Previous

Next

Knowledge check

Completed

Choose the best response for each of the questions below. Then select "Check your answers".

Check your knowledge

1.

An administrator at Contoso wants to use device identification as a way to enforce Conditional App Access Control in Defender for Cloud Apps. The administrator knows that client certificates in a trusted chain can be used to make a determination around access or session policies that implement device state as a filter. Which of the following can also be used?

Whether a device is AD DS joined.

Whether a device is Microsoft Entra joined.

Whether a device is Microsoft Entra registered.

2.

An administrator at Contoso wants to use device identification as a way to enforce Conditional App Access Control in Defender for Cloud Apps. The administrator knows that client certificates in a trusted chain can be used to make a determination around access or session policies that implement device state as a filter. The administrator starts to upload root CA certificates to the Defender for Cloud Apps portal. What format do the certificates need to be?

Certificates must be in the .CER format.

Certificates must be in the PEM format.

Certificates must be in the P7B format.

3.

When an administrator starts to deploy Conditional Access App Control with AD FS as the identity provider, they create a new AD FS Relying Party Trust and App Single Sign-On configuration. Why is this necessary?

To duplicate the existing configuration.

To create a secondary configuration, which is a requirement of this process.

To limit end-user downtime and preserve your existing known good configuration.

You must answer all questions before checking your work.

Continue