SC-400 Exam QuestionsBrowse all questions from this exam

SC-400 Exam - Question 110


You have a Microsoft 365 subscription that uses Microsoft Exchange Online.

You need to receive an alert if a user emails sensitive documents to specific external domains.

What should you create?

Show Answer
Correct Answer: C

To receive an alert if a user emails sensitive documents to specific external domains, you should create a Microsoft Cloud App Security file policy. This type of policy is designed to monitor and alert on files shared with specific external domains, providing the specific control needed in this scenario.

Discussion

17 comments
Sign in to comment
xlwsOption: C
Dec 3, 2021

The answer is C, https://docs.microsoft.com/en-us/defender-cloud-apps/data-protection-policies, sharing with external domain.

sivisOption: D
Nov 29, 2021

Correct answer is D Alert can be configured in alert filter. Privacy category is used to choose templates and not alerts

cris_examOption: C
Jun 17, 2023

It says specific external domains so I'll go with C. https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies#policies Sharing with external domains - Receive an alert about any file shared with accounts owned by specific external domains. For example, files shared with a competitor's domain. Select the external domain with which you want to limit sharing.

TomasValtorOption: A
Sep 29, 2023

Correct answer is A To receive an alert if a user emails sensitive documents to specific external domains in a Microsoft 365 subscription that uses Microsoft Exchange Online, you should create a data loss prevention (DLP) policy that uses the Privacy category.

TomasValtor
Sep 29, 2023

Option B, a Microsoft Cloud App Security activity policy, is not the correct answer because it is used to monitor and analyze user and admin activity across cloud apps, but it does not specifically monitor email attachments. Option C, a Microsoft Cloud App Security file policy, is not the correct answer because it is used to scan files in cloud storage locations such as OneDrive and SharePoint, but it does not specifically monitor email attachments. Option D, a DLP alert filter, is not the correct answer because it is used to filter the alerts generated by a DLP policy based on specific criteria, but it does not create the initial DLP policy.

TomasValtor
Sep 29, 2023

To configure the DLP policy to send an alert when a user emails sensitive documents to specific external domains, you can follow these steps: Open the Microsoft 365 compliance center and go to the Data loss prevention page. Click Create a policy to create a new DLP policy. In the Policy settings page, select the Privacy category and choose the sensitive information types that you want to protect. In the Locations section, select the email option to apply the policy to emails. In the Policy tips section, configure the action that you want to take when a sensitive document is detected. For example, you can send an alert to the user, manager, or administrator. In the Policy settings section, select the external domains that you want to monitor. Save the policy and test it to ensure that it is working as expected.

SoftengOption: A
Feb 8, 2024

It's A: https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies#:~:text=Sharing%20with%20external%20domains%20%2D%20Receive%20an%20alert%20about%20any%20file%20shared%20with%20accounts%20owned%20by%20specific%20external%20domains.%20For%20example%2C%20files%20shared%20with%20a%20competitor%27s%20domain.%20Select%20the%20external%20domain%20with%20which%20you%20want%20to%20limit%20sharing.

KodoiOption: C
Feb 23, 2024

A is incorrect. Privacy categories detect and protect the type of privacy information; DLP policies restrict the transmission of information to outside parties, but privacy categories are ineligible. B is incorrect. An activity policy cannot specify a domain. It detects multiple failed sign-ins and sign-ins from unfamiliar locations. C is correct. File policy allows you to receive alerts about files shared with accounts owned by a specific external domain. D is incorrect. The alerts displayed on the dashboard are just extracted by specific criteria and displayed in an easy-to-read manner. https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies

joshuactzOption: A
Apr 26, 2023

I go for option A too: You should create a DLP policy that detects sensitive information being sent to specific external domains. Once the policy is in place, it will trigger alerts when sensitive documents are emailed to those domains. DLP alert filter (Option D) is a mechanism for narrowing down and monitoring specific DLP policy violations or incidents. However, it doesn't directly prevent or alert you when sensitive documents are emailed to specific external domains. It is used in conjunction with a DLP policy to refine the alerts generated by the policy. So, the primary action should be creating a DLP policy, and the alert filter can be used to fine-tune the notifications.

doori88Option: A
Jun 2, 2023

its A correct, when you create a DLP policy you can use custom category or the privacy category implied, from there you do not need to set an action rather than sending alert to admin about it

SDiwanOption: C
Mar 15, 2024

Documentation from Microsoft Defender for Cloud apps (old name MCAS) . "Sharing with external domains - Receive an alert about any file shared with accounts owned by specific external domains. For example, files shared with a competitor's domain. Select the external domain with which you want to limit sharing." So, correct answer is C https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies

EM1234Option: C
Jun 6, 2024

I am going with C for the reasons kodoi said. But I am not sure as I do not see what a person who recently scored an 890 would have picked. /s

EsamiTopici
Jun 7, 2024

ahahahha

AlPL200Option: C
May 12, 2023

Why not C?

DavidfOption: A
Aug 11, 2023

Only a DLP policy can create an alert. An alert filter just filters existing alerts. File and activity policies don't make sense in this context

samrithOption: D
Oct 24, 2023

Community vote D(50%). A(19%) why sugguest answer A

ElangambanOption: A
Dec 23, 2023

answer is A

RAJRYBOption: C
Jul 3, 2024

I will go with C. there is the word "documents", so it will be the file policy

JimboJones99Option: C
Jul 18, 2024

https://docs.microsoft.com/en-us/defender-cloud-apps/data-protection-policies

JimboJones99Option: C
Jul 22, 2024

https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies#policies