Microsoft SC-400 Microsoft Information Protection Administrator Online Trainingexams
Microsoft SC-400 Online Training
The questions for SC-400 were last updated at Dec 08,2023.
- Exam Code: SC-400
- Exam Name: Microsoft Information Protection Administrator
- Certification Provider: Microsoft
- Latest update: Dec 08,2023
Topic 1, Fabrikam, Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each there may be additional case studies and sections on this exam. You must manage you’re your time to ensure that you are able to complete all included on this exam in the time provided.
To answer the questions included in a case study, you will need In reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described In the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab. note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Fabrikam has a Microsoft 365 tenant that contains the following resources:
• An Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain named corp.fabrikam.com
• Microsoft Cloud App Security connectors configured for all supported cloud applications used by the company
Some users have company Dropbox accounts.
Fabrikam has the following in the Microsoft 365 compliance center:
* A data loss prevention (DLP) policy is configured. The policy displays a tooltip to users. Users can provide a business justification to override a DLP policy violation.
* The Azure information Protection unified labeling scanner is installed and configured. * A sensitivity label named Fabrikam Confidential is configured.
An existing third-party records management system is managed by the compliance department.
Human Resources (HR) Management System
The HR department has an Azure SQL. database that contains employee information.
Each employee has a unique 12-character alphanumeric ID. The database contains confidential employed attributes including payroll information, date of birth, and personal contact details.
You have an on premises file server that runs Windows Server 2019 and stores Microsoft Office documents in a shared folder named Data.
All end-user computers are joined to the corp.fabrinkam.com domain and run a third-party antimalware application.
Users in the sales department receive draft sales contracts from customers by email. The sales contracts are written by the customers and are not in a standard format.
Employment applications and resumes are received by HR department managers and stored in either mailboxes, Microsoft SharePoint Online sites, OneDrive for Business folders, or Microsoft Teams channels.
The employment application form is downloaded from SharePoint Online and a serial number is assigned to each application. the resumes are written by the applications and in any format.
You need to create a DLP policy that will notify the HR department of a DLP policy violation if a document that contains confidential employee attributes is shared externally. The DLP policy must use an Exact Data Match (EDM) classification derived from a CSV export of the HR department database.
The HR department identifies the following requirements for handling employment applications:
* Resumes must be identified automatically based on similarities to other resumes received in the past
* Employment applications and resumes must be deleted automatically two years after the applications are received.
* Documents and emails that contain an application serial number must be identified automatically and marked as an employment application.
A sensitivity label named Sales Contract must be applied automatically to all draft and finalized sales contracts.
Fabrikam identifies the following compliance requirements:
• All DLP policies must be applied to computers that run Windows 10, with the least possible changes to the computers.
• Users in the compliance department must view the justification provided when a user receives a tooltip notification for a DLP violation.
• If a document that has the Fabrikam Confidential sensitivity label applied is uploaded to Dropbox. the file must be deleted automatically. – The Fabrikam Confidential sensitivity label must be applied to existing Microsoft Word documents in the Data shared folder that have a document footer containing the following string: Company use only.
• Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME.
• Existing policies configured in the third-party records management system must be replaced by using Records management in the Microsoft 365 compliance center. The compliance department plans to export the existing policies, and then produce a CSV file that contains matching labels and policies that are compatible with records management in Microsoft 365. The CSV file must be used to configure records management in Microsoft 365.
You must be able to restore all email received by Fabrikam executives for up to three years after an email is received, even if the email was deleted permanently.
You need to implement a solution to encrypt email. The solution must meet the compliance requirements.
What should you create in the Exchange admin center and the Microsoft 36.S compliance center? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME.
You need to recommend a solution to configuration the Microsoft 365 Records management settings by using the CSV file must meet the compliance requirements.
What should you recommend?
- A . From the Microsoft 365 compliance center, import the CSV file to a file plan.
- B . Use EdmUploadAgent.exe to upload a hash of the CSV to a datastore.
- C . Use a PowerShell command that pipes the import csv cmdlet to the New-RetentionPolicy cmdlet.
- D . Use a PowerShell command that pipes the import-csv cmdlet to the New-Label cmdlet.
You need to implement a solution that meets the compliance requirements for the Windows 10 computers.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each coned selection is worth one point.
- A . Deploy a Microsoft 36S Endpoint data loss prevention (Endpoint DLP) configuration package to the computers.
- B . Configure hybrid Azure AD join for all the computers.
- C . Configure the Microsoft Intune device enrollment settings.
- D . Configure a compliance policy in Microsoft Intune.
- E . Enroll the computers in Microsoft Defender for Endpoint protection.
You need to recommend a solution that meets the executive requirements.
What should you recommend?
- A . From the Microsoft 365 compliance center, create a retention policy.
- B . From the Exchange admin center, enable archive mailboxes.
- C . From the Microsoft 365 compliance center, create a retention label.
- D . From the Microsoft 365 compliance center, create a DLP policy.
You need to recommend a solution that meets the sales requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to recommend a solution that meets the compliance requirements for protecting the documents in the Data shared folder.
What should you recommend?
- A . From the Microsoft 365 compliance center, configure a DLP policy.
- B . From the Microsoft 365 compliance center, configure a Content Search query.
- C . From the Microsoft 365 compliance center, configure an auto-labeling policy.
- D . From Azure Information Protection, configure a content scan job.
You need to recommend a solution that meets the Data Loss Prevention requirements for the HR department.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. (Choose three.)
- A . Schedule EdmUploadAgent.exe to hash and upload a data file that contains employee information.
- B . Create a sensitive info type rule package that contains the EDM classification.
- C . Define the sensitive information database schema in the XML format.
- D . Create a sensitive info type rule package that contains regular expressions.
- E . Define the sensitive information database schema in the CSV format.
You need to recommend a solution that meets the compliance requirements for viewing DLP tooltip justifications.
What should you recommend?
- A . Instruct the compliance department users to review the False positive and override report.
- B . Configure a Microsoft Power Automate workflow to route DLP notification emails to the compliance
- C . Instruct the compliance department users to review the DLP incidents report.
- D . Configure an Azure logic app to route DLP notification emails to the compliance department.
You need to recommend a solution that meets the compliance requirements for Dropbox.
What should you recommend?
- A . Create a DLP policy that applies to Cloud App Security.
- B . Edit an existing retention label that enforces the item deletion settings.
- C . Create a retention label that enforces the item deletion settings.
- D . Create a DLP policy that applies to devices.
You need to recommend an information governance solution that meets the HR requirements for handling employment applications and resumes.
What is the minimum number of information governance solution components that you should create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.