Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Microsoft Information Protection Administrator: SC-400 Sample Questions

  1. Home
  3. Microsoft Information Protection Administrator: SC-400 Sample Questions
Microsoft Information Protection Administrator: SC-400 Sample Questions

Microsoft offers the SC-400: Microsoft Information Protection Administrator exam. The SC-400 exam measures a candidate’s ability to perform technical tasks such as data protection, data loss prevention, and information governance, among others. After passing the SC-400 exam, the candidate will be promoted to Microsoft Certified: Information Protection Administrator Associate.

The Microsoft Information Protection Administrator Exam SC-400 consists of 40 to 60 multiple-choice and multiple-response questions. The candidate will have 120 minutes to complete the test. Furthermore, it is only available in English, and a 70% score is required to receive this certification.

Advanced Sample Questions

What actions should you take to ensure that sensitive information is not leaked via email?

  • A) Enable S/MIME encryption on all outgoing emails
  • B) Implement data loss prevention (DLP) policies
  • C) Enable message encryption on all email servers
  • D) All of the above

Answer: D) All of the above

Explanation: S/MIME encryption will secure email messages and attachments in transit, DLP policies will help identify and prevent sensitive information from being leaked, and message encryption will secure messages while they are stored on the email servers. All three actions should be taken to ensure comprehensive protection of sensitive information.

How do you classify sensitive information within your organization?

  • A) Manually label all sensitive information
  • B) Use automatic classification policies
  • C) Use the Microsoft Information Protection API
  • D) All of the above

Answer: D) All of the above

Explanation: Manual labeling is a good approach for smaller organizations, but larger organizations can benefit from using automatic classification policies to classify sensitive information. The Microsoft Information Protection API can also be used to classify information programmatically.

How do you monitor access to sensitive information within your organization?

  • A) Use audit logs and reports
  • B) Implement data access monitoring
  • C) Use the Microsoft Information Protection API
  • D) All of the above

Answer: D) All of the above

Explanation: Audit logs and reports can help you monitor who has accessed sensitive information and when, data access monitoring will alert you to any unauthorized access, and the Microsoft Information Protection API can be used to monitor access programmatically. All three approaches should be used to ensure comprehensive monitoring of access to sensitive information.

How can you prevent unauthorized access to sensitive information?

  • A) Implement multi-factor authentication
  • B) Use encryption
  • C) Implement access controls
  • D) All of the above

Answer: D) All of the above

Explanation: Multi-factor authentication will help prevent unauthorized access by requiring users to provide multiple forms of identification, encryption will help protect sensitive information in transit and at rest, and access controls will allow you to restrict access to sensitive information based on user roles and permissions. All three approaches should be used to ensure comprehensive protection against unauthorized access.

How can you ensure that sensitive information is not lost or stolen?

  • A) Implement regular backups
  • B) Use remote wipe capabilities
  • C) Implement data loss prevention (DLP) policies
  • D) All of the above

Answer: D) All of the above

Explanation: Regular backups will help ensure that sensitive information can be recovered in the event of loss or theft, remote wipe capabilities will allow you to erase sensitive information from lost or stolen devices, and DLP policies will help prevent sensitive information from being lost or stolen in the first place. All three approaches should be used to ensure comprehensive protection against loss or theft of sensitive information.

How can you prevent sensitive information from being shared externally?

  • A) Implement access controls
  • B) Use data loss prevention (DLP) policies
  • C) Implement email filtering
  • D) All of the above

Answer: D) All of the above

Explanation: Access controls will help restrict who can access sensitive information, DLP policies will help identify and prevent sensitive information from being shared, and email filtering will prevent sensitive information from being sent outside of the organization. All three approaches should be used to ensure comprehensive protection against external sharing of sensitive information.

What actions should you take to ensure that sensitive information is not disclosed in public areas of your organization?

  • A) Implement access controls
  • B) Use data loss prevention (DLP) policies
  • C) Implement screen lock policies
  • D) All of the above

Answer: D) All of the above

Explanation: Access controls will help restrict who can access sensitive information, DLP policies will help identify and prevent sensitive information from being disclosed, and screen lock policies will help prevent sensitive information from being disclosed if a computer is left unattended. All three approaches should be used to ensure comprehensive protection against disclosure of sensitive information in public areas.

What steps should you take to ensure that sensitive information is protected during transmission?

  • A) Use secure protocols such as SSL/TLS
  • B) Use encryption
  • C) Implement data loss prevention (DLP) policies
  • D) All of the above

Answer: D) All of the above

Explanation: Secure protocols such as SSL/TLS will help protect sensitive information in transit, encryption will help protect sensitive information both in transit and at rest, and DLP policies will help prevent sensitive information from being transmitted inappropriately. All three approaches should be used to ensure comprehensive protection during transmission.

What steps should you take to ensure that sensitive information is protected when stored?

  • A) Use encryption
  • B) Implement data loss prevention (DLP) policies
  • C) Implement access controls
  • D) All of the above

Answer: D) All of the above

Explanation: Encryption will help protect sensitive information both in transit and at rest, DLP policies will help prevent sensitive information from being stored inappropriately, and access controls will help restrict who can access sensitive information. All three approaches should be used to ensure comprehensive protection when sensitive information is stored.

How can you ensure that sensitive information is not disclosed if a device is lost or stolen?

  • A) Implement remote wipe capabilities
  • B) Use encryption
  • C) Implement screen lock policies
  • D) All of the above

Answer: D) All of the above

Explanation: Remote wipe capabilities will allow you to erase sensitive information from a lost or stolen device, encryption will help protect sensitive information even if a device is lost or stolen, and screen lock policies will help prevent sensitive information from being disclosed if a device is left unattended. All three approaches should be used to ensure comprehensive protection against disclosure if a device is lost or stolen.

Basic Sample Questions

Question 1 –

You make three sensitivity labels, Sensitivity1, Sensitivity2, and Sensitivity3, and then do the following:

  • Sensitivity1 should be published.
  • Create a Sensitivity2 auto-labeling policy.

In Microsoft Cloud App Security, you intend to create a file policy called Policy1. In Policy1, which sensitivity labels can you apply to Microsoft SharePoint Online?

  • A. Sensitivity1 only
  • B. Sensitivity1, Sensitivity2, and Sensitivity3
  • C. Sensitivity2 only
  • D. Sensitivity1 and Sensitivity2 only

Correct Answer – D 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide https://docs.microsoft.com/en-us/cloud-app-security/azip-integration

Question 2 –

You are putting in place a data classification solution. Your company’s research department requires that documents containing programming code be labeled as Confidential. The department provides code samples from its document library. The solution must require the least amount of administrative effort. What are your options?

  • A. Create a custom classifier.
  • B. Create a sensitive info type that uses Exact Data Match (EDM).
  • C. Use the source code classifier.
  • D. Create a sensitive info type that uses a regular expression.

Correct Answer – C 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about?view=o365-worldwide

Question 3 –

You now have a Microsoft 365 tenant. You must ensure that the tenant can create custom trainable classifiers. Which role should you be assigned to in order to complete the configuration?

  • A. Security administrator
  • B. Security operator
  • C. Global administrator
  • D. Compliance administrator

Correct Answer – D 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide

Question 4 –

You must automatically apply a sensitivity label to documents containing network information such as computer names, IP addresses, and configuration information. What are the best two objects to use? Each correct response represents a portion of the solution. (Select two.)

  • A. an Information protection auto-labeling policy
  • B. a custom trainable classifier
  • C. a sensitive info type that uses a regular expression
  • D. a data loss prevention (DLP) policy
  • E. a sensitive info type that uses keywords
  • F. a sensitivity label that has auto-labeling

 Correct Answer – AB 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide

Question 5 –

You’re building a custom trainable classifier to recognize organizational product codes mentioned in Microsoft 365 content.
You choose 300 files to serve as seed content. Where should the seed content be kept?

  • A. a Microsoft SharePoint Online folder
  • B. a Microsoft OneDrive for Business folder
  • C. an Azure file share
  • D. Microsoft Exchange Online shared mailbox

Correct Answer – A 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide

Question 6 –

Instead of the standard Microsoft Office 365 logo, each product group at your company must display a unique product logo in encrypted emails. What steps should you take to create branding templates?

  • A. Create a Transport rule.
  • B. Create an RMS template.
  • C. Run the Set-IRMConfiguration cmdlet.
  • D. Run the New-OMEConfiguration cmdlet.

Correct Answer – D 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-worldwide

Question 7 –

You develop a custom sensitive data type that employs Exact Data Match (EDM). You intend to update and upload the data used for EDM on a regular basis. What is the maximum rate at which data can be uploaded?

  • A. twice per week
  • B. twice per day
  • C. once every six hours
  • D. once every 48 hours
  • E. twice per hour

Correct Answer – A

Question 8 –

You receive an email containing a list of words that will be used for a specific type of sensitive information. You must create a file that will serve as the source for a keyword dictionary. What format should you save the list in?

  • A. a JSON file that has an element for each word
  • B. an ACCDB database file that contains a table named Dictionary
  • C. an XML file that contains a keyword tag for each word
  • D. a CSV file that contains words separated by commas

Correct Answer – D

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-worldwide

Question 9 –

You must evaluate Microsoft Office 365 Message Encryption (OME) capabilities for your organization. The following information must be validated by the test:

  • The names of the acquired default template
  • The status of encryption and decryption verification

Which PowerShell cmdlet should be executed?

  • A. Test-ClientAccessRule
  • B. Test-Mailflow
  • C. Test-OAuthConnectivity
  • D. Test-IRMConfiguration

Correct Answer – D 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-worldwide

Question 10 –

You have a Microsoft 365 tenant with Microsoft Office 365 Message Encryption enabled (OME). You must ensure that any emails with attachments sent to [email protected] are automatically encrypted using OME. What are your options?

  • A. From the Exchange admin center, create a new sharing policy.
  • B. From the Microsoft 365 security center, create a Safe Attachments policy.
  • C. From the Exchange admin center, create a mail flow rule.
  • D. From the Microsoft 365 compliance center, configure an auto-apply retention label policy.

Correct Answer – C 
Mail flow rules can be used to help protect email messages that you send and receive. You can configure rules to encrypt all outgoing email messages while removing encryption from encrypted messages sent from within your organization or replies to encrypted messages sent from your organization.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-worldwide

Question 11 –

You intend to use sensitivity labels in Microsoft Teams. You must ensure that sensitivity labels can be viewed and applied to new Microsoft Teams sites. What should you start with?

  • A. Run the Set-SPOSite cmdlet.
  • B. Create a new sensitivity label scoped to Groups & sites.
  • C. Run the Execute-AzureAdLabelSync cmdlet.
  • D. Configure the EnableMIPLabels Azure Active Directory (Azure AD) setting.

Correct Answer – B 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide

Question 12 –

Your business has a Microsoft 365 tenant with the domain contoso.com. To encrypt emails sent to fabrikam.com users, the company employs Microsoft Office 365 Message Encryption (OME). A user named User1 sends an email to [email protected] in error. You must prevent [email protected] from gaining access to the email. What are your options?

  • A. Run the Get-MessageTrace cmdlet.
  • B. Run the Set-OMEMessageRevocation cmdlet.
  • C. Instruct User1 to delete the email from her Sent Items folder from Microsoft Outlook.
  • D. Run the New-ComplianceSearchAction cmdlet.
  • E. Instruct User1 to select Remove external access from Microsoft Outlook on the web.

Correct Answer – A

Question 13 –

You have a Microsoft 365 subscription. You discover that Microsoft Office 365 Message Encryption is not used in email (OME). You must ensure that OME can be used with email. What should you start with?

  • A. Enable Microsoft Defender for Office 365.
  • B. Activate Azure Information Protection.
  • C. Activate Azure Rights Management (Azure RMS).
  • D. Create an Azure key vault.

Correct Answer – C 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-worldwide

Question 14 –

You have a Microsoft 365 subscription.
You design the following:

  • A label denoting sensitivity
  • A policy of auto-labeling

You must make certain that the sensitivity label is applied to all data discovered by the auto-labeling policy. What should you start with?

  • A. Enable insider risk management.
  • B. Create a trainable classifier.
  • C. Run the Enable-TransportRule cmdlet.
  • D. Run the policy in simulation mode.

Correct Answer – D 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide

Question 15 –

Based on a trainable classifier, you have a sensitive information type. You are dissatisfied with the trainable classifier’s output. The classifier must be retrained. In the Microsoft 365 compliance center, what should you use?

  • A. Labels from Information protection
  • B. Labels from Information governance
  • C. Content explorer from Data classification
  • D. Content search

Correct Answer – C 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-how-to-retrain-content-explorer?view=o365-worldwide

Question 16 –

You have 100 data loss prevention (DLP) policies in your Microsoft 365 tenant. A Microsoft Exchange administrator investigates emails that have been blocked due to DLP policy violations on a regular basis.
You must advise the Exchange administrator on which DLP report to use to determine how many messages were blocked based on each DLP policy. Which report do you think is the best?

  • A. Third-party DLP policy matches
  • B. DLP policy matches
  • C. DLP incidents
  • D. False positive and override

Correct Answer – C

Question 17 –

You are creating an advanced data loss prevention (DLP) rule in a DLP policy called Policy 1 that will apply to all locations. Which two conditions are allowed in the rule? Each correct response provides a complete solution. (Select two.)

  • A. Content contains
  • B. Content is shared from Microsoft 365
  • C. Document size equals or is greater than
  • D. Attachment’s file extension is
  • E. Document property is

Correct Answer – B

Question 18 –

You must enable a user to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The principle of least privilege must be applied to the solution. Which role should the user be assigned?

  • A. Compliance data administrator
  • B. Security operator
  • C. Compliance administrator
  • D. Security reader

Correct Answer – D 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-worldwide

Question 19 –

You must be notified when users share sensitive documents from Microsoft One Drive with users outside your organization.
What are your options?

  • A. From the Microsoft 365 compliance center, create a data loss prevention (DLP) policy.
  • B. From the Microsoft 365 compliance center, start a data investigation.
  • C. From the Microsoft 365 compliance center, create an insider risk policy.
  • D. From the Azure portal, create an Azure Information Protection policy.

Correct Answer – A 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

You must prevent users outside your company from opening documents containing credit card numbers. The solution must ensure that your company’s users can open the documents. What should you employ?

  • A. a sensitivity label policy
  • B. a sensitivity label
  • C. a retention policy
  • D. a data loss prevention (DLP) policy

Correct Answer – D 
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

Menu