ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 2 question 11 discussion

Actual exam question from Microsoft's SC-400
Question #: 11
Topic #: 2
[All SC-400 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has all locations selected.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Eltooth at July 20, 2021, 4:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Eltooth
Highly Voted 3 years, 11 months ago
Correct - no. Mail flow rules are needed.
upvoted 8 times
ExamReviewerIZ
3 years, 8 months ago
Incorrect. You can also create a DLP Policy choosing Exchange Online or all locations and the email will be encrypted if sensitive information is detected. If you do it through Exchange Online - MailFlow Rules, it only applies to email. Mailflow Rule is not a requirement.
upvoted 15 times
Jideakin
3 months, 2 weeks ago
Both of you are partially correct. You can do it from DLP without a mail flow rule, but when you select all location, the action relating to sending encrypted email will not be available because it doesn't relate to all locations. Therefore the correct answer is No.
upvoted 2 times
...
Sam12
3 years, 5 months ago
I just tested this, in compliance portal choose only exchange on the dlp policy an you will be able to ecrypt sensitive content
upvoted 5 times
BieLey
3 years, 3 months ago
But not if you have "all locations" selected.
upvoted 8 times
Lion007
2 years, 10 months ago
in DLP Policy, if you try to apply the message encryption, you will get this error: ("Validation failed Conditions/exceptions/actions on existing rules cannot apply on new locations. Please remove the unsupported conditions/exceptions/actions ' Encrypt email messages (applies only to content in Exchange)' on those rules and add the new locations."). So not to "all locations". But I tested it and it worked like a charm when selecting only "Exchange email" is the ONLY location.
upvoted 7 times
...
...
...
...
...
PrettyFlyWifi
Highly Voted 3 years, 4 months ago
No looks correct. Key part of the question.... "that has all locations selected". This question is specifically referring to Exchange Online and email only.
upvoted 6 times
...
narenbabu.chintu
Most Recent 11 months, 2 weeks ago
DLP is needed, but not all locations have to be selected.
upvoted 1 times
...
ChrisBaird
1 year ago
Selected Answer: A
A DLP policy only requires the "Content Contains" condition, which is available for all locations. Add the SIT to the condition, et voila! The answer is A.
upvoted 1 times
...
ServerBrain
1 year, 9 months ago
Selected Answer: B
selecting all locations will not suffice
upvoted 1 times
...
xswe
2 years, 2 months ago
If you deploy a DLP policy with all the location you wont be able to do much for the emails that are getting sent. You need to have only "Exchange" as the location to see all the options that are needed to achieve this.
upvoted 2 times
...
music_man
2 years, 9 months ago
Selected Answer: B
Answer is correct. If you select more than just Exchange as a location then the action to encrypt is removed. Must be Exchange only to see the encrypt action.
upvoted 3 times
...
Lion007
2 years, 10 months ago
Selected Answer: B
Given answer is Correct (B). In DLP Policy, if you try to apply the message encryption, you will get this error: ("Validation failed Conditions/exceptions/actions on existing rules cannot apply on new locations. Please remove the unsupported conditions/exceptions/actions ' Encrypt email messages (applies only to content in Exchange)' on those rules and add the new locations."). So not to "all locations". But I tested it and it worked like a charm when selecting only "Exchange email" is the ONLY location.
upvoted 2 times
...
nupagazi
3 years, 5 months ago
No is correct, if you select all location ( devices, on-premise), then the action of DLP rule does not have option encrypt content
upvoted 5 times
...
Pravda
3 years, 5 months ago
On exam 1/20/2022
upvoted 2 times
...
Sam12
3 years, 5 months ago
you can use both portals to achieve this, but if "all locations selected." then there is no action to encrypt email. so, the answer is NO. Either you create it via transport rule, of if you use DLP portal you must choose to apply policy only to exchange.
upvoted 3 times
...
nupagazi
3 years, 5 months ago
I don't find the action encrypt message in DLP polic
upvoted 1 times
...
RAMmulator
3 years, 6 months ago
Selected Answer: A
I believe its A. See https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#can-i-automatically-encrypt-messages-by-setting-up-policies-in-data-loss-prevention--dlp--through-the-microsoft-365-compliance-center- "Yes! You can set up mail flow rules in Exchange Online or by using DLP in the Microsoft 365 compliance center."
upvoted 2 times
...
CalST
3 years, 6 months ago
DLP restricts the sending of the email as well as encrypting. The question just says the message must be encrypted (not blocked) so Mail Flow Rule
upvoted 2 times
...
digitallycan
3 years, 8 months ago
You can set up mail flow rules in Exchange Online or by using DLP in the MS365 Compliance Center to automatically encrypt messages. https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#can-i-automatically-encrypt-messages-by-setting-up-policies-in-data-loss-prevention--dlp--through-the-microsoft-365-compliance-center-
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel