Microsoft Microsoft Certifications SC-400 Questions & Answers

• Question 141:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).

  You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).

  You need to ensure that Endpoint DLP policies can protect content on the computers.

  Solution: You onboard the computers to Microsoft Defender for Endpoint.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide

• Question 142:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).

  You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).

  You need to ensure that Endpoint DLP policies can protect content on the computers.

  Solution: You deploy the unified labeling client to the computers.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide

• Question 143:

  You have a Microsoft 365 E5 tenant and the Windows 10 devices shown in the following table.

  

  To which devices can you apply Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings?

  A. Device1, Device3, and Device4 only

  B. Device1, Device2, Device3, and Device4

  C. Device1 and Device2 only

  D. Device1 and Device3 only

  E. Device1 only

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide

• Question 144:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).

  You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).

  You need to ensure that Endpoint DLP policies can protect content on the computers.

  Solution: You enroll the computers in Microsoft Intune.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide

• Question 145:

  You are configuring a data loss prevention (DLP) policy to report when credit card data is found on a Windows 10 device joined to Azure Active Directory (Azure AD).

  You plan to use information from the policy to restrict the ability to copy the sensitive data to the clipboard.

  What should you configure in the policy rule?

  A. the incident report

  B. an action

  C. user notifications

  D. user overrides

  Correct Answer: B

• Question 146:

  Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft Office 365 logo. What should you do to create the branding templates?

  A. Create a Transport rule.

  B. Create an RMS template.

  C. Run the Set-IRMConfiguration cmdlet.

  D. Run the New-OMEConfiguration cmdlet.

  Correct Answer: D

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-worldwide

• Question 147:

  You are creating a custom trainable classifier to identify organizational product codes referenced in Microsoft 365 content.

  You identify 300 files to use as seed content.

  Where should you store the seed content?

  A. a Microsoft SharePoint Online folder

  B. a Microsoft OneDrive for Business folder

  C. an Azure file share

  D. Microsoft Exchange Online shared mailbox

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide

• Question 148:

  You need to automatically apply a sensitivity label to documents that contain information about your company's network including computer names, IP addresses, and configuration information.

  Which two objects should you use? Each correct answer presents part of the solution. (Choose two.)

  NOTE: Each correct selection is worth one point.

  A. an Information protection auto-labeling policy

  B. a custom trainable classifier

  C. a sensitive info type that uses a regular expression

  D. a data loss prevention (DLP) policy

  E. a sensitive info type that uses keywords

  F. a sensitivity label that has auto-labeling

  Correct Answer: BF

• Question 149:

  You have a new Microsoft 365 tenant.

  You need to ensure that custom trainable classifiers can be created in the tenant.

  To which role should you be assigned to perform the configuration?

  A. Security administrator

  B. Security operator

  C. Global administrator

  D. Compliance administrator

  Correct Answer: C

• Question 150:

  You are implementing a data classification solution.

  The research department at your company requires that documents containing programming code be labeled as Confidential. The department provides samples of the code from its document library. The solution must minimize administrative

  effort.

  What should you do?

  A. Create a custom classifier.

  B. Create a sensitive info type that uses Exact Data Match (EDM).

  C. Use the source code classifier.

  D. Create a sensitive info type that uses a regular expression.

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about?view=o365-worldwide