Which action allows DLP to block messages while enabling users to override with justification?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Microsoft Administering Information Security Exam with flashcards and multiple choice questions. Each question offers hints and explanations. Get ready to ace your exam!

Multiple Choice

Which action allows DLP to block messages while enabling users to override with justification?

Explanation:
The action that allows Data Loss Prevention (DLP) to block messages while enabling users to override them with justification is "Block with override." This option is designed to prevent the transmission of sensitive information but still accommodates legitimate business needs by allowing users to provide reasoning for overriding the block. When this action is implemented, a DLP policy will automatically prevent certain information from being sent if it triggers predefined criteria. However, it includes a mechanism for users to add a justification for their decision to send the blocked information. This is particularly useful in environments where sensitive data needs protection while maintaining workflow efficiency, as it provides flexibility for users who may have legitimate reasons to share the information despite policy restrictions. In contrast, other actions such as "Block with notification" simply informs users when their actions are blocked without allowing for an override, while "Audit only" does not prevent transmission at all but simply logs the incidents for review. "Allow with monitoring" permits the information to be sent while monitoring for compliance, which does not provide any blocking functionality at all. Thus, "Block with override" stands out as the correct choice for the scenario described.

The action that allows Data Loss Prevention (DLP) to block messages while enabling users to override them with justification is "Block with override." This option is designed to prevent the transmission of sensitive information but still accommodates legitimate business needs by allowing users to provide reasoning for overriding the block.

When this action is implemented, a DLP policy will automatically prevent certain information from being sent if it triggers predefined criteria. However, it includes a mechanism for users to add a justification for their decision to send the blocked information. This is particularly useful in environments where sensitive data needs protection while maintaining workflow efficiency, as it provides flexibility for users who may have legitimate reasons to share the information despite policy restrictions.

In contrast, other actions such as "Block with notification" simply informs users when their actions are blocked without allowing for an override, while "Audit only" does not prevent transmission at all but simply logs the incidents for review. "Allow with monitoring" permits the information to be sent while monitoring for compliance, which does not provide any blocking functionality at all. Thus, "Block with override" stands out as the correct choice for the scenario described.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy