Practice Free SC-401 Exam Online Questions
You have a Microsoft J65 ES subscription.
You need to create a Microsoft Defender for Cloud Apps policy that will detect data loss prevention (DIP) violations.
What should you create?
- A . a file policy
- B . an activity policy
- C . a session policy
- D . an access policy
You have a Microsoft 36S ES subscription that contains a Windows 11 device named Device 1 and three users named User 1. User2. and User3.
You plan to deploy Azure Information Protection (AIP) and the Microsoft Purview Information Protection client to Device 1.
You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment
• User 1 will test the functionality of the client.
• User2 will install and configure the Microsoft Rights Management connector.
• User3 will be configured as the service account for the information protection scanner.
The solution must maximize the security of the sign-in process for the users What should you do?
- A . Exclude User2 and User3 from multifactor authentication (MfA).
- B . Enable User? and Usex3 for passwordless authentication.
- C . Exclude User1 and User? from multifactor authentication (Mf A}
- D . Enable User1. User I and User 3 for passkey (FIDO2) authentication
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage Account keys in plain text to third parties.
You need to ensure that when Azure Storage Account keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has only the Exchange email location selected.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
To ensure Azure Storage Account keys are encrypted when sent via email, you need a Data Loss Prevention (DLP) policy that detects Azure Storage Account keys using a sensitive information type and automatically encrypts emails containing these keys.
A DLP policy with Exchange email as the only location meets this requirement because it identifies sensitive data in email messages and it applies protection actions, such as encryption, blocking, or alerts.
DRAG DROP
You have a Microsoft 365 subscription that contains 20 data loss prevention (DLP) policies.
You need to identify the following:
● Rules that are applied without triggering a policy alert
● The top 10 files that have matched DLP policies
● Alerts that are miscategorized
Which report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
The False positive and override report helps identify rules that were applied but did not generate an actual policy alert, which means they were overridden or deemed false positives.
The DLP policy matches report provides details on files that matched DLP policies, including the top 10 files.
The Incident reports report helps analyze and review alerts, including those that may have been miscategorized.
You are creating a DLP policy named Policy1 that will be applied to the locations as shown in the following exhibit.
Policy1 contains an advanced data loss prevention (DLP) rule named Rule1.
Which two conditions can you use in Rule1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Document property is
- B . Attachment’s file extension is
- C . Document size equals or is greater than
- D . Content is shared from Microsoft 365
- E . Content contains
You are creating a DLP policy named Policy1 that will be applied to the locations as shown in the following exhibit.
Policy1 contains an advanced data loss prevention (DLP) rule named Rule1.
Which two conditions can you use in Rule1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Document property is
- B . Attachment’s file extension is
- C . Document size equals or is greater than
- D . Content is shared from Microsoft 365
- E . Content contains
You are creating a DLP policy named Policy1 that will be applied to the locations as shown in the following exhibit.
Policy1 contains an advanced data loss prevention (DLP) rule named Rule1.
Which two conditions can you use in Rule1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Document property is
- B . Attachment’s file extension is
- C . Document size equals or is greater than
- D . Content is shared from Microsoft 365
- E . Content contains
HOTSPOT
You have a Microsoft 36S ES subscription.
From the Microsoft Purview Data Security Posture Management for Al portal, you review the recommendations for Al data security
You plan to create a one-click policy to block elevated risk users from pasting or uploading sensitive data to Al websites
How will the policy be configured? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
Your company has a Microsoft 365 tenant.
The company performs annual employee assessments. The assessment results are recorded in a document named AssessmentTemplate.docx that is created by using a Microsoft Word template.
Copies of the employee assessments are sent to employees and their managers.
The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive folders. A copy of each assessment is also stored in a SharePoint Online folder named Assessments.
You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users. You will use a document fingerprint to identify the assessment documents. The solution must minimize effort.
What should you include in the solution?
- A . Create a fingerprint of AssessmentTemplate.docx.
- B . Create a sensitive info type that uses Exact Data Match (EDM).
- C . Import 100 sample documents from the Assessments folder to a seed folder.
- D . Create a fingerprint of 100 sample documents in the Assessments folder.
A
Explanation:
Since all employee assessments follow a specific template (AssessmentTemplate.docx), the best way to identify these documents for Data Loss Prevention (DLP) is to create a document fingerprint of that template.
Document fingerprinting allows Microsoft 365 DLP policies to recognize documents based on their structure and format, even when content inside varies (such as different employee names and results). By creating a fingerprint of AssessmentTemplate.docx, any copy derived from that template will be automatically detected by the DLP policy and blocked from being emailed externally.
Steps to implement:
● Create a document fingerprint of AssessmentTemplate.docx using PowerShell and the Microsoft Purview compliance portal.
● Apply a DLP policy to prevent external sharing of documents matching this fingerprint.
● Test the policy by attempting to email an assessment externally.
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You plan to create a Microsoft Purview insider risk management case named Case1.
Which insider risk management object should you select first, and which users will be added as contributors for Case1 by default? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: When creating a Microsoft Purview Insider Risk Management case, you must first select a risky user to investigate. The case will be built around this specific user’s activities, linking alerts and risk signals to the investigation.
Box 2: The Insider Risk Management role groups determine who can access and contribute to cases:
● Admin1 (Insider Risk Management Admins) → Full admin access.
● Admin2 (Insider Risk Management Analysts) → Analysts who review cases.
● Admin3 (Risk Management Investigators) → Investigators who work on cases.
● Admin4 (Insider Risk Management Auditors) → Auditors who oversee cases.
All these roles have default access to insider risk cases in Microsoft Purview, so all four admins are added as contributors.