Microsoft Microsoft Certifications SC-400 Questions & Answers

• Question 71:

  You have a data loss prevention (DLP) policy that applies to the Devices location. The policy protects documents that contain States passport numbers.

  Users reports that they cannot upload documents to a travel management website because of the policy.

  You need to ensure that the users can upload the documents to the travel management website. The solution must prevent the protected content from being uploaded to other locations.

  Which Microsoft 365 Endpoint data loss prevention (Endpoint DLP) setting should you configure?

  A. Unallowed apps

  B. File path exclusions

  C. Service domains

  D. Unallowed browsers

  Correct Answer: C

  You can control whether sensitive files protected by your policies can be uploaded to specific service domains from Microsoft Edge.

  If the list mode is set to Block, then user will not be able to upload sensitive items to those domains. When an upload action is blocked because an item matches a DLP policy, DLP will either generate a warning or block the upload of the

  sensitive item.

  If the list mode is set to Allow, then users will be able to upload sensitive items only to those domains, and upload access to all other domains is not allowed.

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365- worldwide

• Question 72:

  You plan to implement sensitivity labels for Microsoft Teams.

  You need to ensure that you can view and apply sensitivity labels to new Microsoft Teams sites.

  What should you do first?

  A. Run the Set-sposite cmdlet.

  B. Configure the EnableMTPLabels Azure Active Directory (Azure AD) setting.

  C. Create a new sensitivity label scoped to Groups and sites.

  D. Run the Execute-AzureAdLabelSync cmdtet.

  Correct Answer: B

• Question 73:

  Your company has a Microsoft 365 tenant.

  The company performs annual employee assessments.

  The assessment results are recorded in a document named Assessment I cmplatc.docx that is created by using Microsoft Word template.

  Copies of the employee assessments are sent to employees and their managers.

  The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive for Business folders. A copy of each assessment is also stored in a SharePoint Online folder named Assessments.

  You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users.

  You will use a document fingerprint to identify the assessment documents.

  What should you include in the solution?

  A. Create a fingerprint of 100 sample documents in the Assessments folder.

  B. Create a sensitive info type that uses Exact Data Match (EDM).

  C. Import 100 sample documents from the Assessments folder to a seed folder.

  D. Create a fingerprint of AssessmentTemplate.docx.

  Correct Answer: D

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/document-fingerprinting?view=o365-worldwide

• Question 74:

  You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company. What should you do?

  A. From the Microsoft 365 compliance center, create a data loss prevention (DLP) policy.

  B. From the Azure portal, create an Azure Active Directory (Azure Al)) Identity Protection

  C. From the Microsoft 36h compliance? center, create an insider risk policy.

  D. From the Microsoft 365 compliance center, start a data investigation.

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

• Question 75:

  Your company manufactures parts that are each assigned a unique 12-character alphanumeric serial number. Emails between the company and its customers refer in the serial number.

  You need to ensure that ail Microsoft Exchange Online emails containing the serial numbers are retained for five years.

  Which three objects should you create? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. a trainable classifier

  B. a sensitive info type

  C. a retention polity

  D. a data loss prevention (DLP) policy

  E. an auto-labeling policy

  F. a retention label

  G. a sensitivity label

  Correct Answer: BEF

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-learn-about?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide

• Question 76:

  You have a Microsoft 365 tenant that uses the following sensitivity labels:

  1.

  Confidential

  2.

  Internal

  3.

  External

  The labels are published by using a label policy named Policy1.

  Users report that Microsoft Office for the wen apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally.

  You need to ensure that the users can apply sensitivity labels to content when they use

  Solution: You modify the publishing settings of Policy1.

  Does the meet the goal?

  A. Yes

  B. No

  Correct Answer: B

• Question 77:

  You have a data loss prevention (DLP) policy configured for endpoints as shown in the following exhibit.

  

  From a computer named Computer1, 3 user can sometimes upload files to cloud services and sometimes cannot. Other users experience the same issue.

  What are two possible causes of the issue? Each correct answer presents a complete solution.

  NOTE: Each correct selection is worth one point.

  A. The Access by unallowed apps action is set to Audit only.

  B. The computers are NOT onboarded to the Microsoft 365 compliance center.

  C. The Copy to clipboard action is set to Audit only.

  D. There are file path exclusions in the Microsoft 365 Endpoint data loss prevention (Endpoint DIP) settings.

  E. The unallowed browsers in the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings are NOT configured.

  Correct Answer: DE

• Question 78:

  You need to create a retention policy to retain all the files from Microsoft Teams channel conversations and private chats. Which two locations should you select in the retention policy? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct selection is worth one point.

  A. OneDrive accounts

  B. Office 365 groups

  C. Team channel messages

  D. SharePoint sites

  E. Team chats

  F. Exchange email

  Correct Answer: AD

  Reference: https://support.microsoft.com/en-us/office/file-storage-in-teams-df5cc0a5-d1bb-414c-8870-46c6eb76686a

• Question 79:

  You have a Microsoft 365 tenant that uses records management.

  You use a retention label to mark legal files stored in a Microsoft SharePoint Online document library as regulatory records.

  What can you do to the legal files?

  A. Rename the files.

  B. Edit the properties of the files.

  C. Change the retention label of the files.

  D. Copy the content of the files.

  Correct Answer: D

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide

• Question 80:

  You have a Microsoft 365 tenant.

  All Microsoft OneDrive for Business content is retained for five years.

  A user named User1 left your company a year ago, after which the account of User1 was deleted from Azure Active Directory (Azure AD).

  You need to recover an important file that was stored in the OneDrive of User1.

  What should you use?

  A. the Restore-SPODeletedSite PowerShell cmdlet

  B. the OneDrive recycle bin

  C. the Restore-ADObject PowerShell cmdlet

  D. Deleted users in the Microsoft 365 admin center

  Correct Answer: A