SC-400 Microsoft Information Protection Administrator Questions and Answers

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth is worth one point.

You need to meet the technical requirements for the creation of the sensitivity labels. Which administrative users are currently missing the Sensitivity label administrator role?

You need to meet the technical requirements for the Site1 documents.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You need to meet the technical requirements for the confidential documents.

What should you created first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution that meets the compliance requirements for Dropbox.

What should you recommend?

You need to recommend a solution that meets the compliance requirements for Dropbox.

What should you recommend?

You are evaluating the technical requirements for the DLP reports.

Which user can currently view the DLP reports?

How many files in Site2 will be visible to User1 and User2 after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution that meets the executive requirements. What should you recommend?

You need to recommend a solution that meets the compliance requirements for protecting the documents in the Data shared folder. What should you recommend?

You need to implement a solution to encrypt email. The solution must meet the compliance requirements.

What should you create in the Exchange admin center and the Microsoft 36.S compliance center? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to implement a solution that meets the compliance requirements for the Windows 10 computers.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each coned selection is worth one point.

You need to recommend an information governance solution that meets the HR requirements for handling employment applications and resumes.

What is the minimum number of information governance solution components that you should create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution that meets the sales requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You need to recommend a solution that meets the Data Loss Prevention requirements for the HR department.

Which three actions should you perform? Each correct answer presents part of the solution. (Choose three.)

NOTE: Each correct selection is worth one point.

You need to recommend a solution that meets the compliance requirements for viewing DLP tooltip

justifications.

What should you recommend?

Task 10

You plan to create a data loss prevention (DLP) policy that will apply to content containing the following keywords:

• Tailspin

• litware

• Falcon

You need to create a keyword list that can be used in the DLP policy. You do NOT need to create the DLP policy at this time.

Task 3

You plan to automatically apply a watermark to the document1 of a project named Falcon.

You need to create a label that will add a watermark of "Project falcon' in red. size-12 font diagonally across the documents.

Task 1

You need to provide users with the ability to manually classify files that contain product information that are stored in SharePoint Online sites. The solution must meet the following requirements:

• The users must be able to apply a classification of Product1 to the files.

• Any authenticated user must be able to open files classified as Product1.

• files classified as Product1 must be encrypted.

Task 9

You are investigating a data breach.

You need to retain all Microsoft Exchange items in the mailbox of Alex Wilber that contain the word Falcon and were created in the year 2021.

Task 6

You plan to implement Endpoint data loss prevention (Endpoint DLP) policies for computers that run Windows.

Users have an application named App1 that stores data locally in a folder named C:\app1\data.

You need to prevent the folder from being monitored by Endpoint DLP.

Task 8

You need to retain Microsoft SharePoint files that contain the word Falcon for two years from the date they were created, and then delete them.

Task 5

You need to ensure that a group named U.S. Sales can store files containing information subject to General Data Protection Regulation (GDPR) in their OneDrive accounts. All other current GDPR restrictions must remain in effect.

Task 7

You need to create a retention policy that meets the following requirements:

• Applies to Microsoft Teams chat and Teams channel messages of users that have a department attribute of Sales.

• Retains item for five years from the date they are created, and then deletes them.

Task 4

You need to block users from sending emails containing information that is subject to Payment Card Industry Data Security Standard (PCI OSS). The solution must affect only emails.

You have Microsoft 365 ES subscription that has data loss prevention (DLP) implemented.

You plan to export DLP activity by using Activity explorer.

The exported file needs to display the sensitive info type detected for each DLP match.

What should you do in Activity explorer before the data, and in which file exported? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Task 2

You discover that all users can apply the Confidential - Finance label.

You need to ensure that the Confidential - Finance label is available only to the members of the Finance Team group.

You have a Microsoft 365 tenant that uses records management.

You use a retention label to mark legal files stored in a Microsoft SharePoint Online document library as

regulatory records.

What can you do to the legal files?

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).

You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).

You need to ensure that Endpoint DLP policies can protect content on the computers.

Solution: You onboard the computers to Microsoft Defender for Endpoint.

Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.

You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.

You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.

Solution: From the Cloud App Security portal, you create an app discovery policy.

Does this meet the goal?

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You need to prevent users in the finance department from sharing files with users in the research department. Which type of policy should you configure?

You have a Microsoft SharePoint Online site named Site1 that contains the files shown in the following table.

You have a data loss prevention (DLP) policy named DLP1 that has the advanced DIP rules shown in the following table.

You apply DLP1 to Site1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No,

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 tenant that has devices onboarded to Microsoft Defender for Endpoint as shown in the following table.

You plan to start using Microsoft 365 Endpoint data loss protection (Endpoint DLP).

Which devices support Endpoint DLP?

You create a data loss prevention (DLP) policy that meets the following requirements:

• Prevents guest users from accessing a sensitive document shared during a Microsoft Teams chat
• Prevents guest users from accessing a sensitive document stored in a Microsoft Teams channel

Which location should you select for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 tenant that has data loss prevention (DLP) policies.

You need to review DLP policy matches for the tenant.

What should you use?

You have a Microsoft 365 E5 subscription that uses Yammer.

You need to create a Microsoft Purview communication compliance policy that will detect inappropriate images in Yammer conversations.

What should you do first?

You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).

You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).

You need to ensure that Endpoint DLP policies can protect content on the computers.

Solution: You onboard the computers to Microsoft Defender fur Endpoint.

Does this meet the goal?

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.

You create an information barrier segment named Segment1.

You need to add Segment 1 to Site1.

What should you do first?

You have a Microsoft SharePoint Online site named Site1 and a sensitivity label named Sensitivity1. Sensitivity1 adds a watermark and a header to content.

You create a policy to automatically apply Sensitivity1 to emails in Microsoft Exchange Online and Site1.

How will Sensitivity1 mark matching emails and Site1 documents? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 tenant.

You have a Microsoft SharePoint Online site that contains employment contracts in a folder named

EmploymentContracts. All the files in EmploymentContracts are marked as records.

You need to recommend a process to ensure that when a record is updated, the previous version of the record

is kept as a version of the updated record.

What should you recommend?

You have a Microsoft 365 tenant that has a retention label policy. You need to configure the policy to meet the following requirements:

• Prevent the disabling or deletion of the policy.

• Ensure that new labels can De added.

• Prevent the removal of labels.

What should you do?

You have a Microsoft 365 alert named Alert2 as shown in the following exhibit

You need to manage the status of Alert2. To which status can you change Alert2?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You plan to deploy a Defender for Cloud Apps file policy that will be triggered when the following conditions are met:

• A file is shared externally.

• A file is labeled as internal only.

Which filter should you use for each condition? To answer, drag the appropriate filters to the correct conditions. Each filter may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

You have a Microsoft 365 E5 subscription that contains a user named User1 and the groups shown in the following table.

You plan to create a communication compliance policy named Policy1.

You need to identify whose communications can be monitored by Policy1, and who can be assigned the Reviewer role for Policy1.

Who should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have Microsoft 365 E5 tenant that has a domain name of M365x925027.onmicrosoft.com.

You have a published sensitivity label.

The Encryption settings for the sensitivity label are configured as shown in the exhibit.

For each of the following statements, select Yes if statement is true. Otherwise, select No

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains a sensitivity label named Contoso Confidential.

You publish Contoso Confidential to all users.

Contoso Confidential is configured as shown in the Configuration exhibit. (Click the Configuration tab.)

The Encryption settings of Contoso Confidential are configured as shown in the Encryption exhibit. (Click the Encryption tab.)

For each of the following statements, select Yes if the statement is true Otherwise, select No

NOTE: Each correct selection is worth one point