You have an Exchange Server 2013 organization. You create a data loss prevention (DLP)
policy. The mode of the DLP policy is set to Enforce. You need to ensure that email
messages containing social security numbers from the United States are blocked. Which two
possible rules achieve this goal? (Each correct answer presents a complete solution.
Choose two.)
A.
U.S. State Breach: Scan email sent outside – high count
B.
U.S. State Breach: Scan text limit exceeded
C.
U.S. State Breach: Scan email sent outside – low count
D.
U.S. State Breach: Attachment not supported
E.
U.S. State Breach: Allow Override
A&C
Can’t be B, because B deals with oversized attachments.
Can’t be D, because it has nothing to do with attachments.
Can’t be E, because allow override is not relevant to the question.
I think the answer B and C is correct.
You need to ensure that email messages containing social security numbers from the United States are blocked.
That means if you can’t scan it completely, you don’t allow to send it.
http://www.msexchange.org/articles-tutorials/exchange-server-2013/compliance-policies-archiving/exchange-2013-data-loss-prevention-part1.html
The default policy low-count will only warn you between 1-9 counts, the default policy high-count will block you (more than 9), but you can overide it for sending.
So it seems yo me that no answers are correct.
You have to change one standard template rule, you can take high count and set count to 1.
But attachment not support have to block also, this can also have a count in it.
And every answer has a complete solution!!!!1
So seems very strange question to me. May be someone can overide me that I’m wrong.
So wouldn’t it be A&E then, set high count to 1 and disallow the override ?
A – This is right because if you set high count to 1 it will block the email if anything is detected
B – This is correct because if when scanning an attachment it reaches the max text limit and can’t scan to full attachment it will get blocked
C – Low count is a soft cap and not a hard enforced cap so this is wrong
D – There is nothing in the question about making sure to block attachments entirely so this is wrong
E – This allows the user to override the message being blocked so this is wrong
So answer should be A and B
Actually sorry B doesn’t block emails it just triggers a warning when it can’t fully scan an attachment.
Found this
“Allow override – this we alert a user of a violation but allow him to override the alert and send
Scan email sent outside(low count) – alert the user when he send credit card number to external recipient, but let him override the alert and send.
Scan email sent outside(high count) – this is the similar to the low count rule but with exception that the message is block initially, but a user can override it with a business justification
Scan text limit exceeded –log every email/attachment that had text manipulation or issue to be scan by the system.
Attachments not supported – log every email/attachment that had issue to be scan by the system”
So what is the other answer besides high count??? None of the other options seem to block anything. I don’t get it…