Exam MS-100 topic 2 question 31 discussion

Silent mode detects and logs inappropriate actions, but doesn't block them. SO, for the first selection, App1, App2 and App3 can be used to open the file. Its scope doesn't include App1 because the File1 is created on App1. Apps2 is also not included because it's exempted. So, the attempt to open the file, which is to be logged, is only the one from App3. This is mu understanding. Please correct me if I'm wrong.

You can open an app from app1,2 or 3 as it is in silent mode. This will only log, not alert or block user. Log will be generated on app 3 only. It wont log on protected app or exempt app.

Box 1 should be 1,2,3 and Box2 should be only App3

MS-101 question

Has anyone had this show up in the MS-100 exam as it is an MS-101 question?

So user can open file from 1.2.3 cause it's in silent mode and agree on that as for the logs https://docs.microsoft.com/en-us/mem/intune/apps/windows-information-protection-policy-create When working with WIP-enabled apps and WIP-unknown apps, we recommend that you start with Silent or Allow Overrides while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, Block. WIP runs silently, logging inappropriate data sharing, without blocking anything that would have been prompted for employee interaction while in Allow Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped. it says to make sure you have the right apps on your protect list and silent logs contain inappropriate data sharing which means apps that are blocked and unknown aka not on the protect list

Ms-101question

Per Microsoft: "Silent. Windows Information Protection runs silently. It logs inappropriate data sharing without blocking anything that would’ve prompted employee interaction in Allow Overrides mode. Unallowed actions, like apps trying to access a network resource or Windows Information Protection protected data, are allowed but audited. Silent mode is good choice for more open IT environments or where large groups of users, like testers or application developers, have legitimate reasons to perform actions that might be blocked under other circumstances. Silent mode is also good to use when an organization is thinking about implementing Allow Overrides or Hide Overrides mode, because the event log will offer information about the number of overridden or blocked events that implementing Windows Information Protection will cause." this phrase "the event log will offer information about the number of overridden or blocked events" suggests that the exempt app does not get logged at all. Only events where a block would occur or a user overrides the block will be logged.

is this on the test?

i think that skajam66 is right ;

I believe it should be only App1 and App2 can open because App3 is out of protection/exemption so not allowed to open any file. And, logs will be generated for such type of actions for App1 only because that is the protected app.

MS-101 question - MS-100 does not cover WIP

so what's the correct answer?

1, 2, 3 & 2, 3.

You Can open File1 from App1,App2, and App3 An action will be logged when you attempt to open File1 from: App3 only WIP Silent mode will not block any action but will log inappropriate data sharing, giving you the opportunity to monitor your WIP enabled apps but also apps you did not add to your WIP policy.

Silent mode. The Windows Information Protection-protected work files can be moved or copied to the user’s personal local OneDrive sync folder, the files will sync without issue, and an audit log event will be generated.

WIP runs silently, logging inappropriate data sharing, without stopping anything that would’ve been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped. Unallowed actions in silent are blocked so I think App 3 can't access the file. For the log, i'm not sure that events for "exempt app" are logged so if someone can provide a link with the answer, it would be greatly appreciated!