Practice Free SC-401 Exam Online Questions
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
Which users will Microsoft Purview insider risk management flag as potential high-impact users?
- A . User1 and User2 only
- B . User2 and User3 only
- C . User1, User2, and User3 only
- D . User1, User2, User3, and User4
D
Explanation:
Microsoft Purview Insider Risk Management flags high-impact users based on various risk factors, including role, access to confidential data, and influence within an organization.
Let’s analyze each user:
User1 (Regional Manager, assigned Reader role, manages department managers)
Risk Factors:
● Holds a managerial position (regional manager).
● Manages multiple department managers, indicating organizational influence.
● Access to critical business information.
Flagged? -Yes (Managerial role and access to confidential data).
User2 (HR department manager, no Microsoft Entra roles, manages HR department users)
Risk Factors:
● Manages HR department users, meaning they likely handle sensitive employee data.
● HR roles are often considered high-risk due to access to personal and payroll data.
Flagged? -Yes (HR role and access to sensitive employee data).
User3 (Developer, reports to User2, only user in compliance, assigned Compliance Administrator role)
Risk Factors:
● Compliance Administrator role grants access to sensitive security and regulatory data.
● Only person in the compliance department, meaning they hold a critical role.
● Potentially high impact on compliance and security settings.
Flagged? -Yes (Privileged Compliance Administrator role).
User4 (Assistant to User1, no Entra roles, handles confidential data on behalf of User1)
Risk Factors:
● Handles a high volume of confidential data on behalf of a regional manager.
● Assistants with access to sensitive data are considered insider risk candidates.
Flagged? -Yes (High access to sensitive information).
Since all four users fit high-impact criteria (managerial roles, privileged compliance access, handling sensitive data), Microsoft Purview Insider Risk Management will flag all of them.
You have a Microsoft 365 E5 subscription that contains a retention policy named RP1 as shown in the following table.
You place a preservation lock on RP1.
You need to modify RP1.
Which two modifications can you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Add locations to the policy.
- B . Delete the policy.
- C . Remove locations from the policy.
- D . Decrease the retention period of the policy.
- E . Disable the policy.
- F . Increase the retention period of the policy.
A, F
Explanation:
A Preservation Lock in Microsoft Purview Retention Policies enforces strict compliance and prevents certain modifications to ensure data is retained according to compliance requirements.
When a Preservation Lock is applied:
You have a Microsoft 365 E5 subscription that contains the adaptive scopes shown in the following table.
You create the retention policies shown in the following table.
Which retention policies support a preservation lock?
- A . RPolicy2only
- B . RPolicy3on1y
- C . RPolicy1 and RPolicy2 only
- D . RPolicy1 and RPolicy3 only
- E . RPolicy1, RPolicy2, and RPolicy3
You have a Microsoft 365 E5 subscription.
You plan to implement insider risk management for users that manage sensitive data associated with a project.
You need to create a protection policy for the users.
The solution must meet the following requirements:
● Minimize the impact on users who are NOT part of the project.
● Minimize administrative effort.
What should you do first?
- A . From the Microsoft Purview portal, create an insider risk management policy.
- B . From the Microsoft Entra admin center, create a security group.
C From the Microsoft Entra admin center create a User risk policy
D From the Microsoft Purview portal create a priority user group
B
Explanation:
To implement insider risk management for users managing sensitive project data while minimizing the impact on other users and reducing administrative effort, you should first create a security group in Microsoft Entra ID (formerly Azure AD).
Security groups allow you to scope insider risk management policies to specific users instead of applying policies to all users, which helps in minimizing unnecessary alerts and reducing administrative overhead. After creating the security group, you can assign this group to a Microsoft Purview Insider Risk Management policy, ensuring that only project-related users are affected.
You have a Microsoft 365 E5 subscription that contains a user named User1.
You deploy Microsoft Purview insider risk management.
You need ensure that insider risk management events related to User1 are visible only to specific users.
What should you create?
- A . a global exclusion
- B . an indicator variant
- C . a priority user group
- D . a detection group
You have 4 Microsoft 565 E5 subscription that contains two Microsoft SharePoint Online sites named Site1 and Site2. You plan to configure a retention label named Labe1 and apply label1 to all the files in Site1 You need to ensure that two years after a file is created in Site1. the file moves automatically to Site2.
How should you configure the Choose what happens after the retention period setting for Label1?
- A . Deactivate retention settings
- B . Start a disposition review
- C . Change the label
- D . Run a Power Automate flow
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-MailboxFolderPermission -Identity "User1" -User [email protected] – AccessRights Owner command.
Does that meet the goal?
- A . Yes
- B . No
B
Explanation:
The Set-MailboxFolderPermission -Identity "User1" -User [email protected] -AccessRights Owner command is incorrect. This assigns folder permissions but does not enable auditing. It does not track who accessed the mailbox or deleted emails.
HOTSPOT
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
You have a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.
You apply DLP1 to Site1.
User1 uploads a file named File1 to Site1. File1 does NOT match any of the DLP1 rules. User2 updates File1 to contain data that matches the DLP1 rules.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have the files shown in the following table.
You configure a retention policy as shown >n the exhibit. (Click the Exhibit lab.)
The start of the retention period is based on when items are created. The current date is January 01.
207S.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You have a Microsoft 365 subscription.
You create and run a content search from the Microsoft Purview portal.
You need to download the results of the content search.
What should you obtain first?
- A . a certificate
- B . a password
- C . a pin
- D . an export key