Log-in   Register  

Skip Navigation Links
 

Microsoft - SC-401: Administering Information Security in Microsoft 365

Sample Questions

Question: 234
Measured Skill: Manage risks, alerts, and activities (30–35%)

You have a Microsoft 365 E5 subscription that contains a user named User1.

You deploy Microsoft Purview insider risk management.

You need to ensure that insider risk management events related to User1 are visible only to specific users.

What should you create?

AA detection group
B A global exclusion
C An indicator variant
D A priority user group

Correct answer: D

Explanation:

Insider Risk Management supports assigning priority user groups to policies to help identify unique risk activities for users with critical positions, high levels of data and network access, or a past history of risk behavior. Creating a priority user group and assigning users to the group helps scope policies to the unique circumstances presented by these users.

To enable the priority user groups risk score booster, go to the Insider Risk Management settings page, then select Policy indicators and Risk score boosters. Only Analysts and Investigators can review and prioritize these users' risk severity to help triage alerts in accordance with your organization's risk policies and standards.

References:

Get started with Insider Risk Management

Prioritize user groups for Insider Risk Management policies



Question: 235
Measured Skill: Implement data loss prevention and retention (30–35%)

You have a Microsoft 365 E5 subscription.

You need to ensure that users are prevented from uploading sensitive data to ChatGPT and Google Gemini. The solution must meet the following requirements:
  • Prevent credit card numbers from being pasted into ChatGPT and Gemini.
  • Prevent documents that contain classified data from being uploaded to ChatGPT and Gemini.
Which Microsoft Purview solution should you use for each requirement?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ACredit card numbers: Data Loss Prevention
Documents: Information Barriers
B Credit card numbers: Communication Compliance
Documents: Insider Risk Management
C Credit card numbers: Data Loss Prevention
Documents: Information Barriers
D Credit card numbers: Insider Risk Management
Documents: Insider Risk Management
E Credit card numbers: Data Loss Prevention
Documents: Data Loss Prevention
F Credit card numbers: Data Loss Prevention
Documents: Communication Compliance

Correct answer: E

Explanation:

We should use the DSPM for AI: Detect sensitive info added to AI sites data loss prevention (DLP) policy create by the Microsoft Purview DSPM for AI solution.

The policy discovers sensitive content pasted or uploaded in Microsoft Edge, Chrome, and Firefox to AI sites. This policy covers all users and groups in your org in audit mode only.

Reference: Learn about Data Security Posture Management (DSPM) for AI



Question: 236
Measured Skill: Manage risks, alerts, and activities (30–35%)

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.



In the Microsoft Purview portal, you create a content search named Content1 and configure the search conditions as shown in the following exhibit.



Which files will be returned by Content1?

AFile2.docx only
B File3.docx only
C File1.docx and File2.docx only
D File1.docx and File3.docx only
E Filet.docx, File2.docx, and File3.docx

Correct answer: D

Explanation:

Microsoft Purview keyword searches aren't case-sensitive. Both User1 (File1.docx) and USER1 (File3.docx) will match the Search condition -Author:USER1.

Reference: Keyword queries and search conditions for eDiscovery



Question: 237
Measured Skill: Implement data loss prevention and retention (30–35%)

You have a Microsoft 365 E5 subscription.

You need to apply data loss prevention (DLP) policies to the following:
  • Microsoft Exchange Online mailboxes
  • Microsoft SharePoint Online sites
  • Microsoft 365 Copilot and Copilot Chat
  • Microsoft OneDrive accounts
  • On-premises repositories
What is the minimum number of DLP policies required to achieve the goal?

A1
B 2
C 3
D 4
E 5

Correct answer: B

Explanation:

You can apply DLP policies to data at rest, data in use, and data in motion in locations such as:

  • Exchange Online email
  • SharePoint sites
  • OneDrive accounts
  • Teams chat and channel messages
  • Instances: Microsoft Defender for Cloud Apps
  • Devices: Windows 10, Windows 11, and macOS (three latest released versions)
  • On-premises repositories
  • Fabric and Power BI workspaces
  • Microsoft 365 Copilot and Copilot Chat

Each one has different prerequisites. Sensitive items in some locations, like Exchange online, can be brought under the DLP umbrella by just configuring a policy that applies to them. Others, such as on-premises file repositories, require a deployment of Microsoft Purview Information Protection scanner. You'll need to prepare your environment, code draft policies, and test them thoroughly before activating any blocking actions.

We need at least 2 data loss prevention (DLP) policies to cover the 5 locations. Exchange email, SharePoint sites, OneDrive accounts and on-premises repositories can be combined in a single policy.

The Microsoft 365 Copilot and Copilot Chat location cannot be combined with other locations.

Reference: Learn about data loss prevention



Question: 238
Measured Skill: Implement information protection (30–35%)

You plan to implement Microsoft Purview Advanced Message Encryption.

You need to ensure that encrypted email sent to external recipients expires after seven days.

What should you create first?

AA mail flow rule
B An X.509 version 3 certificate
C A custom branding template
D A remote domain in Microsoft Exchange
E A connector in Microsoft Exchange

Correct answer: C

Explanation:

You can use message expiration on emails that your users send to external recipients who use the OME Portal to access encrypted emails. You force recipients to use the OME portal to view and reply to encrypted emails sent by your organization by using a custom branded template that specifies an expiration date in PowerShell.

As an Office 365 global administrator, when you apply your company brand to customize the look of your organization's email messages, you can also specify an expiration for these email messages. With Microsoft Purview Advanced Message Encryption, you can create multiple templates for encrypted emails that originate from your organization. Using a template, you can control how long recipients have access to mail sent by your users.

When an end user receives mail that has an expiration date set, the user sees the expiration date in the wrapper email. If a user tries to open an expired mail, an error appears in the OME portal.

You can only set expiration dates for emails to external recipients.

With Microsoft Purview Advanced Message Encryption, anytime you apply custom branding, the Office 365 applies the wrapper to email that fits the mail flow rule to which you apply the template. In addition, you can only use expiration if you use custom branding.

Reference: Set an expiration date for email encrypted by Microsoft Purview Advanced Message Encryption





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 
© Copyright 2014 - 2025 by cert2brain.com