Online Access Free SC-400 Exam Questions

No.# To meet compliance requirements for Dropbox, which is a third-party cloud storage service, you would use Microsoft Cloud App Security (MCAS) to monitor and apply data loss prevention (DLP) policies. By creating a DLP policy that applies to Cloud App Security, you can monitor, control, and protect data across cloud applications like Dropbox, ensuring compliance with organizational data security standards.

No.# Simple keyword matching is generally not considered an "advanced" feature in DLP. While keywords can be part of a DLP strategy, they are often too broad or prone to false positives when used alone.
In Microsoft 365 Data Loss Prevention (DLP) policies, you can create advanced DLP rules that are based on sensitive info types. These are predefined patterns such as credit card numbers, Social Security numbers, or other sensitive information types that the system can recognize and use to trigger DLP policies.

Sensitive info type is the most common condition used in DLP rules, allowing you to automatically identify and protect sensitive data based on its content.

No.# Solution: You deploy the Endpoint DLP configuration package to the computers.
we need to assume that the Windows Defender for an endpoint is not present on the endpoint as the question doesn't mention it, meaning, we need to run the "Endpoint DLP configuration package" to begin receiving data from endpoints.
https://docs.microsoft.com/en-us/microsoft-365/compliance/device-onboarding-script?view=o365-worldwide

No.# In my test Tenant (Microsoft CDX Tenant) is a pre-configured DLP Policy named "Default Policy for devices". When I edit this policy an go on to the "Advanced DLP Rules" and also edit the rule in this sector then I'm able to configure "an action" which is called "File activities for all apps" -> "Aply restrictions to specific activity" -> "Copy to Clipboard". There you can "block" this kind of action.

No.# Answer is correct. It can't be "D" because the data share is located on-premise and needs to have unified labeling client installed which is from Azure Information protection.

If the document is online then auto-labeling can be applied using M365 compliance center.

No.# The file plan template is a comma separated value (CSV) file. You download it from the file plan page of the records management solution.

No.# Old question. This was recently changed (April 2023) and now the EDMUploadAgent can be used 5 times per day.


You can upload data with the EDMUploadAgent to any given data store up to five times per day.

No.# the Compliance Administrator, can access the Disposition tab in the Microsoft 365 compliance center to review the content. The Disposition Management role is included in the Records Management default role group, which is assigned to Compliance Administrators by default. Global Administrators, Security Administrators, and Search Administrators do not have the Disposition Management role by default.

No.# Regulatory records is the most restrictive record and then comes "record".

User1 wont be able to delete File2 since its marked as regulatory record - N
User2 can rename File1 since its allowed if its marked as a record - Y
User1 will be able to add retention 2 to File1 since File1 is only marked as a record - Y

No.# The correct is ([a-zA-Z]{3}\d{3}). Use this site to test: http://regex101.com/

No.# sender-is external/internal - modify message security

No.# Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add the application to the unallowed apps list.

No.# No, since the confidential label is a Parent label and cant be used.
No, since User2 are not a member of Group2 which has all the labels available (General is not available in either Confidential or Top Secret)
Yes, but only to labels available in Group2 and Group3 (All the labels)

No.# For SharePoint and OneDrive sites: The copy is retained in the Preservation Hold library.

For Exchange mailboxes: The copy is retained in the Recoverable Items folder.

No.# Solution: You use the Data Classification service inspection method and send alerts to Microsoft Power Automate.
You can't send messaged to the Teams channel with regular alerting method. You'd need to check the Power Automate box in the file policy

No.# A: EdmUploadAgent.exe to hash
B: Create SIT using the EDM classification
C: You can create the exact data match (EDM) sensitive information type (SIT) by using the the EDM schema and SIT wizard in the Compliance center or create the rule package XML file manually. You can also combine both by using one method to create the schema and later edit it using the other method.
Whether you will be creating an EDM sensitive information type using the wizard or the rule package XML file via PowerShell, you must have Global admin or Compliance admin permissions to create, test, and deploy a custom sensitive information type through the UI.
reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sit-get-started-exact-data-match-create-rule-package?view=o365-worldwide

No.# Correct - B. Each time a user unlocks a record, the latest version is copied to the Preservation Hold library, and that version contains the value of Record in the Comments field of the version history.

No.# to be able to trigger a retention period on a specific event such as end of a project we need to create a retention label poilicy and a retention label that uses an event as trigger

No.# This is only true if "Devices" and "On-premises repositories" are not selected as part of "Location". If they are, then only "Content Contains" is available.

No.# as these are your locations:

Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive accounts
Office applications such as Word, Excel, and PowerPoint
Windows 10, Windows 11, and macOS (three latest released versions) endpoints
non-Microsoft cloud apps
on-premises file shares and on-premises SharePoint
Power BI