• Home
  • Articles
  • UPDATED [2025] Pass Microsoft SC-400 Exam in First Attempt Guaranteed [Q28-Q52]

UPDATED [2025] Pass Microsoft SC-400 Exam in First Attempt Guaranteed [Q28-Q52]

Share

UPDATED [2025] Pass Microsoft SC-400 Exam in First Attempt Guaranteed

Pass SC-400 Exam Latest Practice Questions

NEW QUESTION # 28
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You configure a mail flow rule that matches the text patterns.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/conditions-and-exceptions?vi


NEW QUESTION # 29
You are creating a custom trainable classifier to identify organizational product codes referenced in Microsoft
365 content.
You identify 300 files to use as seed content.
Where should you store the seed content?

  • A. a Microsoft OneDrive for Business folder
  • B. Microsoft Exchange Online shared mailbox
  • C. an Azure file share
  • D. a Microsoft SharePoint Online folder

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide


NEW QUESTION # 30
You need to implement a solution to encrypt email. The solution must meet the compliance requirements.
What should you create in the Exchange admin center and the Microsoft 36.S compliance center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-sensitive-info-types?view=o365-worldwide


NEW QUESTION # 31
You have a Microsoft SharePoint Online site named Site1 and a sensitivity label named Sensitivity1. Sensitivity1 adds a watermark and a header to content.
You create a policy to automatically apply Sensitivity1 to emails in Microsoft Exchange Online and Site1.
How will Sensitivity1 mark matching emails and Site1 documents? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide


NEW QUESTION # 32
You need to ensure that documents in a Microsoft SharePoint Online site that contain a reference to Project Alpha are retained for two years, and then deleted.
Which two objects should you create? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct selection is worth one point.

  • A. a sensitivity label
  • B. an auto-apply label policy
  • C. a sensitive info type
  • D. a publishing label policy
  • E. a retention label
  • F. a retention policy

Answer: B,E

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-retention-labels-automatically?view=o365Wo


NEW QUESTION # 33
You create a sensitivity label as shown in the Sensitivity Label exhibit.
You create an auto-labeling policy as shown in the Auto Labeling Policy exhibit.
A user sends the following email:
From: [email protected]
To: [email protected]
Subject: Address List
Message Body:
Here are the lists that you requested.
Attachments:
<<File1.docx>>
<<File2.xml>>
Both attachments contain lists of IP addresses.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide


NEW QUESTION # 34
While creating a retention label, you discover that the Mark items as a regulatory record option is unavailable.
You need to ensure that the option is available when you create retention labels in the Microsoft Purview compliance portal.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 35
You have a Microsoft 365 E5 subscription that contains the adaptive scopes shown in the following table.

You create the retention policies shown in the following table.

Which retention policies support a preservation lock?

  • A. RPolicy3only
  • B. RPolicy1l and RPolicy2 only
  • C. RPolicy1 and RPolicy3 only
  • D. RPolicy2only
  • E. RPolicy1, RPolicy2, and RPolicy3

Answer: C


NEW QUESTION # 36
You need to create a retention policy to delete content after seven years from the following locations:
Exchange email
SharePoint sites
OneDrive accounts
Office 365 groups
Teams channel messages
Teams chats
What is the minimum number of retention policies that you should create?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide


NEW QUESTION # 37
You plan to create a custom trainable classifier based on an organizational form template.
You need to identity which role based access control (RBAC ) role is required to create the trainable classifier and where to classifier. The solution must use the principle of least privilege.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Text Description automatically generated

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide#p


NEW QUESTION # 38
You have a Microsoft 365 subscription.
You create a retention label named Label! as shown in the following exhibit.

You publish Label1 to SharePoint sites.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 39
You have the retention label policy shown in the Policy exhibit. (Click the Policy tab.)

Users apply the retention label policy to files and set the asset ID as shown in the following table.

On December 1, 2020, you create the event shown in the Event exhibit. (Click the Event tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 40
SIMULATION
Task 4
You need to block users from sending emails containing information that is subject to Payment Card Industry Data Security Standard (PCI OSS). The solution must affect only emails.

Answer:

Explanation:
See the solution below in Explanation
Explanation:
To block users from sending emails containing information subject to the Payment Card Industry Data Security Standard (PCI DSS), you can create a Data Loss Prevention (DLP) policy in Microsoft Exchange Online. Here's how:
Create a Custom DLP Policy:
Log in to the Microsoft Exchange Online admin center.
Navigate to Data loss prevention > Policy.
Create a new custom policy specifically for PCI DSS compliance.
Define Conditions:
In the policy settings, define conditions that identify sensitive data related to PCI DSS. For example:
Keywords: Include terms like "credit card," "debit card," or specific card number formats.
Regular Expressions (Regex): Craft expressions to match credit card patterns (e.g., \b\d{4}-\d{4}-\d{4}-\d{4}\b for Visa/Mastercard).
Sensitive Information Types: Use built-in or custom sensitive information types related to payment cards.
Choose Actions:
Specify the actions to take when sensitive data is detected in emails:
Block: Prevent the email from being sent.
Notify Sender: Inform the sender that sensitive data is not allowed via email.
Add Disclaimer/Watermark: Optionally add a disclaimer or watermark to the email.
Apply the Policy to Emails Only:
Ensure that the policy is configured to apply only to emails (not other communication channels).
Exclude internal communication if necessary.
Test and Monitor:
Enable the policy in test mode initially to validate its effectiveness.
Monitor logs and adjust the policy as needed.


NEW QUESTION # 41
You have a Microsoft 365 tenant that is opt-in for trainable classifiers.
You need to ensure that a user named User1 can create custom trainable classifiers. The solution must use the principle of least privilege.
Which role should you assign to User1?

  • A. Security Administrator
  • B. Security Operator
  • C. Compliance Administrator
  • D. Global Administrator

Answer: A


NEW QUESTION # 42
While creating a retention label, you discover that the following options are missing:
* Mark items as a record
* Mark items are a regular record
You need to ensure that the options are available when you create label in the Microsoft 365 compliance center.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 43
You are implementing Microsoft Office 365 Message Encryption (OME) for a Microsoft 365 tenant named contoso.com.
You need to meet the following requirements:
* All email to a domain named fabhkam.com must be encrypted automatically.
* Encrypted emails must expire seven days after they are sent-
What should you configure for each requirement? To answer, select the appropriate options NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 44
You have a Microsoft 365 subscription that contains a Microsoft SharePoint site named Site1. For Site1, users are assigned the roles shown in the following table.

You publish retention labels to Site1 as shown in the following table.

You publish retention labels to Site1 as shown in the following table.
You have the files shown in the following table.

For each of the following statement, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 45
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Build-in DLP inspection method and send alerts to Microsoft Power Automate.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/cloud-app-security/dcs-inspection
https://docs.microsoft.com/en-us/cloud-app-security/data-protection-policies Implement Data Loss Prevention Testlet 2 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Fabrikam, Inc. is a consulting company that has a main office in Montreal and six branch offices in New York, Seattle, Miami, Houston, Los Angeles, and Vancouver.
Existing Environment
Cloud Environment
Fabrikam has a Microsoft 365 tenant that contains the following resources:
* An Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain named corp.fabrikam.com
* Microsoft Cloud App Security connectors configured for all supported cloud applications used by the company Some users have company Dropbox accounts.
Compliance Configuration
Fabrikam has the following in the Microsoft 365 compliance center:
* A data loss prevention (DLP) policy is configured. The policy displays a tooltip to users. Users can provide a business justification to override a DLP policy violation.
* The Azure Information Protection unified labeling scanner is installed and configured.
* A sensitivity label named Fabrikam Confidential is configured.
An existing third-party records management system is managed by the compliance department.
Human Resources (HR) Management System
The HR department has an Azure SQL database that contains employee information. Each employee has a unique 12-character alphanumeric ID. The database contains confidential employee attributes including payroll information, date of birth, and personal contact details.
On-Premises Environment
You have an on-premises file server that runs Windows Server 2019 and stores Microsoft Office documents in a shared folder named Data.
All end-user computers are joined to the corp.fabrikam.com domain and run a third-party antimalware application.
Business Processes
Sales Contracts
Users in the sales department receive draft sales contracts from customers by email. The sales contracts are written by the customers and are not in a standard format.
Employment Applications
Employment applications and resumes are received by HR department managers and stored in either mailboxes, Microsoft SharePoint Online sites, OneDrive for Business folders, or Microsoft Teams channels.
The employment application form is downloaded from SharePoint Online and a serial number is assigned to each application.
The resumes are written by the applicants and are in any format.
Requirements
HR Requirements
You need to create a DLP policy that will notify the HR department of a DLP policy violation if a document that contains confidential employee attributes is shared externally. The DLP policy must use an Exact Data Match (EDM) classification derived from a CSV export of the HR department database.
The HR department identifies the following requirements for handling employment applications:
* Resumes must be identified automatically based on similarities to other resumes received in the past.
* Employment applications and resumes must be deleted automatically two years after the applications are received.
* Documents and emails that contain an application serial number must be identified automatically and marked as an employment application.
Sales Requirements
A sensitivity label named Sales Contract must be applied automatically to all draft and finalized sales contracts.
Compliance Requirements
Fabrikam identifies the following compliance requirements:
* All DLP policies must be applied to computers that run Windows 10, with the least possible changes to the computers.
* Users in the compliance department must view the justification provided when a user receives a tooltip notification for a DLP violation.
* If a document that has the Fabrikam Confidential sensitivity label applied is uploaded to Dropbox, the file must be deleted automatically.
* The Fabrikam Confidential sensitivity label must be applied to existing Microsoft Word documents in the Data shared folder that have a document footer containing the following string: Company use only.
* Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME.
* Existing policies configured in the third-party records management system must be replaced by using Records management in the Microsoft 365 compliance center. The compliance department plans to export the existing policies, and then produce a CSV file that contains matching labels and policies that are compatible with records management in Microsoft 365. The CSV file must be used to configure records management in Microsoft 365.
Executive Requirements
You must be able to restore all email received by Fabrikam executives for up to three years after an email is received, even if the email was deleted permanently.


NEW QUESTION # 46
You have a Microsoft 365 tenant that uses trainable classifiers.
You are creating a custom trainable classifier.
You collect 300 sample file types from various geographical locations to use as seed content. Some of the file samples are encrypted.
You organize the files into categories as shown in the following table.

Which file categories can be used as seed content?

  • A. Category2. Category3. and Category5 only
  • B. Category4 and Category6 only
  • C. Category4 and Category5 only
  • D. Category1 and Category3 only

Answer: A


NEW QUESTION # 47
You plan to implement a sensitive information type based on a trainable classifier. The sensitive information type will identify employment contracts.
You need to copy the required files to Microsoft SharePoint Online folders to train the classifier.
What should you use to seed content and test the classifier? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Table Description automatically generated

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide


NEW QUESTION # 48
You are implementing Microsoft Office 365 Message Encryption (OME) for a Microsoft 365 tenant named contoso.com.
You need to meet the following requirements:
* All email to a domain named fabhkam.com must be encrypted automatically.
* Encrypted emails must expire seven days after they are sent-
What should you configure for each requirement? To answer, select the appropriate options NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/email-encryption?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-advanced-expiration?view=o365-worldwide


NEW QUESTION # 49
You have a Microsoft 365 tenant named contoso.com that contains two users named User1 and User2. The tenant uses Microsoft Office 365 Message Encryption (OME).
User1 plans to send emails that contain attachments as shown in the following table.

User2 plans to send emails that contain attachments as shown in the following table.

For which emails will the attachments be protected? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://support.microsoft.com/en-gb/office/introduction-to-irm-for-email-messages-bb643d33-4a3f-4ac7-9770-fd
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome?view=o365-worldwide
https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-on


NEW QUESTION # 50
You need to implement an information compliance policy to meet the following requirements:
Documents that contain passport numbers from the United States, Germany, Australia, and Japan must be identified automatically.
When a user attempts to send an email or an attachment that contains a passport number, the user must receive a tooltip in Microsoft Outlook.
Users must be blocked from using Microsoft SharePoint Online or OneDrive for Business to share a document that contains a passport number.
What is the minimum number of sensitivity labels and auto-labeling policies you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide


NEW QUESTION # 51
You are implementing Microsoft Office 365 Message Encryption (OME) for a Microsoft 365 tenant named contoso.com.
You need to meet the following requirements:
* All email to a domain named fabhkam.com must be encrypted automatically.
* Encrypted emails must expire seven days after they are sent-
What should you configure for each requirement? To answer, select the appropriate options NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/email-encryption?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-advanced-expiration?view=o365-worldwide


NEW QUESTION # 52
......


Microsoft SC-400 exam is intended for professionals who are responsible for managing and securing sensitive information within an organization. This includes Information Protection Managers, Compliance Managers, Security Administrators, IT Managers, and Data Protection Officers. SC-400 exam measures the candidate's knowledge and expertise in implementing Information Protection solutions, configuring data loss prevention policies, creating and managing labels, and monitoring compliance. Passing the Microsoft SC-400 exam not only validates the candidate's skills but also demonstrates their commitment to protecting sensitive information and maintaining compliance within their organization.


Microsoft SC-400 exam is intended for professionals who specialize in information protection and have experience working with Microsoft 365 and Microsoft Azure. SC-400 exam consists of various topics that cover different aspects of information protection, such as data classification, data loss prevention, data governance, and data retention. Candidates must demonstrate proficiency in these areas to pass the exam.


Microsoft SC-400 Certification Exam is an excellent opportunity for professionals who want to advance their careers in data protection and governance. Microsoft Information Protection Administrator certification demonstrates the candidate's expertise in implementing and managing Microsoft Information Protection solutions, which are essential in today's data-driven world. Microsoft Information Protection Administrator certification is recognized globally and is highly valued by employers. Earning this certification can open up new career opportunities and increase the earning potential for professionals in the IT and security industry.

 

Microsoft SC-400 Study Guide Archives : https://exams4sure.actualcollection.com/SC-400-exam-questions.html

Related Articles

more
Microsoft SC-400 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy