Exam SC-200 topic 1 question 33 discussion

In order to identify the impacted entities in an aggregated alert, you should review the "Events" tab of the DLP alert management dashboard in the Microsoft 365 compliance center. This tab will display a list of all the events that triggered the alert, including the specific entities (e.g. files, emails, etc.) that were affected. You can further investigate each event to identify the specific user, device and action that caused the alert to be triggered.

The correct answer is A. More on: https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-worldwide

The Events tab provides a breakdown of each individual event that contributed to the aggregated alert, including: Files, location, policy and rule matched, user, file or item. DETAILS tab provides only a high-level overview of the alert - creation time, severity, status etc.

the Details tab of the alert

La bitácora de gestión proporciona un historial de las acciones realizadas en respuesta a la alerta, lo que puede ayudarte a entender cómo se manejaron los eventos y qué entidades estuvieron involucradas

A correct

This question is tricky as there are Details tab from the Alerts itself which does not show any impacted entities. However, if you open the Alert you will see a 'View details' tab at the bottom and here you' will see the Events tab next to the Details tab. Click on 'View details' at the bottom which will take you to the details page, Here you'll see the Overview and Events tab. Click on the Events tab and at the right-hand side you will see another Details tab and under that you will see Impacted entities. So the answer is clearly A the Events tab as this leads to you the impacted entities info,

If you want to try it out, the steps are here: https://learn.microsoft.com/en-us/purview/dlp-alerts-dashboard-get-started

A - Brabeans

D. The Details tab of the alert. Explanation: In the DLP alert management dashboard of the Microsoft 365 compliance center, the Details tab of an alert provides specific information about the alert, including the impacted entities. By accessing the Details tab of the alert, you can review the relevant details and understand which entities were affected by the data loss prevention policy violation. The Details tab typically contains information such as the affected user or users, the specific sensitive information type or types involved in the alert, the actions taken by the policy (such as block or override), and any additional context or details related to the violation.

If I have understood the question right, Events tab will not provide details of the impacted Entities, we have to navigate to Alert, Click on the Alert, and go to "View Details". Details page will provide us the details about the DLP policy triggered. If we go to the Events tab from there, all the Impacted users and event details will be displayed there, that I agree, but it is displayed under Details tab of the event. Considering the above information, the answer should be D. Tested in Compliance Centre( Purview)

I think both A and D could be correct but D seems to be the better choise, check this link: https://learn.microsoft.com/en-us/purview/compliance-manager-alert-policies#view-alert-details

Seems the A

To access the DLP alert management dashboard, you can follow these steps: Sign in to the Microsoft 365 compliance center. Go to Alerts > DLP alerts. Select the alert you want to investigate. Review the Impacted entities section of the alert.

Okay so why not C as test suggest?

D. the Details tab of the alert in the DLP alert management dashboard of the Microsoft 365 compliance center. This tab shows you the summary of the alert, such as the policy name, severity, status, and description. It also shows you the list of affected items, such as files, emails, or messages, that triggered the alert. You can view the details of each item, such as the location, owner, last modified date, and sensitive information types.

A. The Events tab of the alert To identify the impacted entities in an aggregated alert within the Microsoft 365 compliance center's DLP alert management dashboard, you should review the "Events" tab of the alert. The "Events" tab provides a comprehensive view of the events associated with the alert, including details about the affected entities and actions. By reviewing the events associated with the alert, you can gain insights into the specific activities that triggered the alert and understand which entities (users, files, etc.) were involved. This helps you assess the impact of the alert and take appropriate actions to address the data loss prevention concerns.