Exam SC-401 topic 2 question 31 discussion

Actual exam question from Microsoft's SC-401

Question #: 31
Topic #: 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage Account keys in plain text to third parties.
You need to ensure that when Azure Storage Account keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has only the Exchange email location selected.
Does this meet the goal?

A. Yes
B. No

Show Suggested Answer

Suggested Answer: A 🗳️

by dache at June 7, 2025, 10:21 a.m.

Comments

Submit Cancel

4d76265

Highly Voted 1 month, 3 weeks ago

Selected Answer: A

Given answer is correct. I have tested in Purview - I can create new DLP policy > scope to Exchange > content contains built-in SIT for Azure Storage Account Keys > restrict or encrypt the content in 365 locations > choose protection setting for encryption. Test, test, test, and don't rely solely on Copilot.

upvoted 5 times

...

dache

Most Recent 1 month, 4 weeks ago

Selected Answer: B

Copilot: The correct answer is: B. No. A DLP policy with only the Exchange email location selected can detect and restrict the sharing of Azure Storage Account keys, but it does not automatically encrypt emails. To ensure encryption, you need to configure Microsoft Purview Information Protection or Microsoft Defender for Office 365 to enforce encryption policies when sensitive data is detected.

upvoted 4 times

...