[2026] Practice with these SC-400 dumps Certification Sample Questions [Q62-Q79]

[2026] Practice with these SC-400 dumps Certification Sample Questions

Get Instant Access of 100% REAL SC-400 DUMP Pass Your Exam Easily

NEW QUESTION # 62
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant that uses the following sensitivity labels:
* Confidential
* Internal
* External
The labels are published by using a label policy named Policy1. Users report that Microsoft Office for the wen apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft
365 Apps that are installed locally.
You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps.
Solution: You modify the scope of the Confidential label.
Does this meet the goal?

A. Yes
B. No

Answer: B

NEW QUESTION # 63
A user reports that she can no longer access a Microsoft Excel file named Northwind Customer Data.xlsx.
From the Cloud App Security portal, you discover the alert shown in the exhibit.

You restore the file from quarantine.
You need to prevent files that match the policy from being quarantined. Files that match the policy must generate an alert.
What should you do?

A. Update the governance action.
B. Exclude file matching by using a regular expression.
C. Assign the Global reader role to the file owners.
D. Modify the policy template.

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/data-protection-policies#create-a-new-file-policy

NEW QUESTION # 64
Your manager plans on implementing an Endpoint Data Loss Prevention (DLP) solution to prevent users from sharing sensitive information across an unallowed cloud application that once compromised the company's data.
You need to apply the correct configuration to restrict the sharing of sensitive data as required by the manager.
What two actions should you perform? Each answer presents part of the solution.

A. Create a retention label.
B. Specify the domain of the unallowed cloud app.
C. Configure a DLP policy.
D. Create a trainable classifier.
E. Apply a label to assets in Azure Purview.
F. Synchronize a sensitivity label to Azure Active Directory.

Answer: B,C

Explanation:
You should configure a data loss prevention (DLP) policy. This action, done on the Data Loss Prevention page, will allow you to identify which sensitive data should be banned from being shared with anyone other than the accepted recipients or cloud apps. This will ban the sharing of sensitive information with the cloud app that previously compromised the company's data. To create a DLP policy, you should access the Policies page from the Data Loss Prevention page, then click on the Create Policy button.
You should also specify the domain of the unallowed cloud app. This action, done on the Data Loss Prevention page, will allow you to clarify for the Data Loss Prevention (DLP) policy which domain the unallowed cloud app is using. This will allow the DLP policy to ban sharing sensitive information from any endpoint to this specified domain. This combination of actions meets the scenario requirement.
You should not create a retention label. Retention labels are used in retaining data, like documents and files, that you need, and getting rid of items that you do not need. They cannot be used to restrict the act of sharing sensitive data across an unallowed cloud app.
You should not create a trainable classifier. A trainable classifier is a tool used in data classification that allows you to train a classifier to detect content based on a training process carried out in SharePoint Online Libraries. This tool does not allow you to restrict the sharing of sensitive data.
You should not apply a label to assets in Azure Purview. This action is done by choosing the Azure Purview Assets option on the Scope page, where you can apply a label to SQL columns and files in Azure Blob Storage. This action is included in the process of automatically applying sensitivity labels to data in Azure Purview. When a sensitivity label is applied to content, it can restrict access to content by adding a mark to a specific document (like watermarks applied on documents) or by using encryption.
You should not synchronize a sensitivity label to Azure Active Directory. This action would allow you to ensure that sensitivity labels can be used with Microsoft 365 Groups in your company.
Synchronizing the sensitivity label is done by connecting to the Security and Compliance Center PowerShell. This action would not allow the restriction needed by the manager in the scenario.

NEW QUESTION # 65
You plan to import a file plan to the Microsoft 365 compliance center.
Which object type can you create by importing a records management file plan?

A. retention label policies
B. sensitivity labels
C. sensitive info types
D. retention labels

Answer: D

Explanation:
File plan in Records management allows you to bulk-create retention labels by importing the relevant information from a spreadsheet.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/file-plan-manager?view=o365-worldwide

NEW QUESTION # 66
You have a Microsoft 365 E5 subscription.
You plan to implement information barriers (IBs).
You need to create an IB segment named Segment1.
What should you use to define Segment1?

A. a user group filter
B. an administrative unit
C. a Microsoft 365 group
D. a distribution list group

Answer: A

Explanation:
User group filter is the correct answer as segments are defined by attributes.
https://learn.microsoft.com/en-us/purview/information-barriers-policies#define-segments-using- the-compliance-portal

NEW QUESTION # 67
You need to recommend a solution that meets the Data Loss Prevention requirements for the HR department.
Which three actions should you perform? Each correct answer presents part of the solution. (Choose three.) NOTE: Each correct selection is worth one point.

A. Schedule EdmUploadAgent.exe to hash and upload a data file that contains employee information.
B. Create a sensitive info type rule package that contains the EDM classification.
C. Define the sensitive information database schema in the XML format.
D. Create a sensitive info type rule package that contains regular expressions.
E. Define the sensitive information database schema in the CSV format.

Answer: A,B,C

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-custom-sensitive-information-types-withexact-data-match-based-classification?view=o365-worldwide
Topic 1, Fabrikam,
Cloud Environment
Fabrikam has a Microsoft 365 tenant that contains the following resources:
* An Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain named corp.fabrikam.com
* Microsoft Cloud App Security connectors configured for all supported cloud applications used by the company Some users have company Dropbox accounts.
Compliance Configuration
Fabrikam has the following in the Microsoft 365 compliance center:
* A data loss prevention (DLP) policy is configured. The policy displays a tooltip to users. Users can provide a business justification to override a DLP policy violation.
* The Azure information Protection unified labeling scanner is installed and configured.
* A sensitivity label named Fabrikam Confidential is configured.
An existing third-party records management system is managed by the compliance department.
Human Resources (HR) Management System
The HR department has an Azure SQL. database that contains employee information. Each employee has a unique 12-character alphanumeric ID. The database contains confidential employed attributes including payroll information, date of birth, and personal contact details.
On-premises Environment
You have an on premises file server that runs Windows Server 2019 and stores Microsoft Office documents in a shared folder named Data.
All end-user computers are joined to the corp.fabrinkam.com domain and run a third-party antimalware application.
Sales Contracts
Users in the sales department receive draft sales contracts from customers by email. The sales contracts are written by the customers and are not in a standard format.
Employment Applications
Employment applications and resumes are received by HR department managers and stored in either mailboxes, Microsoft SharePoint Online sites, OneDrive for Business folders, or Microsoft Segment Teams channels.
The employment application form is downloaded from SharePoint Online and a serial number is assigned to each application.
the resumes are written by the applications and in any format.
HR Requirements
You need to create a DLP policy that will notify the HR department of a DLP policy violation if a document that contains confidential employee attributes is shared externally. The DLP policy must use an Exact Data Match (EDM) classification derived from a CSV export of the HR department database.
The HR department identifies the following requirements for handling employment applications:
* Resumes must be identified automatically based on similarities to other resumes received in the past
* Employment applications and resumes must be deleted automatically two years after the applications are received.
* Documents and emails that contain an application serial number must be identified automatically and marked as an employment application.
Sales Requirements
A sensitivity label named Sales Contract must be applied automatically to all draft and finalized sales contracts.
Compliance Requirements
Fabrikam identifies the following compliance requirements:
* All DLP policies must be applied to computers that run Windows 10, with the least possible changes to the computers.
* Users in the compliance department must view the justification provided when a user receives a tooltip notification for a DLP violation.
* If a document that has the Fabrikam Confidential sensitivity label applied is uploaded to Dropbox. the file must be deleted automatically. - The Fabrikam Confidential sensitivity label must be applied to existing Microsoft Word documents in the Data shared folder that have a document footer containing the following string: Company use only.
* Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME.
* Existing policies configured in the third-party records management system must be replaced by using Records management in the Microsoft 365 compliance center. The compliance department plans to export the existing policies, and then produce a CSV file that contains matching labels and policies that are compatible with records management in Microsoft 365. The CSV file must be used to configure records management in Microsoft 365.
Executive Requirements
You must be able to restore all email received by Fabrikam executives for up to three years after an email is received, even if the email was deleted permanently.

NEW QUESTION # 68
You have Microsoft 365 E5 tenant that has a domain name of M365x925027.onmicrosoft.com.
You have a published sensitivity label.
The Encryption settings for the sensitivity label are configured as shown in the exhibit.

For each of the following statements, select Yes if statement is true. Otherwise, select No
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide
https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights

NEW QUESTION # 69
You have a Microsoft 365 E5 subscription that contains the adaptive scopes shown in the following table.

You create the retention policies shown in the following table.

Which retention policies support a preservation lock?

A. RPolicy1 and RPolicy3 only
B. RPolicy3only
C. RPolicy2only
D. RPolicy1, RPolicy2, and RPolicy3
E. RPolicy1l and RPolicy2 only

Answer: A

NEW QUESTION # 70
You have a Microsoft 365 E5 tenant.
Data loss prevention (DLP) policies are applied to Exchange email, SharePoint sites, and OneDrive accounts locations.
You need to use PowerShell to retrieve a summary of the DLP rule matches from the last seven days.
Which PowerShell module and cmdlet should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/powershell/module/exchange/get-dlpdetectionsreport?view=exchange-ps

NEW QUESTION # 71
You have a Microsoft 365 E5 subscription.
You are implementing insider risk management
You need to create an insider risk management notice template and format the message body of the notice template.
How should you configure the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 72
How many files in Site2 will be visible to User1 and User2 after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Reference:
https://social.technet.microsoft.com/wiki/contents/articles/36527.implement-data-loss-prevention-dlp- HYPERLINK "https://social.technet.microsoft.com/wiki/contents/articles/36527.implement-data-loss- prevention-dlp-in-sharepoint-online.aspx"in-sharepoint HYPERLINK "https://social.technet.microsoft.com
/wiki/contents/articles/36527.implement-data-loss-prevention-dlp-in-sharepoint-online.aspx"-online.aspx

NEW QUESTION # 73
You have the retention label policy shown in the Policy exhibit. (Click the Policy tab.)

Users apply the retention label policy to files and set the asset ID as shown in the following table.

On December 1, 2020, you create the event shown in the Event exhibit. (Click the Event tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 74
You have the retention label policy shown in the Policy exhibit. (Click the Policy tab.)

Users apply the retention label policy to files and set the asset ID as shown in the following table.

On December 1, 2020, you create the event shown in the Event exhibit. (Click the Event tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 75
You create a sensitivity label as shown in the Sensitivity Label exhibit.

You create an auto-labeling policy as shown in the Auto Labeling Policy exhibit.

A user sends the following email:
From: [email protected]
To: [email protected]
Subject: Address List
Message Body:
Here are the lists that you requested.
Attachments:
<<File1.docx>>
<<File2.xml>>
Both attachments contain lists of IP addresses.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-wo

NEW QUESTION # 76
You need to meet the technical requirements for the Site1 documents.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
Graphical user interface, text, application Description automatically generated

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-wo

NEW QUESTION # 77
You are implementing a data classification solution.
The research department at your company requires that documents containing programming code be labeled
as Confidential. The department provides samples of the code from its document library. The solution must
minimize administrative effort.
What should you do?

A. Create a custom classifier.
B. Create a sensitive info type that uses Exact Data Match (EDM).
C. Create a sensitive info type that uses a regular expression.
D. Use the source code classifier.

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about?view=o365-worldwide

NEW QUESTION # 78
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Teams and contains the users shown in the following table.

You have the retention policies shown in the following table.

The users perform the actions shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.