Compliance, Archiving, eDiscovery, Auditing Flashcards Preview

Exchange 2016 MCSE 70-345 > Compliance, Archiving, eDiscovery, Auditing > Flashcards

Flashcards in Compliance, Archiving, eDiscovery, Auditing Deck (81)
Loading flashcards...
1

What is DLP?

Data Loss Prevention

• A Compliance Management feature.

• A premium feature that requires an Enterprise CAL.

• The goal is to prevent the intentional or accidental exposure of sensitive information.

• Uses content analysis to examine email messages and attachments in transit (as they move through the transport pipeline).

• It looks for multiple pieces of evidence to determine a confidence level, and takes action based on confidence.

2

What is a DLP Policy?

It is a collection of Transport Rules that can be managed together as a single policy.

3

What is a DLP Policy Rule?

It is simply a Transport Rule that has been added to a DLP Policy.

(Through the DLP interface, you can combine multiple Transport Rules to manage as a single policy, and add additional DLP-specific options.)

4

What are examples of sensitive information that DLP can watch for?

• Credit card details

• SSNs

• Passport numbers

• Bank Account Numbers

• Custom information types, such as "document fingerprints."

5

What is a Policy Tip?

• Policy Tips are displayed to users when an email is being composed that will breach a DLP Policy.

• Available in Outlook and Outlook on the Web

• Not available for non-Outlook clients or mobile apps.

6

What are possible Policy Tip Actions?

• Notify sender, but allow them to send regardless

• Notify sender, and block if sent.

• Notify sender, block if sent, but allow user to override and send by indicating it is a false positive

• Notify sender, block if sent, but allow user to override and send (no reason required)

• Notify sender, block if sent message, but allow user to override and send by providing a buisiness justifcation explanation.

7

What "modes" can a DLP policy be set to?

• Enforce

• Audit (Tests DLP policy without Policy Tips)

• AuditAndNotify (Tests DLP policy with Policy Tips)

8

How do you implement DLP?

• Create a DLP policy
– Can create using either a built-in template, custom policy, or import a third-party policy

• Create or modify rules as needed

• Set Mode to be "Enforced"

9

What configurations can be made to a DLP policy rule?

• Enable or disable any individual rule of a policy

• Change the scope of the rule

• Modify thresholds for triggering (minimum and maximum counts)

• Modify thresholds for confidence levels (minimum and maximum)

• Send an incident report to an email recipient

• Can take essentially any additional action that normal Transport Rules can take

10

What is Document Fingerprinting?

• A part of DLP, used to detect specific documents, forms, or templates.

• Documents are be uploaded to Exchange for analysis and "fingerprinting."

• DLP will then detect documents based on that template, AS LONG AS ALL ORIGNAL TEXT is all retained. (for example, a form the requires the user to overwrite fields will NOT trigger detection).

11

What is MRM?

• Message Records Management

• Part of Compliance Management

• The overarching term for features that manage mailbox data retention.

• Retention management includes both:

– keeping data as long as it is needed,

– and removing data when should no longer be kept.

12

What is MRM used to accomplish?

• To meet business and regulatory requirements

• To help users manage mailbox data

• To manage storage utilization of email

13

What are Retention Tags?

• Retention tags are used to apply retention settings to mailbox folders and items.

• Each Retention Tag is made up of two settings:
– a Retention Action
– a Retention Period

• Retention policies are made up of retention tags.

14

What is this?

DPT

Default Policy Tag

A type of Retention Tag

15

What is this?

RPT

Retention Policy Tag

A type of Retention Tag

16

What types of Retention Tags are there?

• Default Policy Tags (DPT)

• Retention Policy Tags (RPT)

• Personal Tags

17

Describe how this type of Retention Tag works:

DPT

• Are assigned to any folders or items that don't have another tag.

• Sub-folders and items inherit the DPT of the parent folder

• Users can apply a Personal Tag to folders or items to override the DPT

18

Describe how this type of Retention Tag works:

RPT

• Are assigned to default mailbox folders, such as Inbox or Deleted Items

• Sub-folders and items inherit the RPT of the parent folder

• Users cannot override an RPT on a folder; however, they CAN assign Personal Tags to items within that folder to override the inheritance.

19

How can users override RPTs with their own retention settings?

Users can add Personal Tags on mail items and folders.

They cannot override an RPT on a folder; however, they CAN assign Personal Tags to items within that folder.

20

What is a Retention Action?

• A setting of a Retention Tag

• It defines the action that should be taken on the folder or item that the tag is assigned to.

21

What are possible Retention Actions for each Retention Tag type?

• All 3 types of retention tags have these actions:

– Delete and allow recovery

– Permanently delete

• Only DPTs and Personal Tags have this action:

– Move to user's archive mailbox

22

What is this Retention Action:

Move to archive

• Moves the folder or item to the user's archive mailbox, if they have one.

• If they do not have one, the item will not be moved (no action will be taken).

• Only DPTs and Personal Tags can perform this action.

23

What is this Retention Action:

Delete and allow recovery

• Moves the item to recoverable deleted items, where it will be subject to the Deleted Item Retention Period for the mailbox database (14 days by default).

• Exception: If the mailbox or the items in question are currently under Litigation Hold or In-Place Hold, then the deleted items will remain in the Recoverable Deleted Items until the Hold is removed, or the Hold period lapses.

• All 3 Retention Tag types can perform this action.

24

What is this Retention Action:

Permanently delete

• Skips the Recoverable Items folder, and purges the item from the mailbox database

• Exception: If the mailbox or the items in question are currently under Litigation Hold or In-Place Hold, then the deleted items will remain in the Recoverable Deleted Items until the Hold period is removed, or the Hold lapses.

• All 3 Retention Tag types can perform this action.

25

What is a Retention Period?

• A setting of a Retention Tag

• Defines the number of days after which the retention action should be applied.

• Examples:

– 30 days

– 365 days (1 year)

– Never

26

What is the cmdlet to create a Retention Tag?

New-RetentionPolicyTag

This is confusing because "Retention Policy Tag" is one of the three types of Retention Tags, but this cmdlet is used to create all three types of tags, not just RPTs.

27

Provide an example command for creating:

A new DPT to delete items after one year and allow recovery.

New-RetentionPolicyTag

-Name
whatever-you-want

-Type
All

-AgeLimitForRetention
365

-RetentionAction
DeleteAndAllowRecovery

28

Provide an example command for creating:

A new RPT to permanently delete items in the Junk Email folder after 30 days.

New-RetentionPolicyTag

-Name
whatever-you-want

-Type
"Junk Email"

-AgeLimitForRetention
30

-RetentionAction
PermanentlyDelete

29

In the context of Retention, what is unique about the "Voicemail" message class?

They are the only message class that can have their own unique tag created for them.

A DPT can be created for them independently of the DPTs that are configured for the mailbox.

30

What is a Retention Policy?

• A collection of Retention Tags

• Assigned to mailboxes to manage archiving or deletion of data