Microsoft Cybersecurity Architect — Question 64

You have a Microsoft 365 subscription.

You have a Conditional Access policy that has the following settings:

• Name: Policy 1
• Assignments
o Users:
- Include: All users
o Target resources
- Include: Select apps; Office 365
o Network
- Include: Any network or location
- Exclude: Selected networks and locations; Site1
o Access controls
- Grant: Require multifactor authentication, Require Hybrid Microsoft Entra joined device

You plan to implement Zero Trust Rapid Modernization Plan (RaMP).

You need to ensure that Policy1 aligns with best practice recommendations in RaMP.

Which setting should you change?

Answer options

• A. Include: Any network or location
• B. Exclude: Selected networks and locations; Site1
• C. Grant Require Hybrid Microsoft Entra joined device
• D. Grant: Require multifactor authentication

Correct answer: B

Explanation

The correct answer is B because excluding specific networks like Site1 does not align with the Zero Trust principles which recommend limiting access based on user identity and risk. The other options either do not require modification or would not enhance the Zero Trust approach.