SC-400 Exam Dumps - Microsoft Certified: Information Protection Administrator Associate Questions and Answers

To prevent the folder C:\app1\data from being monitored by Endpoint Data Loss Prevention (DLP), follow these steps:

Configure File Path Exclusions:

Open the Microsoft Purview compliance portal.

Navigate to Data loss prevention > Overview > Data loss prevention settings > Endpoint settings.

Look for the File path exclusions section.

Add an exclusion for the path C:\app1\data.

Files within this folder will not be audited or subject to DLP policy enforcement12.

Remember to validate this configuration and ensure that the folder is excluded from DLP monitoring

To block users from sending emails containing information subject to the Payment Card Industry Data Security Standard (PCI DSS), you can create a Data Loss Prevention (DLP) policy in Microsoft Exchange Online. Here’s how:

Create a Custom DLP Policy:

Log in to the Microsoft Exchange Online admin center.

Navigate to Data loss prevention > Policy.

Create a new custom policy specifically for PCI DSS compliance.

Define Conditions:

In the policy settings, define conditions that identify sensitive data related to PCI DSS. For example:

Keywords: Include terms like “credit card,” “debit card,” or specific card number formats.

Regular Expressions (Regex): Craft expressions to match credit card patterns (e.g., \b\d{4}-\d{4}-\d{4}-\d{4}\b for Visa/Mastercard).

Sensitive Information Types: Use built-in or custom sensitive information types related to payment cards.

Choose Actions:

Specify the actions to take when sensitive data is detected in emails:

Block: Prevent the email from being sent.

Notify Sender: Inform the sender that sensitive data is not allowed via email.

Add Disclaimer/Watermark: Optionally add a disclaimer or watermark to the email.

Apply the Policy to Emails Only:

Ensure that the policy is configured to apply only to emails (not other communication channels).

Exclude internal communication if necessary.

Test and Monitor:

Enable the policy in test mode initially to validate its effectiveness.

Monitor logs and adjust the policy as needed.

To allow the U.S. Sales group to store files containing information subject to the General Data Protection Regulation (GDPR) in their OneDrive accounts while keeping other GDPR restrictions intact, follow these steps:

Create a Security Group:

Log in to the Microsoft 365 admin center.

Navigate to Groups and create a new security group called “U.S. Sales”.

Configure OneDrive Sharing Settings:

Go to the Settings > Org settings page.

On the Services tab, select Microsoft 365 on the web.

Choose whether to let users open files stored in third-party storage services in Microsoft 365 on the web. Ensure this setting aligns with your organization’s GDPR requirements1.

Set Specific Sharing Permissions:

Set the default OneDrive share type to “Specific People” under the Sharing menu in the OneDrive admin area.

Right-click the folder in OneDrive online, click Share.

Click the more button (three dots) in the Send Link header.

Click Manage Access.

Click Grant Access, then add the “U.S. Sales” security group. This access will apply only to that group2.

By following these steps, the U.S. Sales group will be able to store GDPR-related files in their OneDrive accounts while maintaining compliance with other GDPR restrictions