Microsoft SC-400 Exam Dumps & Practice Test Questions
Question No 1:
You are managing a trainable sensitive information classifier whose current accuracy does not meet expectations. To enhance its performance, you need to retrain the classifier within the Microsoft 365 compliance center.
Which tool should you use for this retraining process?
A. Labels from Information protection
B. Labels from Information governance
C. Content explorer from Data classification
D. Content search
Answer: A
Explanation:
Within the Microsoft 365 compliance center, retraining a sensitive information classifier involves refining how the system detects, labels, and handles sensitive data. The tool that supports retraining is "Labels from Information protection."
Labels from Information Protection are designed to classify and secure sensitive data by applying specific protection labels. When retraining a classifier, these labels help improve the system’s ability to recognize sensitive content accurately and apply the correct labels, enhancing both precision and relevance. This retraining fine-tunes the classifier's identification process to meet compliance requirements more effectively.
Other options serve different functions: Labels from Information Governance (Option B) handle retention and deletion policies, not classifier training. Content Explorer (Option C) is primarily for viewing classification results and reporting, without tools for retraining. Content Search (Option D) helps locate sensitive content but does not aid in training classifiers.
Therefore, Labels from Information Protection is the correct tool to use when retraining a sensitive information classifier in the Microsoft 365 compliance center.
Question No 2:
You receive an email with a list of words intended to be used as sensitive information keywords. You need to save this list in a file format suitable for generating a keyword dictionary. Which format should you choose?
A. A JSON file with an element for each word
B. An ACCDB database file containing a table named "Dictionary"
C. An XLSX file with one word in each cell of the first row
D. A text file with one word per line
Answer: D
Explanation:
When creating a keyword dictionary for sensitive information, the file format should prioritize simplicity, ease of processing, and compatibility with different tools and systems.
Option A, using JSON, is flexible but adds unnecessary complexity for just a list of words. JSON is better suited for structured, hierarchical data and requires additional parsing effort.
Option B involves storing the keywords in an Access database (.accdb), which is excessive for a straightforward list and introduces unneeded complexity unless advanced querying is necessary.
Option C, an Excel file (.xlsx) with words in individual cells, adds structural overhead that complicates programmatic access and management compared to plain text.
Option D, a plain text file with one word per line, is the simplest and most efficient approach. It is easy to read, parse, and compatible with most systems that consume keyword dictionaries. This format requires minimal processing and is ideal for straightforward keyword lists.
In summary, saving the list as a text file with each word on its own line (Option D) offers the best balance of simplicity, efficiency, and compatibility.
Question No 3:
Your Microsoft 365 tenant uses sensitivity labels to classify content. The labels configured include Confidential, Internal, and External, which are published through a label policy named Policy1. Users have reported that the Sensitivity button does not appear when using Microsoft Office for the web apps, though it does show up in locally installed Microsoft 365 Apps.
What should you do to allow users to apply sensitivity labels when working in Office for the web?
A. Modify the scope of the Confidential label.
B. Modify the publishing settings of Policy1.
C. Enable sensitivity label support for Office files in Microsoft SharePoint Online and OneDrive.
D. Run the Execute-AzureAdLabelSync cmdlet.
Answer:
C. Enable sensitivity label support for Office files in Microsoft SharePoint Online and OneDrive.
Explanation:
Sensitivity labels in Microsoft 365 help classify and protect content according to organizational rules. When users work in Office for the web apps (such as Word Online or Excel Online), the Sensitivity button may not be visible unless sensitivity label support is enabled specifically for SharePoint Online and OneDrive. This setting allows the web-based Office apps to recognize and apply sensitivity labels to documents stored in these services.
To fix the issue, administrators need to turn on sensitivity label support for Office files within SharePoint Online and OneDrive settings. This ensures a consistent user experience across both local and web versions of Office, allowing users to classify and protect their content regardless of the platform.
Other options do not address this issue: modifying the scope of a label affects where it is available, not the web app functionality; changing label publishing settings does not impact the display of the Sensitivity button; and running the Execute-AzureAdLabelSync cmdlet synchronizes label data but does not influence the button’s visibility in web apps.
Question No 4:
You manage a Microsoft 365 E5 tenant and want to add a new keyword dictionary to enhance content classification and protection. Which of the following should you create?
A. a trainable classifier
B. a sensitivity label
C. a sensitive info type
D. a retention policy
Answer: C. a sensitive info type
Explanation:
Sensitive information types in Microsoft 365 are designed to detect specific sensitive data within your organization by using keyword dictionaries, patterns, and regular expressions. These types enable classification and protection of content based on the presence of certain keywords or data formats, such as financial information, personally identifiable information, or custom-defined terms.
A trainable classifier uses machine learning to categorize content based on patterns but does not use keyword dictionaries, so it is not suitable for adding new keyword lists. Sensitivity labels apply protection like encryption and access control but do not manage keyword dictionaries themselves. Retention policies control the lifecycle of content by specifying when it should be kept or deleted but do not classify data based on keywords.
Therefore, creating a sensitive info type is the appropriate method to add a keyword dictionary for content classification in Microsoft 365.
Question No 5:
You want to implement Microsoft Office 365 Advanced Message Encryption (AME) to improve the security of your organization’s email communications. One of your main requirements is that any encrypted email sent to external recipients should expire after seven days.
What should you do first to enable this feature?
A. Create a custom branding template
B. Set up a remote domain in Microsoft Exchange
C. Configure a mail flow rule
D. Generate an X.509 version 3 certificate
E. Create a connector in Microsoft Exchange
Answer: C. Configure a mail flow rule
Explanation:
To enable expiration on encrypted emails in Office 365 Advanced Message Encryption, the initial step is to set up a mail flow rule (also called a transport rule) in Exchange Online. This rule controls how emails are processed and allows you to apply encryption and specify an expiration time. By creating a mail flow rule, you can automatically encrypt messages sent to external recipients and set these encrypted emails to expire after seven days.
This method ties directly into Office 365 Message Encryption features and offers a centralized way to enforce encryption and expiration policies.
The other options do not address this requirement:
A custom branding template only personalizes the user experience but does not handle encryption or expiration.
A remote domain manages email routing, not encryption policies.
Generating an X.509 certificate relates to secure communications but is not required for message expiration.
Connectors define mail flow between systems but do not control encryption or expiration settings.
Therefore, configuring a mail flow rule is the correct first action to ensure encrypted emails expire as needed.
Question No 6:
You need to receive alerts whenever users share sensitive documents stored in Microsoft OneDrive with anyone outside your organization. What should you do to achieve this?
A. Start a data investigation from the Microsoft Purview compliance portal
B. Create a file policy from the Microsoft Defender for Cloud Apps portal
C. Configure an Identity Protection policy from the Azure Active Directory admin center
D. Create a data loss prevention (DLP) policy from the Exchange admin center
Answer: B. Create a file policy from the Microsoft Defender for Cloud Apps portal
Explanation:
To monitor and receive timely alerts when sensitive documents in OneDrive are shared externally, using Microsoft Defender for Cloud Apps is the most effective approach. Defender for Cloud Apps offers deep visibility into cloud service activities and provides robust policy creation capabilities, including file policies tailored to detect specific behaviors such as external sharing of sensitive information.
By creating a file policy within Defender for Cloud Apps, you can configure the system to identify when files labeled as sensitive or containing specific data types are shared with users outside your organization. This policy can trigger immediate alerts, enabling your security or compliance teams to take swift action. Furthermore, Defender for Cloud Apps supports automatic remediation actions like revoking sharing permissions or quarantining files, enhancing your organization's ability to prevent data leaks.
The other options do not offer this level of real-time monitoring and alerting for OneDrive file sharing:
The Microsoft Purview compliance portal primarily focuses on broader compliance management and data governance tasks. While it offers investigation tools and reporting, it lacks the granular, real-time alerting and automated control features necessary to effectively monitor external file sharing.
Identity Protection in the Azure Active Directory admin center concentrates on securing user identities and detecting suspicious sign-in attempts or compromised credentials. It does not track or alert on file sharing activities.
Data loss prevention (DLP) policies configured in the Exchange admin center are mainly designed to protect email data and do not provide the necessary monitoring or alerting capabilities specific to OneDrive or other cloud storage platforms.
In summary, Microsoft Defender for Cloud Apps is designed to secure cloud applications and detect risky behaviors, making it the ideal tool for creating file policies that alert you when sensitive documents are shared outside your organization via OneDrive. This approach improves your security posture by combining visibility, automated response, and continuous monitoring within a single, integrated platform.
Question No 7:
You are responsible for managing a Microsoft 365 E5 tenant and need to build a custom trainable classifier to detect product order forms within your organization’s data. To maintain security and comply with best practices, you must follow the principle of least privilege by granting only the essential permissions required for this classifier to function properly.
What should be your initial step to ensure the classifier is both secure and effective? Select the most appropriate options.
A. Assign the Compliance Data Administrator role to the classifier to provide the minimum required permissions for managing and creating trainable classifiers.
B. Grant the Global Administrator role to the classifier to guarantee unrestricted access to all resources and settings.
C. Assign the Data Scientist role or a similar permission set to allow the classifier to access and train on relevant data without exposing sensitive information.
D. Implement Content Search and Data Loss Prevention (DLP) policies to safeguard the sensitive data the classifier will process.
Answer: A
Explanation:
Creating a custom trainable classifier in a Microsoft 365 E5 tenant to identify product order forms requires a carefully planned approach, especially regarding security. Following the principle of least privilege is essential to minimize the risk of exposing sensitive information or granting unnecessary access.
The first and most critical step is to assign the correct permissions to the classifier, which involves selecting a role that offers sufficient but limited privileges. The Compliance Data Administrator role is specifically designed for managing compliance-related features like trainable classifiers. It grants the necessary rights to create, configure, and maintain classifiers without opening broad access to other tenant resources. This targeted permission helps ensure security while enabling effective classifier management.
Assigning a Global Administrator role (Option B) is discouraged because it grants unrestricted access across the tenant, violating least privilege principles and increasing security risks.
Next, assigning the Data Scientist role or an equivalent permission set (Option C) is important for enabling the classifier to access the data it needs for training. This role provides access to classification and labeling features required for training without exposing unnecessary information, thus maintaining data privacy.
Finally, applying Content Search and DLP policies (Option D) is essential for protecting sensitive information during classification and processing. These policies monitor and restrict data handling, preventing accidental data leaks or misuse.
In summary, begin by assigning the Compliance Data Administrator role to ensure the classifier has just enough permission to operate. Then, grant appropriate data access roles like Data Scientist, and implement security controls such as DLP and Content Search policies. This comprehensive approach upholds security, follows best practices, and enables the classifier to function effectively within your Microsoft 365 E5 environment.
Question No 8:
What is the main objective of implementing Microsoft Information Protection (MIP) labels in an organization?
A To monitor employee productivity and track work hours
B To classify and safeguard sensitive data across the enterprise
C To manage user access to applications based on location
D To audit login attempts and detect unauthorized access
Answer: B
Explanation:
Microsoft Information Protection (MIP) labels are primarily designed to help organizations identify, classify, and protect sensitive data no matter where it resides—whether in emails, documents, or other data repositories. By applying these labels, organizations can enforce policies such as encryption, access restrictions, and visual markings like watermarks. This classification helps ensure compliance with regulatory standards, mitigates risks of data leaks, and enhances data governance.
Option A incorrectly associates MIP labels with employee monitoring, which is not their function.
Option B correctly identifies the core purpose of MIP labels as tools for classification and protection of sensitive information.
Option C is about access management based on conditions such as geographic location, which falls under Conditional Access policies, not MIP labels.
Option D focuses on security auditing and detection, which are functions related to logging and monitoring tools, not the labeling mechanism.
Implementing MIP labels allows an organization to enforce consistent security policies automatically, reducing human error and ensuring that confidential information is handled appropriately. This also supports data loss prevention strategies by tagging files and emails, making it easier to track and control how sensitive data is accessed and shared.
Question No 9:
Which service in Microsoft 365 Security and Compliance suite is primarily responsible for managing user access policies based on device compliance and risk level?
A Azure Active Directory Conditional Access
B Microsoft Defender for Endpoint
C Microsoft Information Protection
D Azure Sentinel
Answer: A
Explanation:
Azure Active Directory Conditional Access is the service responsible for defining and enforcing access policies that consider factors like device compliance status, user risk, location, and sign-in behavior. It acts as a gatekeeper to resources, allowing or blocking access based on these contextual signals to strengthen security.
Option A is correct since Conditional Access is central to adaptive access control in Microsoft 365.
Option B, Microsoft Defender for Endpoint, focuses on endpoint threat detection and response, not direct access policy enforcement.
Option C, Microsoft Information Protection, primarily deals with data classification and protection rather than access control policies.
Option D, Azure Sentinel, is a Security Information and Event Management (SIEM) tool, which collects and analyzes security data but does not enforce access policies.
By using Conditional Access, organizations can create granular policies that dynamically respond to the security posture of devices and users. For example, access to sensitive data can be blocked if a device is non-compliant or if a user is logging in from an unfamiliar location. This improves overall security while maintaining user productivity.
Question No 10:
Which Microsoft tool offers automated investigation and remediation of security incidents across Microsoft 365 environments?
A. Microsoft Defender for Identity
B. Microsoft Sentinel
C. Microsoft Defender for Office 365
D. Microsoft Defender for Cloud Apps
Answer: D
Explanation:
Microsoft Defender for Cloud Apps is a comprehensive solution that provides automated investigation and remediation features designed to help security teams swiftly identify and respond to threats across cloud applications within Microsoft 365 environments. It leverages integration with Microsoft Cloud App Security and advanced machine learning models to detect suspicious behaviors, risky activities, and policy violations. Once these threats are identified, Defender for Cloud Apps can automatically take remediation actions such as terminating sessions, blocking users, or restricting access, thereby reducing the window of exposure and mitigating potential damage.
Unlike other tools in the Microsoft security portfolio, Defender for Cloud Apps specializes in cloud app security by monitoring user activity and cloud service configurations continuously. This includes SaaS, PaaS, and IaaS services, allowing security operations teams to maintain visibility and control across hybrid and multicloud environments. The automation capabilities reduce manual investigation efforts, enabling faster incident response and improved operational efficiency.
Option A, Microsoft Defender for Identity, primarily focuses on detecting identity-based threats within on-premises Active Directory environments. It uses behavioral analytics to identify compromised identities, lateral movement, and insider threats but does not provide broad automated remediation for cloud application incidents.
Option B, Microsoft Sentinel, serves as a cloud-native Security Information and Event Management (SIEM) platform. It aggregates logs and telemetry data from various sources, applying analytics and correlation rules to detect threats. However, while Sentinel can orchestrate response playbooks, it does not inherently automate incident investigation and remediation without additional configurations and integrations.
Option C, Microsoft Defender for Office 365, protects email and collaboration tools against phishing, malware, and other targeted attacks. It includes automated investigation for email threats but its scope is limited to Office 365 workloads and does not extend to overall cloud app security or enforcement actions across other Microsoft 365 services.
By contrast, Microsoft Defender for Cloud Apps provides a holistic approach to securing cloud environments. Its automated investigation engine can analyze alerts, assess risk levels, and execute policy-driven remediation without requiring manual intervention. This ability is especially critical in today’s complex environments where organizations operate a mix of on-premises and cloud services. Automated responses help contain threats quickly, minimizing data breaches and operational disruption.
Additionally, Defender for Cloud Apps supports integration with other Microsoft security tools, enhancing overall threat detection and response capabilities. Its robust reporting and alerting features empower security teams with actionable insights, enabling proactive threat hunting and compliance enforcement.
In conclusion, Microsoft Defender for Cloud Apps stands out as the key tool for automated investigation and remediation across Microsoft 365 cloud services, combining intelligent threat detection with swift automated response to protect modern hybrid infrastructures.
