Microsoft Microsoft Certifications SC-400 Questions & Answers

• Question 241:

  You plan to implement inside 365 E5 subscription.

  You plan to implement insider risk management for users that manage sensitive data associated with a project.

  You need to create a protection policy for the users. The solution must meet the following requirements:

  1.

  Minimize the impact on users who are NOT part of the project.

  2.

  Minimize administrative effort. What should you do first?

  A. From the Microsoft Entra admin center, create a security group.

  B. From the Microsoft Purview compliance portal, create an insider risk management policy.

  C. From the Microsoft Purview compliance portal, create a priority user group.

  D. From the Microsoft Entra admin center, create a risky users policy.

  Correct Answer: C

  Get started with insider risk management

  Configure priority user groups Insider risk management includes support for assigning priority user groups to policies to help identify unique risk activities for user with critical positions, high levels of data and network access, or a past history of risk behavior. Creating a priority user group and assigning users to the group help scope policies to the unique circumstances presented by these users.

  You can create a priority user group and assign users to the group to help you scope policies specific to the unique circumstances presented by these identified users. To enable the priority user groups risk score booster, go to the Insider risk management settings page, then select Policy indicators and Risk score boosters. These identified users are more likely to receive alerts, so analysts and investigators can review and prioritize these users' risk severity to help triage alerts in accordance with your organization's risk policies and standards.

  A priority user group is required when using the following policy templates:

  Security policy violations by priority users Data leaks by priority users

  Reference:

• Question 242:

  You have a Microsoft 365 subscription.

  You have a user named User1. Several users have full access to the mailbox of User1.

  Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

  When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.

  You need to ensure that you can view future sign-ins to the mailbox of User1.

  Solution: You run the Set-Mailbox -Identity "User1" -AuditEnabled $true command.

  Does that meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  Set-Mailbox

  This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

  Use the Set-Mailbox cmdlet to modify the settings of existing mailboxes.

  The AuditEnabled parameter must be set to $true to enable mailbox audit logging.

  -AuditEnabled

  The AuditEnabled parameter specifies whether to enable or disable mailbox audit logging for the mailbox. If auditing is enabled, actions specified in the AuditAdmin, AuditDelegate, and AuditOwner parameters are logged. Valid values are:

  $true: Mailbox audit logging is enabled.

  $false: Mailbox audit logging is disabled. This is the default value.

  Reference:

• Question 243:

  You have a Microsoft 365 subscription.

  You create and run a content search from the Microsoft Purview compliance portal.

  You need to download the results of the content search.

  What should you obtain first?

  A. a certificate

  B. a password

  C. an export key

  D. a pin

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results

• Question 244:

  You have a Microsoft 365 E5 subscription.

  You need to review the compliance of the subscription with the General Data Protection Regulation (GDPR) by using Compliance Manager. The solution must minimize administrative effort.

  What should you create first?

  A. an assessment

  B. an alert policy to monitor for score changes

  C. a template

  D. review assessments

  Correct Answer: A

  Data Protection Impact Assessment Under GDPR, data controllers are required to prepare a Data Protection Impact Assessment (DPIA) for processing operations that are 'likely to result in a high risk to the rights and freedoms of natural persons.' There is nothing inherent in Microsoft products and services that need the creation of a DPIA. Rather, it depends on the details of your Microsoft configuration. A list of details that must be considered in Office can be found in Contents of DPIA.

  Reference:

• Question 245:

  You have a Microsoft 365 E5 subscription that contains two users named User1 and Admin1. Admin1 manages audit retention policies for the subscription.

  You need to ensure that the audit logs of User1 will be retained for 10 years.

  What should you do first?

  A. Assign a Microsoft Purview Audit (Premium) add-on license to User1.

  B. Assign a 10-year audit log retention add-on license to Admin1.

  C. Assign a Microsoft Purview Audit (Premium) add-on license to Admin1.

  D. Assign a 10-year audit log retention add-on license to User1.

  Correct Answer: B

  To retain an audit log for longer than 90 days (and up to 1 year), the user who generates the audit log (by performing an audited activity) must be assigned an Office 365 E5 or Microsoft 365 E5 license or have a Microsoft 365 E5 Compliance or E5 eDiscovery and Audit add-on license. To retain audit logs for 10 years, the user who generates the audit log must also be assigned a 10-year audit log retention add-on license in addition to an E5 license.

  Reference: https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies

• Question 246:

  You have a Microsoft 365 subscription.

  The Global Administrator role is assigned to your user account.

  You have a user named Admin1.

  You create an eDiscovery case named Case1.

  You need to ensure that Admin1 can view the results of Case1.

  What should you do first?

  A. From the Microsoft Entra admin center, assign a role group to Admin1.

  B. From the Microsoft Purview compliance portal, assign a role group to Admin1.

  C. From the Microsoft 365 admin center, assign a role to Admin1.

  Correct Answer: B

  If you want people to use any of the eDiscovery-related tools in the Microsoft Purview compliance portal, you have to assign them the appropriate permissions. The easiest way to assign roles is to add the person the appropriate role group on the Permissions page in the compliance portal.

  Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/assign-ediscovery-permissions

• Question 247:

  You have a Microsoft 365 subscription linked to a Microsoft Entra tenant that contains a user named User1.

  You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege.

  Which role should you assign to User1?

  A. the Reviewer role in the Microsoft Purview compliance portal

  B. the View-Only Audit Logs role in the Exchange admin center

  C. the Compliance Management role in the Exchange admin center

  D. the Security Reader role in the Microsoft Entra admin center

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance

• Question 248:

  You have a Microsoft 365 E5 subscription that contains a user named User1 and a Microsoft SharePoint Online site named Site1. You create the alert policy shown in the following exhibit.

  

  To Site1, User1 uploads the files shown in the following table.

  

  How many alerts will be generated in response to the file uploads?

  A. 1

  B. 2

  C. 3

  D. 4

  E. 5

  Correct Answer: D

  4 alerts, 1 for each file

• Question 249:

  You have a Microsoft 365 subscription.

  A. Recipients: “user””#1-2””@contoso.com”

  B. Recipients: (“[email protected]” “[email protected]”)

  C. Recipients: (“user””#1-1””@contoso.com”)

  D. Recipients= “[email protected]” OR Recipients= “[email protected]”

  Correct Answer: C

  Recipient expansion

  When searching any of the recipient properties (From, To, Cc, Bcc, Participants, and Recipients), Microsoft 365 attempts to expand the identity of each user by looking them up in Microsoft Entra ID. If the user is found in Microsoft Entra ID,

  the query is expanded to include the user's email address (or UPN), alias, display name, and LegacyExchangeDN. For example, a query such as participants:[email protected] expands to participants:[email protected] OR participants:ronnie OR participants:"Ronald Nelson" OR participants:"".

  Reference: https://learn.microsoft.com/en-us/purview/ediscovery-keyword-queries-and-search-conditions

• Question 250:

  You have a Microsoft 365 E5 tenant that has data loss prevention (DLP) policies.

  You need to create a report that includes the following:

  1.

  Documents that have a matched DLP policy.

  2.

  Documents that have had a sensitivity label changed.

  3.

  Documents that have had a sensitivity label changed.

  What should you use?

  A. a content search

  B. an eDiscovery case

  C. communication compliance reports

  D. Activity explorer

  Correct Answer: D

  *

  Using Endpoint data loss prevention (DLP), Activity explorer gathers DLP policy matches events from Exchange, SharePoint, OneDrive, Teams Chat and Channel, on-premises SharePoint folders and libraries, on-premises file shares, and devices running Windows 10, Windows 11, and any of the three most recent major macOS versions. Some example events gathered from Windows 10 devices include the following actions taken on files:

  Deletion Creation Copy to clipboard Modify Read Print Rename Copy to network share Access by an unallowed app

  *

  Activity types

  Activity explorer gathers information from the audit logs of multiple sources of activities.

  Some examples of the Sensitivity label activities and Retention labeling activities from applications native to Microsoft Office, the Azure Information Protection (AIP) unified labeling client and scanner, SharePoint, Exchange (sensitivity labels

  only), and OneDrive include:

  Label applied

  *-> Label changed (upgraded, downgraded, or removed)

  Autolabeling simulation

  File read

  Incorrect:

  Not B: Electronic discovery (also known as e-discovery, ediscovery, eDiscovery, or e-Discovery) is the electronic aspect of identifying, collecting and producing electronically stored information (ESI) in response to a request for production in a

  law suit or investigation.

  Reference:

  https://learn.microsoft.com/en-us/purview/data-classification-activity-explorer