Skip to Content

Microsoft SC-200: What policy and filter should you use to detect botnet connections to Microsoft 365 apps in Cloud App Security?

By: Author Alex Lim

Posted on

Categories Exam

Learn how to create a custom template-based policy in Microsoft Cloud App Security to identify connections from botnet networks to your Microsoft 365 apps. Discover the correct policy template type and filter to use for effective threat detection.

Table of Contents

Question

You purchase a Microsoft 365 subscription.

You plan to configure Microsoft Cloud App Security.

You need to create a custom template-based policy that detects connections to Microsoft 365 apps that originate from a botnet network.

What should you use? To answer, select the appropriate options in the answer area.

Policy template type:

  • Access policy
  • Activity policy
  • Anomaly detection policy

Filter based on:

  • IP address tag
  • Source
  • User agent string

Answer

To create a custom template-based policy in Microsoft Cloud App Security that detects connections to Microsoft 365 apps originating from a botnet network, you should use:

Policy template type: Activity policy
Filter based on: IP address tag

Explanation

An Activity policy is the appropriate policy template type for monitoring and identifying suspicious or malicious activities within your cloud apps. This type of policy allows you to define conditions based on various factors, such as user actions, IP addresses, and device properties.

To specifically detect connections from a botnet network, you should filter the activity based on the IP address tag. Microsoft Cloud App Security maintains a database of known botnet IP addresses, which can be used to flag and alert on suspicious connections.

By combining an Activity policy template with an IP address tag filter, you can effectively create a custom policy that will detect and notify you when a Microsoft 365 app connection originates from a botnet network. This helps you identify potential threats and take appropriate actions to protect your organization’s data and resources.

Microsoft SC-200 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft SC-200 exam and earn Microsoft SC-200 certification.