Microsoft Microsoft Certifications SC-400 Questions & Answers

• Question 21:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.

  You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.

  You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.

  Solution: From the Microsoft Defender for Cloud Apps portal, you create an app discovery policy.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  Instead use solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add the application to the unallowed apps list.

  Unallowed apps is a list of applications that you create which will not be allowed to access a DLP protected file.

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide

• Question 22:

  You have a Microsoft 365 E5 subscription.

  You need to create a Microsoft Defender for Cloud Apps policy that will detect data loss prevention (DLP) violations.

  What should you create?

  A. a Cloud Discovery anomaly detection policy

  B. an activity policy

  C. a session policy

  D. a file policy

  Correct Answer: D

  You can create DLP policies for non-Microsoft cloud apps in three ways:

  *

  Create file policies in the Microsoft Defender for Cloud Apps portal

  *

  Create file policies in the Microsoft 365 Defender Portal

  *

  Create DLP policies in the Microsoft Purview compliance portal and specify Microsoft Defender for Cloud Apps as the location.

  Reference: https://learn.microsoft.com/en-us/training/modules/create-configure-data-loss-prevention-policies/3-integrate-data-loss-prevention-with-microsoft-cloud-app-security

• Question 23:

  You have a Microsoft SharePoint Online site named Site1 that contains the following files:

  File1.docx

  File2.xlsx

  File3.pdf

  You have a retention label named Retention1.

  You plan to use an auto-labeling policy to apply Retention1 to any content on Site1 that matches the Targeted Harassment trainable classifier.

  To which files will Retention1 be applied?

  A. File1.docx only

  B. File1.docx and File2.xlsx

  C. File1.docx and File3.pdf only

  D. File1.docx, File2.xlsx, and File3.pdf

  Correct Answer: D

  Auto-labeling retention policies can handle Word documents, Excel spreadsheets, and PDF documents.

  Reference: https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-retention-labels-automatically

• Question 24:

  You have a Microsoft 365 E5 tenant.

  You create a data loss prevention (DLP) policy.

  You need to ensure that the policy protects documents in Microsoft Teams chat sessions.

  Which location should you enable in the policy?

  A. OneDrive accounts

  B. Exchange email

  C. Teams chat and channel messages

  D. SharePoint sites

  Correct Answer: A

  Documents shared in Team Chats are stored in OneDrive and shared in Channel Chats are stored in SharePoint Sites

• Question 25:

  You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.

  You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.

  You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.

  Solution: From the Microsoft Defender for Cloud Apps, you mark the application as Unsanctioned.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  Sanctioning/unsanctioning an app You can unsanction a specific risky app by clicking the three dots at the end of the row. Then select Unsanction. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the Cloud Discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or generate a block script using the Defender for Cloud Apps APIs to block all unsanctioned apps.

  Instead Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add the application to the unallowed apps list.

  Unallowed apps is a list of applications that you create which will not be allowed to access a DLP protected file.

  Reference: https://learn.microsoft.com/en-us/defender-cloud-apps/governance-discovery#BKMK_SanctionApp https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide

• Question 26:

  You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1.

  You need to create a data loss prevention (DLP) policy to prevent the sharing of files that contain source code. The solution must minimize administrative effort.

  What should you include in the solution?

  A. an exact data match (EDM) data classification

  B. a sensitive info type that uses a keyword dictionary

  C. a sensitive info type that uses regular expressions

  D. a trainable classifier

  Correct Answer: D

  Support for trainable classifiers as a condition in your DLP policy

  We are excited to share that you can now use trainable classifiers (out-of-the-box as well as custom) as conditions in your DLP policies to detect and prevent sensitive business contexts (e.g., financial statements, contracts, legal and HR

  documents, etc.) as well as behavioral context data (e.g., discrimination, profanity, and more) from unauthorized use, sharing, or transfer.

  See below for a chart of business content and behavior classifiers supported in DLP policies today. We will be adding additional classifiers to this list in the coming months.

  * Source Code

  detects items that contain a set of instructions and statements written in the top 25 used computer programming languages on GitHub.

  Reference: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/announcing-machine-learning-features-in-microsoft-purview-data/ba-p/3583916

• Question 27:

  You have a Microsoft 365 E5 subscription that contains a data loss prevention (DLP) policy named DLP1.

  DLP1 has a rule that triggers numerous alerts.

  You need to reduce the number of alert notifications that are generated. The solution must maintain the sensitivity of DLP1.

  What should you do?

  A. Change the mode of DLP1 to Test without notifications.

  B. Modify the rule and increase the instance count.

  C. Modify the rule and configure an alert threshold.

  D. Modify the rule and set the priority to the highest value.

  Correct Answer: C

  Reference: https://learn.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

• Question 28:

  You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company. What should you do?

  A. From the Microsoft Purview compliance portal, start a data investigation.

  B. From the Microsoft Defender for Cloud Apps portal, create a file policy.

  C. From the Azure Active Directory admin center, configure an Identity Protection policy.

  D. From the Exchange admin center, create a data loss prevention (DLP) policy.

  Correct Answer: B

  File filters in Microsoft Defender for Cloud Apps

  After you connect an app to Defender for Cloud Apps, integrate with Microsoft Purview Information Protection. Then, in the Files page, filter for files labeled Confidential and exclude your domain in the Collaborators filter. If you see that there are confidential files shared outside your organization, you can create a file policy to detect them.

  Incorrect:

  Not D: In Microsoft Purview, you can create a data loss prevention (DLP) policy in two different admin centers:

  In the Microsoft Purview compliance portal, you can create a single DLP policy to help protect content in SharePoint, OneDrive, Exchange, Teams, and now Endpoint Devices. We recommend that you create a DLP policy here.

  (Not D) In the Exchange admin center, you can create a DLP policy to help protect content only in Exchange. This policy can use Exchange mail flow rules (also known as transport rules), so it has more options specific to handling email.

  You can use a Microsoft Purview data loss prevention (DLP) policy to identify, monitor, and protect sensitive information across Office 365. You want people in your organization who work with this sensitive information to stay compliant with

  your DLP policies, but you don't want to block them unnecessarily from getting their work done. This is where email notifications and policy tips can help.

  Reference:

  https://learn.microsoft.com/en-us/defender-cloud-apps/file-filters

  https://learn.microsoft.com/en-us/microsoft-365/compliance/how-dlp-works-between-admin-centers

• Question 29:

  You are creating a data loss prevention (DLP) policy that will apply to all available locations. You configure an advanced DLP rule in the policy. Which type of condition can you use in the rule?

  A. Keywords

  B. Content search query

  C. Sensitive info type

  D. Sensitive label

  Correct Answer: C

• Question 30:

  You plan to implement Microsoft Office 365 Advanced Message Encryption.

  You need to ensure that encrypted email sent to external recipients expires after seven days.

  What should you create first?

  A. a custom branding template

  B. a remote domain in Microsoft Exchange

  C. a mail flow rule

  D. an X.509 version 3 certificate

  E. a connector in Microsoft Exchange

  Correct Answer: A

  You can only set expiration dates for emails to external recipients.

  With Microsoft Purview Advanced Message Encryption, anytime you apply custom branding, the Office 365 applies the wrapper to email that fits the mail flow rule to which you apply the template. In addition, you can only use expiration if you

  use custom branding.

  Note: Create a custom branding template to force mail expiration by using PowerShell

  Connect to Exchange Online PowerShell with an account that has global administrator permissions in your organization.

  Run the New-OMEConfiguration cmdlet.

  PowerShell

  New-OMEConfiguration -Identity "Expire in 7 days" -ExternalMailExpiryInDays 7

  Where:

  Identity is the name of the custom template.

  ExternalMailExpiryInDays identifies the number of days that recipients can keep mail before it expires. You can use any value between 1–730 days.

  Reference: https://learn.microsoft.com/en-us/microsoft-365/compliance/ome-advanced-expiration