Microsoft Cybersecurity Architect — Question 34

You have a Microsoft Entra tenant named contoso.com and use Microsoft Intune. Each user in contoso.com has a Microsoft Entra ID P1 license and a Windows 11 device that has the Global Secure Access client deployed.

You plan to deploy the following configuration of Microsoft Entra Internet Access:

• Enable a baseline profile.
• Create a security profile named Profile1 that has a priority of 300 and contains a single web content filtering policy named
WCFPolicy1. Configure WCFPolicy1 as follows:
o Set Action to allow.
o Include a single rule that has a fully qualified domain name (FQDN) destination of *.adatum.com.
• Link Profile1 to a Conditional Access policy named CAPolicy1, apply CAPolicy1 to all users, and grant access unless a user's device is noncompliant.

You need to evaluate the impact of the planned deployment on traffic to the following resources:

• https://www.adatum.com:8433
• https://www.fabrikam.com

Which two traffic scenarios will occur? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. Traffic to https://www.fabrikam.com will be allowed from all the devices.
• B. Traffic to https://www.adatum.com:8433 will be blocked from all the devices.
• C. Traffic to https://www.adatum.com:8433 will be allowed from all the devices.
• D. Traffic to https://www.fabrikam.com will be allowed from compliant devices only.
• E. Traffic to https://www.adatum.com:8433 will be allowed from compliant devices only.
• F. Traffic to https://www.fabrikam.com will be blocked from noncompliant devices only.

Correct answer: D, E

Explanation

The correct answers are D and E because traffic to https://www.adatum.com:8433 will only be allowed if the devices are compliant with the Conditional Access policy. Traffic to https://www.fabrikam.com is not included in the WCFPolicy1 and therefore will be restricted to compliant devices only as per the enforcement of conditional access policies.