Microsoft SC-401 Exam Practice Test Instant Access

Question 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You recently discovered that the developers at your company emailed Azure Storage Account keys in plain text to third parties.

You need to ensure that when Azure Storage Account keys are emailed, the emails are encrypted.

Solution: You configure a mail flow rule that matches a sensitive info type.

Does this meet the goal?

AYes

BNo

Answer : B

To ensure Azure Storage Account keys are encrypted when sent via email, you need a Data Loss Prevention (DLP) policy that detects Azure Storage Account keys using a sensitive information type and automatically encrypts emails containing these keys.

Mail flow rules (transport rules) can detect sensitive info, but they are limited in encryption capabilities.

DLP policies provide more advanced protection and integration with Microsoft Purview for sensitive info detection.

Question 2

You have a Microsoft 365 subscription.

You have a user named User1 Several users have full access to the mailbox of User1.

Some email messages sent to User 1 appeal to have been read and deleted before the user viewed them

When you search the audit log in the Microsoft Purview portal to identify who signed in to the mailbox of User l. the results are blank.

You need to ensure that you can view future sign-ins to the mailbox of User1.

Solution: You run the Set-AuditConfig -Workload Exchange command.

Does that meet the goal?

AYes

BNo

Answer : A

Question 3

You need to meet the technical requirements for the creation of the sensitivity labels.

To which user or users must you assign the Sensitivity Label Administrator role?

AAdmin1 only

BAdmin1 and Admin4 only

CAdmin1 and Admin5 only

DAdmin1, Admin2, and Admin3 only

EAdmin1, Admin2, Admin4, and Admin5 only

Answer : D

To meet the requirement that all administrative users must be able to create Microsoft 365 sensitivity labels, we need to assign the Sensitivity Label Administrator role to the correct users.

Sensitivity Label Administrator Role Responsibilities

This role allows users to:

Create and manage sensitivity labels in Microsoft Purview.

Publish and configure auto-labeling policies.

Modify label encryption and content marking settings.

Review of Admin Roles from the Table:

Users that must be assigned the Sensitivity Label Administrator role:

Admin2 (Compliance Data Administrator)

Admin3 (Compliance Administrator)

Admin1 (Global Reader) (should be assigned this role to fulfill the requirement that all admins can create labels).

Question 4

You have a Microsoft 36S ES subscription that contains a Windows 11 device named Device 1 and three users named User 1. User2. and User3.

You plan to deploy Azure Information Protection (AIP) and the Microsoft Purview Information Protection client to Device 1.

You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment

* User 1 will test the functionality of the client.

* User2 will install and configure the Microsoft Rights Management connector.

* User3 will be configured as the service account for the information protection scanner.

The solution must maximize the security of the sign-in process for the users What should you do?

AExclude User2 and User3 from multifactor authentication (MfA).

BEnable User? and Usex3 for passwordless authentication.

CExclude User1 and User? from multifactor authentication (Mf A}

DEnable User1. User I and User 3 for passkey (FIDO2) authentication

Answer : B

Question 5

At the end of a project, you upload project documents to a Microsoft SharePoint Online library that contains many files. The following is a sample of the project document file names:

* aei_AA989.docx

* bd_WS098.docx

* cei_DF112.docx

* ebc_QQ454.docx

* ecc_BB565.docx

All documents that use this naming format must be labeled as Project Documents:

You need to create an auto-apply retention label policy.

What should you use to identify the files?

AA retention label

BA trainable classifier

CA sensitive info type

Answer : C

Question 6

You have a Microsoft 365 E5 subscription that contains 500 Windows devices.

You plan to deploy Microsoft Purview Data Security Posture Management for AI (DSPM for AI).

You need to ensure that you can monitor user activities on third-party generative AI websites.

Which two prerequisites should you complete for DSPM for AI? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AInstall the Microsoft Purview extension on the devices.

BCreate a data leaks policy.

COnboard the devices to Microsoft Purview.

DCreate a communication compliance policy.

ECreate an Endpoint data loss prevention (Endpoint DLP) policy.

FEnroll the devices in Microsoft Intune.

Answer : A, C

Question 7

You have a Microsoft 365 E5 subscription.

You create a data loss prevention (DLP) policy and select.

Use Notifications to inform your users and help educate them on the proper use of sensitive info.

Which apps will show the policy tip?

AOutlook on the web only

BOutlook Win32 only

COutlook for iOS and Android only

DOutlook on the web and Outlook Win32 only

EOutlook Win32 and Outlook for iOS and Android only

FOutlook on the web. Outlook Win32, and Outlook for iOS and Android

Answer : D

Microsoft Administering Information Security in Microsoft 365 SC-401 Exam Practice Test