Practice Free SC-401 Exam Online Questions
You are planning a data loss prevention (DLP) solution that will apply to Windows Client computers.
You need to ensure that when users attempt to copy a file that contains sensitive information to a USB storage device, the following requirements are met:
● If the users are members of a group named Group1, the users must be allowed to copy the file, and an event must be recorded in the audit log.
● All other users must be blocked from copying the file.
What should you create?
- A . one DLP policy that contains one DLP rule
- B . one DLP policy that contains two DLP rules
- C . two DLP policies that each contains one DLP rule
B
Explanation:
To meet the requirements, you need one DLP policy with two separate DLP rules to handle the different conditions:
HOTSPOT
You have a Microsoft 365 E5 subscription.
You have a file named Customer.csv that contains a list of 1,000 customer names.
You plan to use Customer.csv to classify documents stored in a Microsoft SharePoint Online library.
What should you create in the Microsoft Purview portal, and which type of element should you select? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
You need to review a Microsoft 365 Copilot usage report.
From where should you review the report?
- A . Information Protection in the Microsoft Purview portal
- B . the Microsoft 365 admin center
- C . DSPM for Al in the Microsoft Purview portal
- D . the Microsoft Defender portal
C
Explanation:
To review a Microsoft 365 Copilot usage report, you need to use Data Security Posture Management for AI (DSPM for AI) in the Microsoft Purview portal. DSPM for AI provides insights into AI-related activities, including Copilot usage, risk assessments, and data security posture related to AI interactions within Microsoft 365.
DRAG DROP
You have a Microsoft 365 tenant.
A new regulatory requirement states that all documents containing a patent ID be labeled, retained for 10 years, and then deleted. The policy used to apply the retention settings must never be disabled or deleted by anyone.
You need to implement the regulatory requirement.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to provide a user with the ability to view data loss prevention (DIP) alerts in the Microsoft Purview portal. The solution must use the principle of least privilege.
Which role should you assign to the user?
- A . Compliance Administrator
- B . Security Reader
- C . Security Operator
- D . Compliance Data Administrator
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 11. The computers are onboarded to Microsoft Purview.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add a folder path to the file path exclusions.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Adding a folder path to the file path exclusions in Microsoft 365 Endpoint DLP does not prevent Tailspin_scanner.exe from accessing protected sensitive information. Instead, it would exclude those files from DLP protection, which is not the intended outcome.
To block Tailspin_scanner.exe from accessing sensitive documents while allowing it to access other files, the correct solution is to use Microsoft Purview Endpoint Data Loss Prevention (Endpoint DLP) and add Tailspin_scanner.exe to the Restricted Apps list.
Endpoint DLP allows you to block specific applications from accessing sensitive files while keeping general access available. Restricted Apps List in Endpoint DLP ensures that Tailspin_scanner.exe cannot open, copy, or process protected documents, but it can still function normally for non-sensitive content.
HOTSPOT
You create a data loss prevention (DIP) policy that meets the following requirements:
• Prevents guest users from accessing a sensitive document shared during a Microsoft Teams chat
• Prevents guest users from accessing a sensitive document stored in a Microsoft Team? channel
Which location should you select for each requirement? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
You need to test Microsoft Purview Advanced Message Encryption capabilities for your company.
The test must verify the following information:
• The acquired default template names
• The encryption and decryption verification status
Which PowerShell cmdlet should you run?
- A . Test-OAuthConnectivity
- B . Test-ClientAccessRule
- C . Test-IRMConfiguration
- D . Test-Mailflow
HOTSPOT
You have a Microsoft 365 E5 tenant that contains two users named User1, and User2 and a Microsoft SharePoint Online site named Site! as shown in the following exhibit.
For Site1, the users are assigned the roles shown in the following table.
You publish a retention label named Retention1 to Site1.
To which files can the users apply Retention!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 E5 tenant that contains two users named User1, and User2 and a Microsoft SharePoint Online site named Site! as shown in the following exhibit.
For Site1, the users are assigned the roles shown in the following table.
You publish a retention label named Retention1 to Site1.
To which files can the users apply Retention!? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.