ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 4 question 4 discussion

Actual exam question from Microsoft's SC-400
Question #: 4
Topic #: 7
[All SC-400 Questions]

HOTSPOT -
You need to implement a solution to encrypt email. The solution must meet the compliance requirements.
What should you create in the Exchange admin center and the Microsoft 365 compliance center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-sensitive-info-types?view=o365-worldwide
by HardcodedCloud at Dec. 19, 2021, 3:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sergioandreslq
Highly Voted 2 years, 5 months ago
1. A mail flow rule 2. A DLP Policy that includes locations ODfB, SPO, and Exchange Online. Condition: If Sensitivity Label "Fabrikam Confidential" is present Action: Encrypt
upvoted 23 times
SnottyPudding
2 years, 2 months ago
I agree. Step 1: Choose what you want to monitor (sensitivity label). Step 2: Choose where you want to monitor (Exchange, SP, OD, etc) Step 3: Choose condition that must be matched (item has specific sensitivity label "Fabrikam Confidential") Step 4: Action: Encrypt https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide https://gcits.com/office-365-message-encryption-encrypt-only-template-available-in-office-365-unified-dlp/#:~:text=Enabling%20Encrypt%2DOnly%20via%20a,%3A%2F%2Fprotection.office.com.
upvoted 3 times
...
...
HardcodedCloud
Highly Voted 2 years, 5 months ago
Should be Mail Flow & an auto-labeling Policy. As mentioned in the case study that "A sensitivity label named Fabrikam Confidential is configured." So you need an auto-labeling policy to apply the label to al documents, then the mail flow in Exchange Online will encrypt automatically any email with attachment that has "Fabrikam Confidential" label applied.
upvoted 11 times
...
omnomsnom
Most Recent 7 months ago
Surely you need the mail flow rule or DLP policy, but not both?
upvoted 4 times
...
HDEIWDEOW
9 months, 1 week ago
Got this question on exam on 17th August
upvoted 1 times
...
xswe
1 year, 1 month ago
To configure encrypted email message we need, Exchange = Mail flow rule M365 compliance center = DLP rule
upvoted 1 times
luissaro
1 year, 1 month ago
also auto-labeling policy is set in microsoft purview compliance portal and it is indeed the requested action since they have already the label and they need to establish a process in which if there is that label ome encryption will be triggered. the only way to apply a label is through policy
upvoted 1 times
...
...
mcas
1 year, 7 months ago
For this part "Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME." you don't need a custom sensitive info type, you can use a Mail Flow Rule where you block attachments that use a sensitivity label MSIP_Label_ ed4411cc-bec4-444a-b279-c404aaad79d6_Enabled=true
upvoted 2 times
...
mcas
1 year, 7 months ago
To satisfy this condition "Users must be able to manually select that email messages are sent encrypted" you need a sensitivity label. You would create one for items (files and emails) with the encryption settings Sensitivity labels are used to classify email messages, documents, sites, and more. When a label is applied (automatically or by the user), the content or site is protected based on the settings you choose. For example, you can create labels that encrypt files, add content marking, and control user access to specific sites
upvoted 3 times
mcas
1 year, 7 months ago
this is the example directly from Microsoft https://learn.microsoft.com/en-us/previous-versions/azure/information-protection/configure-exo-rules#example-2-rule-that-applies-the-encrypt-only-option-to-emails-when-they-have-attachments-that-are-labeled-confidential--partners-and-these-emails-are-sent-outside-the-organization
upvoted 2 times
...
...
JamesM9
2 years, 1 month ago
I have tested this today and the answer is Mail Flow/DLP. The case study states that a sensitivity label has already been created, so all we need to do is find a way to apply this and encrypt. When creating a DLP policy we can specify the locations, select the (already created) "Fabrikam Confidential" label and then add an action to restrict/encrypt. When attempting to create an auto-labelling policy, we are asked to add a sensitive info type, which would need to be created. Since we have everything all ready to go in a DLP policy (and the label has already been created) then this is the quickest method. Therefore, the answer is - Mail Flow/DLP.
upvoted 8 times
...
nupagazi
2 years, 4 months ago
Customer sensivetive info typeis correct ! To configure DLP you have to use sensitive label. In order to creat sensitive label you need sensiive info type
upvoted 1 times
PrettyFlyWifi
2 years, 2 months ago
This will confuse people, this isn't correct. You do not NEED a sensitive info type to create a sensitivity label. You can create whatever labels you want and let users manually apply them for labelling purposes. Go and create a general label with no settings until you get to the end and you'll see you can simply create a label. No SIT needed.
upvoted 2 times
...
...
Pravda
2 years, 4 months ago
On exam 1/20/2022
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel