticlly. If you enable network proteciton it will block it in all browser.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago