MS-500 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-500 Exam - Question 182

You have a Microsoft 365 tenant.

You have a database that stores customer details. Each customer has a unique 13-digit identifier that consists of a fixed pattern of numbers and letters.

You need to implement a data loss prevention (DLP) solution that meets the following requirements:

✑ Email messages that contain a single customer identifier can be sent outside your company.

✑ Email messages that contain two or more customer identifiers must be approved by the company's data privacy team.

Which two components should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer: AD

To address the requirements, you need to use a combination of sensitive information types and DLP policies. A sensitive information type helps to identify the unique 13-digit customer identifiers within email messages. A DLP policy can then be configured to monitor and act on emails containing these identifiers according to the specified rules, such as allowing emails with a single identifier and triggering approval for emails with two or more identifiers. These components work together to ensure that sensitive information is handled appropriately, fulfilling the requirements of the data loss prevention solution.

Discussion

7 comments
Sign in to comment
kiketxu
Mar 16, 2021

You need to create sensitivity infotype for sure but M365 DLP not yet support message approval. Instead you need to use mail flow rule. https://docs.microsoft.com/es-es/exchange/security-and-compliance/mail-flow-rules/common-message-approval-scenarios#example-4-forward-messages-that-match-one-of-several-criteria Additional interesting discussion: https://www.reddit.com/r/Office365/comments/f1ux42/create_approval_workflow_with_office_365_dlp/

bsldwp_2020
Jun 5, 2021

Answer should be A & E. A - Sensitivity Info. Used to create the sensitivity info type - 13 digit identifiers. E - Mail flow rule. Used to create rule to block messages outside org. if min count of Sensitive info matches 2.

bsldwp_2020
Jun 5, 2021

Correction: Even the same rule can be created via the DLP policy as well. So, D is also right.

subbuhotmail
Jun 21, 2021

Firstly, the question is, it asked to create DLP policy. Second, it didn't mention as approvers, it says approved identifiers by data Privacy team. "two or more customer identifiers must be approved by the companyג€™s data privacy team" So answer is A&D Only.

james1
Jun 16, 2021

This is correct as you can add an Action to forward for approval to specific approvers within the DLP Policy

EzeQ
Sep 7, 2021

This option is available if you restrict the locations to apply the policy to Exchange (at least)

belyo
Apr 7, 2021

IMO this solution should be D,A,E you need first a DLP, after that a sensitive type and at last an exchange transport rule But since question stands only for which 'TWO' the answer is supposed to be correct...

Rstilekar
Nov 22, 2021

This solution should be D,A,E you need first a DLP (( you can add an Action to forward for approval to specific approvers within the DLP Policy )), after that create new sensitive info type and at last an exchange transport rule (( Mail flow rule. Used to create rule to block messages outside org. if min count of Sensitive info matches 2 )) But since question stands only for which 'TWO' the answer is supposed to be correct... A & D.

mkoprivnjOptions: AD
Dec 1, 2021

I'll go with A & D.