ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 2 question 2 discussion

Actual exam question from Microsoft's SC-400
Question #: 2
Topic #: 2
[All SC-400 Questions]

You have a Microsoft 365 tenant that uses 100 data loss prevention (DLP) policies.
A Microsoft Exchange administrator frequently investigates emails that were blocked due to DLP policy violations.
You need recommend which DLP report the Exchange administrator can use to identify how many messages were blocked based on each DLP policy.
Which report should you recommend?

  • A. Third-party DLP policy matches
  • B. DLP policy matches
  • C. DLP incidents
  • D. False positive and override
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ExamReviewerIZ at Oct. 25, 2021, 7:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ExamReviewerIZ
Highly Voted 3 years ago
Answer is C. To see the items (messages, emails, chat, files) that were blocked by DLP you see incidents. DLP incidents report allows to identify pieces of content, no matter how many DLP Policies applied to such item. DLP Policies Repoet is used to identify how many policies were applied to one or many items. You could see a single email counted 100 times.
upvoted 8 times
ExamReviewerIZ
3 years ago
Answer is B. Disregard my comment, indeed is DLP Policy Report, because we need to know how many emails were blocked by a specific policy.
upvoted 13 times
Domza
10 months, 3 weeks ago
dude, how did you come up with the name? LOL
upvoted 2 times
...
sergioandreslq
2 years, 10 months ago
The DLP policy matches report shows the count of DLP policy matches over time. DLP Incidents: Like the policy matches report, the DLP incidents report shows policy matches over time, but in a different way - at the rule level. If an email matched three different rules, the DLP policy matches report shows three different line items. By contrast, the DLP incidents report shows matches at the item level: if an email matched three different rules, the incidents report shows a single line item for that item. Summary: Because the report counts are aggregated differently, the DLP policy matches report is better for identifying matches with specific rules and fine-tuning DLP policies. The DLP incidents report is better for identifying specific content causing issues with DLP policies.
upvoted 5 times
...
...
...
wooyourdaddy
Highly Voted 2 years, 4 months ago
Selected Answer: B
I wrote the exam today, this question was on it, I choose B, scored 890!
upvoted 7 times
Domza
10 months, 3 weeks ago
the Best!
upvoted 3 times
...
...
Ruslan23
Most Recent 6 months, 2 weeks ago
Selected Answer: B
use the DLP policy matches report
upvoted 2 times
...
emartiy
8 months, 2 weeks ago
Selected Answer: B
B is correct.
upvoted 1 times
...
Domza
10 months, 3 weeks ago
Ladies and Gents, Did you know can now manage your DLP alerts in the Microsoft Defender portal? Alerts are automatically combined into incidents, which provide a comprehensive view into potential policy violations and advanced tools for investigation and remediation. Enjoy
upvoted 2 times
...
heshmat2022
1 year ago
IT WAS ON EXAM OCTOBER 18 2023
upvoted 2 times
...
Gesbie
1 year, 2 months ago
was on Exam August 9, 2023
upvoted 2 times
heshmat2022
1 year, 2 months ago
YOU DID NOT MENTION WHAT WAS THE RIGHT ANSWER THOUGH.
upvoted 2 times
Domza
10 months, 3 weeks ago
Haha LOL
upvoted 2 times
...
Ruslan23
6 months, 2 weeks ago
You didn't too LOL
upvoted 1 times
...
...
...
xswe
1 year, 6 months ago
The DLP Policy Matches in the DLP report in great when you want to see how many DLP policies that have been triggered. This part of the report will for example show you 3 policy triggers on one action if the action triggered 3 different DLP policies.
upvoted 2 times
...
LoNwUi2uprVHKCX9IlpE
2 years, 5 months ago
On exam 11/05/2022
upvoted 1 times
...
mT3
2 years, 6 months ago
Answer is C. https://docs.microsoft.com/en-us/microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide#view-the-reports-for-data-loss-prevention "Because the report counts are aggregated differently, the policy matches report is better for identifying matches with specific rules and fine tuning DLP policies. The incidents report is better for identifying specific pieces of content that are problematic for your DLP policies."
upvoted 2 times
srchauhan
1 year, 1 month ago
ok, thank you
upvoted 1 times
...
Holii
2 years, 6 months ago
We aren't looking for specific pieces of content, we are looking for specific rules that are causing the violation. We need "all messages on each DLP policy", keyword being "each DLP policy", I lean more towards B.
upvoted 2 times
...
...
AJ2021
2 years, 8 months ago
B is Correct: if an email matched three different rules, the policy matches report shows three different line items. By contrast, the incidents report shows matches at an item level; for example, if an email matched three different rules, the incidents report shows a single line item for that piece of content.
upvoted 2 times
...
Pravda
2 years, 9 months ago
On exam 1/20/2022
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago