Free SC-400 Sample Questions — Microsoft Information Protection Administrator

You have a Microsoft 365 E5 subscription that uses Microsoft Teams and contains a user named User1. You configure Microsoft Purview Information Barriers. You need to identify which information barrier policies apply to User1. Which cmdlet should you use?

• A. Get-OrganizationSegment
• B. Get-InformationBarrierRecipientStatus
• C. Get-InformationBarrierPolicy
• D. Get-InformationBarrierPoliciesApplicationStatus

You have a Microsoft 365 tenant. All Microsoft OneDrive for Business content is retained for five years. A user named User1 left your company a year ago, after which the account of User1 was deleted from Azure Active Directory (Azure AD). You need to recover an important file that was stored in the OneDrive of User1. What should you use?

• A. the Restore-SPODeletedSite PowerShell cmdlet
• B. the OneDrive recycle bin
• C. the Restore-ADObject PowerShell cmdlet
• D. Deleted users in the Microsoft 365 admin center

You need to provide a user with the ability to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The solution must use the principle of least privilege. Which role should you assign to the user?

• A. Compliance data administrator
• B. Security operator
• C. Compliance administrator
• D. Security reader

You have a Microsoft 365 E5 subscription that uses Privacy Risk Management in Microsoft Priva. You need to review the personal data type instances that were detected in the subscription. What should you use in the Microsoft Purview compliance portal?

• A. Content explorer
• B. User data search
• C. Content search
• D. an eDiscovery case

You have a Microsoft 365 E5 subscription. You need to create static retention policies for the following locations: • Teams chats • Exchange email • SharePoint sites • Microsoft 365 Groups • Teams channel messages What is the minimum number of retention policies required?

• A. 1
• B. 2
• C. 3
• D. 4
• E. 5

You have a Microsoft 365 E5 subscription. You are implementing insider risk management. You need to maximize the amount of historical data that is collected when an event is triggered. What is the maximum number of days that historical data can be collected?

• A. 30
• B. 60
• C. 90
• D. 180

You have a Microsoft 365 subscription that contains a user named User1. User1 plans to export a history of Microsoft Purview communication compliance policy changes. You need to add User1 to a role group in Microsoft Purview. The solution must follow the principle of least privilege. To which role group should you add User1?

• A. Communication Compliance Investigators
• B. Communication Compliance Viewers
• C. Communication Compliance Analysts
• D. Communication Compliance Administrators

You need to recommend a solution that meets the Data Loss Prevention requirements for the HR department. Which three actions should you perform? Each correct answer presents part of the solution. (Choose three.) NOTE: Each correct selection is worth one point.

• A. Schedule EdmUploadAgent.exe to hash and upload a data file that contains employee information
• B. Create a sensitive info type rule package that contains the EDM classification
• C. Define the sensitive information database schema in the XML format
• D. Create a sensitive info type rule package that contains regular expressions
• E. Define the sensitive information database schema in the CSV format

You have a Microsoft 365 subscription. You need to be notified by email whenever an administrator starts an eDiscovery search. What should you do from the Microsoft Purview compliance portal?

• A. From Records management create event type
• B. From eDiscovery, create an eDiscovery case
• C. From Content search, create a new search
• D. From Policies, create an alert policy

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2. The subscription has a data loss prevention (DLP) policy named Policy1. User2 sends an outbound message that generates a false positive for Policy1. You need to ensure that User1 can download the message that generated the alert. The solution must follow the principle of least privilege. To which role group should you add User1?

• A. Data Investigator
• B. Global Reader
• C. eDiscovery Manager
• D. Security Operator

You plan to create a new data loss prevention (DLP) policy named DIP1. DLP1 will be applied to the Exchange email location. You need to exclude two users named User1 and User2 from DLP1. What should you do first?

• A. Create an organization sharing policy in Microsoft Exchange
• B. Create a mail flow rule in Microsoft Exchange
• C. Create a distribution list that contains User1 and User2
• D. Create an advanced DLP rule

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 contains a file named File1. You have a retention policy named Retention1 that has the following settings: • Retention items for a specific period o Retention period: 5 years o At the end of the retention period: Delete items automatically Retention1 is applied to Site1. You need to ensure that File1 is deleted automatically after seven years. The solution must NOT affect the retention of other files on Site1. What should you do first?

• A. Move File1 to a new folder and configure the access control list (ACL) entries for File1
• B. Create a new retention policy
• C. Publish and apply a new retention label
• D. Move File1 to a new folder and list the excluded locations for Retention1

You have a Microsoft SharePoint Online site that contains employee contracts in a document library named Contracts. The contracts must be treated as records in accordance with your company's records management policy. You need to implement a solution to automatically mark all the contracts as records when they are uploaded to Contracts. Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct selection is worth one point.

• A. Create a sensitivity label
• B. Create a retention label
• C. Configure a default label on the Contracts document library
• D. Create a retention policy
• E. Create a file plan
• F. Create a retention lock

You have a Microsoft 365 E5 subscription. You plan to use Microsoft Purview insider risk management. You need to create an insider risk management policy that will detect data theft from Microsoft SharePoint Online by users that submitted their resignation or are near their employment termination date. What should you do first?

• A. Configure Office indicators
• B. Configure an HR data connector
• C. Configure a Physical badging connector
• D. Onboard devices to Microsoft Defender for Endpoint

You are creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy1 that will have all locations selected. Which two conditions can you use in the rule? Each correct answer presents a complete solution. (Choose two.) NOTE: Each correct selection is worth one point.

• A. Content contains
• B. Content is shared from Microsoft 365
• C. Document size equals or is greater than
• D. Attachment's file extension is
• E. Document property is

You have a Microsoft 365 E5 tenant that has data loss prevention (DLP) policies. You need to create a report that includes the following: • Documents that have a matched DLP policy. • Documents that have had a sensitivity label changed. • Documents that have had a sensitivity label changed. What should you use?

• A. a content search
• B. an eDiscovery case
• C. communication compliance reports
• D. Activity explorer

You have a Microsoft 365 E5 subscription that contains a data loss prevention (DLP) policy named DLP1. DLP1 has a rule that triggers numerous alerts. You need to reduce the number of alert notifications that are generated. The solution must maintain the sensitivity of DLP1. What should you do?

• A. Change the mode of DLP1 to Test without notifications
• B. Modify the rule and increase the instance count
• C. Modify the rule and configure an alert threshold
• D. Modify the rule and set the priority to the highest value

You have a Microsoft 365 subscription. Users have devices that run Windows 11. You plan to create a Microsoft Purview insider risk management policy that will detect when a user performs the following actions: • Deletes files that contain a sensitive information type (SIT) from their device • Copies files that contain a SIT to a USB drive • Prints files that contain a SIT You need to prepare the environment to support the policy. What should you do?

• A. Configure the physical badging connector
• B. Onboard the devices to Microsoft Purview
• C. Configure the HR data connector
• D. Create a Microsoft Purview communication compliance policy

In Microsoft Exchange Online, you have a retention policy named Policy1 that applies a retention tag named Tag1. You plan to remove Tag1 from Policy1. What will occur when you remove the tag from Policy1?

• A. The content will remain tagged and the Managed Folder Assistant will process Tag1
• B. Tag1 will be removed if Policy1 applied the tag to the content
• C. The content will remain tagged, but the Managed Folder Assistant will ignore Tag1

You have a Microsoft 365 E5 subscription. You need to export the details of a retention label. The export must include the following information: • Is record • Is regulatory • Disposition type What should you do?

• A. From the Microsoft Purview compliance portal, export Compliance Manager assessment actions
• B. From the Microsoft Purview compliance portal export a file plan
• C. From the Microsoft Purview compliance portal, export a disposition review
• D. From PowerShell, run the Export-ActivityExplorerData cmdlet
• E. From PowerShell, run the Get-RetentionEvent cmdlet