SC-401 · Question #21
SC-401 Question #21: Real Exam Question with Answer & Explanation
The correct answer is C: web1.contoso.com and web2.contoso.com. {"question_number": 3, "correct_answer": "C", "explanation": "The Endpoint DLP 'Service domains' setting accepts specific domain entries. You must list web1.contoso.com and web2.contoso.com explicitly because: (A) .contoso.com would over-block ALL subdomains of contoso.com, not j
Question
You have a Microsoft 365 E5 subscription. You need to prevent users from uploading data loss prevention (DLP)-protected documents to the following third-party websites: - web1.contoso.com - web2.contoso.com The solution must minimize administrative effort. To what should you set the Service domains setting for Endpoint DLP?
Options
- A*.contoso.com
- Bcontoso.com
- Cweb1.contoso.com and web2.contoso.com
- Dweb*.contoso.com
Explanation
{"question_number": 3, "correct_answer": "C", "explanation": "The Endpoint DLP 'Service domains' setting accepts specific domain entries. You must list web1.contoso.com and web2.contoso.com explicitly because: (A) .contoso.com would over-block ALL subdomains of contoso.com, not just the two specified sites, violating the principle of least privilege. (B) contoso.com alone does not match subdomains. (D) web.contoso.com is not a supported wildcard format for this setting. Listing exactly the two required domains correctly scopes the restriction to only the targeted sites, which also represents the minimal and precise administrative action needed.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.