[Oct-2024] SC-400 Pre-Exam Practice Tests | Exam Questions and Answers for Microsoft Certified: Information Protection Administrator Associate Study Guide
Microsoft Information Protection Administrator Certification Sample Questions
NEW QUESTION # 30
You need to meet the technical requirements for the confidential documents.
What should you created first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type?
view=o365-worldwide
NEW QUESTION # 31
You have a Microsoft 365 tenant.
A retention hold is applied to all the mailboxes in Microsoft Exchange Online.
A user named User1 leaves your company, and the account of User1 is deleted from Azure Active Directory (Azure AD).
You need to create a new user named User2 and provide User2 with access to the mailbox of User1.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/recover-an-inactive-mailbox?view=o365-worldwide
NEW QUESTION # 32
You need to recommend an information governance solution that meets the HR requirements for handling employment applications and resumes.
What is the minimum number of information governance solution components that you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Graphical user interface, text, application, email Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-wo
NEW QUESTION # 33
You have a Microsoft 365 tenant.
A retention hold is applied to all the mailboxes in Microsoft Exchange Online.
A user named User1 leaves your company, and the account of User1 is deleted from Azure Active Directory (Azure AD).
You need to create a new user named User2 and provide User2 with access to the mailbox of User1.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/recover-an-inactive-mailbox?view=o365-worldwide
NEW QUESTION # 34
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Built-in DLP inspection method and send alerts as email.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Alerts must be sent to the Microsoft Teams site of the affected department. A Microsoft Power Automate playbook should be used.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/content-inspection-built-in
https://docs.microsoft.com/en-us/cloud-app-security/flow-integration
NEW QUESTION # 35
You need to meet the technical requirements for the creation of the sensitivity labels.
To which user or users must you grant the Sensitivity label administrator role?
- A. Admin1 and Admin5 only
- B. Admin1 only
- C. Admin1, Admin2, Admin4, and Admin5 only
- D. Admin1 and Admin4 only
- E. Admin1, Admin2, and Admin3 only
Answer: D
Explanation:
Compliance Data Administrator, Compliance Administrator, and Security Administrator already have the
required permissions to create the labels.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-
worldwide#permissions-required-to-create-and-manage-sensitivity-labels
NEW QUESTION # 36
You plan to create a custom sensitive information type that will use Exact Data Match (EDM).
You need to identify what to upload to Microsoft 365, and which tool to use for the upload.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application, chat or text message Description automatically generated
NEW QUESTION # 37
You plan to implement a sensitive information type based on a trainable classifier. The sensitive information type will identify employment contracts.
You need to copy the required files to Microsoft SharePoint Online folders to train the classifier.
What should you use to seed content and test the classifier? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide
NEW QUESTION # 38
You need to automatically apply a sensitivity label to documents that contain information about your company's network including computer names, IP addresses, and configuration information.
Which two objects should you use? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct selection is worth one point.
- A. a sensitivity label that has auto-labeling
- B. a sensitive info type that uses a regular expression
- C. a sensitive info type that uses keywords
- D. a custom trainable classifier
- E. an Information protection auto-labeling policy
- F. a data loss prevention (DLP) policy
Answer: D,E
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365- worldwide
NEW QUESTION # 39
You have a Microsoft 365 E5 subscription.
You receive the data loss prevention (DIP) alert shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graph.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 40
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Cloud App Security portal, you create an app discovery policy.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
You can create app discovery policies to alert you when new apps are detected within your organization.
Use the unallowed apps list instead.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-policies
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide
NEW QUESTION # 41
You have a Microsoft 365 tenant that uses trainable classifiers.
You are creating a custom trainable classifier.
You collect 300 sample file types from various geographical locations to use as seed content. Some of the file samples are encrypted.
You organize the files into categories as shown in the following table.
Which file categories can be used as seed content?
- A. Category3. and Category5 only
- B. Category4 and Category6 only
- C. Category4 and Category5 only
- D. Category1 and Category3 only
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide
https://docs.microsoft.com/en-us/sharepoint/technical-reference/default-crawled-file-name-extensions-andparsed
Topic 2, Contoso Case Study
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.
Microsoft 365 Environment
Contoso has a Microsoft 365 FS tenant I he tenant contains the administrative user accounts shown in the following table.
Users store data In the following locations:
* SharePoint sites
* OneDrive accounts
* Exchange email
* Exchange public folders
* Teams chats
* Teams channel messages
When users in the research department create documents, they must add a 10-dig>t project code to each document. Project codes that start with the digits 999 are confidential.
SharePoint Online Environment
Contoso has four Microsoft SharePoint Online sites named Site1. Site2. Site3. and Site4.
Site2 contains the files shown in the following table.
Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.
Sile3 stores documents related to the company's projects. The documents are organized In a folder hierarchy based on the project.
Slte4 has the following two retention policies applied:
* Name: SitetKetentionPolicy1
* Locations to apply the policy: Site4
* Delete items older than:2 years
* Delete content based on: When items were created
* Name: Site4RetentionPolicy2
* Locations to apply the policy. Sile4
* Retain items for a specific period: 4 years
* Start the retention period based on: When items were created
* At the end of the retention period: Do nothing
Problem Statements
Management at Contoso is concerned about data leaks. On several occasions, confidential research departments were leaked.
Planned Changes
Contoso plans to create the following data loss prevention (DLP) policy:
* Name: DLPpolicy1
* Locations to apply the policy; Site2
* Conditions:
* Content contains any of these sensitive info types: SWIF F Code
* Instance count: 2 to any
* Actions: Restrict access to the content
Technical Requirements
Contoso must meet the following technical requirements:
* All administrative users must be able to review DLP reports.
* Whenever possible, the principle of least privilege must be used.
* For all users, all Microsoft 365 data must be retained for at least one year.
* Confidential documents must be detected and protected by using Microsoft 365.
* Site1 documents that include credit card numbers must be labeled automatically.
* All administrative users must be able to create Microsoft 365 sensitivity labels.
* After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years
NEW QUESTION # 42
You have a Microsoft 365 E5 tenant.
You create sensitivity labels as shown in the Sensitivity Labels exhibit.
The Confidential/External sensitivity label is configured to encrypt files and emails when applied to content.
The sensitivity labels are published as shown in the Published exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
NEW QUESTION # 43
You need to meet the technical requirements for the confidential documents.
What should you created first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-worldwide
Topic 2, Fabrikam,
Cloud Environment
Fabrikam has a Microsoft 365 tenant that contains the following resources:
* An Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain named corp.fabrikam.com
* Microsoft Cloud App Security connectors configured for all supported cloud applications used by the company
Some users have company Dropbox accounts.
Compliance Configuration
Fabrikam has the following in the Microsoft 365 compliance center:
* A data loss prevention (DLP) policy is configured. The policy displays a tooltip to users. Users can provide a business justification to override a DLP policy violation.
* The Azure information Protection unified labeling scanner is installed and configured.
* A sensitivity label named Fabrikam Confidential is configured.
An existing third-party records management system is managed by the compliance department.
Human Resources (HR) Management System
The HR department has an Azure SQL. database that contains employee information. Each employee has a unique 12-character alphanumeric ID. The database contains confidential employed attributes including payroll information, date of birth, and personal contact details.
On-premises Environment
You have an on premises file server that runs Windows Server 2019 and stores Microsoft Office documents in a shared folder named Data.
All end-user computers are joined to the corp.fabrinkam.com domain and run a third-party antimalware application.
Sales Contracts
Users in the sales department receive draft sales contracts from customers by email. The sales contracts are written by the customers and are not in a standard format.
Employment Applications
Employment applications and resumes are received by HR department managers and stored in either mailboxes, Microsoft SharePoint Online sites, OneDrive for Business folders, or Microsoft Segment
Teams channels.
The employment application form is downloaded from SharePoint Online and a serial number is assigned to each application.
the resumes are written by the applications and in any format.
HR Requirements
You need to create a DLP policy that will notify the HR department of a DLP policy violation if a document that contains confidential employee attributes is shared externally. The DLP policy must use an Exact Data Match (EDM) classification derived from a CSV export of the HR department database.
The HR department identifies the following requirements for handling employment applications:
* Resumes must be identified automatically based on similarities to other resumes received in the past
* Employment applications and resumes must be deleted automatically two years after the applications are received.
* Documents and emails that contain an application serial number must be identified automatically and marked as an employment application.
Sales Requirements
A sensitivity label named Sales Contract must be applied automatically to all draft and finalized sales contracts.
Compliance Requirements
Fabrikam identifies the following compliance requirements:
* All DLP policies must be applied to computers that run Windows 10, with the least possible changes to the computers.
* Users in the compliance department must view the justification provided when a user receives a tooltip notification for a DLP violation.
* If a document that has the Fabrikam Confidential sensitivity label applied is uploaded to Dropbox. the file must be deleted automatically. - The Fabrikam Confidential sensitivity label must be applied to existing Microsoft Word documents in the Data shared folder that have a
document footer containing the following string: Company use only.
* Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME.
* Existing policies configured in the third-party records management system must be replaced by using Records management in the Microsoft 365 compliance center. The compliance department plans to export the existing policies, and then produce a CSV file that contains matching labels and policies that are compatible with records management in Microsoft 365. The CSV file must be used to configure records management in Microsoft 365.
Executive Requirements
You must be able to restore all email received by Fabrikam executives for up to three years after an email is received, even if the email was deleted permanently.
NEW QUESTION # 44
You have a Microsoft 365 E5 subscription.
You are implementing insider risk management
You need to create an insider risk management notice template and format the message body of the notice template.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 45
You have a Microsoft 365 ES subscription that uses data loss prevention (DLP) to protect sensitive information.
You need to create scheduled reports that generate.
* DLP policy matches reported over the shortest frequency of time
* DLP incidents reported over the longest frequency of time
Which frequency should you configure for each repot? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 46
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You plan to deploy a Defender for Cloud Apps file policy that will be triggered when the following conditions are met:
* A file is shared externally.
* A file is labeled as internal only.
Which filter should you use for each condition? To answer, drag the appropriate filters to the correct conditions. Each filter may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
Explanation:
NEW QUESTION # 47
You need to recommend a solution that meets the sales requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
Graphical user interface, text, application, chat or text message Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide
NEW QUESTION # 48
You have a Microsoft 365 E5 tenant.
You need to create a custom trainable classifier that will detect product order forms. The solution must use the principle of least privilege.
What should you do first? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
D:\mudassar\Untitled.jpg
NEW QUESTION # 49
Task 1
You need to provide users with the ability to manually classify files that contain product information that are stored in SharePoint Online sites. The solution must meet the following requirements:
* The users must be able to apply a classification of Product1 to the files.
* Any authenticated user must be able to open files classified as Product1.
* files classified as Product1 must be encrypted.
Answer:
Explanation:
See the solution below in Explanation.
* Create a Custom Content Type:
* Go to your SharePoint Online site.
* Click on Settings (gear icon) and select Site settings.
* Under Web Designer Galleries, choose Site content types.
* Create a new content type (e.g., "Product1 Classification") based on the Document parent content type.
* Add a custom column (e.g., "Classification") to this content type.
* Apply the Content Type to Document Libraries:
* Navigate to the document library where the files are stored.
* Click on Library settings.
* Under General Settings, select Advanced settings.
* Choose Yes for "Allow management of content types."
* Add your custom content type ("Product1 Classification") to the library.
* Manually Classify Files:
* Upload or edit a file in the library.
* In the file properties, select the Classification field and set it to "Product1."
* Permissions and Encryption:
* Ensure that all authenticated users have at least View permissions on the library.
* For encryption, SharePoint Online automatically encrypts files at rest using BitLocker disk-level encryption.
* Files classified as "Product1" will be encrypted and accessible only to authorized users.
NEW QUESTION # 50
You have a Microsoft 365 subscription that has Enable Security defaults set to No in Azure AD.
You have a custom compliance manager template named Regulation1.
You have the assessments shown in the following table.
Assessment1 has the improvement actions shown in the following table.
Assessment2 has the improvement actions shown in the following table.
You perform the following actions:
* For Assessment2, change the Test status of Establish a threat intelligence program to Implemented.
* Enable multi-factor authentication (MFA) for all users.
* Configure a privileged access policy.
For each of the following statements, select Yes if the statement is true. Otherwise select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 51
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You need to delegate the following tasks:
* Configure role group assignments for communication compliance.
* Update and view the status of communication compliance alerts.
Which users can perform each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 52
......
Microsoft Exam Practice Test To Gain Brilliante Result: https://braindumps2go.dumpexam.com/SC-400-valid-torrent.html
