SC-400 Microsoft Information Protection Administrator Questions and Answers

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth is worth one point.

You are reviewing policies for the SharePoint Online environment.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

How many files in Site2 will be visible to User1 and User2 after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.

You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.

Solution: You configure a mail flow rule that matches the text patterns.

Does this meet the goal?

You have a Microsoft 365 tenant that uses data loss prevention (DLP) to protect sensitive information.

You create a new custom sensitive info type that has the matching element shown in the following exhibit.

The supporting elements are configured as shown in the following exhibit.

The confidence level and character proximity are configured as shown in the following exhibit.

For each of the following statements, select Yes if statement is true. Otherwise, select No

NOTE: Each correct selection is worth one point.

You need to meet the technical requirements for the confidential documents.

What should you created first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to meet the technical requirements for the Site3 documents.

What should you create?

You need to meet the technical requirements for the Site1 documents.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Task 7

You need to create a retention policy that meets the following requirements:

• Applies to Microsoft Teams chat and Teams channel messages of users that have a department attribute of Sales.

• Retains item for five years from the date they are created, and then deletes them.

Task 9

You are investigating a data breach.

You need to retain all Microsoft Exchange items in the mailbox of Alex Wilber that contain the word Falcon and were created in the year 2021.

Task 6

You plan to implement Endpoint data loss prevention (Endpoint DLP) policies for computers that run Windows.

Users have an application named App1 that stores data locally in a folder named C:\app1\data.

You need to prevent the folder from being monitored by Endpoint DLP.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You plan to deploy a Defender for Cloud Apps file policy that will be triggered when the following conditions are met:

• A file is shared externally.

• A file is labeled as internal only.

Which filter should you use for each condition? To answer, drag the appropriate filters to the correct conditions. Each filter may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You need to prevent users in the finance department from sharing files with users in the research department. Which type of policy should you configure?

Task 4

You need to block users from sending emails containing information that is subject to Payment Card Industry Data Security Standard (PCI OSS). The solution must affect only emails.

Task 3

You plan to automatically apply a watermark to the document1 of a project named Falcon.

You need to create a label that will add a watermark of "Project falcon' in red. size-12 font diagonally across the documents.

Task 8

You need to retain Microsoft SharePoint files that contain the word Falcon for two years from the date they were created, and then delete them.

Task 1

You need to provide users with the ability to manually classify files that contain product information that are stored in SharePoint Online sites. The solution must meet the following requirements:

• The users must be able to apply a classification of Product1 to the files.

• Any authenticated user must be able to open files classified as Product1.

• files classified as Product1 must be encrypted.

Task 2

You discover that all users can apply the Confidential - Finance label.

You need to ensure that the Confidential - Finance label is available only to the members of the Finance Team group.

Task 5

You need to ensure that a group named U.S. Sales can store files containing information subject to General Data Protection Regulation (GDPR) in their OneDrive accounts. All other current GDPR restrictions must remain in effect.

Task 10

You plan to create a data loss prevention (DLP) policy that will apply to content containing the following keywords:

• Tailspin

• litware

• Falcon

You need to create a keyword list that can be used in the DLP policy. You do NOT need to create the DLP policy at this time.

You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).

You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).

You need to ensure that Endpoint DLP policies can protect content on the computers.

Solution: You deploy the unified labeling client to the computers.

Does this meet the goal?

At the end of a project you upload project documents to a Microsoft SharePoint Online library that contains many fifes. Files that have the following naming format must be labeled as Project I

• aei_AA989.docx

• bd_WSOgadocx

• cei_DLF112-docx

• ebc_QQ4S4.docx

• ecc_BB565.docx

You plan to create an auto-apply retention label policy.

What should you use to identify the files, and which regular expression should you use? To answer, select the appropriate options in the answer area.

You need to recommend a solution to configuration the Microsoft 365 Records management settings by using the CSV file must meet the compliance requirements.

What should you recommend?

You have a Microsoft 365 E5 subscription.

You plan to implement retention policies for Microsoft Teams.

Which item types can be retained?

You have a Microsoft 365 tenant.

You have a Microsoft SharePoint Online site that contains employment contracts in a folder named

EmploymentContracts. All the files in EmploymentContracts are marked as records.

You need to recommend a process to ensure that when a record is updated, the previous version of the record

is kept as a version of the updated record.

What should you recommend?

You receive an email that contains a list of words that will be used for a sensitive information type.

You need to create a file that can be used as the source of a keyword dictionary.

In which format should you save the list?

You have a Microsoft 365 E5 tenant that contains two users named User1 and User2 and a Microsoft SharePoint Online site named Site1 as shown in the following exhibit.

For Site1, the users are assigned the roles shown in the following table.

You publish a retention label named Retention1 to Site1.

To which files can the users apply Retention!? To answer, select the appropriate options in the answer area.

You have a Microsoft 365 E5 subscription.

You create an adaptive scope named Scope 1 as shown in the following exhibit.

You create a retention policy named Policy1 that includes Scope1.

To which three locations can you apply Policy1? To answer, select the appropriate locations in the answer area.

NOTE: Each correct selection is worth one point.

You are creating a data loss prevention (DLP) policy that will apply to all available locations. You configure an advanced DLP rule in the policy. Which type of condition can you use in the rule?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring a file policy in Microsoft Cloud App Security.

You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.

Solution: You use the Data Classification service inspection method and send alerts as email.

Does this meet the goal?

You have a Microsoft 365 tenant that uses the following sensitivity labels:

• Confidential:

• Internal

• External

The labels are published by using a label policy named Policy1.

Users report that Microsoft Office for the web apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally.

You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps.

What should you do?

While creating a retention label, you discover that the following options are missing:

• Mark items as a record
• Mark items as a regulatory record

You need to ensure that the options are available when you create retention labels in the Microsoft 365 compliance center.

How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You create a retention label that has a retention period of seven years.

You need to ensure that documents containing a credit card number are retained for seven years. Other documents must not be retained.

What should you create?

You need to create a retention policy to delete content after seven years from the following locations:

• Exchange email
• SharePoint sites
• OneDrive accounts
• Office 365 groups
• Teams channel messages
• Teams chats

What is the minimum number of retention policies that you should create?

You have a Microsoft 365 E5 tenant that contains a sensitivity label named label1.

You plan to enable co-authoring for encrypted files.

You need to ensure that files that have label1 applied support co-authoring.

Which two settings should you modify? To answer, select the settings in the answer area.

NOTE: Each correct selection is worth one point.

You are implementing a data classification solution.

The research department at your company requires that documents containing programming code be labeled

as Confidential. The department provides samples of the code from its document library. The solution must

minimize administrative effort.

What should you do?

You have a Microsoft 365 tenant that uses the following sensitivity labels:

* Confidential

* Internal

* External

The labels are published by using a label policy named Policy1.

Users report that Microsoft Office for the wen apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally.

You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps.

Solution: You run the Execute-AzureAdLabelSync cmdlet.

Does this meet the goal?