Which report should the New York office auditors view?

Posted by: Pdfprep Category: MS-101 Tags: , ,

Testlet 3

Case Study

Overview

ADatum Corporation is an international financial services company that has 5,000 employees.

ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet.

Existing Environment

Current Infrastructure

ADatum recently purchased a Microsoft 365 subscription.

All user files are migrated to Microsoft 365.

All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].

Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.

ADatum uses and processes Personally Identifiable Information (PII).

Problem Statements

ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365.

Requirements

Business Goals

ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates. ADatum wants to minimize the cost of hardware and software whenever possible.

Technical Requirements

ADatum identifies the following technical requirements:

– Centrally perform log analysis for all offices.

– Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.

– Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.

– Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.

– Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.

– If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user’s user account.

– A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.

– Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.

Which report should the New York office auditors view?
A . DLP incidents
B . Top Senders and Recipients
C . DLP false positives and overrides
D . DLP policy matches

Answer: A

Explanation:

References: https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

Leave a Reply

Your email address will not be published.