SC-400試験無料問題集「Microsoft Information Protection Administrator 認定」

You have a Microsoft 365 E5 tenant that contains two users named User1 and User2 and a Microsoft SharePoint Online site named Site1 as shown in the following exhibit.

For Site1, the users are assigned the roles shown in the following table.

You publish a retention label named Retention1 to Site1.
To which files can the users apply Retention!? To answer, select the appropriate options in the answer area.
正解:
You have a Microsoft 365 tenant that uses 100 data loss prevention (DLP) policies.
A Microsoft Exchange administrator frequently investigates emails that were blocked due to DLP policy violations.
You need to recommend which DLP report the Exchange administrator can use to identify how many messages were blocked based on each DLP policy.
Which report should you recommend?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You need to identify resumes that are stored in the subscription by using a built-in trainable classifier.
Solution: You create an auto-labeling policy for a retention label.
Does this meet the goal?

You recently discovered that the developers at your company emailed Azure Storage Account keys in plain text to third parties.
You need to ensure that when Azure Storage Account keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has Exchange email, SharePoint sites, OneDrive accounts, and Teams chat and channel messages selected.
Does this meet the goal?

解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 subscription linked to a Microsoft Entra tenant that contains a user named User1.
You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege.
Which role should you assign to User1?

You have a Microsoft 365 tenant.
You discover that email does NOT use Microsoft Office 365 Message Encryption (OME).
You need to ensure that OME can be applied to email.
What should you do first?

解説: (GoShiken メンバーにのみ表示されます)
SIMULATION
Task 4
You need to block users from sending emails containing information that is subject to Payment Card Industry Data Security Standard (PCI OSS). The solution must affect only emails.
正解:
See the solution below in Explanation
Explanation:
To block users from sending emails containing information subject to the Payment Card Industry Data Security Standard (PCI DSS), you can create a Data Loss Prevention (DLP) policy in Microsoft Exchange Online. Here's how:
Create a Custom DLP Policy:
Log in to the Microsoft Exchange Online admin center.
Navigate to Data loss prevention > Policy.
Create a new custom policy specifically for PCI DSS compliance.
Define Conditions:
In the policy settings, define conditions that identify sensitive data related to PCI DSS. For example:
Keywords: Include terms like "credit card," "debit card," or specific card number formats.
Regular Expressions (Regex): Craft expressions to match credit card patterns (e.g., \b\d{4}-\d{4}-\d{4}-\d{4}\b for Visa/Mastercard).
Sensitive Information Types: Use built-in or custom sensitive information types related to payment cards.
Choose Actions:
Specify the actions to take when sensitive data is detected in emails:
Block: Prevent the email from being sent.
Notify Sender: Inform the sender that sensitive data is not allowed via email.
Add Disclaimer/Watermark: Optionally add a disclaimer or watermark to the email.
Apply the Policy to Emails Only:
Ensure that the policy is configured to apply only to emails (not other communication channels).
Exclude internal communication if necessary.
Test and Monitor:
Enable the policy in test mode initially to validate its effectiveness.
Monitor logs and adjust the policy as needed.
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You have a Privacy Risk Management policy named Policy1 based on the Data transfers template as shown in the Privacy Risk Management policy exhibit (Select the Privacy Risk Management policy tab and scroll to review the entire policy.) User1 sends the following email messages that contain credit card information
* Message1 Sent to User2.
* Message2: Sent to User 3.
* Message3: Sent to User4
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
You are configuring a retention label named Label1 as shown in the following exhibit.

You need to ensure that documents that have Label1 applied are deleted three years after the end of your company's fiscal year.
What should you do?

解説: (GoShiken メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).
You need to ensure that Endpoint DLP policies can protect content on the computers.
Solution: You deploy the Endpoint DLP configuration package to the computers.
Does this meet the goal?

解説: (GoShiken メンバーにのみ表示されます)
You have a data loss prevention (DLP) policy that has the advanced DLP rules shown in the following table.
You need to identify which rules will apply when content matches multiple advanced DLP rules.
Which rules should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
You plan to implement Microsoft Purview Advanced Message Encryption.
You need to ensure that encrypted email sent to external recipients expires after seven days.
What should you create first?

You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You plan to deploy a Defender for Cloud Apps file policy that will be triggered when the following conditions are met:
* A file is shared externally.
* A file is labeled as internal only.
Which filter should you use for each condition? To answer, drag the appropriate filters to the correct conditions. Each filter may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
You need to protect documents that contain credit card numbers from being opened by users outside your company. The solution must ensure that users at your company can open the documents.
What should you use?

You have a Microsoft 365 tenant that uses data loss prevention (DLP).
You have a custom employee information form named Template 1.docx.
You need to create a classification rule package based on the document fingerprint of Templatel.docx.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:

1 - Create a variable that contains the result of the Get-Content cmdlet.
2 - Create a variable that contains the result of the New-DlpFingerprint cmdlet.
3 - Run the New-DlpSensitiveInformationType cmdlet.
You have a Microsoft 365 sensitivity label that is published to all the users in your Azure AD tenant as shown in the following exhibit.
正解: