ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 2 question 5 discussion

Actual exam question from Microsoft's SC-400
Question #: 5
Topic #: 2
[All SC-400 Questions]

Your company has a Microsoft 365 tenant that uses a domain named contoso.com.
You are implementing data loss prevention (DLP).
The company's default browser is Microsoft Edge.
During a recent audit, you discover that some users use Firefox and Google Chrome browsers to upload files labeled as Confidential to a third-party Microsoft
SharePoint Online site that has a URL of https://m365x076709.sharepoint.com. Users are blocked from uploading the confidential files to the site from Microsoft
Edge.
You need to ensure that the users cannot upload files labeled as Confidential from Firefox and Google Chrome to any cloud services.
Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

  • A. From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add m365x076709.sharepoint.com as a blocked service domain.
  • B. Create a DLP policy that applies to the Devices location.
  • C. From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, add Firefox and Google Chrome to the unallowed browsers list.
  • D. From the Microsoft 365 compliance center, onboard the devices.
  • E. From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add contoso.com as an allowed service domain.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by mcas at Oct. 20, 2022, 6:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Azurefox79
Highly Voted 2 years, 2 months ago
Selected Answer: CD
CD is correct and clear. Spent a long time on this one. The question says prevent them from uploading to any cloud service VIA the Firefox and Chrome browsers. By blocking those browsers we achieve that. No additional actions needed there since the browsers are fully blocked for any sensitive files. Now, Edge is a managed browser and the only browser they can use with sensitivity labels. However, the devices wont honor Endpoint DLP on their own, they must be onbaorded. Therefore first you would onboard them and then you would block the 2 browsers. Dont believe all the comments here but do your own research and most importantly look at the wording.
upvoted 15 times
...
mcas
Highly Voted 2 years, 6 months ago
Selected Answer: CE
with C, D alone users will not be prevented the question says to "any cloud service" you can only achieve this if you put Contoso in the Allowed domain in DLP settings, so all other cloud services will be blocked
upvoted 8 times
fimbulvetrk
2 years, 4 months ago
agreed, I'd go with C and E
upvoted 2 times
Azurefox79
2 years, 2 months ago
C alone accomplishes the ask if the devices are onboarded. We don't have that information so we must assume we need to onboard them. EndPoint DLP does nothing if the EndPoint is not onboarded via local script, group policy, MdE or Intune/MEM.
upvoted 1 times
...
...
Azurefox79
2 years, 2 months ago
Incorrect. "from Firefox and Google Chrome to any cloud services." If those 2 are blocked then you just accomplished that. FROM the browsers is the key word. CD is correct. Devices must be onbaorded to EndPoint DLP or they will ignore anything you configure there.
upvoted 3 times
...
Domza
1 year, 5 months ago
"any cloud service" it means - OneDrive, SharePoint that kind of services :)
upvoted 1 times
Jideakin
1 month, 2 weeks ago
Yep! The focus of the question is on the browsers. You don't want the uploading with those browsers at all. The way to achieve that is to block those browsers. And to ensure that goes into effect for all users, you need to ensure that all devices are onboarded. CD
upvoted 1 times
...
...
...
Jideakin
Most Recent 1 month, 2 weeks ago
Selected Answer: CD
The focus of the question is on the browsers. You don't want the uploading with those browsers at all. The way to achieve that is to block those browsers. And to ensure that goes into effect for all users, you need to ensure that all devices are onboarded. CD
upvoted 1 times
...
NICKTON81
9 months, 4 weeks ago
Selected Answer: CD
C and D
upvoted 1 times
...
emartiy
1 year, 2 months ago
Selected Answer: CD
Since question says block "From Chrome and Firefox to any services". So, we need to block users to upload confidential items being uploaded via Chrome and Firefox with an onboarded device it can be granularly managed and blocked.
upvoted 2 times
...
Arloo
1 year, 4 months ago
It's B and C. We must assume devices have already been onboarded. Adding Chrome and Firefox as unallowed browsers in Endpoint DLP does nothing unless you then create a DLP policy targeted at devices and enforce the unauthorized browsers block. I just tested this in Purview Compliance Center. Without an associated DLP policy targeted at devices, marking unallowed browsers in Endpoint DLP does nothing.
upvoted 1 times
Futfuyfyjfj
1 year, 2 months ago
You shouldn’t assume that. The question starts with you are using/implementing DLP. Nothing is said about ENDPOINT DLP…
upvoted 1 times
...
...
mbhasker
1 year, 4 months ago
ans: CD
upvoted 1 times
...
Domza
1 year, 5 months ago
It is in link provided below: Once devices are onboarded into the Microsoft Purview solutions, the information about what users are doing with sensitive items is made visible in activity explorer. You can then enforce protective actions on those items via DLP policies. CD - Enjoy !
upvoted 1 times
...
Tommytong
1 year, 6 months ago
Not a fan of the question since there should be three answers here technically. C - block the browsers is given E - allow only contoso because the wording says to block all other cloud services as someone else has mentioned B- Can also be right because without creating a device location policy - I don’t believe those settings get enforced without a policy created and targeted at the endpoint.
upvoted 1 times
...
ServerBrain
1 year, 6 months ago
Selected Answer: CE
Users are already blocked from using Edge, So block from using Firefox and Google Chrome And to block from using any cloud services you have to allow only contoso.com
upvoted 1 times
...
Davidf
1 year, 8 months ago
Selected Answer: CD
another vote for CD, we need to onboard to endpoint DLP then we can block those browsers from accessing any files with labels applied to them and will be directed to edge to perform their actions. We are already blocking to the domain, so we don't need an allow to contoso.com
upvoted 1 times
...
cris_exam
1 year, 10 months ago
Selected Answer: CD
Clearly C is required to achieve the block but if devices are not onboarded it's not gonna work and even if it's mentioned if the devices are onboarded or no, since it gives the option within the answers, I say D. Final answer: C and D.
upvoted 3 times
...
xswe
2 years ago
To ensure that user cannot upload files from Firefox and Google Chrome and only use Microsoft Edge - Add Firefox and Chrome to the unallowed browser list in Endpoint DLP. To ensure that this will get applied to all the users you are going to need to onboard all the devices, without the onboarding process the devices will not get the benefits from the configurations in the Endpoint DLP in Purview.
upvoted 3 times
...
UnDarisp
2 years, 2 months ago
The answer is A and C MS have this question on ESI and they say the answer is A and C
upvoted 1 times
Azurefox79
2 years, 2 months ago
No. A has nothing to do with the question at all. CD is correct.
upvoted 1 times
...
...
Harry008
2 years, 5 months ago
When you select Devices as a location in a properly configured DLP policy and use the Microsoft Edge browser, the unallowed browsers that you've defined in these settings will be prevented from accessing the sensitive items that match your DLP policy controls Answer B and C
upvoted 2 times
Azurefox79
2 years, 2 months ago
B has nothing to do with the question. This is EndPoint DLP settings in Purview. You don't need any policy, they are built in to allow you to block an unapproved browser.
upvoted 2 times
...
...
BTL_Happy
2 years, 5 months ago
I will go with C & E
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago