[Jun-2026] Microsoft SC-401 Test Engine PDF - All Free Dumps from Actual4Labs
Get New SC-401 Certification – Valid Exam Dumps Questions
Microsoft SC-401 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 132
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage Account keys in plain text to third parties.
You need to ensure that when Azure Storage Account keys are emailed, the emails are encrypted.
Solution: You configure a mail flow rule that matches the text patterns.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Using the "text patterns" condition in the Exchange transport rule would not work.
The condition to be used in the Exchange transport rule would be "The message contains any of this sensitive information..." and select the Sensitive Info Type "Azure Account Storage Key".
https://docs.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/conditions-and- exceptions?view=exchserver-2019
NEW QUESTION # 133
You have a Microsoft 36515 subscription tha1 contains a Microsoft SharePoint Online site named Site1 Site1 contains three tiles named File1. File2 and File3.
You create the data loss prevention (DIP) policies shown in the following table.
The DIP rule matches for each tile are shown in the following table.
How many DIP policy matches events will be added to Activity explorer, and how many policy matches will be added to the DLP incidents report? To answer, select the appropriate options m the answer area.
Answer:
Explanation:
Explanation:
Activity Explorer logs a DLP rule match event each time any DLP rule condition is met on a file.
File1 matches Rule11 and Rule12 # 2 events
File2 matches Rule21 and Rule22 # 2 events
File3 matches Rule11 and Rule22 # 2 events
Total events in Activity Explorer = 2 + 2 + 2 = 6.
Microsoft notes that Activity explorer shows granular DLP activities such as policy rule matches per item.
The DLP incidents report aggregates by policy match per item, not by each rule in that policy. Multiple rules from the same policy on the same item count as one incident; if different policies match the same item, each policy creates its own incident.
File1: Rules from DLP1 only # 1 incident
File2: Rules from DLP2 only # 1 incident
File3: One rule from DLP1 and one from DLP2 # 2 incidents
Total incidents = 1 + 1 + 2 = 4.
References: Microsoft Purview DLP explains that Activity explorer records detailed DLP activities, while DLP incidents are created when a policy match occurs for an item, and multiple rule matches within a single policy are consolidated into a single incident for that item.
NEW QUESTION # 134
You have a sensitive information type based on a trainable classifier.
You are unsatisfied with the result of the trainable classifier.
You need to retrain the classifier.
What should you use in the Microsoft Purview portal?
- A. Labels from Information protection
- B. Labels from Information governance
- C. Content search
- D. Content explorer from Data classification
Answer: D
Explanation:
Trainable classifiers in Microsoft Purview learn from sample documents. When the initial results are unsatisfactory, retraining is done by reviewing and reclassifying items through Content explorer under the Data classification section of the Purview compliance portal. This allows you to give feedback by marking documents as "relevant" or "not relevant" to improve classifier accuracy.
The other options do not support retraining:
Labels from Information protection # Used to configure and manage sensitivity labels, not train classifiers.
Labels from Information governance # Used for retention labels, not classifiers.
Content search # Used for eDiscovery and searching content, not classifier training.
Reference: Trainable classifiers in Microsoft Purview
NEW QUESTION # 135
You have a Microsoft 365 E5 subscription.
You plan to use Microsoft Purview insider risk management.
You need to create an insider risk management policy that will detect data theft from Microsoft SharePoint Online by users that submitted their resignation or are near their employment termination date.
What should you do first?
- A. Onboard devices to Microsoft Defender for Endpoint.
- B. Configure a Physical badging connector.
- C. Configure Office indicators.
- D. Configure a HR data connector.
Answer: D
Explanation:
To detect data theft from SharePoint Online by departing employees, create an insider risk management policy in Microsoft Purview, select the "Data theft by departing users" template, and add indicators for high-volume downloads or suspicious file activity from SharePoint. Configure the policy to trigger alerts based on these activities and integrate with a HR data connector to identify users near their termination date.
To incorporate the HR Connector:
1. Set up the HR Connector:
Follow the steps to set up a connector in Purview, which involves creating an app registration in Entra ID, creating an app secret, and using a provided PowerShell script to import HR scenario data.
2. Import employee data:
This script imports data from your HR system into the insider risk management solution, including information about employees who have submitted their resignations or are nearing their termination date.
Reference:
https://learn.microsoft.com/en-us/purview/insider-risk-management-policies
NEW QUESTION # 136
You have a Microsoft 365 E5 subscription that has a sensitivity label named Sensitivity1.
You plan to create an auto-labeling policy that will apply Sensitivity1 to Microsoft Exchange Online mailboxes.
On February 1, you create the auto-labeling policy and enable simulation mode by using the default settings.
No modifications are made to the policy in simulation mode.
When will the policy first be turned on?
- A. February 6
- B. never
- C. February 2
- D. February 15
Answer: D
NEW QUESTION # 137
You have a Microsoft 365 E5 subscription.
You need to review a Microsoft 365 Copilot usage report.
From where should you review the report?
- A. Information Protection in the Microsoft Purview portal
- B. DSPM for AI in the Microsoft Purview portal
- C. the Microsoft Defender portal
- D. the Microsoft 365 admin center
Answer: D
Explanation:
To review the Microsoft 365 Copilot usage report:
- Go to the Microsoft 365 admin center.
- Navigate to Reports > Usage.
- Select Copilot to view adoption and usage metrics.
The admin center provides insights into how Copilot is being used across your organization, helping you track engagement and effectiveness.
Data Security Posture Management (DSPM) for AI in the Microsoft Purview portal provides insights into AI usage, but it focuses on security and compliance rather than standard usage metrics.
https://learn.microsoft.com/en-us/purview/ai-microsoft-purview
NEW QUESTION # 138
You are creating a DLP policy named Policy1 that will be applied to the locations as shown in the following exhibit.
Policy1 contains an advanced data loss prevention (DLP) rule named Rule1.
Which two conditions can you use in Rule1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Content contains
- B. Attachment's file extension is
- C. Document property is
- D. Document size equals or is greater than
- E. Content is shared from Microsoft 365
Answer: A,E
NEW QUESTION # 139
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
Which users will Microsoft Purview insider risk management flag as potential high-impact users?
- A. User2 and User3 only
- B. User1, User2, and User3 only
- C. User1 and User2 only
- D. User1, User2, User3, and User4
Answer: D
Explanation:
Microsoft Purview Insider Risk Management flags high-impact users based on various risk factors, including role, access to confidential data, and influence within an organization. Let's analyze each user:
User1 (Regional Manager, assigned Reader role, manages department managers) Risk Factors:
# Holds a managerial position (regional manager).
# Manages multiple department managers, indicating organizational influence.
# Access to critical business information.
Flagged? -Yes (Managerial role and access to confidential data).
User2 (HR department manager, no Microsoft Entra roles, manages HR department users) Risk Factors:
# Manages HR department users, meaning they likely handle sensitive employee data.
# HR roles are often considered high-risk due to access to personal and payroll data.
Flagged? -Yes (HR role and access to sensitive employee data).
User3 (Developer, reports to User2, only user in compliance, assigned Compliance Administrator role) Risk Factors:
# Compliance Administrator role grants access to sensitive security and regulatory data.
# Only person in the compliance department, meaning they hold a critical role.
# Potentially high impact on compliance and security settings.
Flagged? -Yes (Privileged Compliance Administrator role).
User4 (Assistant to User1, no Entra roles, handles confidential data on behalf of User1) Risk Factors:
# Handles a high volume of confidential data on behalf of a regional manager.
# Assistants with access to sensitive data are considered insider risk candidates.
Flagged? -Yes (High access to sensitive information).
Since all four users fit high-impact criteria (managerial roles, privileged compliance access, handling sensitive data), Microsoft Purview Insider Risk Management will flag all of them.
NEW QUESTION # 140
You have a Microsoft 365 subscription that has a retention label named Retention1. The subscription contains the files shown in the following table.
You create an auto-labeling policy named Policy1 that will automatically apply Retention1 as shown in the Auto-labeling policy Exhibit. (Click the Auto-labeling policy tab.) You configure Policy1 to apply Retention1 as shown in the Locations exhibit. (Click the Locations tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 141
DRAG DROP
You need to create a trainable classifier that can be used as a condition in an auto-apply retention label policy.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
To create a trainable classifier that can be used in an auto-apply retention label policy, you need to follow these key steps:
1. Create the trainable classifier
This is the first step where you define the classifier, specifying the types of content it should identify.
2. Test the trainable classifier
Before using the classifier in production, you need to validate its accuracy by testing it against sample documents to ensure it correctly classifies the intended data.
3. Publish the trainable classifier
Once testing is successful, you must publish the classifier so that it can be used in policies like auto-apply retention labels in Microsoft Purview.
NEW QUESTION # 142
HOTSPOT
How many files in Site2 can User1 and User2 access after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
A screenshot of a computer AI-generated content may be incorrect.
Understanding DLP Policy Impact on File Access
The DLP policy (DLPpolicy1) applies to Site2 and restricts access when:
# Content contains SWIFT Codes.
# Instance count is 2 or more.
File Analysis (Based on SWIFT Codes Count)
A screenshot of a computer AI-generated content may be incorrect.
Files that remain accessible (not restricted by DLP):
# File1.docx (Contains only 1 SWIFT Code # Below restriction threshold) User access after DLP policy is applied:
A screenshot of a computer AI-generated content may be incorrect.
User1 (Site Owner):
# Has higher privileges and can override DLP restrictions (through admin intervention).
# Can access 2 files (File1.docx + override access to another file).
User2 (Site Visitor):
# Has read-only access but DLP blocks access to restricted files.
# Can only access 1 file (File1.docx), since all others are restricted.
NEW QUESTION # 143
You have a data loss prevention (DLP) policy that applies to the Devices location. The policy protects documents that contain United States passport numbers.
Users report that they cannot upload documents to a travel management website because of the policy.
You need to ensure that the users can upload the documents to the travel management website.
The solution must prevent the protected content from being uploaded to other locations.
Which Microsoft 365 Endpoint data loss prevention (Endpoint DLP) setting should you configure?
- A. Service domains
- B. Unallowed apps
- C. File path exclusions
- D. Unallowed browsers
Answer: A
Explanation:
You can control whether sensitive files protected by your policies can be uploaded to specific service domains from Microsoft Edge.
- If the list mode is set to Block, then user will not be able to upload sensitive items to those domains. When an upload action is blocked because an item matches a DLP policy, DLP will either generate a warning or block the upload of the sensitive item.
- If the list mode is set to Allow, then users will be able to upload sensitive items only to those domains, and upload access to all other domains is not allowed.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using
NEW QUESTION # 144
You have a Microsoft 365 E5 subscription that contains a Microsoft Teams channel named Channel1. Channel1 contains research and development documents.
You plan to implement Microsoft 365 Copilot for the subscription.
You need to prevent the contents of files stored in Channel1 from being included in answers generated by Copilot and shown to unauthorized users.
What should you use?
- A. sensitivity labels
- B. Microsoft Purview Information Barriers (IBs)
- C. communication compliance policy
- D. Microsoft Purview insider risk management
Answer: A
Explanation:
Correct:
* sensitivity labels
To prevent the contents of files stored in Channel1 from being included in Microsoft 365 Copilot responses and ensure unauthorized users cannot access them, you should use Microsoft Purview Sensitivity Labels.
Sensitivity labels allow you to classify, protect, and restrict access to sensitive files. You can configure label-based encryption and access control policies to ensure that only authorized users can access or interact with the files in Channel1. Microsoft 365 Copilot respects sensitivity labels, meaning if a file is labeled with restricted permissions, Copilot will not use it in generated responses for unauthorized users.
Incorrect:
* communication compliance policy
* data loss prevention (DLP)
* Microsoft Purview Information Barriers (IBs)
* Microsoft Purview insider risk management
Note:
To prevent unauthorized access to channel file contents via Microsoft 365 Copilot, apply sensitivity labels with Data Loss Prevention (DLP) policies to restrict content processing.
Additionally, manage channel memberships, restrict sharing links in SharePoint, and enforce external access policies.
Use sensitivity labels and DLP policies
1. Apply labels: Assign sensitivity labels like "Confidential" to sensitive documents in the channel.
2. Create DLP policies: In Microsoft Purview, configure a policy to prevent Copilot from processing content that has specific sensitivity labels. This stops Copilot from summarizing sensitive files for unauthorized users.
Reference:
https://learn.microsoft.com/en-us/purview/ai-m365-copilot-considerations
NEW QUESTION # 145
You have a Microsoft 365 E5 subscriptions.
You deploy Microsoft Purview Data Security Posture Management for AI (OSPM for AI).
You need to edit the default policies created as part of the deployment.
Which two Microsoft Purview solutions should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Data Lifecycle Management
- B. Data Loss Prevention
- C. Insider Risk Management
- D. DSPM for AI
- E. Information Protection
- F. Information Barriers
- G. Compliance Manager
Answer: B,C
Explanation:
DSPM for AI creates default one-click policies that integrate across Microsoft Purview solutions, but editing occurs in the originating solution areas. These policies cover AI interaction monitoring, sensitive data detection, and risk-based actions.
Insider Risk Management: Hosts policies like "Detect risky AI usage" for editing user risk indicators, adaptive protection triggers, and AI behavior monitoring tied to insider threats.
Data Loss Prevention: Manages endpoint and network DLP policies such as "DSPM for AI - Detect sensitive info shared with AI via network" for scoping, classifiers, and enforcement.
Reference:
https://learn.microsoft.com/en-us/purview/dspm-for-ai-considerations#default-policies-for-data- discovery-using-data-security-posture-management-for-ai
NEW QUESTION # 146
HOTSPOT
You are reviewing policies for the SharePoint Online environment.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Understanding Site4's Retention Policies:
# Site4RetentionPolicy1 deletes items older than 2 years from creation. If a file was created on January 1,
2021, it would be deleted after January 1, 2023.
# Site4RetentionPolicy2 retains files for 4 years from creation. If a file was created on January 1, 2021, it will be kept until January 1, 2025, but not deleted after that (policy states "Do nothing").
Statement 1 - Yes, because Site4RetentionPolicy2 ensures files are retained for 4 years.
Statement 2 - Yes, because Site4RetentionPolicy2 retains the file for 4 years (until January 1, 2025).
Statement 3 - No, because retention is only for 4 years (until January 1, 2025). After that, the policy does
"nothing," meaning the file is no longer recoverable after that period.
NEW QUESTION # 147
SIMULATION
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and select the username below.
To enter your password, place your cursor in the Enter password box and select the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: XXXXXXXXX
If the Microsoft Edge browser or Microsoft 365 portal does not load successfully, select the Microsoft Edge browser icon from the task bar, type the URL "https://admin.microsoft.com", and press Enter.
The following information is for technical support purposes only:
Lab Instance: XXXXXXXXX
Task 6
You plan to create an Endpoint data loss prevention (Endpoint DLP) policy that will restrict browsers from uploading files to fabrikam.com.
You need to configure the Endpoint DLP settings so that fabrikam.com can be restricted by the Endpoint DLP policy.
You do NOT need to create an Endpoint DLP policy at this time.
Answer:
Explanation:
To configure an Endpoint DLP policy that restricts browser uploads to a specific domain, first create a "Sensitive service domain group" with the domain you want to block. Then, create a new DLP policy [not needed], select "Devices" as the location, and in the rule's action, choose "Upload to a restricted cloud service domain" and select "Block.". Finally, in the rule's conditions, select the "Content contains" activity and add sensitive labels or other conditions as needed.
Create a sensitive service domain group
Step 1: Go to the Microsoft Purview portal and navigate to Data loss prevention > Settings (gear icon).
Step 2: Select Sensitive service domain groups and click Create sensitive service domain group.
Step 3: Give the group a name (e.g., "Restricted Upload Domains").
Step 4: Enter the specific domain you want to block in the "Sensitive service domain" field. [Enter fabrikam.com] You can use wildcards for subdomains (e.g., *.contoso.com) and can add multiple domains to the group.
Step 5: Select Save.
Reference:
https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings
NEW QUESTION # 148
......
100% Passing Guarantee - Brilliant SC-401 Exam Questions PDF: https://www.actual4labs.com/Microsoft/SC-401-actual-exam-dumps.html
SC-401 Dumps 2026 - NewMicrosoft Exam Questions: https://drive.google.com/open?id=1gTK1ibB29rJiw5jacM_rZZrxECbp7w-D