SC-401 · Question #158
SC-401 Question #158: Real Exam Question with Answer & Explanation
The correct answer is C: From the Microsoft Purview portal, modify the matched activities threshold of an alert policy.. {"question_number": 10, "correct_answer": "C", "explanation": "Modifying the matched activities threshold of the alert policy reduces noise by requiring a minimum number of DLP policy matches before an alert notification is sent. For example, setting the threshold to alert only a
Question
You have a Microsoft 365 E5 subscription. A security manager receives an email message every time a data loss prevention (DLP) policy match occurs. You need to limit alert notifications to actionable DLP events. What should you do?
Options
- AFrom the Microsoft Purview portal, modify the Policy Tips settings of a DLP policy.
- BFrom the Microsoft Defender portal, apply a filter to the alerts.
- CFrom the Microsoft Purview portal, modify the matched activities threshold of an alert policy.
- DFrom the Microsoft Purview portal, modify the User overrides settings of a DLP policy.
Explanation
{"question_number": 10, "correct_answer": "C", "explanation": "Modifying the matched activities threshold of the alert policy reduces noise by requiring a minimum number of DLP policy matches before an alert notification is sent. For example, setting the threshold to alert only after 10 matches within 24 hours filters out isolated incidents and focuses attention on patterns that represent actionable events. Option A (Policy Tips) are end-user popups and do not affect admin alerts. Option B (Defender portal filter) only changes the view in the portal, not the email notifications. Option D (User overrides) controls whether users can bypass DLP policies, not when managers are notified.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.