Microsoft SC-400 Exam Practice Test Instant Access

Question 1

Your company has a Microsoft 365 tenant that uses a domain named contoso.com.

You are implementing data loss prevention (DLP).

The company's default browser is Microsoft Edge.

During a recent audit, you discover that some users use Firefox and Google Chrome browsers to upload files labeled as Confidential to a third-party Microsoft SharePoint Online site that has a URL of https://m365x076709.sharepoint.com. Users are blocked from uploading the confidential files to the site from Microsoft Edge.

You need to ensure that the users cannot upload files labeled as Confidential from Firefox and Google Chrome to any cloud services.

Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)

NOTE: Each correct selection is worth one point.

AFrom the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add
m365x076709.sharepoint.com as a blocked service domain.

BCreate a DLP policy that applies to the Devices location.

CFrom the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, add Firefox and Google
Chrome to the unallowed browsers list.

DFrom the Microsoft 365 compliance center, onboard the devices.

EFrom the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add contoso.com as an
allowed service domain.

Answer : C, D

https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide

Question 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are configuring a file policy in Microsoft Cloud App Security.

You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.

Solution: You use the Data Classification service inspection method and send alerts to Microsoft Power Automate.

Does this meet the goal?

AYes

BNo

Answer : B

https://docs.microsoft.com/en-us/cloud-app-security/dcs-inspection

https://docs.microsoft.com/en-us/cloud-app-security/data-protection-policies

Question 3

You have a Microsoft 365 E5 subscription that contains a device named Device1.

You need to enable Endpoint data loss prevention (Endpoint DLP) for Device1.

What should you do first in the Microsoft Purview compliance portal?

ATurn on device onboarding.

BAdd a Microsoft Purview Information Protection scanner cluster.

COnboard Device1 to Microsoft Purview.

DCreate a Microsoft Purview Information Barriers (IBs) segment.

EEnable Microsoft Priva Privacy Risk Management.

Answer : A

Question 4

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.

You need to deploy a Microsoft Purview insider risk management solution that will generate an alert when users share sensitive information on Site1 with external recipients.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

ATurn on analytics.

BConfigure adaptive protection.

CTurn on indicators.

DCreate a data loss prevention (DLP) policy.

ECreate an insider risk policy.

Answer : C, E

Question 5

You have a Microsoft 365 ES tenant that uses Microsoft Teams and contains two users named User1 and User2.

You create a data loss prevention (DLP) policy that is applied to the Teams chat and channel messages location for user1 and user2.

Which Teams entities will have DLP protection? Purview compliance portal?

A1:1/n chats and general channels only

B1:1/chats and private channels only

C1:1/ chats, general channels, and private channels

DDLP policy matches

Answer : B, D

Question 6

You have a Microsoft 365 E5 subscription that contains a retention policy named RP1 as shown in the following table.

You place a preservation lock on RP1. You need to modify RP1.

Which two actions can you perform? Each correct answer NOTE: Each correct selection is worth one point.

ADecrease the retention period of the policy.

BDelete the policy.

CIncrease the retention period of the policy.

DDisable the policy.

ERemove locations from the policy.

FAdd locations to the policy.

Answer : C, F

Question 7

SIMULATION

Task 6

You plan to implement Endpoint data loss prevention (Endpoint DLP) policies for computers that run Windows.

Users have an application named App1 that stores data locally in a folder named C:\app1\data.

You need to prevent the folder from being monitored by Endpoint DLP.

ASee thesolution below in Explanation

Answer : A

To prevent the folderC:\app1\datafrom being monitored byEndpoint Data Loss Prevention (DLP), follow these steps:

Configure File Path Exclusions:

Open theMicrosoft Purview compliance portal.

Navigate toData loss prevention>Overview>Data loss prevention settings>Endpoint settings.

Look for theFile path exclusionssection.

Add an exclusion for the pathC:\app1\data.

Files within this folder will not be audited o HYPERLINK 'https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings'r subject to DLP policy enforc HYPERLINK 'https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings'ement HYPERLINK 'https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings'1 HYPERLINK 'https://techcommunity.microsoft.com/t5/microsoft-365/suggested-recommended-endpoint-dlp-file-path-exclusions/td-p/2840416'2.

Microsoft Information Protection Administrator SC-400 Exam Practice Test