Certs Club
Home
Oracle Microsoft Cisco CompTIA Salesforce Amazon AACE International Acams Anthropic Apple View All Vendors →
Login Register

Microsoft SC-401 - Administering Information Security in Microsoft 365 Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

HOTSPOT You are reviewing policies for the SharePoint Online environment. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A.
StatementsYesNo
If a user creates a file in Site4 on January 1, 2021, users will be able to access the file on January 15, 2023.[X][ ]
If a user deletes a file from Site4 that was created on January 1, 2021, an administrative user will be able to recover the file on April 15, 2023.[X][ ]
If a user deletes a file from Site4 that was created on January 1, 2021, an administrative user will be able to recover the file on April 15, 2026.[ ][X]
Correct Answer: A
Explanation:
  • Statement 1 (Yes): When a retention policy is active on a site (such as a 5-year retention window from the creation date), files remain active and accessible in their original location for normal user consumption as long as they are not manually deleted. Since January 15, 2023, falls well within the 5-year period (which ends January 1, 2026), users can access it normally.
    Statement 2 (Yes): If a file created on January 1, 2021, is deleted by a user, the retention policy ensures it is preserved in the Preservation Hold library for the remainder of the 5-year retention period (up until January 1, 2026). On April 15, 2023, the file is still within this protected duration, allowing an administrator to successfully recover it.
    Statement 3 (No): The 5-year retention clock begins on the file creation date (January 1, 2021) and expires on January 1, 2026. After this date, the retention policy no longer protects or locks the deleted file. By April 15, 2026, the data will have exceeded the retention threshold and been permanently purged, making it unrecoverable for administrators.
January 1, 2021, it would be deleted after January 1, 2023. ● Site4RetentionPolicy2 retains files for 4 years from creation. If a file was created on January 1, 2021, it will be kept until January 1, 2025, but not deleted after that (policy states "Do nothing"). Statement 1 - Yes, because Site4RetentionPolicy2 ensures files are retained for 4 years. Statement 2 - Yes, because Site4RetentionPolicy2 retains the file for 4 years (until January 1, 2025). Statement 3 - No, because retention is only for 4 years (until January 1, 2025). After that, the policy does "nothing," meaning the file is no longer recoverable after that period.
Question #2 (Topic: demo questions)
HOTSPOT You need to meet the technical requirements for the confidential documents. What should you create first, and what should you use for the detection method? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
A.
Answer Area
Configuration StepCorrect Selection
Create first:A sensitive info type
Use for detection method:Regular expression
Correct Answer: A
Explanation:
  • Create first: Before creating higher-level data protection constructs (like Data Loss Prevention policies or sensitivity labels) that rely on custom definitions, you must first create A sensitive info type (SIT). The SIT defines the unique pattern or structure of the data you want to identify and protect.

  • Use for detection method: To accurately capture strings or values that follow a rigid, predictable format (such as employee numbers, specific ID formats, or customized serial codes), a Regular expression (regex) is the ideal detection mechanism. It offers the precision required to match specific patterns rather than relying on exact word matches (Keywords) or static lists (Dictionary).

  • To detect and protect confidential documents, we need a custom rule to identify project codes that start with 999 (since they are classified as confidential). Box 1: A Sensitive Info Type (SIT) allows Microsoft Purview DLP policies to recognize structured data (e.g., project codes). DLP policies require a sensitive info type to detect content based on patterns,
    keywords, or dictionary terms. A sensitivity label alone does not define detection logic—it is used for classification and protection after content is identified. Box 2: Since project codes follow a structured 10-digit pattern, we should use a Regular Expression (Regex) to match project codes that start with 999. Example Regex pattern: 999\d{7} This pattern detects a 10-digit number starting with "999".
    Question #3 (Topic: demo questions)

    You need to meet the technical requirements for the creation of the sensitivity labels. To which user or users must you assign the Sensitivity Label Administrator role?

    A.
    Admin1 only
    B.
    Admin1 and Admin4 only 
    C.
    Admin1 and Admin5 only
    D.
    Admin1, Admin2, and Admin3 only
    E.
    Admin1, Admin2, Admin4, and Admin5 only
    Correct Answer: D
    Explanation:
    To meet the requirement that all administrative users must be able to create Microsoft 365 sensitivity labels, we need to assign the Sensitivity Label Administrator role to the correct users. Sensitivity Label Administrator Role Responsibilities This role allows users to: ● Create and manage sensitivity labels in Microsoft Purview. ● Publish and configure auto-labeling policies. ● Modify label encryption and content marking settings. Review of Admin Roles from the Table:
    Answer Area
    AdminRole AssignedCan Create Sensitivity Labels?
    Admin1Global ReaderNo, read-only permissions.
    Admin2Compliance Data AdministratorYes, can manage compliance data, including labels.
    Admin3Compliance AdministratorYes, has full compliance management, including labels.
    Admin4Security OperatorNo, this role is focused on security alerts and response.
    Admin5Security AdministratorNo, primarily focused on security policies and threat management.
    Explanation
    Admin1 (Global Reader): This role provides read-only access across the tenant. Users assigned this role can view settings and administrative data but cannot create or modify objects, including sensitivity labels.
    Admin2 (Compliance Data Administrator): This role possesses permissions explicitly geared towards data governance and classification tasks, which include creating, managing, and publishing sensitivity labels.
    Admin3 (Compliance Administrator): As a high-level administrative role for compliance features, it grants comprehensive permissions to configure and manage all compliance-related settings, directly allowing the creation of sensitivity labels.
    Admin4 (Security Operator): This role is designated for operational security tasks, such as monitoring alerts and analyzing potential threats. It does not contain administrative permissions required to configure data classification or compliance policies like sensitivity labels.
    Admin5 (Security Administrator): While this role grants broad security management privileges (such as managing threat policies and security alerts), it does not natively inherit full compliance creation privileges. Data classification and sensitivity management are handled within the compliance/purview scope, making it an incorrect role for creating sensitivity labels unless combined with proper compliance role groups.
    Users that must be assigned the Sensitivity Label Administrator role: ● Admin2 (Compliance Data Administrator) ● Admin3 (Compliance Administrator) ● Admin1 (Global Reader) (should be assigned this role to fulfill the requirement that all admins can create labels).
    Question #4 (Topic: demo questions)

    DRAG DROP

    You need to meet the technical requirements for the Site1 documents. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

    A.
    Actions (Available Options)
    Create a sensitivity label.
    Wait 24 hours and then turn on the policy.
    Create a sensitive info type.
    Create a retention label.
    Create an auto-labeling policy.
    Answer Area (Ordered Steps)
    Step SequenceAction to Perform
    Step 1Create a sensitive info type.
    Step 2Create a sensitivity label.
    Step 3Create an auto-labeling policy.
    Correct Answer: A
    Explanation:
  • Step 1: Create a sensitive info type. Before a custom category of data can be classified automatically, you must first define the criteria used to identify it (such as a specific pattern or regex). Creating a sensitive info type forms the building block for detection.

  • Step 2: Create a sensitivity label. Once the detection criteria exist, you must create the container that defines what happens to that data (e.g., applying encryption or content markings) when it is identified.

  • Step 3: Create an auto-labeling policy. This policy brings everything together by scanning content locations (such as SharePoint, OneDrive, or Exchange) for the sensitive info type defined in Step 1 and automatically applying the sensitivity label created in Step 2.

  • The goal is to automatically label documents in Site1 that contain credit card numbers. To achieve this, we need a sensitivity label with an auto-labeling policy based on a sensitive info type that detects credit card numbers. Step 1: Create a Sensitive Info Type ● A sensitive info type is needed to detect credit card numbers in documents. ● Microsoft Purview includes built-in sensitive info types for credit card numbers, but we can also create a custom one if necessary. Step 2: Create a Sensitivity Label ● A sensitivity label is required to classify and protect documents containing sensitive information. ● This label can apply encryption, watermarking, or access controls to credit card data. Step 3: Create an Auto-Labeling Policy ● An auto-labeling policy ensures that the sensitivity label is applied automatically when credit card numbers are detected in Site1. ● This policy is configured to scan files and automatically apply the correct sensitivity label.
    Download Exam
    Page: 1 / 1
    Next Page