Exam PL-100 topic 3 question 16 discussion

BC shouldn't be correct. Answer should be AD

CD is correct

You placed all connectors into the Non-Business group within the DLP policy. This would prevent the flow from accessing or sharing business data, which might be stored in the SharePoint list. To fix this, you need to move either the Twitter or the SharePoint connector to the Business group in the DLP policy. You are not assigned the Environment Admin role. This role is required to create or edit DLP policies in the Power Platform admin center. If you don’t have this role, you might not be able to modify the DLP policy that is blocking your flow. To fix this, you need to contact your tenant admin or someone who has the Environment Admin role and ask them to grant you this role or change the DLP policy for you. https://learn.microsoft.com/en-us/power-automate/prevent-data-loss https://learn.microsoft.com/en-us/power-platform/admin/wp-data-loss-prevention https://learn.microsoft.com/en-us/power-automate/desktop-flows/data-loss-prevention

BD are correct

AD will allow you to troubleshoot. CD are more related to what will prevent the flow from triggering, however if both connectors are in the same group how it says there, then the flow should trigger fine. I don't think there is a correct answer here 👎

For those who are curious where the matrix in the answer is taken from : https://learn.microsoft.com/en-us/power-platform/admin/create-dlp-policy?source=recommendations It's at the bottom of the page. But the key point in the example is, MS mentioned that Facebook and Twitter will be moved to "Blocked" group under "Walkthrough" section. We don't have any clue about blocking Twitter. So I would also go with AD.

Base in this the Power Platform administrator can View and manage tenant policies so I go with A D https://learn.microsoft.com/en-us/power-platform/admin/use-service-admin-role-manage-tenant https://learn.microsoft.com/en-us/power-platform/admin/prevent-data-loss

DLP policies enforce rules for which connectors can be used together by classifying connectors as either Business or Non-Business. If you put a connector in the Business group, it can only be used with other connectors from that group in any given app or flow. Sometimes you might want to block the usage of certain connectors altogether by classifying them as Blocked. From <https://docs.microsoft.com/en-us/power-platform/admin/wp-data-loss-prevention> B and C will both work and won't block the flow. So the remaining (correct) answers are A D To create a DLP policy, you need to be a tenant admin or have the Environment Admin role. Power Platform admin and Tenant admin are probably equivalent terminology.

AD is more reasonable

B and D are correct.

I think the best case against BC is that you need two connectors to make this flow. It requires both the twitter connector and the sharepoint connector. I'm not sure lacking an admin role would stop your flow from working, but at the very least BC can be eliminated and A and D would allow you to troubleshoot/fix.

I think it is A and D, because we can not use connectors from different groups in 1 flow. But in B and C we put all connectors in 1 group, so we will not face with any problems with DLP.

C - Connectors are in the Non Business DLP Group D - You need to be at least Environment Admin s. To create a DLP policy, you need to be a tenant admin or have the Environment Admin role. https://docs.microsoft.com/en-us/power-platform/admin/wp-data-loss-prevention

The explanation for B is incorrect because it refers to an EXAMPLE of how you can set up a DLP, but this doesn't mean it is always like this (https://docs.microsoft.com/en-us/power-platform/admin/create-dlp-policy -- is an EXAMPLE!) Furthermore: You cannot create a DLP for a Flow or App, if you are trying to use connectors from different groups like BizOnly or non-biz. Therefore, neither B and C can apply, because the user was able to create the Flow. Consequently, ONLY A and D remain, confirmed in https://docs.microsoft.com/en-us/power-platform/admin/prevent-data-loss.

DLP policies are created in the Power Platform admin center. They affect Power Platform canvas apps and Power Automate flows. To create a DLP policy, you need to be a tenant admin or have the Environment Admin role.So I think the answer is A and D;

I tested. I created a DLP and I put SP and Tw inside a Business Group, and my flow doesn't work. Because Twitter is considered "Blockable". Answer B and D

From the article: One data group must be designated as the default group to automatically classify any new connectors added to Microsoft Power Platform after your policy has been created. Initially, the Non-Business group is the default group for new connectors and all services. So B is one of the right answers. Then D since you only need environment maker access.