Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Netskope Exam NSK300 Topic 6 Question 18 Discussion

Actual exam question for Netskope's NSK300 exam
Question #: 18
Topic #: 6
[All NSK300 Questions]

A company needs to block access to their instance of Microsoft 365 from unmanaged devices. They have configured Reverse Proxy and have also created a policy that blocks login activity for the AD group "marketing-users" for the Reverse Proxy access method. During UAT testing, they notice that access from unmanaged devices to Microsoft 365 is not blocked for marketing users.

What is causing this issue?

Show Suggested Answer Hide Answer
Suggested Answer: A

The issue is likely caused by a missing group name in the SAML response (A). When access to Microsoft 365 from unmanaged devices is not blocked as expected, despite having a policy in place, it often indicates that the SAML assertion is not correctly identifying the user as a member of the restricted group. In this case, the ''marketing-users'' group name should be present in the SAML response to enforce the policy that blocks login activity for this group. If the group name is missing, the policy will not apply, and users will not be blocked as intended.


Contribute your Thoughts:

Chauncey
3 months ago
The IT team is probably blaming the coffee machine for this one. 'It's not our fault, the coffee maker is possessed!' *rolling eyes*
upvoted 0 times
Myra
1 months ago
They should check if the username has the 'marketing-users' group name.
upvoted 0 times
...
Noel
2 months ago
I think the username format might be the issue.
upvoted 0 times
...
Magda
2 months ago
Maybe the group name is missing in the SAML response.
upvoted 0 times
...
...
Truman
3 months ago
A missing group name in the SAML response? Looks like someone forgot to include the 'marketing-users' group in the configuration. Oops, my bad, that's option A. I need to start paying attention.
upvoted 0 times
...
Erin
3 months ago
Hmm, I'm going with option D. The username in the name ID field needs to be in the format of the 'marketing-users' group. It's like they're trying to make this as complicated as possible.
upvoted 0 times
...
Chana
3 months ago
Let me guess, the IT team forgot to turn on the 'block all the things' switch? Classic.
upvoted 0 times
...
Avery
3 months ago
The username in the name ID field doesn't have the 'marketing-users' group name? Seriously, how hard is it to get that right? They must have hired a team of monkeys to set this up.
upvoted 0 times
Bettina
1 months ago
The username needs to have the 'marketing-users' group name.
upvoted 0 times
...
Rozella
1 months ago
It could be an issue with the certificate.
upvoted 0 times
...
Willodean
2 months ago
The username format might not be correct.
upvoted 0 times
...
Tyra
2 months ago
They should double check the configuration settings.
upvoted 0 times
...
Maryann
2 months ago
Maybe there is a missing group name in the SAML response.
upvoted 0 times
...
Marleen
3 months ago
Maybe there was a typo in the group name.
upvoted 0 times
...
...
Tarra
3 months ago
Could it also be that there is a missing group name in the SAML response causing the issue?
upvoted 0 times
...
Carmela
3 months ago
I agree with Dianne, the policy is probably not blocking access because the username does not match the group name.
upvoted 0 times
...
Dianne
3 months ago
I think the issue might be that the username in the name ID field does not have the 'marketing-users' group name.
upvoted 0 times
...

Save Cancel