ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 3 question 1 discussion

Actual exam question from Microsoft's MS-500
Question #: 1
Topic #: 3
[All MS-500 Questions]

HOTSPOT -
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
OneDrive stores files that are shared with external users. The files are configured as shown in the following table.

You create a data loss prevention (DLP) policy that applies to the content stored in OneDrive accounts. The policy contains the following three rules:
Rule1:
✑ Conditions: Label1, Detect content that's shared with people outside my organization
✑ Actions: Restrict access to the content for external users
✑ User notifications: Notify the user who last modified the content
✑ User overrides: On
✑ Priority: 0
Rule2:
✑ Conditions: Label1 or Label2
✑ Actions: Restrict access to the content
✑ Priority: 1
Rule3:
✑ Conditions: Label2, Detect content that's shared with people outside my organization
✑ Actions: Restrict access to the content for external users
✑ User notifications: Notify the user who last modified the content
✑ User overrides: On
✑ Priority: 2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced. In this scenario rule 2 is the most restrictive.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
by Smemory at Nov. 2, 2019, 11:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jack987
Highly Voted 4 years, 10 months ago
Answer: No - No - No All of them will match Rule2 because it is the most restrictive. When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced. For example, if content matches all of the following rules, Rule 3 is enforced because it's the highest priority, most restrictive rule: Rule 1: only notifies users Rule 2: notifies users, restricts access, and allows user overrides Rule 3: notifies users, restricts access, and does not allow user overrides Rule 4: only notifies users Rule 5: restricts access Rule 6: notifies users, restricts access, and does not allow user overrides Source: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
upvoted 54 times
paperinop541
3 years, 11 months ago
the users in contoso.com can access to the file because they are internal, no ?
upvoted 3 times
chaoscreater
3 years, 10 months ago
Did you not read jack's comment? - "If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced". File2 has both label1 and label2 applied. Rule2 condition applies to label1 or label2 and the action is restrict access to the content. It doesn't care about if the user is internal or external.
upvoted 4 times
...
...
The_Temp
3 years, 5 months ago
jack987 provides a great explanation but the source needs to be updated to the one given below: https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide#the-priority-by-which-rules-are-processed Hopefully Microsoft don't change the article again...
upvoted 2 times
...
...
gills
Highly Voted 5 years ago
Should be NO-NO-NO. As per the URL, https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide#the-priority-by-which-rules-are-processed, "When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced." So all three rules are evaluated and Rule 2 is the most restrictive and that applies.
upvoted 19 times
...
pete26
Most Recent 2 years, 6 months ago
Valid on exam October 14, 2022
upvoted 3 times
...
Bob27745
2 years, 7 months ago
Valid on exam 9/21/2022
upvoted 2 times
...
mkoprivnj
3 years, 5 months ago
No - No - No All of them will match Rule2 because it is the most restrictive.
upvoted 2 times
...
Rstilekar
3 years, 5 months ago
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide All three rules are evaluated and Rule 2 is the most restrictive and that applies. So answers are corrrect. No access to users (internal or external doesn't matter). Explanation# A policy contains one or more rules. Rules are executed sequentially, starting with the highest-priority rule in each policy. The priority by which rules are processed Each rule is assigned a priority in the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on. When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the first rule evaluated that has the most restrictive action is enforced.
upvoted 1 times
...
Fcnet
3 years, 7 months ago
just for information the link has changed https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-reference
upvoted 1 times
...
Dooa
4 years, 2 months ago
@smoo is right.. YES, = user can override and rule is on highest priority NO, 2nd rule causing this NO, Third rule causing this.
upvoted 2 times
kiketxu
4 years, 1 month ago
yeah, but once it pass that override matches with the rule 2, so external user won't ever access to file1. I will expect similar questions for DLP, hope they will much clear than here. It hasn't sense the thirth policy and nobody will access to Label2 files.
upvoted 2 times
...
...
CalST
4 years, 2 months ago
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide a doc can have both a retention lanel and sensitivy label. Given Doc 2 has both labels (and this is possible as DLP can use retention or senstivity labels) then both policy 1 and 2 apply to Doc 2. Then most restrictive setting applies ie Policy 2. Block all access
upvoted 1 times
...
Marsh
4 years, 2 months ago
I agree with the answer (Yes-No-No). One small thing is that each file can only have one sensitivity label. It is not possible for File2 has both Labe1 and Label2 applied.
upvoted 2 times
...
PeeyushS
4 years, 2 months ago
THere are two parts to this Question : One is Rules and Other is Priority. If multiple rules are there with same priority then most restrictive should apply. However if the priorities are different then 0 highest priority will be applied. It appears the priority will take a more importance here 1st. So the answer seems to be correct. If someone can test that will be great.
upvoted 2 times
...
Andy555
4 years, 3 months ago
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced. For example, if content matches all of the following rules, Rule 3 is enforced because it's the highest priority, most restrictive rule: Rule 1: only notifies users Rule 2: notifies users, restricts access, and allows user overrides Rule 3: notifies users, restricts access, and does not allow user overrides Rule 4: only notifies users Rule 5: restricts access Rule 6: notifies users, restricts access, and does not allow user overrides
upvoted 3 times
...
B1G_B3N
4 years, 3 months ago
Answer is no no no. In black and white from MS Docs "When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced." This states regardless of priority if a label matches multiple rules the most restriction is enforced.
upvoted 3 times
...
Dhanger
4 years, 6 months ago
Yes-No-Yes Label one has override On Label one condition is only for external users so label two applies for internal users Label two blocks access for everyone
upvoted 1 times
TonySuccess
4 years, 4 months ago
But rule 1 applies to both Labels and has Piroty 1, which means it is king of the hill. Renders the other rules applying to the labels useless. Rule 2: -Conditions: Label1 or Label2 -Actions: Restrict access to the content -Priority: 1 All Files are covered by label 1 and 2 therefore ain't nobody getting their paws on the files. No, No, No. x
upvoted 5 times
kiketxu
4 years, 1 month ago
I'm with you too
upvoted 1 times
...
...
...
dzampar
4 years, 7 months ago
I'm convinced that all 3 options are NO as they match the most restrictive rule despite the priority order. "When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced." https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
upvoted 5 times
...
gustangelo
4 years, 10 months ago
The answer is correct. If Microsoft 365 docs talk about it. The use can justify and send, share or modify the content. See here: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
upvoted 1 times
VTHAR
4 years, 7 months ago
Rule 2 in the question is the most restrictive which is in turn enforced for this scenario and it also doesn’t allow user override. Therefore, the answer would be NO-NO-NO.
upvoted 3 times
...
...
STFN2019
4 years, 10 months ago
all No's unless there is a typo in the question.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago