Microsoft Security Operations Analyst Associate SC-200 Practice Question
Your organization uses Microsoft Defender for Cloud Apps (MDCA) and has already enabled Conditional Access App Control for SharePoint Online. Security policy requires that users who access SharePoint Online from unmanaged devices must be allowed to preview documents in the browser but must not be able to download any files. Which MDCA policy type and control should you configure to meet this requirement?
Create an anomaly detection policy that searches for downloads from unusual locations and blocks the activity.
Create a file policy that applies a governance action to quarantine files when access is from unmanaged devices.
Create a session policy for SharePoint Online and configure the Block download (DLP) control to apply when the device is unmanaged.
Create an activity policy that logs any download events from unmanaged devices and sends an alert.
To stop file downloads from SharePoint Online when users are on unmanaged devices, you must inspect and control the session in real time. In Microsoft Defender for Cloud Apps, this is done with a Session policy. When you create a Session policy for SharePoint Online that applies only to sessions from unmanaged devices, you can choose the Block download (or Block download with DLP inspection) control. This prevents the file from being downloaded while still permitting in-browser viewing.
File policies work on files already stored in cloud apps and apply governance actions such as quarantine or encryption; they do not affect real-time download attempts. Activity policies generate alerts based on user actions but cannot directly block downloads. Anomaly detection policies are designed to discover suspicious behaviors (for example, impossible travel) rather than enforce granular controls. Therefore, configuring a Session policy that uses the Block download control is the only option that meets the stated requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Conditional Access App Control in MDCA?
Open an interactive chat with Bash
What are the differences between Session policies and File policies in MDCA?
Open an interactive chat with Bash
How does 'Block download with DLP inspection' differ from 'Block download' in MDCA?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .