Exam SC-400 All QuestionsBrowse all questions from this exam
Go to Exam
Question 89

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.

You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.

Solution: You create a data loss prevention (DLP) policy that has all locations selected.

Does this meet the goal?

    Correct Answer: B

    Creating a data loss prevention (DLP) policy with all locations selected does not ensure that emails are encrypted when Azure Storage keys are sent. The DLP policy would need to be specific to Exchange Online or email to have the option to encrypt email messages. When all locations are selected, the action to encrypt the email is not available. Therefore, this solution does not meet the goal of ensuring that Azure Storage keys emailed to third parties are encrypted.

Discussion
EltoothOption: B

Correct - no. Mail flow rules are needed.

ExamReviewerIZ

Incorrect. You can also create a DLP Policy choosing Exchange Online or all locations and the email will be encrypted if sensitive information is detected. If you do it through Exchange Online - MailFlow Rules, it only applies to email. Mailflow Rule is not a requirement.

Sam12

I just tested this, in compliance portal choose only exchange on the dlp policy an you will be able to ecrypt sensitive content

BieLey

But not if you have "all locations" selected.

Lion007

in DLP Policy, if you try to apply the message encryption, you will get this error: ("Validation failed Conditions/exceptions/actions on existing rules cannot apply on new locations. Please remove the unsupported conditions/exceptions/actions ' Encrypt email messages (applies only to content in Exchange)' on those rules and add the new locations."). So not to "all locations". But I tested it and it worked like a charm when selecting only "Exchange email" is the ONLY location.

PrettyFlyWifiOption: B

No looks correct. Key part of the question.... "that has all locations selected". This question is specifically referring to Exchange Online and email only.

nupagaziOption: B

No is correct, if you select all location ( devices, on-premise), then the action of DLP rule does not have option encrypt content

Sam12Option: B

you can use both portals to achieve this, but if "all locations selected." then there is no action to encrypt email. so, the answer is NO. Either you create it via transport rule, of if you use DLP portal you must choose to apply policy only to exchange.

music_manOption: B

Answer is correct. If you select more than just Exchange as a location then the action to encrypt is removed. Must be Exchange only to see the encrypt action.

Lion007Option: B

Given answer is Correct (B). In DLP Policy, if you try to apply the message encryption, you will get this error: ("Validation failed Conditions/exceptions/actions on existing rules cannot apply on new locations. Please remove the unsupported conditions/exceptions/actions ' Encrypt email messages (applies only to content in Exchange)' on those rules and add the new locations."). So not to "all locations". But I tested it and it worked like a charm when selecting only "Exchange email" is the ONLY location.

Pravda

On exam 1/20/2022

RAMmulatorOption: A

I believe its A. See https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#can-i-automatically-encrypt-messages-by-setting-up-policies-in-data-loss-prevention--dlp--through-the-microsoft-365-compliance-center- "Yes! You can set up mail flow rules in Exchange Online or by using DLP in the Microsoft 365 compliance center."

CalSTOption: B

DLP restricts the sending of the email as well as encrypting. The question just says the message must be encrypted (not blocked) so Mail Flow Rule

narenbabu.chintuOption: B

DLP is needed, but not all locations have to be selected.

ChrisBairdOption: A

A DLP policy only requires the "Content Contains" condition, which is available for all locations. Add the SIT to the condition, et voila! The answer is A.

ServerBrainOption: B

selecting all locations will not suffice

xsweOption: B

If you deploy a DLP policy with all the location you wont be able to do much for the emails that are getting sent. You need to have only "Exchange" as the location to see all the options that are needed to achieve this.

nupagaziOption: B

I don't find the action encrypt message in DLP polic

digitallycanOption: B

You can set up mail flow rules in Exchange Online or by using DLP in the MS365 Compliance Center to automatically encrypt messages. https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#can-i-automatically-encrypt-messages-by-setting-up-policies-in-data-loss-prevention--dlp--through-the-microsoft-365-compliance-center-