ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 2 question 29 discussion

Actual exam question from Microsoft's SC-400
Question #: 29
Topic #: 2
[All SC-400 Questions]

You are planning a data loss prevention (DLP) solution that will apply to computers that run Windows 10.
You need to ensure that when users attempt to copy a file that contains sensitive information to a USB storage device, the following requirements are met:
✑ If the users are members of a group named Group1, the users must be allowed to copy the file, and an event must be recorded in the audit log.
✑ All other users must be blocked from copying the file.
What should you create?

  • A. two DLP policies that each contains one DLP rule
  • B. one DLP policy that contains one DLP rule
  • C. one DLP policy that contains two DLP rules
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ExamReviewerIZ at Oct. 31, 2021, 11:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ExamReviewerIZ
Highly Voted 3 years, 5 months ago
Obviously refers to 2 DLP Policies, as you can only have the policy in Audit Mode or On. Audit Mode for Group 1. On for everyone else.
upvoted 16 times
...
GebAn
Most Recent 5 months, 1 week ago
Selected Answer: A
Its A, One Policy for Block (including all Users and exlude Group1 with action Block) One Policy for Audit (including only Group1 with action Audit) If you would only create one Policy with exclude Group1 and Block only the Blocked ones would be audited not the successfully copyed one from Group1
upvoted 1 times
...
GebAn
5 months, 1 week ago
Its A, One Policy for Block (including all Users and exlude Group1 with action Block) One Policy for Audit (including only Group1 with action Audit) If you would only create one Policy with exclude Group1 and Block only the Blocked ones would be audited not the successfully copyed one from Group1
upvoted 1 times
...
Jo696
1 year, 1 month ago
Selected Answer: A
If it wasn't for the Audit requirement this would be just one policy with a block and exclude group 1, however with the audit requirement it would be t DLP policies
upvoted 1 times
...
Kodoi
1 year, 2 months ago
Selected Answer: A
A is the correct answer. The first DLP policy sets up a block for all users. Group 1 is excluded. The second policy sets up recording in the audit log for group 1.
upvoted 1 times
...
xswe
2 years ago
You should go for two DLP policies and one DLP rule to achieve this
upvoted 1 times
...
Azurefox79
2 years, 2 months ago
Selected Answer: A
The real question is whether a group excluded from a policy setting still generates an audit record of the exclusion. If yes, then 1 for each is good. If no, we need 2 policies. I believe its the Latter
upvoted 2 times
...
JCkD4Ni3L
2 years, 4 months ago
Selected Answer: B
Hmmmm, the audit question is irrelevant here because as soon as an event takes place, an Audit log is created (this is implied). Also creating an exclusion in a simple rule is perfectly possible, therefore 1 policy 1 rule.
upvoted 3 times
...
mcas
2 years, 6 months ago
Selected Answer: A
With 1 policy you cannot choose both Audit and Block. You need 1 policy for all users with block rule, and exclude group1 and 1 policy that includes group1 only and the rule set to Audit only
upvoted 3 times
...
chrissempai
2 years, 7 months ago
Selected Answer: A
A is the only way
upvoted 1 times
...
Lion007
2 years, 8 months ago
Selected Answer: B
Correct answer is (B). 1 policy and 1 rule. From the DLP Policy, under "Choose locations to apply the policy", when you select "Devices", you are provided with "Included" and "Excluded" to allow you to "Exclude user or group" which you add Group1 to for exclusion from this one policy scope, all other users will be included. So you only need one DLP policy, with the scope excluding Group1. Then you create 1 rule that has an action (from Actions > selecy "Apply restrictions to specific activity" > and select only "Copy to a USB removable media" > and make the action "Block") which will block copying files to USB for the scope you chose.
upvoted 3 times
wyindualizer
2 years, 8 months ago
And what about audit?
upvoted 5 times
...
...
Pravda
3 years, 3 months ago
On exam 1/20/2022
upvoted 1 times
...
nupagazi
3 years, 3 months ago
I think 1 policy, 1 rule using exlusion group or user
upvoted 3 times
PrettyFlyWifi
3 years, 2 months ago
You cannot have a single policy handling multiple actions for multiple scopes, i.e. actions for 1 for all users and then more actions just for a group of users. You need the 2nd policy to differentiate the actions.
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago