SC-400: Microsoft Information Protection Administrator Part 2
Question #: 86
Topic #: 6
You have a Microsoft 365 E5 subscription that uses Privacy Risk Management in Microsoft Priva.
You need to review the personal data type instances that were detected in the subscription.
What should you use in the Microsoft Purview compliance portal?
A. Content explorer
B. User data search
C. Content search
D. an eDiscovery case
Selected Answer: A
Question #: 87
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has only the Exchange email location selected.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 88
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-MailboxFolderPermission -Identity “User1” -User User1@contoso.com -AccessRights Owner command.
Does that meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 89
Topic #: 1
Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft Office 365 logo.
What should you do to create the branding templates?
A. Create a Transport rule.
B. Create an RMS template.
C. Run the Set-IRMConfiguration cmdlet.
D. Run the New-OMEConfiguration cmdlet.
Selected Answer: D
Question #: 90
Topic #: 3
You have a Microsoft 365 tenant that uses records management.
You use a retention label to mark legal files stored in a Microsoft SharePoint Online document library as regulatory records.
What can you do to the legal files?
A. Remove the retention label of the files.
B. Edit the properties of the files.
C. Move the files to a different folder within the document library.
D. Delete the content from the files.
Selected Answer: C
Question #: 92
Topic #: 1
You create a custom sensitive info type that uses Exact Data Match (EDM).
You plan to periodically update and upload the data used for EDM.
What is the maximum frequency with which the data can be uploaded?
A. twice per week
B. twice per day
C. once every six hours
D. once every 48 hours
E. twice per hour
Selected Answer: C
Question #: 93
Topic #: 5
You have a Microsoft 365 subscription.
You need to be notified by email whenever an administrator starts an eDiscovery search.
What should you do from the Microsoft Purview compliance portal?
A. From Records management create event type.
B. From eDiscovery, create an eDiscovery case.
C. From Content search, create a new search.
D. From Policies, create an alert policy.
Selected Answer: D
Question #: 94
Topic #: 4
You have a Microsoft 365 E5 subscription that contains the resources shown in the following table.
You have a retention label configured as shown in the following exhibit.
You publish the retention label and set the scope as shown in the following exhibit.
You apply the label to the resources.
Which items can you delete?
A. Mail1 only
B. File1.docx and File2.xlsx only
C. Mail1 and File1.docx only
D. Mail1 and File2.xlsx only
E. Mail1, File1.docx, and File2.xlsx
Selected Answer: E
Question #: 95
Topic #: 2
You are creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy1 that will have all locations selected.
Which two conditions can you use in the rule? Each correct answer presents a complete solution. (Choose two.)
NOTE: Each correct selection is worth one point.
A. Content contains
B. Content is shared from Microsoft 365
C. Document size equals or is greater than
D. Attachment’s file extension is
E. Document property is
Selected Answer: AB
Question #: 96
Topic #: 3
You have a Microsoft 365 tenant that contains the users shown in the following table.
You configure a retention label to trigger a disposition review at the end of the retention period.
Which users can access the Disposition tab in the Microsoft 365 compliance center to review the content?
A. User1 only
B. User2 only
C. User3 only
D. User1 and User3
E. User3 and User4
Selected Answer: C
Question #: 100
Topic #: 6
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You need to prevent users in the finance department from sharing files with users in the research department.
Which type of policy should you configure?
A. communication compliance
B. information barrier
C. Conditional Access
D. insider risk management
Selected Answer: B
Question #: 101
Topic #: 5
You have a Microsoft 365 subscription that contains a user named User1.
You need to assign User1 permissions to search Microsoft Office 365 audit logs.
What should you use?
A. the Azure Active Directory admin center
B. the Microsoft Purview compliance portal
C. the Exchange admin center
D. the Microsoft 365 Defender portal
Selected Answer: B
Question #: 102
Topic #: 2
You need to provide a user with the ability to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The solution must use the principle of least privilege.
Which role should you assign to the user?
A. Compliance data administrator
B. Security operator
C. Compliance administrator
D. Security reader
Selected Answer: D
Question #: 106
Topic #: 1
A user reports that she can no longer access a Microsoft Excel file named Northwind Customer Data.xlsx.
From the Cloud App Security portal, you discover the alert shown in the exhibit.
You restore the file from quarantine.
You need to prevent files that match the policy from being quarantined. Files that match the policy must generate an alert.
What should you do?
A. Modify the policy template.
B. Assign the Global reader role to the file owners.
C. Exclude file matching by using a regular expression.
D. Update the governance action.
Selected Answer: D
Question #: 107
Topic #: 2
You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company.
What should you do?
A. From the Microsoft 365 compliance center, create a data loss prevention (DLP) policy.
B. From the Microsoft 365 compliance center, start a data investigation.
C. From the Microsoft 365 compliance center, create an insider risk policy.
D. From the Cloud App Security portal, create an activity policy.
Selected Answer: A
Question #: 108
Topic #: 3
You need to ensure that documents in a Microsoft SharePoint Online site that contain a reference to Project Alpha are retained for two years, and then deleted.
Which two objects should you create? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.
A. a retention policy
B. an auto-apply label policy
C. a sensitive info type
D. a retention label
E. a sensitivity label
F. a publish labels policy
Selected Answer: BD
Question #: 111
Topic #: 2
You need to protect documents that contain credit card numbers from being opened by users outside your company. The solution must ensure that users at your company can open the documents.
What should you use?
A. a sensitivity label policy
B. a sensitivity label
C. a retention policy
D. a data loss prevention (DLP) policy
Selected Answer: D
Question #: 112
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-Mailbox -Identity “User1” -AuditEnabled $true command.
Does that meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 113
Topic #: 4
You have a Microsoft 365 subscription.
You have a team named Team1 in Microsoft Teams.
You plan to place all the content in Team1 on hold.
You need to identify which mailbox and which Microsoft SharePoint site collection are associated to Team1.
Which cmdlet should you use?
A. Get-UnifiedGroup
B. Get-TeamChannel
C. Get-MailUser
D. Get-Team
Selected Answer: A
Question #: 114
Topic #: 3
You are configuring a retention label named Label1 as shown in the following exhibit.
You need to ensure that documents that have Label1 applied are deleted three years after the end of your company’s fiscal year.
What should you do?
A. Create a new event type.
B. Select Only delete items when they reach a certain age.
C. Modify the Retention period setting.
D. Set At the ends of the retention period to Trigger a disposition review.
Selected Answer: A
Question #: 117
Topic #: 2
You have a Microsoft 365 tenant that contains a Microsoft SharePoint Online site named Site1.
You have the users shown in the following table.
You create a data loss prevention (DLP) policy for Site1 that detects credit card number information. You configure the policy to use the following protection action:
✑ When content matches the policy conditions, show policy tips to users and send them an email notification.
You use the default notification settings.
To Site1, User1 uploads a file that contains a credit card number.
Which users receive an email notification?
A. User1 and User2 only
B. User1 and User4 only
C. User1, User2, User3, and User4
D. User1 only
E. User1 and User3 only
Selected Answer: D
Question #: 118
Topic #: 5
You have a Microsoft 365 subscription.
You create and run a content search from the Microsoft Purview compliance portal.
You need to download the results of the content search.
What should you obtain first?
A. a certificate
B. a password
C. an export key
D. a pin
Selected Answer: C
Question #: 119
Topic #: 1
You receive an email that contains a list of words that will be used for a sensitive information type.
You need to create a file that can be used as the source of a keyword dictionary.
In which format should you save the list?
A. a JSON file that has an element for each word
B. an ACCDB database file that contains a table named Dictionary
C. an XML file that contains a keyword tag for each word
D. a CSV file that contains words separated by commas
Selected Answer: D
Question #: 121
Topic #: 1
You have a Microsoft 365 E5 tenant that uses a domain named contoso.com.
A user named User1 sends link-based, branded emails that are encrypted by using Microsoft Office 365 Advanced Message Encryption to the recipients shown in the following table.
For which recipients can User1 revoke the emails?
A. Recipient4 only
B. Recipient1 only
C. Recipient1, Recipient2, Recipient3, and Recipient4
D. Recipient3 and Recipient4 only
E. Recipient1 and Recipient2 only
Selected Answer: A
Question #: 122
Topic #: 5
You have a Microsoft 365 E5 subscription.
You need to review the compliance of the subscription with the General Data Protection Regulation (GDPR) by using Compliance Manager. The solution must minimize administrative effort.
What should you create first?
A. an assessment
B. an alert policy to monitor for score changes
C. a template
D. review assessments
Selected Answer: A
Question #: 123
Topic #: 2
You have a data loss prevention (DLP) policy that applies to the Devices location. The policy protects documents that contain United States passport numbers.
Users report that they cannot upload documents to a travel management website because of the policy.
You need to ensure that the users can upload the documents to the travel management website. The solution must prevent the protected content from being uploaded to other locations.
Which Microsoft 365 Endpoint data loss prevention (Endpoint DLP) setting should you configure?
A. Unallowed browsers
B. File path exclusions
C. Unallowed apps
D. Service domains
Selected Answer: D
Question #: 124
Topic #: 3
You have a Microsoft 365 tenant.
You have a Microsoft SharePoint Online site that contains employment contracts in a folder named EmploymentContracts. All the files in EmploymentContracts are marked as records.
You need to recommend a process to ensure that when a record is updated, the previous version of the record is kept as a version of the updated record.
What should you recommend?
A. Upload an updated file plan that contains the record definition.
B. Unlock the record, modify the record, and then lock the record.
C. Create a copy of the record and enter a version in the file metadata.
D. Create a new label policy associated to an event that will apply to the record.
Selected Answer: B
Question #: 125
Topic #: 4
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Project1.
You need to recommend a record management solution that meets the following requirements:
• Retains files in Project1 for a minimum of 10 years
• Once Project1 is complete, retains files for an additional five years before the files are deleted
Which two components should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a data loss prevention (DLP) policy
B. an adaptive scope
C. an event type
D. a file plan
E. a sensitivity label
Selected Answer: CD
Question #: 126
Topic #: 6
You have a Microsoft 365 E5 subscription.
You plan to implement information barriers (IBs).
You need to create an IB segment named Segment1.
What should you use to define Segment1?
A. a user group filter
B. a distribution list group
C. a Microsoft 365 group
D. an administrative unit
Selected Answer: A
Question #: 127
Topic #: 5
You have a Microsoft 365 E5 subscription that contains two users named User1 and Admin1. Admin1 manages audit retention policies for the subscription.
You need to ensure that the audit logs of User1 will be retained for 10 years.
What should you do first?
A. Assign a Microsoft Purview Audit (Premium) add-on license to User1.
B. Assign a 10-year audit log retention add-on license to Admin1.
C. Assign a Microsoft Purview Audit (Premium) add-on license to Admin1.
D. Assign a 10-year audit log retention add-on license to User1.
Selected Answer: D
Question #: 128
Topic #: 3
You have a Microsoft 365 tenant.
All Microsoft OneDrive for Business content is retained for five years.
A user named User1 left your company a year ago, after which the account of User1 was deleted from Azure Active Directory (Azure AD).
You need to recover an important file that was stored in the OneDrive of User1.
What should you use?
A. the Restore-SPODeletedSite PowerShell cmdlet
B. the OneDrive recycle bin
C. the Restore-ADObject PowerShell cmdlet
D. Deleted users in the Microsoft 365 admin center
Selected Answer: A
Question #: 129
Topic #: 2
You have a Microsoft 365 tenant that has devices onboarded to Microsoft Defender for Endpoint as shown in the following table.
You plan to start using Microsoft 365 Endpoint data loss protection (Endpoint DLP).
Which devices support Endpoint DLP?
A. Device5 only
B. Device2 only
C. Device1, Device2, Device3, Device4, and Device5
D. Device3 and Device4 only
E. Device1 and Device2 only
Selected Answer: B
Question #: 130
Topic #: 1
You need to test Microsoft Office 365 Message Encryption (OME) capabilities for your company. The test must verify the following information:
✑ The acquired default template names
✑ The encryption and decryption verification status
Which PowerShell cmdlet should you run?
A. Test-ClientAccessRule
B. Test-Mailflow
C. Test-OAuthConnectivity
D. Test-IRMConfiguration
Selected Answer: D
Question #: 134
Topic #: 1
You have a Microsoft 365 tenant that uses trainable classifiers.
You are creating a custom trainable classifier.
You collect 300 sample file types from various geographical locations to use as seed content. Some of the file samples are encrypted.
You organize the files into categories as shown in the following table.
Which file categories can be used as seed content?
A. Category2, Category3, and Category5 only
B. Category3 and Category5 only
C. Category1 and Category3 only
D. Category3 only
E. Category1, Category2, Category3, Category4, and Category5
Selected Answer: A
Question #: 135
Topic #: 5
You have a Microsoft 365 subscription.
The Global Administrator role is assigned to your user account.
You have a user named Admin1.
You create an eDiscovery case named Case1.
You need to ensure that Admin1 can view the results of Case1.
What should you do first?
A. From the Microsoft Entra admin center, assign a role group to Admin1.
B. From the Microsoft Purview compliance portal, assign a role group to Admin1.
C. From the Microsoft 365 admin center, assign a role to Admin1.
Selected Answer: B
Question #: 136
Topic #: 2
A compliance administrator recently created several data loss prevention (DLP) policies.
After the policies are created, you receive a higher than expected volume of DLP alerts.
You need to identify which rules are generating the alerts.
Which DLP report should you use?
A. Third-party DLP policy matches
B. DLP policy matches
C. DLP incidents
D. False positive and override
Selected Answer: B
Question #: 138
Topic #: 6
You have a Microsoft 365 E5 subscription.
You need to create a subject rights request.
What can be configured as a search location?
A. Microsoft Exchange Online only
B. Microsoft SharePoint Online only
C. Microsoft Exchange Online and SharePoint Online only
D. Microsoft Exchange Online and Teams only
E. Microsoft Exchange Online, SharePoint Online, and Teams
Selected Answer: C
Question #: 139
Topic #: 3
At the end of a project, you upload project documents to a Microsoft SharePoint Online library that contains many files. The following is a sample of the project document file names:
✑ aei_AA989.docx
✑ bci_WS098.docx
✑ cei_DF112.docx
✑ ebc_QQ454.docx
✑ ecc_BB565.docx
All documents that use this naming format must be labeled as Project Documents:
You need to create an auto-apply retention label policy.
What should you use to identify the files?
A. A sensitive info type
B. A retention label
C. A trainable classifier
Selected Answer: C
Question #: 140
Topic #: 5
You have a Microsoft 365 subscription linked to a Microsoft Entra tenant that contains a user named User1.
You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege.
Which role should you assign to User1?
A. the Reviewer role in the Microsoft Purview compliance portal
B. the View-Only Audit Logs role in the Exchange admin center
C. the Compliance Management role in the Exchange admin center
D. the Security Reader role in the Microsoft Entra admin center
Selected Answer: B
Question #: 141
Topic #: 1
You have a Microsoft 365 tenant that uses Microsoft Office 365 Message Encryption (OME).
You need to ensure that any emails containing attachments and sent to user1@contoso.com are encrypted automatically by using OME.
What should you do?
A. From the Exchange admin center, create a new sharing policy.
B. From the Microsoft 365 security center, create a Safe Attachments policy.
C. From the Exchange admin center, create a mail flow rule.
D. From the Microsoft 365 compliance center, configure an auto-apply retention label policy.
Selected Answer: C
Question #: 143
Topic #: 1
You plan to implement sensitivity labels for Microsoft Teams.
You need to ensure that you can view and apply sensitivity labels to new Microsoft Teams sites.
What should you do first?
A. Run the Set-SPOSite cmdlet.
B. Create a new sensitivity label scoped to Groups & sites.
C. Run the Execute-AzureAdLabelSync cmdlet.
D. Configure the EnableMIPLabels Azure Active Directory (Azure AD) setting.
Selected Answer: D
Question #: 144
Topic #: 6
You plan to implement inside 365 E5 subscription.
You plan to implement insider risk management for users that manage sensitive data associated with a project.
You need to create a protection policy for the users. The solution must meet the following requirements:
• Minimize the impact on users who are NOT part of the project.
• Minimize administrative effort.
What should you do first?
A. From the Microsoft Entra admin center, create a security group.
B. From the Microsoft Purview compliance portal, create an insider risk management policy.
C. From the Microsoft Purview compliance portal, create a priority user group.
D. From the Microsoft Entra admin center, create a risky users policy.
Selected Answer: C
Question #: 145
Topic #: 3
You need to create a retention policy to retain all the files from Microsoft Teams channel conversations and private chats.
Which two locations should you select in the retention policy? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.
A. OneDrive accounts
B. Office 365 groups
C. Team channel messages
D. SharePoint sites
E. Team chats
F. Exchange email
Selected Answer: AD
Question #: 146
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Cloud App Security portal, you create an app discovery policy.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
