Microsoft SC-400 Exam Dumps & Questions 2025
Microsoft SC-400 Exam Dumps & Questions 2025
Visit Official SkillCertPro Website :-
For a full set of 470 questions. Go to
https://skillcertpro.com/product/microsoft-sc-400-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
You have a Microsoft 365 tenant that uses records management.
You use a retention label to mark legal files stored in a Microsoft SharePoint Online document library as regulatory records.
What can you do to the legal files?
A. Remove the retention label of the files.
B. Move the files to a different folder within the document library.
C. Edit the properties of the files.
D. Delete the content from the files.
Answer: B
Explanation:
When content is declared a regulatory record, restrictions are placed on the items in terms of what actions are allowed or blocked. Most actions are blocked except:
✑ Copy
✑ Open/Read
✑ Move within container
Note: Containers include SharePoint document libraries, OneDrive accounts, and Exchange mailboxes.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Move the files to a different folder within the document library.
2. Copy the content of the files.
Other incorrect answer options you may see on the exam include the following:
1. Change the retention label of the files.
2. Rename the files.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide
Question 2:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You configure a mail flow rule that matches the text patterns.
Does this meet the goal?
A.Yes
B.No
Answer: B
Explanation:
Using the “text patterns“ condition in the Exchange transport rule would not work. The condition to be used in the Exchange transport rule would be “The message contains any of this sensitive information…“ and select the Sensitive Info Type “Azure Account Storage Key“.
Question 3:
Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft Office 365 logo.
What should you do to create the branding templates?
A. Run the New-OMEConfiguration cmdlet.
B. Create an RMS template.
C. Create a Transport rule.
D. Run the Set-IRMConfiguration cmdlet.
Answer: A
Explanation:
Configuring Custom Branding for Office 365 Message Encryption (OME)
To create a new branding configuration for a specific domain, use the New-OMEConfiguration cmdlet:
New-OMEConfiguration -Identity "Office 365 IT Pros“
After creating the configuration, use the Set-OMEConfiguration cmdlet to customize aspects of the notification message, such as:
• Custom images (replacing the default Office 365 logo)
• Text strings displayed in different sections of the notification
• Expiration period for messages
Example Command
The following command:
✅ Sets four different text strings
✅ Adds a custom image (max size: 170 x 170 pixels)
✅ Defines a 10-day expiration period for messages sent using the template
Set-OMEConfiguration -Identity "Office 365 IT Pros" `
-DisclaimerText "Office 365 for IT Pros takes no responsibility for this portal." `
-PortalText "Office 365 for IT Pros Secure Messaging" `
-EmailText "Good things happen when you protect email" `
-ExternalMailExpiryInDays 10 `
-IntroductionText "has sent you a secret message" `
-Image (Get-Content "C:\Temp\SmallBookCover.jpg" -Encoding byte)
For more details, refer to the official Microsoft documentation on Office 365 Message Encryption (OME).
Question 4:
You receive an email that contains a list of words that will be used for a sensitive information type.
You need to create a file that can be used as the source of a keyword dictionary.
In which format should you save the list?
A. a JSON file that has an element for each word
B. an ACCDB database file that contains a table named Dictionary
C. a text file that has one word on each line
D. an XLSX file that contains one word in each cell of the first row
Answer: C
Explanation:
Keyword dictionaries can be created either from a text file or from csv file.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. a CSV file that contains words separated by commas
2. a text file that has one word on each line
Other incorrect answer options you may see on the exam include the following:
✑ a TSV file that contains words separated by tabs
✑ a DOCX file that has one word on each line
✑ an XML file that contains a keyword tag for each word
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-worldwide
Question 5:
You have a Microsoft 365 tenant that uses 100 data loss prevention (DLP) policies.
A Microsoft Exchange administrator frequently investigates emails that were blocked due to DLP policy violations.
You need recommend which DLP report the Exchange administrator can use to identify how many messages were blocked based on each DLP policy.
Which report should you recommend?
A. DLP incidents
B. Third-party DLP policy matches
C. False positive and override
D. DLP policy matches
Answer: D
Explanation:
Understanding DLP Policy Matches and Incidents Reports
1. DLP Policy Matches Report
The DLP Policy Matches Report displays the count of Data Loss Prevention (DLP) policy matches over time. It provides insights into how often specific policies are triggered.
2. DLP Incidents Report
Similar to the Policy Matches Report, the DLP Incidents Report also tracks policy matches over time but at the rule level. The key difference is in how matches are counted:
• Policy Matches Report: Counts each rule match separately. If an email triggers three different rules, it appears as three separate entries.
• Incidents Report: Counts matches at the item level. If an email triggers three different rules, it appears as a single entry in the report.
3. Summary & Best Use Cases
• The DLP Policy Matches Report is ideal for fine-tuning DLP policies by identifying specific rules that generate matches.
The DLP Incidents Report helps in analyzing specific content causing policy violations, making it useful for investigating compliance issues.
For a full set of 470 questions. Go to
https://skillcertpro.com/product/microsoft-sc-400-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
You have a Microsoft 365 tenant that uses Microsoft Office 365 Message Encryption (OME).
You need to ensure that any emails containing attachments and sent to user1@contoso.com are encrypted automatically by using OME.
What should you do?
A. From the Exchange admin center, create a new sharing policy.
B. From the Microsoft 365 compliance center, configure an auto-apply retention label policy.
C. From the Microsoft 365 security center, create a Safe Attachments policy.
D. From the Exchange admin center, create a mail flow rule.
Answer: D
Explanation:
You can create mail flow rules to help protect email messages you send and receive. You can set up rules to encrypt any outgoing email messages and remove encryption from encrypted messages coming from inside your organization or from replies to encrypted messages sent from your organization.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-worldwide
Question 7:
You have a Microsoft 365 tenant.
You discover that email does NOT use Microsoft Office 365 Message Encryption (OME).
You need to ensure that OME can be applied to email.
What should you do first?
A. Create an Azure key vault.
B. Activate Azure Rights Management (Azure RMS).
C. Activate Azure Information Protection.
D. Enable Microsoft Defender for Office 365.
Answer: B
Explanation:
Verifying and Activating Azure RMS and IRM in Microsoft 365
By default, Azure Rights Management Service (Azure RMS) and Information Rights Management (IRM) capabilities should be activated for any Microsoft 365 tenant. However, if Azure RMS has been deactivated, you can verify and reactivate it using PowerShell.
1. Check IRM Configuration
Run the following PowerShell cmdlet to check whether Azure RMS is enabled for your tenant:
Get-IRMConfiguration | fl AzureRMSLicensingEnabled
• If the AzureRMSLicensingEnabled parameter returns $False, it means Azure RMS is disabled.
2. Activate Azure RMS for Your Tenant
To enable Azure RMS and Office Message Encryption (OME), execute the following command:
Set-IRMConfiguration -AzureRMSLicensingEnabled $True
Once enabled, your tenant will be able to use IRM-protected emails and documents across Microsoft 365.
Question 8:
You plan to implement sensitivity labels for Microsoft Teams.
You need to ensure that you can view and apply sensitivity labels to new Microsoft Teams sites.
What should you do first?
A. Configure the EnableMIPLabels Azure Active Directory (Azure AD) setting.
B. Run the Set-SPOSite cmdlet.
C. Run the Execute-AzureAdLabelSync cmdlet.
D. Create a new sensitivity label scoped to Groups & sites.
Answer: A
Explanation:
Enabling Sensitivity Label Support in Microsoft 365
To enable sensitivity labels for Microsoft Teams, Microsoft 365 Groups, and SharePoint Sites, follow the outlined steps:
Step 1: Enable Sensitivity Label Support
Refer to the Azure AD documentation for detailed instructions:
🔗 Enable Sensitivity Label Support in Azure AD
Step 2: Enable the "EnableMIPLabels" Feature
Within the Azure AD settings, ensure the following feature is set to True:
"EnableMIPLabels" = "True"
Step 3: Run the AzureAdLabelSync Cmdlet
After enabling EnableMIPLabels, execute the AzureAdLabelSync cmdlet to synchronize sensitivity labels with Azure AD.
Step 4: Verify & Troubleshoot
• If you encounter issues, refer to Troubleshooting Step #3 in the documentation.
• After Step #5, ensure that sensitivity labels are synchronized to Azure AD.
Step 5: Create a New Group (If Needed)
Once the labels are synchronized, navigate to Azure AD > Groups, and select New Group if required.
For more details, refer to:
🔗 Microsoft 365 Sensitivity Labels Documentation
Question 9:
A compliance administrator recently created several data loss prevention (DLP) policies.
After the policies are created, you receive a higher than expected volume of DLP alerts.
You need to identify which rules are generating the alerts.
Which DLP report should you use?
A. Third-party DLP policy matches
B. DLP policy matches
C. False positive and override
D. DLP incidents
Answer: B
Explanation:
Understanding DLP Reports in Microsoft 365
When analyzing Data Loss Prevention (DLP) reports, it's important to understand their specific purposes:
• Policy Matches Report: Best for identifying matches with specific rules and fine-tuning DLP policies.
• Incidents Report: More effective for identifying specific pieces of content that are problematic for your DLP policies.
For more details, refer to the official documentation:
🔗 View the DLP Reports in Microsoft 365
Question 10:
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.
You need to implement a records management solution for the files stored on Site1. The solution must meet the following requirements:
• The files must be retained for seven years.
• Files older than seven years must be deleted automatically.
What should you use to manage the files?
A.a label policy
B.an adaptive scope
C.a file plan
D.a disposition review
Answer: C
Explanation:
A file plan is the correct solution to manage the retention and deletion of files on Site1. It allows you to define specific retention rules for different types of content, ensuring that files are retained for the appropriate duration and then deleted automatically.
Here’s why the other options are incorrect:
A. a label policy: Label policies are used to classify and protect sensitive information. While they can be used to define retention policies, they are not the best fit for simple retention scenarios like this one.
B. an adaptive scope: Adaptive scopes are used to automatically identify and classify content based on specific criteria. They are not directly related to file retention and deletion.
D. a disposition review: Disposition reviews are manual processes for reviewing and approving the disposition of records. They are not suitable for automatic file deletion.
For a full set of 470 questions. Go to
https://skillcertpro.com/product/microsoft-sc-400-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.