Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Netskope Exam NSK300 Topic 7 Question 4 Discussion

Actual exam question for Netskope's NSK300 exam
Question #: 4
Topic #: 7
[All NSK300 Questions]

A company needs to block access to their instance of Microsoft 365 from unmanaged devices. They have configured Reverse Proxy and have also created a policy that blocks login activity for the AD group "marketing-users" for the Reverse Proxy access method. During UAT testing, they notice that access from unmanaged devices to Microsoft 365 is not blocked for marketing users.

What is causing this issue?

Show Suggested Answer Hide Answer
Suggested Answer: A

The issue is likely caused by a missing group name in the SAML response (A). When access to Microsoft 365 from unmanaged devices is not blocked as expected, despite having a policy in place, it often indicates that the SAML assertion is not correctly identifying the user as a member of the restricted group. In this case, the ''marketing-users'' group name should be present in the SAML response to enforce the policy that blocks login activity for this group. If the group name is missing, the policy will not apply, and users will not be blocked as intended.


Contribute your Thoughts:

Carlee
6 months ago
Hmm, that's a good point. If the username isn't associated with the group correctly, the block wouldn't work either.
upvoted 0 times
...
Catherin
7 months ago
Makes sense, but I'm considering option D. The username not having the 'marketing-users' group name could be the problem.
upvoted 0 times
...
Gregg
7 months ago
Exactly, option A. Without the group name, the policy can't enforce the block.
upvoted 0 times
...
Ayesha
7 months ago
Do you mean option A? That there's a missing group name in the SAML response?
upvoted 0 times
...
Gregg
7 months ago
Yeah, it's tricky. I think it might be something with the group name in the SAML response.
upvoted 0 times
...
Catherin
7 months ago
Hey, did you see the question about blocking access for unmanaged devices?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77