Microsoft SC-401 Exam Practice Test Instant Access

Question 1

You have a Microsoft 565 E5 subscription.

You plan to use Microsoft Purview insider risk management.

You need to create an insider risk management policy that will detect data theft from Microsoft SharePoint Online by users that submitted their resignation or are near their employment termination date.

What should you do first?

AConfigure a HR data connector.

BConfigure Office indicators.

CConfigure a Physical badging connector.

DOnboard devices to Microsoft Defender for Endpoint.

Answer : A

Question 2

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant and 500 computers that run Windows 11. The computers are onboarded to Microsoft Purview.

You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.

You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.

Solution: From Microsoft Defender for Cloud Apps, you create an app discovery policy.

Does this meet the goal?

AYes

BNo

Answer : B

Creating an app discovery policy in Microsoft Defender for Cloud Apps is used for detecting and monitoring cloud application usage, but it does not prevent a locally installed application (Tailspin_scanner.exe) from accessing sensitive files on Windows 11 devices.

To block Tailspin_scanner.exe from accessing sensitive documents while allowing it to access other files, the correct solution is to use Microsoft Purview Endpoint Data Loss Prevention (Endpoint DLP) and add Tailspin_scanner.exe to the Restricted Apps list.

Endpoint DLP allows you to block specific applications from accessing sensitive files while keeping general access available. Restricted Apps List in Endpoint DLP ensures that Tailspin_scanner.exe cannot open, copy, or process protected documents, but it can still function normally for non-sensitive content.

Question 3

You have a Microsoft 365 E5 tenant.

You need to add a new keyword dictionary.

What should you create?

Aa trainable classifier

Ba retention policy

Ca sensitivity label

Da sensitive info type

Answer : D

To add a new keyword dictionary in Microsoft Purview Data Loss Prevention (DLP), you must create a Sensitive Information Type (SIT).

Sensitive Info Types (SITs) allow you to define custom detection rules, including keyword dictionaries, regular expressions, and functions for identifying sensitive content in emails, documents, and other Microsoft 365 locations. A keyword dictionary is a list of predefined words/phrases that Microsoft Purview can use to identify and classify content for DLP policies.

Steps to add a keyword dictionary:

1. Go to Microsoft Purview compliance portal

2. Navigate to Data classification > Sensitive info types

3. Create a new sensitive info type

4. Add a keyword dictionary

5. Save and use it in a DLP policy

Question 4

You have a Microsoft 365 E5 subscription that contains a user named User1. You deploy Microsoft Purview Data Security Posture Management for AD (DSPM for AD). You need to ensure that User1 can verify the auditing status of the subscription. The solution must follow the principle of least privilege. To which role group should you add User1?

AInsider Risk Management Analysts

BSecurity Reader

CInsider Risk Management Investigators

DView-Only Organization Management for Microsoft Exchange Online

Answer : B

Question 5

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.

In the Microsoft Purview portal, you create a content search named Conlent1 and configure the search conditions as shown in the following exhibit.

Which files will be returned by Content1?

AFile2.docx only

BFile3.docx only

CFile1.docx and File2.docx only

DFile1 .docx and File3.docx only

EFile1 .docx, File2.docx, and File3.docx

Answer : B

Question 6

You have Microsoft 365 E5 subscription that uses data loss prevention (DLP) to protect sensitive information.

You have a document named Form.docx.

You plan to use PowerShell to create a document fingerprint based on Form.docx.

You need to first connect to the subscription.

Which cmdlet should you run?

AConnect-IPPSSession

BConnect-SPOService

CConnect-ExchangeOnline

DConnect-MgGraph

Answer : A

To create a document fingerprint in Microsoft 365 Data Loss Prevention (DLP), you need to use PowerShell for Microsoft Purview. The correct cmdlet to connect to the Microsoft 365 Security & Compliance Center (where DLP policies are managed) is Connect-IPPSSession. This cmdlet establishes a PowerShell session to manage DLP policies, compliance settings, and document fingerprinting.

Question 7

You need to create a retention policy to delete content after seven years from the following locations:

* Exchange Online email

* SharePoint Online sites

* OneDrive accounts

* Microsoft 365 Groups

* Teams channel messages

* Teams chats

What is the minimum number of retention policies that you should create?

Answer : B

Microsoft Administering Information Security in Microsoft 365 SC-401 Exam Practice Test