SC-400 Exam QuestionsBrowse all questions from this exam
Go to Exam

SC-400 Exam - Question 89

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.

You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.

Solution: You create a data loss prevention (DLP) policy that has all locations selected.

Does this meet the goal?

Show Answer
Correct Answer: B

Creating a data loss prevention (DLP) policy with all locations selected does not ensure that emails are encrypted when Azure Storage keys are sent. The DLP policy would need to be specific to Exchange Online or email to have the option to encrypt email messages. When all locations are selected, the action to encrypt the email is not available. Therefore, this solution does not meet the goal of ensuring that Azure Storage keys emailed to third parties are encrypted.

Discussion

15 comments
Sign in to comment
EltoothOption: B
Jul 20, 2021

Correct - no. Mail flow rules are needed.

ExamReviewerIZ
Oct 25, 2021

Incorrect. You can also create a DLP Policy choosing Exchange Online or all locations and the email will be encrypted if sensitive information is detected. If you do it through Exchange Online - MailFlow Rules, it only applies to email. Mailflow Rule is not a requirement.

Sam12
Jan 15, 2022

I just tested this, in compliance portal choose only exchange on the dlp policy an you will be able to ecrypt sensitive content

BieLey
Mar 13, 2022

But not if you have "all locations" selected.

Lion007
Aug 10, 2022

in DLP Policy, if you try to apply the message encryption, you will get this error: ("Validation failed Conditions/exceptions/actions on existing rules cannot apply on new locations. Please remove the unsupported conditions/exceptions/actions ' Encrypt email messages (applies only to content in Exchange)' on those rules and add the new locations."). So not to "all locations". But I tested it and it worked like a charm when selecting only "Exchange email" is the ONLY location.

nupagaziOption: B
Jan 21, 2022

No is correct, if you select all location ( devices, on-premise), then the action of DLP rule does not have option encrypt content

PrettyFlyWifiOption: B
Jan 27, 2022

No looks correct. Key part of the question.... "that has all locations selected". This question is specifically referring to Exchange Online and email only.

Sam12Option: B
Jan 15, 2022

you can use both portals to achieve this, but if "all locations selected." then there is no action to encrypt email. so, the answer is NO. Either you create it via transport rule, of if you use DLP portal you must choose to apply policy only to exchange.

CalSTOption: B
Dec 22, 2021

DLP restricts the sending of the email as well as encrypting. The question just says the message must be encrypted (not blocked) so Mail Flow Rule

RAMmulatorOption: A
Dec 27, 2021

I believe its A. See https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#can-i-automatically-encrypt-messages-by-setting-up-policies-in-data-loss-prevention--dlp--through-the-microsoft-365-compliance-center- "Yes! You can set up mail flow rules in Exchange Online or by using DLP in the Microsoft 365 compliance center."

Pravda
Jan 20, 2022

On exam 1/20/2022

Lion007Option: B
Aug 10, 2022

Given answer is Correct (B). In DLP Policy, if you try to apply the message encryption, you will get this error: ("Validation failed Conditions/exceptions/actions on existing rules cannot apply on new locations. Please remove the unsupported conditions/exceptions/actions ' Encrypt email messages (applies only to content in Exchange)' on those rules and add the new locations."). So not to "all locations". But I tested it and it worked like a charm when selecting only "Exchange email" is the ONLY location.

music_manOption: B
Sep 9, 2022

Answer is correct. If you select more than just Exchange as a location then the action to encrypt is removed. Must be Exchange only to see the encrypt action.

digitallycanOption: B
Oct 27, 2021

You can set up mail flow rules in Exchange Online or by using DLP in the MS365 Compliance Center to automatically encrypt messages. https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#can-i-automatically-encrypt-messages-by-setting-up-policies-in-data-loss-prevention--dlp--through-the-microsoft-365-compliance-center-

nupagaziOption: B
Jan 13, 2022

I don't find the action encrypt message in DLP polic

xsweOption: B
Apr 8, 2023

If you deploy a DLP policy with all the location you wont be able to do much for the emails that are getting sent. You need to have only "Exchange" as the location to see all the options that are needed to achieve this.

ServerBrainOption: B
Sep 28, 2023

selecting all locations will not suffice

ChrisBairdOption: A
Jun 6, 2024

A DLP policy only requires the "Content Contains" condition, which is available for all locations. Add the SIT to the condition, et voila! The answer is A.

narenbabu.chintuOption: B
Jul 13, 2024

DLP is needed, but not all locations have to be selected.