Microsoft SC-401 Exam Practice Test Instant Access

Question 1

You have a Microsoft J65 subscription linked to a Microsoft Entra tenant that contains a user named User1. You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege. Which role should you assign to User1?

Athe Security Reader role in the Microsoft Entra admin center

Bthe Compliance Management role in the Exchange admin center

Cthe View Only Audit Logs role in the Exchange admin center

Dthe Reviewer role in the Microsoft Purview portal

Answer : C

Question 2

You have a Microsoft 565 subscription that contains 100 users and a Microsoft 365 group named Group1. All users have Windows 11 devices and use Microsoft SharePoint Online and Exchange Online. A sensitivity label named Label! is published as the default label for Group1. You add two sublabels named Sublabel1 and Sublabel2 lo Label1. You need to ensure that the settings in Sublabel 1 are applied by default to Group 1. What should you do?

AChange the order of Sublabel!

BDuplicate all the settings from Sublabel! to Label1.

CModify the policy of Label1.

DDelete the policy of Label1 and publish Sublabel1.

Answer : C

Question 3

You have a Microsoft 365 E5 tenant that uses a domain named contoso.com.

A user named User 1 sends link based, branded emails that are encrypted by using Microsoft Purview Advanced Message Encryption to the recipients shown in the following table.

For which recipients Can User1 revoke the emails?

ARecipient1 only

BRecipient4 only

CReciptent1 and Recipient^ only

DReclpient3 and Recipients only

EReciptent1, Recipient2. Recipient3, and Recipient4

Answer : D

Question 4

You implement Microsoft 36S Endpoint data loss pi event ion (Endpoint DIP).

You have computer that run Windows 11 and have Microsoft 365 Apps instated The computers are joined to a Microsoft Entra

tenant

You need to ensure that endpoint DIP policies can protect content on the computers.

Solution: You deploy the Microsoft Purview Information Protection client to the computers.

Does this meet the goal?

AYes

BYes

Answer : B

Question 5

You have a Microsoft 36S ES subscription

You plan to create an met data match (EDM) classifier named EDM1.

You need to grant permissions to hash and upload the sensitive ^formation source table for EDMI. What should you create first?

Aa Microsoft Entra enterprise application named EDM.DataUploaders

Ba Microsoft Purview role group named EDM.DataUploaders

Ca security group named EDM.DataUploaders

Da Microsoft Entra app registration named EDM.DataUploaders

Da Microsoft 365 group named EDM.Datauploaders

Answer : C

Question 6

You need to meet the technical requirements for the creation of the sensitivity labels.

To which user or users must you assign the Sensitivity Label Administrator role?

AAdmin1 only

BAdmin1 and Admin4 only

CAdmin1 and Admin5 only

DAdmin1, Admin2, and Admin3 only

EAdmin1, Admin2, Admin4, and Admin5 only

Answer : D

To meet the requirement that all administrative users must be able to create Microsoft 365 sensitivity labels, we need to assign the Sensitivity Label Administrator role to the correct users.

Sensitivity Label Administrator Role Responsibilities

This role allows users to:

Create and manage sensitivity labels in Microsoft Purview.

Publish and configure auto-labeling policies.

Modify label encryption and content marking settings.

Review of Admin Roles from the Table:

Users that must be assigned the Sensitivity Label Administrator role:

Admin2 (Compliance Data Administrator)

Admin3 (Compliance Administrator)

Admin1 (Global Reader) (should be assigned this role to fulfill the requirement that all admins can create labels).

Question 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You recently discovered that the developers at your company emailed Azure Storage Account keys in plain text to third parties.

You need to ensure that when Azure Storage Account keys are emailed, the emails are encrypted.

Solution: You configure a mail flow rule that matches the text patterns.

Does this meet the goal?

AYes

BNo

Answer : B

To ensure Azure Storage Account keys are encrypted when sent via email, you need a Data Loss Prevention (DLP) policy that detects Azure Storage Account keys using a sensitive information type and automatically encrypts emails containing these keys.

Text patterns in mail flow rules are not as reliable as sensitive information types in DLP.

Mail flow rules lack advanced content detection and machine learning-based classification, making them less effective than DLP.

Microsoft SC-401 Administering Information Security in Microsoft 365 Exam Practice Test