ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 2 question 80 discussion

Actual exam question from Microsoft's SC-400
Question #: 80
Topic #: 2
[All SC-400 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.



You have the data loss prevention (DLP) policies shown in the following table.



From Insider risk management, you configure a priority user group named PriGroup1 that contains User3 as a member.

You have the insider risk policies shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by proed at Nov. 11, 2024, 8:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
proed
Highly Voted 5 months, 3 weeks ago
Shouldn't it be Y/Y/N ?
upvoted 7 times
itsadel
4 months ago
Is the answer correct Y/N/Y ? Please advise.
upvoted 2 times
JambonBlanc
4 days, 21 hours ago
Correct: Y, N, Y When User3 performs an action that matches the rule for DLP1, Policy1 generates an alert: Yes. Since User3 is a member of Group1, Policy1 applies to User3. If their action matches the rule for DLP1, an alert will be generated. When User1 performs an action that matches the rule for DLP2, Policy2 generates an alert: No. Alerts are typically generated only for high-severity rules in data loss prevention (DLP) policies. This ensures that the focus remains on critical incidents that require immediate attention. For medium or low-severity rules, other actions like notifications or reports may be configured instead of generating alerts. When User3 performs an action that matches the rule for DLP3, Policy3 generates an alert: Yes. User3 is a member of Group3, and Policy3 applies to priority users in PriGroup1, which includes User3. Therefore, an alert will be generated if the action matches DLP3.
upvoted 1 times
...
...
...
ca7859c
Most Recent 3 days, 9 hours ago
I would go with YYY DLP rules can generate alerts based on the severity an admin sets https://learn.microsoft.com/en-us/purview/dlp-alerts-get-started#dlp-alert-configuration Also, if there is no explicit configuration to stop evaluating additional rules once a match is found, additional dlp rules are evaluated
upvoted 1 times
ca7859c
3 days, 9 hours ago
Last one is Y, as setting the severity level to high is part of the guidelines and not a requirement. It's to decrease incident report alert noise. When using a Data leaks template, you "can" assign a DLP policy to trigger indicators in the insider risk policy for "high severity alerts" in your organization. Data leaks policy guidelines When creating or modifying data loss prevention policies for use with insider risk management policies, consider the following guidelines: Prioritize data exfiltration events and be selective when assigning Incident reports settings to High when configuring rules in your DLP policies. For example, emailing sensitive documents to a known competitor should be a High alert level exfiltration event. Over-assigning the High level in the Incident reports settings in other DLP policy rules can increase the noise in the insider risk management alert workflow and make it more difficult for your data investigators and analysts to properly evaluate these alerts. https://learn.microsoft.com/en-us/purview/insider-risk-management-policy-templates#data-leaks
upvoted 1 times
...
...
Phil_79
2 months, 1 week ago
seems correct since User3 is a priority user for insider risk... tricky question
upvoted 1 times
...
BigTone
3 months, 1 week ago
Th answer should be Yes/No/No. Alerts are only generated for DLP's that have a severity level of High. Anything lower doesn't generate an alert https://learn.microsoft.com/en-us/purview/insider-risk-management-policy-templates#data-leaks
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago