Examice

Exam SC-400 All QuestionsBrowse all questions from this exam

Question 83

Your company has a Microsoft 365 tenant that uses a domain named contoso.com.

You are implementing data loss prevention (DLP).

The company's default browser is Microsoft Edge.

During a recent audit, you discover that some users use Firefox and Google Chrome browsers to upload files labeled as Confidential to a third-party Microsoft

SharePoint Online site that has a URL of https://m365x076709.sharepoint.com. Users are blocked from uploading the confidential files to the site from Microsoft

Edge.

You need to ensure that the users cannot upload files labeled as Confidential from Firefox and Google Chrome to any cloud services.

Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)

NOTE: Each correct selection is worth one point.

From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add m365x076709.sharepoint.com as a blocked service domain.

Create a DLP policy that applies to the Devices location.

From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, add Firefox and Google Chrome to the unallowed browsers list.

From the Microsoft 365 compliance center, onboard the devices.

From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add contoso.com as an allowed service domain.

Correct Answer: C, D

To prevent users from uploading files labeled as Confidential from Firefox and Google Chrome to any cloud services, you need to block these browsers from being used to access sensitive data. This can be achieved by adding Firefox and Google Chrome to the unallowed browsers list in the Endpoint DLP settings. Additionally, to ensure these settings are enforced, the devices must be onboarded to the Microsoft 365 compliance center. Onboarding the devices ensures that Endpoint DLP policies are applied and enforced across all managed devices.

Discussion

Azurefox79Options: CD

CD is correct and clear. Spent a long time on this one. The question says prevent them from uploading to any cloud service VIA the Firefox and Chrome browsers. By blocking those browsers we achieve that. No additional actions needed there since the browsers are fully blocked for any sensitive files. Now, Edge is a managed browser and the only browser they can use with sensitivity labels. However, the devices wont honor Endpoint DLP on their own, they must be onbaorded. Therefore first you would onboard them and then you would block the 2 browsers. Dont believe all the comments here but do your own research and most importantly look at the wording.

mcasOptions: CE

with C, D alone users will not be prevented the question says to "any cloud service" you can only achieve this if you put Contoso in the Allowed domain in DLP settings, so all other cloud services will be blocked

fimbulvetrk

agreed, I'd go with C and E

Azurefox79

C alone accomplishes the ask if the devices are onboarded. We don't have that information so we must assume we need to onboard them. EndPoint DLP does nothing if the EndPoint is not onboarded via local script, group policy, MdE or Intune/MEM.

Azurefox79

Incorrect. "from Firefox and Google Chrome to any cloud services." If those 2 are blocked then you just accomplished that. FROM the browsers is the key word. CD is correct. Devices must be onbaorded to EndPoint DLP or they will ignore anything you configure there.

Domza

"any cloud service" it means - OneDrive, SharePoint that kind of services :)

cris_examOptions: CD

Clearly C is required to achieve the block but if devices are not onboarded it's not gonna work and even if it's mentioned if the devices are onboarded or no, since it gives the option within the answers, I say D. Final answer: C and D.

xsweOptions: CD

To ensure that user cannot upload files from Firefox and Google Chrome and only use Microsoft Edge - Add Firefox and Chrome to the unallowed browser list in Endpoint DLP. To ensure that this will get applied to all the users you are going to need to onboard all the devices, without the onboarding process the devices will not get the benefits from the configurations in the Endpoint DLP in Purview.

BTL_HappyOptions: CE

I will go with C & E

emartiyOptions: CD

Since question says block "From Chrome and Firefox to any services". So, we need to block users to upload confidential items being uploaded via Chrome and Firefox with an onboarded device it can be granularly managed and blocked.

Harry008Options: BC

When you select Devices as a location in a properly configured DLP policy and use the Microsoft Edge browser, the unallowed browsers that you've defined in these settings will be prevented from accessing the sensitive items that match your DLP policy controls Answer B and C

Azurefox79

B has nothing to do with the question. This is EndPoint DLP settings in Purview. You don't need any policy, they are built in to allow you to block an unapproved browser.

NICKTON81Options: CD

C and D

ArlooOptions: BC

It's B and C. We must assume devices have already been onboarded. Adding Chrome and Firefox as unallowed browsers in Endpoint DLP does nothing unless you then create a DLP policy targeted at devices and enforce the unauthorized browsers block. I just tested this in Purview Compliance Center. Without an associated DLP policy targeted at devices, marking unallowed browsers in Endpoint DLP does nothing.

Futfuyfyjfj

You shouldn’t assume that. The question starts with you are using/implementing DLP. Nothing is said about ENDPOINT DLP…

mbhaskerOptions: CD

ans: CD

DomzaOptions: CD

It is in link provided below: Once devices are onboarded into the Microsoft Purview solutions, the information about what users are doing with sensitive items is made visible in activity explorer. You can then enforce protective actions on those items via DLP policies. CD - Enjoy !

TommytongOptions: BC

Not a fan of the question since there should be three answers here technically. C - block the browsers is given E - allow only contoso because the wording says to block all other cloud services as someone else has mentioned B- Can also be right because without creating a device location policy - I don’t believe those settings get enforced without a policy created and targeted at the endpoint.

ServerBrainOptions: CE

Users are already blocked from using Edge, So block from using Firefox and Google Chrome And to block from using any cloud services you have to allow only contoso.com

DavidfOptions: CD

another vote for CD, we need to onboard to endpoint DLP then we can block those browsers from accessing any files with labels applied to them and will be directed to edge to perform their actions. We are already blocking to the domain, so we don't need an allow to contoso.com

UnDarispOptions: AC

The answer is A and C MS have this question on ESI and they say the answer is A and C

Azurefox79

No. A has nothing to do with the question at all. CD is correct.