SC-400 Microsoft Information Protection Administrator Exam

200 Questions and Answers

Microsoft SC 400

SC-400 Microsoft Information Protection Administrator Exam Practice Test

Are you preparing for the SC-400 Microsoft Information Protection Administrator certification exam? This certification validates your skills in implementing Microsoft Information Protection solutions to help organizations secure sensitive data and ensure compliance. Passing this exam demonstrates your expertise in protecting organizational data through sensitivity labels, data loss prevention (DLP) policies, and information governance strategies across Microsoft 365 services.

What is the SC-400 Certification Exam?

The SC-400 exam is designed for information protection professionals who manage data security and compliance using Microsoft Purview solutions. The exam tests your knowledge and skills in classifying and protecting data, configuring data loss prevention policies, managing information governance, and responding to data security incidents. Earning this certification proves your ability to safeguard sensitive information in cloud and hybrid environments effectively.

What Will You Learn?

Preparing for the SC-400 exam will help you master key concepts, including:

  • Designing and implementing sensitivity labels to classify and protect data

  • Configuring and managing Data Loss Prevention (DLP) policies across Microsoft 365 services

  • Implementing information governance and retention policies to manage data lifecycle

  • Using Microsoft Purview tools to monitor and respond to data security risks

  • Managing encryption and access controls for sensitive content

  • Integrating Microsoft Defender for Cloud Apps and endpoint DLP for comprehensive protection

Covered Topics

Our practice test covers all critical domains of the SC-400 exam, including:

  • Information Protection Strategy and Planning

  • Sensitivity Labels and Label Policies

  • Data Loss Prevention Configuration

  • Information Governance and Retention

  • Endpoint Data Loss Prevention

  • Compliance and Reporting Tools

  • Integration with Microsoft Security Solutions

Why Choose Exam Sage for Your SC-400 Exam Preparation?

At Exam Sage, we understand the importance of thorough and effective exam preparation. Our SC-400 practice test is meticulously crafted by industry experts to reflect the latest exam objectives and real-world scenarios. Here’s why Exam Sage stands out:

  • Comprehensive Question Bank: Over 190+ carefully curated multiple-choice questions with detailed explanations help reinforce your understanding.

  • Up-to-Date Content: Regularly updated to keep pace with Microsoft’s evolving exam requirements and technology updates.

  • Detailed Explanations: Each question includes clear, easy-to-understand explanations to help you learn from your mistakes.

  • Real Exam Simulation: Practice in a test environment that mimics the actual exam format to build confidence.

  • Instant Access and Convenient Study: Available online 24/7 so you can study anytime, anywhere.

Prepare with Exam Sage and maximize your chances of passing the SC-400 Microsoft Information Protection Administrator exam on your first attempt. Secure your future as a certified information protection professional today!

Sample Questions and Answers

1. You need to create a sensitivity label that encrypts emails sent to external recipients. What must you do first?

A. Enable Azure Information Protection
B. Configure a mail flow rule
C. Publish the sensitivity label
D. Enable external access in the encryption settings

Answer: D
Explanation: To encrypt emails sent to external users, you must ensure external access is allowed in the label’s encryption settings.

2. What component is used in Microsoft Purview to detect sensitive information in Office documents and emails?

A. Compliance Manager
B. Content Search
C. Sensitive Info Types
D. Microsoft Defender for Cloud

Answer: C
Explanation: Sensitive Info Types are used to identify and classify content such as credit card numbers or social security numbers.

3. A user needs to apply sensitivity labels to files in SharePoint Online automatically. What should be configured?

A. Unified Audit Log
B. Auto-labeling policy in Microsoft Purview
C. Retention label policy
D. Insider risk policy

Answer: B
Explanation: Auto-labeling policies in Microsoft Purview enable automatic application of sensitivity labels to content in SharePoint and OneDrive.

4. Which permission must a user have to create a sensitivity label in Microsoft Purview Compliance Portal?

A. Security Reader
B. Compliance Administrator
C. Information Protection Administrator
D. Global Reader

Answer: C
Explanation: Only users with the Information Protection Administrator or Compliance Administrator roles can create and manage sensitivity labels.

5. What is the primary function of a DLP policy?

A. Encrypt data in transit
B. Prevent malware downloads
C. Detect and prevent data leaks
D. Monitor application performance

Answer: C
Explanation: Data Loss Prevention (DLP) policies are designed to monitor and prevent the unauthorized sharing of sensitive data.

6. Which portal is used to configure Insider Risk Management policies?

A. Microsoft Entra
B. Microsoft Defender Portal
C. Microsoft Purview Compliance Portal
D. Azure Portal

Answer: C
Explanation: Insider Risk Management is configured in the Microsoft Purview Compliance Portal.

7. Which license is required to use Microsoft Purview Information Protection auto-labeling features in Office apps?

A. Microsoft 365 F1
B. Microsoft 365 E3
C. Microsoft 365 E5 or A5
D. Microsoft 365 Business Basic

Answer: C
Explanation: Auto-labeling in Office apps requires Microsoft 365 E5 or A5 licensing.

8. How does Microsoft Purview determine a user’s access to labeled content?

A. SharePoint security group
B. Azure AD conditional access
C. Sensitivity label permissions
D. Microsoft Defender policies

Answer: C
Explanation: Sensitivity labels define rights and permissions through Azure RMS encryption, determining user access to labeled content.

9. What capability does double-key encryption offer in Microsoft 365?

A. Bypasses Microsoft encryption
B. Allows only Microsoft to decrypt data
C. Requires a second key stored outside Microsoft
D. Prevents file sharing in Teams

Answer: C
Explanation: Double-key encryption ensures that Microsoft cannot access the data unless both keys—one stored by the customer—are available.

10. A DLP policy reports a match on a OneDrive file. Where can you view the match details?

A. Microsoft Defender for Endpoint
B. Microsoft 365 Security Center
C. Microsoft Purview Compliance Portal – DLP Alerts
D. Azure Monitor

Answer: C
Explanation: DLP alerts and detailed reports are accessed through the DLP Alerts section in the Microsoft Purview Compliance Portal.

11. Which condition would trigger a DLP policy for a document in SharePoint Online?

A. File has been accessed more than 10 times
B. File contains a credit card number and is shared externally
C. File size exceeds 10 MB
D. File is read-only

Answer: B
Explanation: A typical DLP rule is triggered when a sensitive information type is detected and shared with unauthorized users.

12. What happens when a user applies a sensitivity label that uses encryption with user-defined permissions?

A. Permissions are inherited from the site
B. Users can customize the access level
C. Encryption is disabled
D. Label is not applied

Answer: B
Explanation: User-defined permissions allow users to define who can access the file and what level of permissions they get.

13. What audit capability does Microsoft Purview provide for sensitivity labels?

A. Tracks CPU usage of label application
B. Logs label changes in Unified Audit Log
C. Sends alerts to local SIEM
D. Prevents editing of audit records

Answer: B
Explanation: The Unified Audit Log captures events like label application, changes, and removals for auditing.

14. Which tool helps evaluate the effectiveness of your DLP policies before they go live?

A. Policy Simulator
B. Compliance Manager
C. Content Explorer
D. Policy Match Analyzer

Answer: A
Explanation: The DLP Policy Simulator allows you to test and refine DLP policies before enforcing them.

15. Which of the following is a benefit of trainable classifiers in Microsoft Purview?

A. Automatically encrypts files
B. Detects sensitive content based on prebuilt dictionaries
C. Learns to identify specific content patterns from examples
D. Monitors VPN usage

Answer: C
Explanation: Trainable classifiers use machine learning to identify content types by analyzing labeled training data.

16. Which capability allows you to block the copying of sensitive data to USB devices?

A. Endpoint DLP
B. Auto-labeling
C. Retention label
D. Conditional access

Answer: A
Explanation: Endpoint DLP allows organizations to monitor and control data actions like copy-paste and USB transfers.

17. What is the first step when creating a new DLP policy?

A. Set up user notifications
B. Select a location
C. Define rule severity
D. Assign labels

Answer: B
Explanation: The first step is selecting the location (e.g., Exchange, SharePoint, Teams) where the policy will apply.

18. Which location is not supported for DLP policies in Microsoft 365?

A. Exchange Online
B. Microsoft Teams
C. Azure SQL Database
D. OneDrive for Business

Answer: C
Explanation: Microsoft 365 DLP does not natively support Azure SQL Database. It supports workloads like Exchange, SharePoint, and Teams.

19. What allows a user to see which sensitivity label is applied to a document in Word?

A. Document Properties
B. Label Bar
C. File Audit Log
D. Footer

Answer: B
Explanation: The sensitivity label appears in the Label Bar within Office apps.

20. What happens when a label with encryption is applied to a file in SharePoint Online?

A. File becomes inaccessible to everyone
B. Permissions are overridden by the label
C. Label is ignored
D. File is permanently deleted after 30 days

Answer: B
Explanation: The label’s encryption settings override native SharePoint permissions, controlling access based on label configuration.

21. Which component provides real-time DLP alerts for Windows devices?

A. Microsoft Defender for Identity
B. Endpoint DLP
C. Azure Monitor
D. Microsoft Sentinel

Answer: B
Explanation: Endpoint DLP provides real-time monitoring and alerts for sensitive data activity on Windows endpoints.

22. What must be done before sensitivity labels can be used in Office apps?

A. Configure PowerShell scripts
B. Install the Azure Information Protection client
C. Publish the sensitivity labels in a policy
D. Enable user access through Intune

Answer: C
Explanation: Sensitivity labels need to be published using label policies before users can access them in Office apps.

23. What Microsoft 365 feature helps assess compliance with regulatory frameworks?

A. Insider Risk Management
B. Compliance Manager
C. Activity Explorer
D. eDiscovery

Answer: B
Explanation: Compliance Manager provides templates and assessments to help meet regulations like GDPR and HIPAA.

24. What’s the purpose of the Activity Explorer in Microsoft Purview?

A. Manage tenant-wide policies
B. View retention policies
C. Track sensitivity label activity
D. Assign compliance scores

Answer: C
Explanation: Activity Explorer provides visibility into labeling, DLP, and other compliance-related activities.

25. Which role is required to create and manage DLP policies?

A. Billing Administrator
B. Security Reader
C. Compliance Administrator
D. Teams Admin

Answer: C
Explanation: The Compliance Administrator role grants permissions to manage compliance solutions like DLP.

26. What happens if a DLP policy is set to test mode?

A. It is not deployed
B. It logs violations but takes no enforcement action
C. It blocks all data sharing
D. It encrypts all files

Answer: B
Explanation: Test mode allows organizations to monitor policy matches without taking enforcement actions.

27. You need to find documents containing sensitive information in your organization. What should you use?

A. eDiscovery Advanced
B. Content Explorer
C. Cloud App Security
D. Threat Explorer

Answer: B
Explanation: Content Explorer provides a real-time view of sensitive data across Microsoft 365 locations.

28. Which sensitivity label feature allows content expiration?

A. Double-key encryption
B. Label priority
C. Content marking
D. Encryption with content expiration date

Answer: D
Explanation: Labels configured with encryption can specify content expiration, revoking access after a set period.

29. How can you identify potential insider threats?

A. Audit logs
B. Azure Sentinel
C. Insider Risk Management policies
D. Microsoft Defender Antivirus

Answer: C
Explanation: Insider Risk Management detects risky behavior using user activities and risk indicators.

30. What is the purpose of label priority in Microsoft Purview?

A. To enforce licensing hierarchy
B. To resolve conflicts when multiple labels are applied
C. To determine user permissions
D. To block policy overrides

Answer: B
Explanation: Label priority helps resolve conflicts when multiple sensitivity labels could apply to the same content.

e can be used in Content Explorer?

A. Microsoft Teams private chat
B. Yammer Enterprise
C. SharePoint Online
D. Windows Event Logs

Answer: C
Explanation: Content Explorer can scan content in SharePoint Online, OneDrive, and Exchange, showing where sensitive info is stored.

34. What tool provides a centralized dashboard for monitoring compliance across Microsoft 365?

A. Microsoft Defender for Endpoint
B. Compliance Manager
C. Azure AD Identity Protection
D. Power Automate

Answer: B
Explanation: Compliance Manager offers a central dashboard with compliance scores, improvement actions, and regulatory mapping.

35. Which DLP policy action allows users to report false positives?

A. Policy simulation
B. End-user override
C. User notification
D. Policy tips with reporting

Answer: D
Explanation: Policy tips with reporting give users the option to report a message or document as a false positive, which admins can review.

36. Where are trainable classifiers created and managed?

A. Security & Compliance Center
B. Azure Sentinel
C. Microsoft Purview Compliance Portal
D. Microsoft Defender for Cloud

Answer: C
Explanation: Trainable classifiers are built, trained, and managed in the Microsoft Purview Compliance Portal.

37. Which license is required to use Insider Risk Management?

A. Microsoft 365 Business Standard
B. Office 365 E1
C. Microsoft 365 E5
D. Microsoft 365 F3

Answer: C
Explanation: Microsoft 365 E5 (or add-on licensing) is required for full Insider Risk Management capabilities.

38. What is the purpose of the “Justification required” setting on a label downgrade?

A. Track label usage in audit logs
B. Notify admins of label changes
C. Prevent accidental label removal
D. Require user explanation when lowering protection

Answer: D
Explanation: “Justification required” prompts users to explain why they are reducing the sensitivity level, ensuring accountability.

39. Which data classification feature uses pattern matching for PII?

A. Sensitivity labels
B. Sensitive info types
C. Retention policies
D. Insider risk indicators

Answer: B
Explanation: Sensitive info types use pattern matching, checksums, and keyword matching to detect personal or sensitive data.

40. What can be applied to content via Microsoft Cloud App Security to enforce DLP controls?

A. Sensitivity labels
B. Session policies
C. Retention labels
D. Insider alerts

Answer: B
Explanation: Session policies in Microsoft Defender for Cloud Apps (formerly MCAS) control user actions like downloads in real time.

41. In Microsoft Purview, what does the Information Protection Scanner do?

A. Scans Teams messages
B. Analyzes endpoint telemetry
C. Scans on-premises file shares
D. Classifies Yammer messages

Answer: C
Explanation: The Information Protection Scanner scans on-premises repositories for sensitive content and applies labels.

42. What action does Endpoint DLP support on attempted USB file transfers?

A. Log only
B. Block with or without override
C. Encrypt and notify
D. Transfer to quarantine

Answer: B
Explanation: Endpoint DLP can block, block with override, or audit actions like transferring sensitive files to USB devices.

43. What type of policy identifies risky behavior like mass downloads?

A. Insider Risk Management policy
B. Conditional access policy
C. Retention policy
D. Audit policy

Answer: A
Explanation: Insider Risk Management detects and investigates anomalous user behavior such as mass file downloads or data exfiltration.

44. Where do you define conditions for auto-applying retention labels?

A. Microsoft Sentinel
B. Microsoft Purview – Records Management
C. Azure Information Protection client
D. SharePoint admin center

Answer: B
Explanation: Auto-application of retention labels is defined in the Records Management section of Microsoft Purview.

45. What capability in Purview helps classify dark data?

A. Data connectors
B. Trainable classifiers
C. Content Explorer
D. Cloud Discovery

Answer: B
Explanation: Trainable classifiers are ideal for finding and classifying dark data — unstructured data that standard classifiers may miss.

46. What are “Microsoft 365 Locations” in a DLP policy?

A. Regions of user sign-in
B. Microsoft data centers
C. Services where policies apply (e.g., Exchange, SharePoint)
D. Office app installations

Answer: C
Explanation: In DLP, locations refer to services like Exchange, OneDrive, and SharePoint where the policy is enforced.

47. When a file is labeled and encrypted, how is access enforced?

A. Based on Azure AD group membership
B. Through device compliance
C. By Microsoft Defender Antivirus
D. By Microsoft Sentinel SIEM rules

Answer: A
Explanation: Encryption settings in sensitivity labels are tied to Azure AD users and groups, determining file access.

48. What happens if a user applies a sensitivity label with content marking?

A. It sends the file to quarantine
B. Adds headers, footers, or watermarks
C. Encrypts the file using a digital certificate
D. Disables file sharing

Answer: B
Explanation: Content marking applies visible markings like headers, footers, and watermarks to emphasize data classification.

49. What type of rule can detect sharing of customer PII data in email?

A. Retention label rule
B. DLP rule
C. Records management policy
D. eDiscovery case

Answer: B
Explanation: A DLP rule can detect sharing of Personally Identifiable Information (PII) in emails and prevent it.

50. What is a benefit of using DLP policy templates?

A. No need to define conditions
B. Includes preset conditions for common regulations
C. Encrypts data automatically
D. Provides license recommendations

Answer: B
Explanation: DLP templates offer pre-configured policies aligned with standards like PCI-DSS, HIPAA, or GDPR.

51. What must you configure to allow end users to apply sensitivity labels in Office apps?

A. Enable Azure Defender
B. Create retention policies
C. Publish sensitivity label policies
D. Install compliance center connector

Answer: C
Explanation: Sensitivity labels must be published using label policies before users can apply them in apps like Word or Outlook.

52. What happens when a sensitivity label with encryption is applied to an email?

A. All recipients are required to authenticate
B. Recipients can forward the message freely
C. The email is stored in quarantine
D. It’s automatically converted to PDF

Answer: A
Explanation: Encrypted emails require authentication, and access is controlled by label permissions.

53. Which Microsoft 365 component evaluates label analytics like usage trends?

A. Audit Log
B. Compliance Score
C. Activity Explorer
D. Information Protection Analytics

Answer: D
Explanation: Information Protection Analytics provides insights into label usage, frequency, and trends.

54. What’s the result of enabling auto-labeling for Exchange Online?

A. All messages are encrypted
B. Messages with sensitive content are labeled automatically
C. Exchange retention tags are overridden
D. User overrides are disabled

Answer: B
Explanation: Auto-labeling in Exchange Online applies labels automatically to emails containing sensitive information.

55. What setting allows users to override a DLP block action with justification?

A. End-user override with justification
B. Policy tips only
C. Label downgrade prompt
D. Justification logging

Answer: A
Explanation: End-user override with justification enables users to bypass DLP restrictions by providing a reason.

56. Where can you track user interactions with sensitivity labels across the tenant?

A. Microsoft Sentinel
B. Azure Monitor
C. Activity Explorer
D. SharePoint Audit Logs

Answer: C
Explanation: Activity Explorer provides visibility into how users are applying, changing, or removing sensitivity labels.

57. What tool would you use to find sensitive content in unstructured data on a file server?

A. Compliance Manager
B. Azure AD Connect
C. Information Protection Scanner
D. Defender for Identity

Answer: C
Explanation: The Information Protection Scanner scans on-premises repositories like file servers for sensitive data.

58. In a DLP policy, what is an “incident report”?

A. A blocked file
B. A report of a user violation
C. A daily summary of endpoint activity
D. An antivirus alert

Answer: B
Explanation: An incident report is generated when a DLP policy detects and logs a potential violation, such as sharing sensitive data.

59. What defines how long content must be retained or deleted in Microsoft 365?

A. Retention label
B. Sensitivity label
C. DLP policy
D. Insider risk policy

Answer: A
Explanation: Retention labels determine how long content is kept, and whether it should be deleted after a period.

60. You want to limit email forwarding when sending classified data. What should you use?

A. Retention policy
B. DLP rule
C. Sensitivity label with encryption
D. eDiscovery hold

Answer: C
Explanation: Sensitivity labels with encryption settings can prevent forwarding, copying, and printing for classified messages.

You may also like...