ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 1 question 23 discussion

Actual exam question from Microsoft's SC-400
Question #: 23
Topic #: 1
[All SC-400 Questions]

HOTSPOT -
You have Microsoft 365 E5 tenant that has a domain name of M365x925027.onmicrosoft.com.
You have a published sensitivity label.
The Encryption settings for the sensitivity label are configured as shown in the exhibit.

For each of the following statements, select Yes if statement is true. Otherwise, select No
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by ExamReviewerIZ at Oct. 25, 2021, 9:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ExamReviewerIZ
Highly Voted 3 years, 8 months ago
No, no, no. If you choose to encrypt, you still need to specify who can view/read the documents, that includes your own organization.
upvoted 21 times
McAlec
3 years, 8 months ago
That's right. Answer is: No/No/No "When a document or email is encrypted, access to the content is restricted, so that it: Can be decrypted only by users authorized by the label's encryption settings...."
upvoted 10 times
...
BTAB
3 years, 1 month ago
Yes, No, No. Authenticated Users has Viewer permissions, which will allow them to view emails based upon the policy settings
upvoted 6 times
BTAB
3 years, 1 month ago
Welp, I am wrong. I re-read the question, and as long as the authentication method is supported by external email sources like Gmail, etc... the email can be read by users outside of the organization -- "However, the application opening the encrypted content must be able to support the authentication being used. For this reason, federated social providers such as Google, and onetime passcode authentication work for email only" https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide#requirements-and-limitations-for-add-any-authenticated-users
upvoted 2 times
...
...
...
Ras1364
Highly Voted 3 years, 7 months ago
I think Answer is No, no, no and for the first one, if you want all your users to view an email that has the sensitivity label applied, you should assign permissions for all users and groups in your organization (M365x925027.onmicrosoft.com).
upvoted 11 times
Bakkia
6 months, 2 weeks ago
yes no no for me,.. This looks very tricky .. but if you think deeply.. why would you create a label to make someone view the mail ? who should view the mail will be decided by the user who composes the email. So let me say I create a mail ABC (encrypted) and send it to XYZ (same company) .. and if XYZ is inside the org they can view the message. but further if the XYZ is part of legal group then they get the extra permissions (copy, edit / print) as they are the co-author ..
upvoted 1 times
...
Ras1364
3 years, 7 months ago
Assign permissions: Only the users or groups you choose will be assigned permissions to use the content that has this label applied.
upvoted 2 times
JCkD4Ni3L
2 years, 6 months ago
Exactly, otherwise how would you restrict access to sensitive content within your organisation ?
upvoted 1 times
...
...
Mdwro
3 years, 6 months ago
Hmm, but there is a viewer permission assigned to all authenticated users
upvoted 2 times
mimguy
1 year, 5 months ago
Authenticated users can include guest accounts
upvoted 3 times
...
...
...
uilloz
Most Recent 8 months, 1 week ago
"any authenticated users" includes any user who: Has an email account that's authenticated by Microsoft Entra ID or a federated social provider. Is authenticated by a Microsoft account. Uses a one-time passcode for email only.
upvoted 1 times
...
Cubalibre69
1 year, 1 month ago
Only users within your organization can open a confidential document or email is No because you would see tenantname.onmicrosoft.com in the assign permissions section
upvoted 1 times
...
emartiy
1 year, 4 months ago
This question's correct answer is N, N, N! Only users at your company can view.... - No: Reason: "Requirements and limitations for "Add any authenticated users" This setting doesn't restrict who can access the content that the label encrypts, while still encrypting the content and providing you with options to restrict how the content can be used (permissions), and accessed (expiry and offline access). However, the application opening the encrypted content must be able to support the authentication being used. Other 2 sentences are also NO based on the policy deifications you can read. Tricky part of this question is granting authenticated users with Viewer.. Please read this pharagraph https://learn.microsoft.com/en-us/purview/encryption-sensitivity-labels#requirements-and-limitations-for-add-any-authenticated-users
upvoted 1 times
...
emartiy
1 year, 4 months ago
As BTAB sadi below, Yes, NO NO, there is 3 selection for granted for that policy. Authenticated users is an option so, all users in domain can see document and others NO based on the descriptions.. Be careful while readin and scanning informaiton on the question ::)
upvoted 2 times
...
Domza
1 year, 6 months ago
Did anyone read the provided link? LOL
upvoted 1 times
...
heshmat2022
1 year, 8 months ago
IT WAS ON EXAM OCTOBER 18 2023
upvoted 1 times
...
Gesbie
1 year, 10 months ago
was on Exam August 9, 2023
upvoted 1 times
...
bhadolaa29
2 years ago
Correct Answer No, No, Yes Co Author permission includes print
upvoted 1 times
Sategi
1 year, 11 months ago
USSales us reviewer
upvoted 3 times
...
...
Jonclark
2 years, 4 months ago
I went into Purview and experimented with this.. When you assign permissions for encryption within a sensitivity label, you can assign permissions to "any authenticated users" separately from "all users in your organization". There's a tool-tip next to "any authenticated users". Here is what it says: --- Includes any user who: * Has an e-mail account that's authenticated by Azure AD or a federated social provider * Is authenticated by a Microsoft Account * Uses a one-time passcode for e-mail only The tool-tip has a link to "learn more" which points to: https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide So... with "authenticated users" permissions to view, the content is encrypted, but not restricted to viewing by only members of the org.
upvoted 4 times
...
JCkD4Ni3L
2 years, 7 months ago
No, No, No, for users to be able to view an encrypted email they MUST have explicit permission to do so. Also, for the 3rd answer Reviewer does NOT allow printing (see: https://learn.microsoft.com/en-us/azure/information-protection/configure-usage-rights#rights-included-in-permissions-levels)
upvoted 2 times
...
JamesM9
3 years, 2 months ago
Tricky, but at a push I am leaning towards N/N/N on the basis that it is not specified that all users can access. The settings of the label specify that authenticated users have been assigned viewing permissions however this does not mean that it is restricted to users internally. If it was specified to all users within the domain only then this should be specified within the "add users or groups" setting. So therefore, the answer for me is NNN.
upvoted 1 times
...
Pravda
3 years, 5 months ago
On exam 1/20/2022
upvoted 1 times
...
UWSFish
3 years, 5 months ago
I lean toward Y. N, N...yes only the users within the org that have been assigned permission will have access AND of course "A" could be more specific in that regard but is "A" true???Lean toward yes. Only users inside the org CAN view an email with the sensitivity label applied. Users outside the org can't And users inside the org CAN w/ the appropriate permissions. It's very close but Y/N/N for me. It really is an MS semantics question
upvoted 5 times
...
Pravda
3 years, 5 months ago
Answer is correct. Yes No No Notice it says the setting doesn't restrict who can access the content when it comes to authenticated users. https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide#requirements-and-limitations-for-add-any-authenticated-users Requirements and limitations for "Add any authenticated users" This setting doesn't restrict who can access the content that the label encrypts, while still encrypting the content and providing you with options to restrict how the content can be used (permissions), and accessed (expiry and offline access).
upvoted 5 times
AJ2021
3 years, 4 months ago
Read the first question again carefully and then read the link you provided. The correct answers are No, No, No
upvoted 3 times
...
...
nupagazi
3 years, 5 months ago
I think No/No/No. Authenticated users means any users from social provider or OTP can view, not users in orgnization
upvoted 7 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel