SC-300 Exam - Question 248

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender.

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the Google Workspace app connector.

Does this meet the goal?

Examice · Accepted Answer

To monitor OAuth authentication requests using Microsoft Defender for Cloud Apps, it is essential to add connectors for all identity providers involved, not just Google Workspace. In this scenario, you have multiple identity providers including Amazon Web Services (AWS), Google Workspace, and GitHub. Adding only the Google Workspace app connector will not enable comprehensive monitoring for OAuth authentication requests across all these platforms. Therefore, adding just the Google Workspace app connector does not meet the goal.

Manny_ez · Answer

B is the correct answer. To monitor OAuth authentication requests, you need to add the appropriate app connectors for each identity provider, such as AWS, Google Workspace, and GitHub, in addition to the Azure AD connector.

In this scenario, you have the following identity providers:

Amazon Web Services (AWS)
Google Workspace
GitHub
Adding the Google Workspace app connector alone would not cover the OAuth authentication requests for AWS and GitHub. You should add connectors for each identity provider to have comprehensive monitoring.

Therefore, the correct approach is to add connectors for AWS, Google Workspace, and GitHub, not just the Google Workspace connector.

JimboJones99 · Answer

I think A:Yes

OAuth app management is available only after connecting one or more of the supported platforms - Microsoft 365, Google Workspace, or Salesforce. Once connected, the OAuth apps menu option will appear under Investigate.

https://learn.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions

cgonIT · Answer

Correct Answer: A, Yes.
Tested in lab. There is no way to detect signals from Google Workspace, for example, if you do not add first an app connector. So this answer is YES.

JuanZ · Answer

https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy
Alternatively, you can also create the policy in the Microsoft Defender Portal, by going to Cloud Apps- Policies -> Policy management. Then select Create policy followed by OAuth app policy and select app Google Workspace.

rikicm · Answer

Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender, which correlates signals from across the Microsoft Defender suite and provides incident-level detection, investigation, and powerful response capabilities. For more information, see Microsoft Defender for Cloud Apps in Microsoft 365 Defender.

Nielll · Answer

Microsoft Defender for Cloud Apps (MDCA) is designed to monitor and control access to Microsoft 365 services, not Google Workspace.
The Google Workspace app connector in MDCA is likely intended for user provisioning or single sign-on (SSO) between Microsoft 365 and Google Workspace, not for monitoring OAuth authentication requests to Google Workspace.

ACSC · Answer

https://learn.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions

Matt19 · Answer

NO - need all connectors deployed

barlar · Answer

only "you add the Google Workspace app connector" is not enough there is still the AWS and Github parts that are lacking.

TRN80 · Answer

It's part of a full solution/answer, but not the full answer. The only thing I would answer "YES" to in this group is an answer that includes the connectors for each of the 3, not just 1 of the 3.

YesPlease · Answer

Answer A) YES

The question doesn't say you need to monitor all of them...but Google Workspace is the most robust with permissions to view just about everything a user does.   AWS and GitHub both have way less abilities.

https://learn.microsoft.com/en-us/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps

GummyBear95 · Answer

ChatGPT answer:
No, this solution does not meet the goal.

The requirement is to monitor OAuth authentication requests for Amazon Web Services (AWS), Google Workspace, and GitHub using Microsoft Defender for Cloud Apps. However, adding only the Google Workspace app connector in the Microsoft 365 Defender portal would not cover AWS and GitHub.

To meet the goal, you need to add connectors for all the relevant platforms (AWS, Google Workspace, and GitHub). This would involve:

Adding the Google Workspace connector (as you mentioned).
Adding the AWS app connector.
Adding the GitHub app connector.
This ensures that OAuth authentication requests for all three services are monitored via Microsoft Defender for Cloud Apps. Therefore, adding just the Google Workspace app connector alone is insufficient.

Obi_Wan_Jacoby · Answer

Answer B: NO. Steps to Monitor OAuth Authentication Requests
Add Connectors for Each Service:
AWS: Add the AWS app connector to monitor OAuth authentication requests for AWS.
GitHub: Add the GitHub app connector to monitor OAuth authentication requests for GitHub.
Google Workspace: Add the Google Workspace app connector to monitor OAuth authentication requests for Google Workspace.
Why Separate Connectors Are Needed
Service-Specific Integration: Each connector is designed to integrate with the specific service's API and authentication mechanisms.
Comprehensive Monitoring: Adding connectors for each service ensures that you can monitor and manage OAuth authentication requests across all your accounts effectively

SC-300 Exam - Question 248

Discussion