SC-400 Microsoft Information Protection Administrator Questions and Answers

You need to recommend a solution that meets the executive requirements. What should you recommend?

Task 2

You discover that all users can apply the Confidential - Finance label.

You need to ensure that the Confidential - Finance label is available only to the members of the Finance Team group.

Task 4

You need to block users from sending emails containing information that is subject to Payment Card Industry Data Security Standard (PCI OSS). The solution must affect only emails.

Task 6

You plan to implement Endpoint data loss prevention (Endpoint DLP) policies for computers that run Windows.

Users have an application named App1 that stores data locally in a folder named C:\app1\data.

You need to prevent the folder from being monitored by Endpoint DLP.

Task 3

You plan to automatically apply a watermark to the document1 of a project named Falcon.

You need to create a label that will add a watermark of "Project falcon' in red. size-12 font diagonally across the documents.

How many files in Site2 will be visible to User1 and User2 after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

You are reviewing policies for the SharePoint Online environment.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE:Each correct selection is worth one point.

You need to meet the technical requirements for the creation of the sensitivity labels. Which administrative users are currently missing the Sensitivity label administrator role?

You need to meet the technical requirements for the Site3 documents.

What should you create?

You need to meet the technical requirements for the confidential documents.

What should you created first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to meet the technical requirements for the Site1 documents.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth is worth one point.

You need to recommend a solution that meets the compliance requirements for protecting the documents in the Data shared folder.

What should you configure in the Microsoft Purview compliance portal?

You need to recommend a solution that meets the compliance requirements for protecting the documents in the Data shared folder. What should you recommend?

You need to recommend a solution that meets the Data Loss Prevention requirements for the HR department.

Which three actions should you perform? Each correct answer presents part of the solution. (Choose three.)

NOTE: Each correct selection is worth one point.

You need to recommend a solution that meets the sales requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You need to recommend a solution that meets the compliance requirements for Dropbox.

What should you recommend?

You need to recommend an information governance solution that meets the HR requirements for handling employment applications and resumes.

What is the minimum number of information governance solution components that you should create? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

You need to recommend a solution to configuration the Microsoft 365 Records management settings by using the CSV file must meet the compliance requirements.

What should you recommend?

You have a Microsoft 365 E5 tenant that contains the policies shown in the following table.

A file named File1 has all the policies applied.

How long will File1 be retained?

You have a data loss prevention (DLP) policy that has the advanced DLP rules shown in the following table.

You need to identify which rules will apply when content matches multiple advanced DLP rules.

Which rules should you identify? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

You enable archive mailboxes for all the users at your company.

The Default MRM Policy is shown in the MRM exhibit.

A Microsoft 365 retention label policy is shown in the Label Policy exhibit.

You need to identify the following:

How many years until an email is archived?

What should you modify to change the retention period for archiving?

What should you identify? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

You need to recommend a solution that meets the compliance requirements for Dropbox.

What should you recommend?

You need to implement a solution to encrypt email. The solution must meet the compliance requirements.

What should you create in the Exchange admin center and the Microsoft 36.S compliance center? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution that meets the compliance requirements for viewing DLP tooltip

justifications.

What should you recommend?

You need to implement a solution that meets the compliance requirements for the Windows 10 computers.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each coned selection is worth one point.

You have a Microsoft 365 E5 subscription that contains two users named User1 and Admin1. Admin1 manages audit retention policies for the subscription.

You need to ensure that the audit logs of User1 will be retained for 10 years.

What should you do first?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring a file policy in Microsoft Cloud App Security.

You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.

Solution: You use the Built-in DLP inspection method and send alerts as email.

Does this meet the goal?

You have a Microsoft 365 E5 subscription that uses Microsoft Teams and contains a user named User1.

You configure Microsoft Purview Information Barriers.

You need to identify which information barrier policies apply to User1.

Which cmdlet should you use?

You have a Microsoft 365 E5 subscription that uses Microsoft Purview.

You need to deploy a compliance solution that will detect the accidental oversharing of information outside of an organization. The solution must minimize administrative effort.

What should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your company has a Microsoft 365 tenant that uses a domain named contoso.

The company uses Microsoft Office 365 Message Encryption (OMI ) to encrypt email sent to users in fabrikam.com.

A user named User1 erroneously sends an email to user2@fabrikam

You need to disable user2@fabrikam.com from accessing the email.

What should you do?

You have a Microsoft 365 tenant.

You discover that email does NOT use Microsoft Office 365 Message Encryption (OME).

You need to ensure that OME can be applied to email.

What should you do first?

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can perform the following tasks:

• View the Privacy risk management Data profile page and subject rights request reports.

• Add approvers for subject rights requests.

The solution must follow the principle of least privilege.

To which role group should you add User1 for each task? To answer, drag the appropriate role groups to the correct tasks. Each role group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2.

On January 1, you create the sensitivity label shown in the following table.

On January 2, you publish Label1 to User1.

On January 3, User1 creates a Microsoft Word document named Doc1 and applies Label1 to the document.

On January 4, User2 edits Doc1.

On January 15, you increase the content expiry period for Label1 to 28 days.

When will access to Doc1 expire for User2?

You receive an email that contains a list of words that will be used for a sensitive information type.

You need to create a file that can be used as the source of a keyword dictionary.

In which format should you save the list?

You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).

You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).

You need to ensure that Endpoint DLP policies can protect content on the computers.

Solution: You onboard the computers to Microsoft Defender fur Endpoint.

Does this meet the goal?

You have a Microsoft SharePoint Online site that contains employee contracts in a document library named

Contracts.

The contracts must be treated as records in accordance with your company's records management policy.

You need to implement a solution to automatically mark all the contracts as records when they are uploaded to

Contracts.

Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)

NOTE: Each correct selection is worth one point.

You have the files shown in the following table.

You configure a retention policy as shown in the exhibit.

The start of the retention period is based on when items are created. The current date is January 01, 2021.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE:Each correct selection is worth one point.

You need to ensure that documents in a Microsoft SharePoint Online site that contain a reference to Project

Alpha are retained for two years, and then deleted.

Which two objects should you create? Each correct answer presents part of the solution. (Choose two.)

NOTE: Each correct selection is worth one point.

A compliance administrator recently created several data loss prevention (DLP) policies.

After the policies are created, you receive a higher than expected volume of DLP alerts.

You need to identify which rules are generating the alerts.

Which DLP report should you use?

You have a Microsoft 365 tenant that uses data loss prevention (DLP).

You have a custom employee information form named Template 1.docx.

You need to create a classification rule package based on the document fingerprint of Templatel.docx.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have a Microsoft 365 ES subscription that uses data loss prevention (DLP) to protect sensitive information.

You need to create scheduled reports that generate.

* DLP policy matches reported over the shortest frequency of time

* DLP incidents reported over the longest frequency of time

Which frequency should you configure for each repot? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have Microsoft 365 E5 tenant that has a domain name of M365x925027.onmicrosoft.com.

You have a published sensitivity label.

The Encryption settings for the sensitivity label are configured as shown in the exhibit.

For each of the following statements, select Yes if statement is true. Otherwise, select No

NOTE:Each correct selection is worth one point.

You have a Microsoft 365 tenant that has devices onboarded to Microsoft Defender for Endpoint as shown in the following table.

You plan to start using Microsoft 365 Endpoint data loss protection (Endpoint DLP).

Which devices support Endpoint DLP?

Your company has a Microsoft 365 tenant that uses a domain named contoso.com.

You are implementing data loss prevention (DLP).

The company's default browser is Microsoft Edge.

During a recent audit, you discover that some users use Firefox and Google Chrome browsers to upload files labeled as Confidential to a third-party Microsoft SharePoint Online site that has a URL ofhttps://m365x076709.sharepoint.com . Users are blocked from uploading the confidential files to the site from Microsoft Edge.

You need to ensure that the users cannot upload files labeled as Confidential from Firefox and Google Chrome to any cloud services.

Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)

NOTE:Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.

You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.

You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.

Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add a folderpath to the file path exclusions.

Does this meet the goal?

You have a hybrid Microsoft 365 deployment that contains the users shown in the following table.

You need to perform an eDiscovery content search.

Which user's data can be included in the content search? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.