Free SC-401 Sample Questions — Administering Information Security in Microsoft 365

You have a Microsoft 365 E5 subscription that contains two Microsoft SharePoint Online sites named Site1 and Site2. You plan to configure a retention label named Label1 and apply Label1 to all the files in Site1. You need to ensure that two years after a file is created in Site1, the file moves automatically to Site2. How should you configure the Choose what happens after the retention period setting for Label1?

• A. Deactivate retention settings
• B. Run a Power Automate flow
• C. Start a disposition review
• D. Change the label

You have a Microsoft 365 E5 subscription that contains a user named User1. You need to ensure that all email messages that contain attachments are encrypted automatically by using Microsoft Purview Message Encryption. What should you create?

• A. a mail flow rule
• B. a sensitivity label
• C. a data loss prevention (DLP) policy
• D. an information barrier segment

You have a Microsoft 365 subscription. You need to customize encrypted email for the subscription. The solution must meet the following requirements. Ensure that when an encrypted email is sent, the email includes the company logo. Minimize administrative effort. Which PowerShell cmdlet should you run?

• A. Set-IRMConfiguration
• B. Set-OMEConfiguration
• C. Set-RMSTemplate
• D. New-OMEConfiguration

You need to create a retention policy to retain all the files from Microsoft Teams channel conversations and private chats. Which two locations should you select in the retention policy? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Microsoft 365 groups
• B. Exchange email
• C. Team channel messages
• D. SharePoint sites
• E. OneDrive accounts
• F. Team chats

You have a Microsoft 365 E5 subscription that has a sensitivity label named Sensitivity1. You plan to create an auto-labeling policy that will apply Sensitivity1 to Microsoft Exchange Online mailboxes. On February 1, you create the auto-labeling policy and enable simulation mode by using the default settings. No modifications are made to the policy in simulation mode. When will the policy first be turned on?

• A. February 2
• B. February 6
• C. February 15
• D. never

You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. From Microsoft Defender for Cloud Apps, create a file policy
• B. From the SharePoint admin center, modify the Site Settings
• C. From the SharePoint ad min center, modify the records management settings
• D. From the Microsoft Purview portal, publish a label
• E. From the Microsoft Purview portal, create a label

You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company. What should you do?

• A. From the Microsoft Defender portal create an activity policy
• B. From the Microsoft Purview portal start an Advanced eDiscovery search
• C. From the Exchange admin center, create a data loss prevention (DLP) policy
• D. From the Microsoft Defender portal, create a file policy

You create a label that encrypts email data. Users report that they cannot use the label in Outlook on the web to protect the email messages they send. You need to ensure that the users can use the new label to protect their email. What should you do?

• A. Create a label policy
• B. Wait six hours and ask the users to try again
• C. Create a new sensitive information type
• D. Modify the priority order of label policies

You have a Microsoft 365 tenant that uses Microsoft Purview Message Encryption. You need to ensure that any emails containing attachments and sent to [email protected] are encrypted automatically by using Microsoft Purview Message Encryption. What should you do?

• A. From the Exchange admin center, create a mail flow rule
• B. From the Exchange admin center, create a new sharing policy
• C. From the Microsoft Defender portal, create a Safe Attachments policy
• D. From the Microsoft Purview portal, configure an auto-apply retention label policy

You receive an email that contains a list of words that will be used for a sensitive information type. You need to create a file that can be used as the source of a keyword dictionary. In which format should you save the list?

• A. a JSON file that has an element for each word
• B. a DOCX file that has one word on each line
• C. a CSV file that contains words separated by commas
• D. an ACCDB database file that contains a table named Dictionary

You have a Microsoft 365 E5 subscription that contains a user named User1. All users are assigned Microsoft 365 Copilot licenses. You deploy Microsoft Purview Data Security Posture Management for AI (DSPM for Al). You need to ensure that User1 can analyze prompts and responses for AI interaction events. The solution must follow the principle of least privilege. To which two role groups should you add User1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Security Reader
• B. Content Explorer List Viewer
• C. Insider Risk Management Investigators
• D. Information Protection Analysts
• E. Content Explorer Content Viewer

You receive an email that contains a list of words that will be used fora sensitive information type. You need to create a file that can be used as the source of a keyword dictionary. In which format should you save the list?

• A. an ACCDB database file that contains a table named Dictionary
• B. a TSV file that contains words separated by tabs
• C. a CSV file that contains words separated by commas
• D. an XLSX file that contains one word in each cell of the first row

You have a Microsoft 365 E5 tenant. You need to add a new keyword dictionary. What should you create?

• A. a trainable classifier
• B. a retention policy
• C. a sensitivity label
• D. a sensitive info type

You have a Microsoft 365 E5 subscription. You create a data loss prevention (DLP) policy and select Use Notifications to inform your users and help educate them on the proper use of sensitive info. Which apps will show the policy tip?

• A. Outlook on the web only
• B. Outlook Win32 only
• C. Outlook for iOS and Android only
• D. Outlook on the web and Outlook Win32 only
• E. Outlook Win32 and Outlook for iOS and Android only
• F. Outlook on the web, Outlook Win32, and Outlook for iOS and Android

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2. The subscription has a data loss prevention (DLP) policy named Policy1. User2 sends an outbound message that generates a false positive for Policy1. You need to ensure that User1 can download the message that generated the alert. The solution must follow the principle of least privilege. To which role group should you add User1?

• A. Data Investigator
• B. Security Operator
• C. eDiscovery Manager
• D. Global Reader

You have a Microsoft 365 E5 subscription. You plan to implement insider risk management for users that manage sensitive data associated with a project. You need to create a protection policy for the users. The solution must meet the following requirements: Minimize the impact on users who are NOT part of the project. Minimize administrative effort. What should you do first?

• A. From the Microsoft Purview portal, create an insider risk management policy
• B. From the Microsoft Entra admin center, create a security group
• C. From the Microsoft Entra admin center, create a User risk policy
• D. From the Microsoft Purview portal, create a priority user group

You have a Microsoft 365 E5 subscription that uses Microsoft Purview. You create a communication compliance policy named Policy1 and select Detect Microsoft Copilot interactions. Which two trainable classifiers will be added to Policy1 automatically? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Unauthorized disclosure
• B. Prompt Shields
• C. Threat
• D. Corporate Sabotage
• E. Protected Materials

You have a Microsoft 365 E5 subscription. You need to create a sensitivity label named Label1. The solution must ensure that users can use Microsoft 365 Copilot to summarize files that have Label1 applied. Which permission should you select for Label1?

• A. Export content(EXPORT)
• B. Copy and extract content(EXTRACT)
• C. Edit content(DOCEDIT)
• D. View rights(VIEW)

You have a Microsoft 365 E5 subscription that contains a Microsoft Teams channel named Channel1. Channel1 contains research and development documents. You plan to implement Microsoft 365 Copilot for the subscription. You need to prevent the contents of files stored in Channel1 from being included in answers generated by Copilot and shown to unauthorized users. What should you use?

• A. sensitivity labels
• B. communication compliance policy
• C. Microsoft Purview insider risk management
• D. Microsoft Purview Information Barriers (IBs)

You have a Microsoft 365 E5 subscription. You need to prevent users from uploading data loss prevention (DLP)-protected documents to the following third-party websites: web1.contoso.com web2.contoso.com The solution must minimize administrative effort. To what should you set the Service domains setting for Endpoint DLP?

• A. *.contoso.com
• B. contoso.com
• C. web1.contoso.com and web2.contoso.com
• D. web*.contoso.com