SC-400 Exam - Microsoft Information Protection Administrator

NEW QUESTION 1

You need to test Microsoft Office 365 Message Encryption (OME) capabilities for your company. The test must verify the following information:
The acquired default template names
The encryption and decryption verification status Which PowerShell cmdlet should you run?

• A. Test-ClientAccessRule
• B. Test-Mailflow
• C. Test-OAuthConnectivity
• D. Test-IRMConfiguration

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message- encryption-capabilities?
view=o365-worldwide

NEW QUESTION 2

You have a Microsoft SharePoint Online site named Site! that contains the files shown in the following table.

You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.

You apply DLP1 toSite1.
Which policy tips will appear for File2?

• A. Tip1 only
• B. Tip2only
• C. Tip3 only
• D. Tip1 and Tip2 only

Answer: D

NEW QUESTION 3

You have a Microsoft 365 tenant that uses Microsoft Exchange Online. You need to recover deleted email messages from a user’s mailbox.
Which two PowerShell cmdlets should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Restore-RecoverableItems
• B. Get-MailboxRestoreRequest
• C. Restore-Mailbox
• D. Get-RecoverableItems
• E. Set-MailboxRestoreRequest

Answer: AD

Explanation:
Reference:
https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-user-mailboxes/recover-deleted-messages

NEW QUESTION 4
HOTSPOT
You have a Microsoft 365 E5 subscription.
You are implementing insider risk management
You need to create an insider risk management notice template and format the message body of the notice template.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

You have a Microsoft 365 E5 subscription. You need to create a subject rights request What can be configured as a search location?

• A. Microsoft Exchange Online and Teams only
• B. Microsoft Exchange Online, SharePoint Online, and Teams
• C. Microsoft Exchange Online only
• D. Microsoft Exchange Online and SharePoint Online only
• E. Microsoft SharePoint Online only

Answer: B

NEW QUESTION 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You are configuring a file policy m Microsoft Defender for Cloud Apps.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who Is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Built-in DIP inspection method and send alerts to Microsoft Power Automate.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 7

You have a Microsoft 365 tenant that uses the following sensitivity labels:
* Confidential
* Internal
* External
The labels are published by using a label policy named Policy1.
Users report that Microsoft Office for the wen apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally.
You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps.
Solution: You modify the publishing settings of Policy1. Does the meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 8

Your company has a Microsoft 365 tenant.
The company performs annual employee assessments. The assessment results are recorded in a document named Assessment I cmplatc.docx that is created by using Microsoft Word template. Copies of the employee assessments are sent to employees and their managers. The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive for Business folders. A copy of each assessment is also stored in a SharePoint Online folder named Assessments.
You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users. You will use a document fingerprint to identify the assessment documents.
What should you include in the solution?

• A. Create a fingerprint of AssessmentTemplate.docx.
• B. Create a sensitive info type that uses Exact Data Match (EDM).
• C. Create a fingerprint of TOO sample documents in the Assessments folder.
• D. Import 100 sample documents from the Assessments folder to a seed folder.

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/document-fingerprinting?view=o365-worldwide

NEW QUESTION 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Data Classification service inspection method and send alerts as email.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/dcs-inspection https://docs.microsoft.com/en-us/cloud-app-security/data-protection-policies

NEW QUESTION 10

You need to meet the technical requirements for the creation of the sensitivity labels. To which user or users must you grant the Sensitivity label administrator role?

• A. Admin1, Admin2, Admin4, and Admin5 only
• B. Admin1, Admin2, and Admin3 only
• C. Admin1 only
• D. Admin1 and Admin4 only
• E. Admin1 and Admin5 only

Answer: D

Explanation:
Compliance Data Administrator, Compliance Administrator, and Security Administrator already have the
required permissions to create the labels. Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity- labels?view=o365-
worldwide#permissions-required-to-create-and-manage-sensitivity-labels

NEW QUESTION 11
HOTSPOT
You use project codes that have a format of three alphabetical characters that represent the project type, followed by three digits, for example Abc123.
You need to create a new sensitive info type for the project codes.
How should you configure the regular expression to detect the content? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

You need to provide a user with the ability to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The solution must use the principle of least privilege.
Which role should you assign to the use?

• A. Compliance data administrator
• B. Security operator
• C. Security reader
• D. Compliance administrator

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-worldwide

NEW QUESTION 13

You need to automatically apply a sensitivity label to documents that contain information about your company's network including computer names, IP addresses, and configuration information. Which two objects should you use? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

• A. an Information protection auto-labeling policy
• B. a custom trainable classifier
• C. a sensitive info type that uses a regular expression
• D. a data loss prevention (DLP) policy
• E. a sensitive info type that uses keywords
• F. a sensitivity label that has auto-labeling

Answer: AB

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn- about?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide

NEW QUESTION 14
HOTSPOT
While creating a retention label, you discover that the Mark items as a regulatory record option is unavailable.
You need to ensure that the option is available when you create retention labels in the Microsoft Purview compliance portal.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

You have a Microsoft 365 E5 subscription that uses Microsoft Teams and contains a user named User1.
You configure Microsoft Purview Information Barriers.
You need to identify which information barrier policies apply to User1. Which cmdlet should you use?

• A. Get-OrganizationSegaent
• B. Get-InformationBarrierPoliciesApplicationStatus
• C. Get-InformtionBarrierPolicy
• D. Get-InformtionBarrierRecipientStatus

Answer: D

NEW QUESTION 16
......