Q: 8
A user named User1 receives an error message when attempting to access the Microsoft Defender
for Cloud Apps portal.
You need to identify the cause of the error. The solution must minimize administrative effort.
What should you use?
Options
Discussion
B. is correct. Had something like this in a mock and sign-in logs clearly showed the access failure reason for user errors. Quickest way to spot Conditional Access or auth issues. Pretty sure that's what they're after here.
Option B
C or B. I feel like audit logs (C) should highlight access issues if User1 hits an error while already inside the portal. If it's strictly a login problem, then yeah, B catches it. Not 100% though, what do you all think?
Had this exact type of question in my last practice test-B is correct.
Did anyone try checking audit logs (C) for these access errors, or is everyone relying just on sign-in logs? Sometimes I see people mix up where access failure events actually show up. Wondering if there's any reason to use Log Analytics here instead?
Looks like B, audit logs (C) are tempting but they miss failed sign-ins. Log Analytics seems like extra work. Disagree?
Not B, C. Audit logs catch access attempts inside the portal if authentication succeeded but authorization failed.
A is wrong, B. Similar question popped up on my practice exam reports, sign-in logs pinpoint initial access errors fastest in Entra.
Its C. Audit logs seem like they'd show errors for user actions after login, not just sign-in failures. Trap is B, but if User1 reached the portal audit logs might help more, right?
C . Had something like this in a mock and audit logs showed user access attempts and failures. I figured that would cover errors too, plus it's easy to check for activity there. Not 100 percent but sounds reasonable to me, agree?
Be respectful. No spam.
