Advanced Data Loss Prevention (DLP) Rule Conditions | SC-400 Exam | Microsoft Information Protection Administrator

Conditions for Creating Advanced DLP Rule in Policy 1

Q: You are creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy 1 that will have all locations selected.Which two conditions can you use in the rule? Each correct answer presents a complete solution.(Choose two.) NOTE: Each correct selection is worth one point.

Content containsContent is shared from Microsoft 365

Prev Question Next Question

Question

You are creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy 1 that will have all locations selected.

Which two conditions can you use in the rule? Each correct answer presents a complete solution.

(Choose two.) NOTE: Each correct selection is worth one point.

Answers

A. Content contains

B. Content is shared from Microsoft 365

C. Document size equals or is greater than

D. Attachment`s file extension is

E. Document property is.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

AB.

Sure, here is a detailed explanation of the question and the answer options:

The question is about creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy 1 that will have all locations selected. This means that the DLP rule will apply to all data locations in the organization, such as Microsoft 365 services, on-premises servers, and cloud storage providers.

The question asks which two conditions can be used in the DLP rule. Conditions are used to define what triggers the rule, such as the content of the data, the location where it is shared from, or the file properties. The correct answers are:

A. Content contains E. Document property is.

Explanation:

A. Content contains: This condition allows you to define a specific keyword or phrase that must be present in the content of the data to trigger the DLP rule. For example, you can create a rule that detects when an email contains sensitive information such as credit card numbers, social security numbers, or confidential project codes. This condition is useful when you want to target specific types of data and prevent them from being shared or leaked.

E. Document property is: This condition allows you to specify a document property, such as author, title, or date, that must match a certain value to trigger the DLP rule. For example, you can create a rule that detects when a document's author is a specific user or when the title contains a certain keyword. This condition is useful when you want to target specific documents or metadata and prevent them from being shared or leaked.

The other answer options are incorrect because:

B. Content is shared from Microsoft 365: This condition allows you to target data that is shared from Microsoft 365 services, such as SharePoint or OneDrive. However, since the DLP rule already applies to all locations, this condition is redundant.

C. Document size equals or is greater than: This condition allows you to target data that exceeds a certain size threshold, such as large files or attachments. However, since the DLP rule already applies to all locations, this condition is redundant.

D. Attachment's file extension is: This condition allows you to target data based on its file extension, such as .docx, .pdf, or .zip. However, since the DLP rule already applies to all locations, this condition is redundant. Additionally, this condition is not useful for detecting data that has been converted to a different file format or renamed with a different extension.

Prev Question Next Question