You need to recommend a solution that meets the Data Loss Prevention requirements for the HR department. Which three actions should you perform? Each correct answer presents part of the solution. (Choose three.) NOTE: Each correct selection is worth one point.
Correct Answer: A,B,C
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/create-custom-sensitive-information-types-withexact-data-match-based-classification?view=o365-worldwide Topic 1, Fabrikam, To start the case study To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question. Cloud Environment Fabrikam has a Microsoft 365 tenant that contains the following resources: * An Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain named corp.fabrikam.com * Microsoft Cloud App Security connectors configured for all supported cloud applications used by the company Some users have company Dropbox accounts. Compliance Configuration Fabrikam has the following in the Microsoft 365 compliance center: * A data loss prevention (DLP) policy is configured. The policy displays a tooltip to users. Users can provide a business justification to override a DLP policy violation. * The Azure information Protection unified labeling scanner is installed and configured. * A sensitivity label named Fabrikam Confidential is configured. An existing third-party records management system is managed by the compliance department. Human Resources (HR) Management System The HR department has an Azure SQL. database that contains employee information. Each employee has a unique 12-character alphanumeric ID. The database contains confidential employed attributes including payroll information, date of birth, and personal contact details. On-premises Environment You have an on premises file server that runs Windows Server 2019 and stores Microsoft Office documents in a shared folder named Data. All end-user computers are joined to the corp.fabrinkam.com domain and run a third-party antimalware application. Sales Contracts Users in the sales department receive draft sales contracts from customers by email. The sales contracts are written by the customers and are not in a standard format. Employment Applications Employment applications and resumes are received by HR department managers and stored in either mailboxes, Microsoft SharePoint Online sites, OneDrive for Business folders, or Microsoft Teams channels. The employment application form is downloaded from SharePoint Online and a serial number is assigned to each application. the resumes are written by the applications and in any format. HR Requirements You need to create a DLP policy that will notify the HR department of a DLP policy violation if a document that contains confidential employee attributes is shared externally. The DLP policy must use an Exact Data Match (EDM) classification derived from a CSV export of the HR department database. The HR department identifies the following requirements for handling employment applications: * Resumes must be identified automatically based on similarities to other resumes received in the past * Employment applications and resumes must be deleted automatically two years after the applications are received. * Documents and emails that contain an application serial number must be identified automatically and marked as an employment application. Sales Requirements A sensitivity label named Sales Contract must be applied automatically to all draft and finalized sales contracts. Compliance Requirements Fabrikam identifies the following compliance requirements: * All DLP policies must be applied to computers that run Windows 10, with the least possible changes to the computers. * Users in the compliance department must view the justification provided when a user receives a tooltip notification for a DLP violation. * If a document that has the Fabrikam Confidential sensitivity label applied is uploaded to Dropbox. the file must be deleted automatically. - The Fabrikam Confidential sensitivity label must be applied to existing Microsoft Word documents in the Data shared folder that have a document footer containing the following string: Company use only. * Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME. * Existing policies configured in the third-party records management system must be replaced by using Records management in the Microsoft 365 compliance center. The compliance department plans to export the existing policies, and then produce a CSV file that contains matching labels and policies that are compatible with records management in Microsoft 365. The CSV file must be used to configure records management in Microsoft 365. Executive Requirements You must be able to restore all email received by Fabrikam executives for up to three years after an email is received, even if the email was deleted permanently.
SC-400 Exam Question 267
You plan to create a custom trainable classifier based on an organizational form template. You need to identity which role based access control (RBAC ) role is required to create the trainable classifier and where to classifier. The solution must use the principle of least privilege. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation: Text Description automatically generated Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide#p
SC-400 Exam Question 268
You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company. What should you do?
Correct Answer: A
File Policies allow you to enforce a wide range of automated processes using the cloud provider's APIs. Policies can be set to provide continuous compliance scans, legal eDiscovery tasks, DLP for sensitive content shared publicly, and many more use cases. Note: There are several versions of this question in the exam. The question has two possible correct answers: - From the Microsoft 365 compliance center, create a data loss prevention (DLP) policy. - From the Cloud App Security portal, create a file policy. Other incorrect answer options you may see on the exam include the following: - From the Microsoft 365 compliance center, start a data investigation. - From the Azure portal, create an Azure Information Protection policy. Reference: https://docs.microsoft.com/en-us/defender-cloud-apps/data-protection-policies
SC-400 Exam Question 269
You have a Microsoft 365 tenant that uses data loss prevention (DLP) to protect sensitive information. You create a new custom sensitive info type that has the matching element shown in the following exhibit. The supporting elements are configured as shown in the following exhibit. The confidence level and character proximity are configured as shown in the following exhibit. For each of the following statements, select Yes if statement is true. Otherwise, select No NOTE: Each correct selection is worth one point.
You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the following actions: * Publish Sensitivity1. * Create an auto-labeling policy for Sensitivity2. You plan to create a file policy named Policy1 in Microsoft Cloud App Security. Which sensitivity labels can you apply to Microsoft SharePoint Online in Policy1?
