Free Practice Test

Free SC-400 Practice Exam – 2025 Updated

Study Smarter for the SC-400 Exam with Our Free and Reliable SC-400 Exam Questions – Updated for 2025.

At Cert Empire, we are committed to delivering the most accurate and up-to-date exam questions for students preparing for the Microsoft SC-400 Exam. To make studying easier, we’ve made parts of our SC-400 exam resources free for everyone. You can practice as much as you want with Free SC-400 Practice Test.

Get SC-400 Exam Dumps

Microsoft SC-400 Free Exam Questions

Disclaimer

Please keep a note that the demo questions are not frequently updated. You may as well find them in open communities around the web. However, this demo is only to depict what sort of questions you may find in our original files.

Nonetheless, the premium exam dumps files are frequently updated and are based on the latest exam syllabus and real exam questions.

1 / 60

You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).
You need to ensure that Endpoint DLP policies can protect content on the computers.
Solution: You enroll the computers in Microsoft Intune.
Does this meet the goal?

2 / 60

You have a Microsoft 365 subscription that uses Microsoft Exchange Online. You need to receive an alert if a user emails sensitive documents to specific external domains. What should you create?

3 / 60

Your company has a Microsoft 365 tenant.
The company performs annual employee assessments. The assessment results are recorded in a document named AssessmentTemplate.docx that is created by using a Microsoft Word template. Copies of the employee assessments are sent to employees and their managers. The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive for Business folders. A copy of each assessment is also stored in a SharePoint Online folder named
Assessments.
You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users. You will use a document fingerprint to identify the assessment documents. The solution must minimize effort.
What should you include in the solution?

4 / 60

You are planning a data loss prevention (DLP) solution that will apply to computers that run Windows 10.
You need to ensure that when users attempt to copy a file that contains sensitive information to a USB storage device, the following requirements are met:
✑ If the users are members of a group named Group1, the users must be allowed to copy the file, and an event must be recorded in the audit log.
✑ All other users must be blocked from copying the file.
What should you create?

5 / 60

You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Built-in DLP inspection method and send alerts as email.
Does this meet the goal?

6 / 60

You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Data Classification service inspection method and send alerts as email.
Does this meet the goal?

7 / 60

You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add the application to the unallowed apps list.
Does this meet the goal?

8 / 60

You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add a folder path to the file path exclusions.
Does this meet the goal?

9 / 60

You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Cloud App Security portal, you create an app discovery policy.
Does this meet the goal?

10 / 60

A compliance administrator recently created several data loss prevention (DLP) policies.
After the policies are created, you receive a higher than expected volume of DLP alerts.
You need to identify which rules are generating the alerts.
Which DLP report should you use?

11 / 60

You have a Microsoft 365 tenant that has devices onboarded to Microsoft Defender for Endpoint as shown in the following table.

microsoft sc-400 exam demo question

 

 

 

 

 

 

You plan to start using Microsoft 365 Endpoint data loss protection (Endpoint DLP).
Which devices support Endpoint DLP?

12 / 60

You have a data loss prevention (DLP) policy that applies to the Devices location. The policy protects documents that contain United States passport numbers.
Users report that they cannot upload documents to a travel management website because of the policy.
You need to ensure that the users can upload the documents to the travel management website. The solution must prevent the protected content from being uploaded to other locations.
Which Microsoft 365 Endpoint data loss prevention (Endpoint DLP) setting should you configure?

13 / 60

You have a Microsoft 365 tenant that contains a Microsoft SharePoint Online site named Site1. You have the users shown in the following table.

microsoft sc-400 exam demo question

 

 

 

 

 

You create a data loss prevention (DLP) policy for Site1 that detects credit card number information. You configure the policy to use the following protection action:
✑ When content matches the policy conditions, show policy tips to users and send them an email notification.
You use the default notification settings.
To Site1, User1 uploads a file that contains a credit card number.
Which users receive an email notification?

14 / 60

You need to protect documents that contain credit card numbers from being opened by users outside your company. The solution must ensure that users at your company can open the documents. What should you use?

15 / 60

You need to provide a user with the ability to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The solution must use the principle of least privilege. Which role should you assign to the user?

16 / 60

You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has only the Exchange email location selected.
Does this meet the goal?

17 / 60

You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has all locations selected.
Does this meet the goal?

18 / 60

You create a data loss prevention (DLP) policy. The Advanced DLP rules page is shown in the Rules exhibit.

microsoft sc-400 exam demo question

 

 

 

 

 

 

 

 

 

The Review your settings page is shown in the Review exhibit.

microsoft sc-400 exam demo question

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

You need to review the potential impact of enabling the policy without applying the actions.
What should you do?

19 / 60

You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You configure a mail flow rule that matches a sensitive info type.
Does this meet the goal?

20 / 60

You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).
You need to ensure that Endpoint DLP policies can protect content on the computers.
Solution: You deploy the Endpoint DLP configuration package to the computers.
Does this meet the goal?

21 / 60

You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Build-in DLP inspection method and send alerts to Microsoft Power Automate.
Does this meet the goal?

22 / 60

You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Data Classification service inspection method and send alerts to Microsoft Power Automate.
Does this meet the goal?

23 / 60

You have a Microsoft 365 tenant that uses 100 data loss prevention (DLP) policies.
A Microsoft Exchange administrator frequently investigates emails that were blocked due to DLP policy violations.
You need recommend which DLP report the Exchange administrator can use to identify how many messages were blocked based on each DLP policy.
Which report should you recommend?

24 / 60

You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).
You need to ensure that Endpoint DLP policies can protect content on the computers.
Solution: You onboard the computers to Microsoft Defender for Endpoint.
Does this meet the goal?

25 / 60

You have a Microsoft 365 alert named Alert2 as shown in the following exhibit.

microsoft sc-400 exam demo question

 

 

 

 

 

You need to manage the status of Alert2. To which status can you change Alert2?

26 / 60

You have a Microsoft 365 E5 subscription.
You need to identify resumes that are stored in the subscription by using a built-in trainable classifier.
Solution: You create a data loss prevention (DLP) policy.
Does this meet the goal?

27 / 60

You have a Microsoft 365 E5 subscription.
You need to identify resumes that are stored in the subscription by using a built-in trainable classifier.
Solution: You create a retention policy.
Does this meet the goal?

28 / 60

You have a Microsoft 365 E5 subscription.
You need to identify resumes that are stored in the subscription by using a built-in trainable classifier.
Solution: You create an auto-labeling policy for a retention label.
Does this meet the goal?

29 / 60

You have a Microsoft 365 E5 subscription.
You need to identify resumes that are stored in the subscription by using a built-in trainable classifier.
Solution: You create an auto-labeling policy for a sensitivity label.
Does this meet the goal?

30 / 60

Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft Office 365 logo. What should you do to create the branding templates?

31 / 60

You are creating a custom trainable classifier to identify organizational product codes referenced in Microsoft 365 content.
You identify 300 files to use as seed content.
Where should you store the seed content?

32 / 60

You have a Microsoft 365 E5 subscription that has the trainable classifiers shown in the following table.

microsoft sc-400 exam demo question

 

 

 

 

Which trainable classifiers can you retrain?

33 / 60

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2. On January 1, you create the sensitivity label shown in the following table.

microsoft sc-400 exam demo question

 

 

 

 

 

On January 2, you publish Label1 to User1.
On January 3, User1 creates a Microsoft Word document named Doc and applies Label to the document.
On January 4, User2 edits Doc1.
On January 15, you increase the content expiry period for Label1 to 28 days.
When will access to Doc1 expire for User2?

34 / 60

You have a Microsoft 365 E5 subscription. You need to ensure that encrypted email messages sent to an external recipient can be revoked or will expire within seven days. What should you configure first?

35 / 60

You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company. What should you do?

36 / 60

You have a Microsoft 365 tenant that uses the following sensitivity labels:
• Confidential:
o Internal
o External
The labels are published by using a label policy named Policy1.
Users report that Microsoft Office for the web apps do not display the Sensitivity button. The Sensitivity button appears in Microsoft 365 Apps that are installed locally.
You need to ensure that the users can apply sensitivity labels to content when they use Office for the web apps.
What should you do?

37 / 60

You have a Microsoft 365 tenant.
You discover that email does NOT use Microsoft Office 365 Message Encryption (OME).
You need to ensure that OME can be applied to email.
What should you do first?

38 / 60

Your company has a Microsoft 365 tenant that uses a domain named contoso.com.
The company uses Microsoft Office 365 Message Encryption (OME) to encrypt email sent to users in fabrikam.com.
A user named User1 erroneously sends an email to [email protected].
You need to prevent [email protected] from accessing the email.
What should you do?

39 / 60

You have a Microsoft 365 tenant that uses Microsoft Office 365 Message Encryption (OME).
You need to ensure that any emails containing attachments and sent to [email protected] are encrypted automatically by using OME.
What should you do?

40 / 60

You create a custom sensitive info type that uses Exact Data Match (EDM). You plan to periodically update and upload the data used for EDM. What is the maximum frequency with which the data can be uploaded?

41 / 60

A user reports that she can no longer access a Microsoft Excel file named Northwind Customer Data.xlsx. From the Cloud App Security portal, you discover the alert shown in the exhibit.

microsoft sc-400 exam demo question

 

 

 

 

 

 

 

 

 

 

 

 

You restore the file from quarantine.
You need to prevent files that match the policy from being quarantined. Files that match the policy must generate an alert.
What should you do?

42 / 60

You have a Microsoft 365 E5 tenant that uses a domain named contoso.com.
A user named User1 sends link-based, branded emails that are encrypted by using Microsoft Office 365 Advanced Message Encryption to the recipients shown in the following table.

microsoft sc-400 exam demo question

 

 

 

 

 

 

For which recipients can User1 revoke the emails?

43 / 60

You need to test Microsoft Office 365 Message Encryption (OME) capabilities for your company. The test must verify the following information:
✑ The acquired default template names
✑ The encryption and decryption verification status
Which PowerShell cmdlet should you run?

44 / 60

You have a new Microsoft 365 tenant.
You need to ensure that custom trainable classifiers can be created in the tenant.
To which role should you be assigned to perform the configuration?

45 / 60

You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the following actions:
✑ Publish Sensitivity1.
✑ Create an auto-labeling policy for Sensitivity2.
You plan to create a file policy named Policy1 in Microsoft Cloud App Security.
Which sensitivity labels can you apply to Microsoft SharePoint Online in Policy1?

46 / 60

You have a Microsoft SharePoint Online site named Site1 that contains a document library. The library contains more than 1,000 documents. Some of the documents are job applicant resumes. All the documents are in the English language. You plan to apply a sensitivity label automatically to any document identified as a resume. Only documents that contain work experience, education, and accomplishments must be labeled automatically. You need to identify and categorize the resumes. The solution must minimize administrative effort. What should you include in the solution?

47 / 60

You have a Microsoft 365 subscription. You create a new trainable classifier. You need to train the classifier. Which source can you use to train the classifier?

48 / 60

You have a Microsoft 365 subscription that contains 100 users and a Microsoft 365 group named Group1. All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online. A sensitivity label named Label1 is published as the default label for Group1. You add two sublabels named Sublabel1 and Sublabel2 to Label1. You need to ensure that the settings in Sublabel1 are applied by default to Group1. What should you do?

49 / 60

You have a Microsoft 365 tenant that has data loss prevention (DLP) policies. You need to review DLP policy matches for the tenant. What should you use?

50 / 60

You have a Microsoft 365 E5 tenant that contains a user named User1. User1 is assigned the Compliance Administrator role. User1 cannot view the regular expression in the IP Address sensitive info type. You need to ensure that User1 can view the regular expression. What should you do?

51 / 60

You plan to implement Microsoft Office 365 Advanced Message Encryption. You need to ensure that encrypted email sent to external recipients expires after seven days. What should you create first?

52 / 60

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps. You need to ensure that you receive an alert when a user uploads a document to a third-party cloud storage service. What should you use?

53 / 60

You have a sensitive information type based on a trainable classifier.
You are unsatisfied with the result of the result of trainable classifier.
You need to retrain the classifier.
What should you use in the Microsoft 365 compliance center?

54 / 60

You have a Microsoft 365 E5 tenant. You need to add a new keyword dictionary. What should you create?

55 / 60

You plan to implement sensitivity labels for Microsoft Teams.
You need to ensure that you can view and apply sensitivity labels to new Microsoft Teams sites.
What should you do first?

56 / 60

You have a Microsoft 365 tenant.
You create the following:
✑ A sensitivity label
✑ An auto-labeling policy
You need to ensure that the sensitivity label is applied to all the data discovered by the auto-labeling policy.
What should you do first?

57 / 60

You receive an email that contains a list of words that will be used for a sensitive information type.
You need to create a file that can be used as the source of a keyword dictionary.
In which format should you save the list?

58 / 60

You have a Microsoft 365 tenant that uses trainable classifiers.
You are creating a custom trainable classifier.
You collect 300 sample file types from various geographical locations to use as seed content. Some of the file samples are encrypted.
You organize the files into categories as shown in the following table.

microsoft sc-400 exam demo question

 

 

 

 

 

 

Which file categories can be used as seed content?

59 / 60

You have a Microsoft OneDrive for Business folder that contains the files shown in the following table.

microsoft sc-400 exam demo question

 

 

 

 

In Microsoft Cloud App Security, you create a file policy to automatically apply a classification.
What is the effect of applying the policy?

60 / 60

You are implementing a data classification solution.
The research department at your company requires that documents containing programming code be labeled as Confidential. The department provides samples of the code from its document library. The solution must minimize administrative effort.
What should you do?

Your score is

The average score is 50%

By Wordpress Quiz plugin
CertEmpire White Footer Logo - Trusted Exam Dumps Provider

CERTEMPIRE is your one-stop shop to access IT Certification Exam Dumps. We have helped thousands of people achieve their dreams of becoming certified in their desired certifications through exam dumps that surely appear in exams. We can help you achieve your goals too.

[email protected]

Helpful links

top Vendors

Contact Us

[email protected]
Copyright © 2025 Cert Empire.
Shopping Cart
Scroll to Top

FLASH OFFER

Days
Hours
Minutes
Seconds

avail $6 DISCOUNT on YOUR PURCHASE

  • USE THE CODE GIVEN BELOW ON YOUR CHECKOUT
OFFME6