Microsoft Administering Information Security in Microsoft 365 (SC-401) Free Practice Test
Question 1
You have a Microsoft 365 E5 subscription. Microsoft Priva Privacy Risk Management licenses are assigned to all users.
You need to review and delete all the personal data that relates to a former employee. The solution must minimize administrative effort.
What should you do first?
You need to review and delete all the personal data that relates to a former employee. The solution must minimize administrative effort.
What should you do first?
Correct Answer: A
Question 2
Hotspot Question
You have a Microsoft 365 E5 subscription that contains the data loss prevention (DLP) policies shown in the following table.
You have a custom employee information form named Template1.docx.
You plan to create a sensitive info type named Sensitive1 that will use the document fingerprint from Template1.docx.
What should you use to create Sensitive1, and in which DLP policies can you use Sensitive1? To answer, select the appropriate options in the answer area.
You have a Microsoft 365 E5 subscription that contains the data loss prevention (DLP) policies shown in the following table.
You have a custom employee information form named Template1.docx.
You plan to create a sensitive info type named Sensitive1 that will use the document fingerprint from Template1.docx.
What should you use to create Sensitive1, and in which DLP policies can you use Sensitive1? To answer, select the appropriate options in the answer area.
Correct Answer:
Explanation:
Box 1: Microsoft Purview portal
Box 2: DLP1, DLP2, and DLP3
DLP can use document fingerprinting as a detection method in Exchange, SharePoint, OneDrive, Teams, and Devices.
Reference:
https://learn.microsoft.com/en-us/purview/sit-document-fingerprinting
Question 3
You have a Microsoft 365 E5 subscription that contains a Windows 11 device named Device1 and three users named User1, User2, and User3.
You plan to deploy Azure information Protection (AIP) and the Microsoft Purview information Protection client to Device1.
You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment:
- User1 will test the functionality of the client.
- User2 will install and configure the Microsoft Rights Management
connector.
- User3 will be configured as the service account for the information
protection scanner.
The solution must maximize the security of the sign-in process for the users.
What should you do?
You plan to deploy Azure information Protection (AIP) and the Microsoft Purview information Protection client to Device1.
You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment:
- User1 will test the functionality of the client.
- User2 will install and configure the Microsoft Rights Management
connector.
- User3 will be configured as the service account for the information
protection scanner.
The solution must maximize the security of the sign-in process for the users.
What should you do?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 4
Hotspot Question
You have a Microsoft 365 E5 tenant that contains the objects shown in the following table.
You need to restore a Microsoft Word document that was deleted from the Sales channel by User1.
From where can the document be restored, and how long will the document be retained if it is NOT restored? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 tenant that contains the objects shown in the following table.
You need to restore a Microsoft Word document that was deleted from the Sales channel by User1.
From where can the document be restored, and how long will the document be retained if it is NOT restored? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: Microsoft Teams
Restore items in the recycle bin that were deleted from SharePoint or Teams When you delete items from a document library or list in Microsoft Teams or SharePoint, they aren't immediately removed. Deleted items go into the SharePoint site recycle bin for a period of time or until they are emptied from the recycle bin. The SharePoint site recycle bin isn't the same as the Windows recycle bin that you see on your desktop.
Box 2: 30 days
Restore a shared library
SharePoint in Microsoft 365 Microsoft Teams
If lots of your SharePoint or Microsoft Teams files get deleted, overwritten, corrupted, or infected by malware, you can restore an entire shared document library to a previous time. The restore will undo all the actions that occurred on both files and folders in the last 30 days.
If your entire library was deleted, see Restore items in the Recycle Bin of a SharePoint site. If you want to correct issues with individual files one at a time, you can restore deleted items or restore a previous version of an item.
Reference:
https://support.microsoft.com/en-us/office/restore-items-in-the-recycle-bin-that-were-deleted-from- sharepoint-or-teams-6df466b6-55f2-4898-8d6e-c0dff851a0be
https://support.microsoft.com/en-us/office/restore-a-shared-library-317791c3-8bd0-4dfd-8254-
3ca90883d39a
Question 5
Drag and Drop Question
You have a Microsoft 365 E5 subscription.
You need to create the Microsoft Purview insider risk management policies shown in the following table.
Which policy template should you use for each policy? To answer, drag the appropriate policy templates to the correct policies. Each template may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
You need to create the Microsoft Purview insider risk management policies shown in the following table.
Which policy template should you use for each policy? To answer, drag the appropriate policy templates to the correct policies. Each template may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: Data theft by departing users
Policy1: Monitors the printing of files by users that submitted their resignation.
To monitor file printing by departing employees in Microsoft Purview, you should use the Data theft by departing users template and configure a Microsoft 365 HR connector for resignation dates, then add printing as a specific indicator. This template is designed to detect unusual activity from employees who are leaving, and adding the printing indicator will allow you to see specific printing actions in their activity.
Box 2: Data leaks by priority users
Policy2: Monitors the accidental sharing of data of an organization by users in a priority user group.
To detect accidental data sharing by users in a priority user group, you should use the Data leaks by priority users policy template in Microsoft Purview Insider Risk Management. This template is specifically designed to trigger alerts for data leak activities performed by members of a priority user group, making it the most appropriate choice for your scenario.
Box 3: Data leaks
Policy2: Monitors the downloading of files from Microsoft SharePoint Online to personal cloud storage services.
To monitor downloading files from SharePoint Online to personal cloud storage, you should use the Data leaks or Data leaks by priority users policy templates and then configure the policy to use Data Loss Prevention (DLP) indicators. You'll need to create or select an existing DLP policy that identifies the sensitive data being downloaded and configure it to generate alerts for the insider risk management policy.
Reference:
https://learn.microsoft.com/en-us/purview/insider-risk-management-policy-templates
Question 6
You have a Microsoft 365 E5 subscription.
You have a Microsoft SharePoint Online document library that contains Microsoft Word and Excel documents. The documents contain the following types of information:
- Credit card numbers
- Physical addresses in the UK
- National health service numbers from the UK
- Sensitive projects that contain the following words: Project
Tailspin, Project Contoso, and Project Falcon
You have email messages in Microsoft Exchange Online that contain the following information types:
- Credit card numbers
- User sign-in credentials
- National health service numbers from the UK
You plan to use sensitive information types (SITs) for compliance policies.
What is the minimum number of SITs required to classify all the information types?
You have a Microsoft SharePoint Online document library that contains Microsoft Word and Excel documents. The documents contain the following types of information:
- Credit card numbers
- Physical addresses in the UK
- National health service numbers from the UK
- Sensitive projects that contain the following words: Project
Tailspin, Project Contoso, and Project Falcon
You have email messages in Microsoft Exchange Online that contain the following information types:
- Credit card numbers
- User sign-in credentials
- National health service numbers from the UK
You plan to use sensitive information types (SITs) for compliance policies.
What is the minimum number of SITs required to classify all the information types?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 7
You have a Microsoft 365 E5 subscription.
You need to enable support for sensitivity labels in Microsoft SharePoint Online.
What should you use?
You need to enable support for sensitivity labels in Microsoft SharePoint Online.
What should you use?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 8
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need to deploy a compliance solution that will detect the accidental oversharing of information outside of an organization. The solution must minimize administrative effort.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need to deploy a compliance solution that will detect the accidental oversharing of information outside of an organization. The solution must minimize administrative effort.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: Data leaks
When using a Data leaks template, you can assign a DLP policy to trigger indicators in the insider risk policy for high severity alerts in your organization. Whenever a high severity alert is generated by a DLP policy rule is added to the Office 365 audit log, insider risk policies created with this template automatically examine the high severity DLP alert. If the alert contains an in- scope user defined in the insider risk policy, the alert is processed by the insider risk policy as a new alert and assigned an insider risk severity and risk score. You can also choose to assign selected indicators as triggering events for a policy. This flexibility and customization helps scope the policy to only the activities covered by the indicators. This policy allows you to evaluate this alert in context with other activities included in the case.
Box 2: A data loss prevention (DLP) policy
Note: Data leaks
Protecting data and preventing data leaks is a constant challenge for most organizations, particularly with the rapid growth of new data created by users, devices, and services. Users are empowered to create, store, and share information across services and devices that make managing data leaks increasingly more complex and difficult. Data leaks can include *accidental oversharing of information outside your organization* or data theft with malicious intent. With an assigned Microsoft Purview Data Loss Prevention (DLP) policy, built-in, or customizable triggering events, this template starts scoring real-time detections of suspicious SharePoint Online data downloads, file and folder sharing, printing files, and copying data to personal cloud messaging and storage services.
Reference:
https://learn.microsoft.com/en-us/purview/insider-risk-management-policy-templates
Question 9
Hotspot Question
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
The subscription contains the groups shown in the following table.
You plan to create a priority user group named Priority1.
You need to identify the following:
- Which users and groups can be added to Priority1?
- Which users can be enabled to view alerts that involve the members of Priority1?
What should you identify? To answer, select the appropriate options in the answer area.
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
The subscription contains the groups shown in the following table.
You plan to create a priority user group named Priority1.
You need to identify the following:
- Which users and groups can be added to Priority1?
- Which users can be enabled to view alerts that involve the members of Priority1?
What should you identify? To answer, select the appropriate options in the answer area.
Correct Answer:
Explanation:
Box 1: User1, User2, and User3 only
* User1 - Yes
User1 is Global Administrator.
A Global Administrator in Microsoft 365 can be added to a priority user group.
Priority User Groups:
These groups are often used to grant specific access or prioritize certain users. Global Administrators can add themselves or other users to these groups.
* User2 - Yes
An Insider Risk Management Analyst can be added to a priority user group.
* User3 - Yes
Insider Risk Management Investigations can be associated with or scoped to a Priority User Group (PUG).
* Group1 - No
You cannot directly add a security group as a member of a priority user group.
* Group2 - No
Box 2: User2 and User3 only
* User1 - No
* User2 - Yes, User3 - Yes
Instead of being open to review by all analysts and investigators, priority user groups might also need to restrict review activities to specific users or insider risk role groups. You can choose to assign individual users and role groups to review users, alerts, cases, and reports for each priority user group. Priority user groups can have review permissions assigned to the built-in Insider Risk Management, Insider Risk Management Analysts, and Insider Risk Management Investigators role groups, one or more of these role groups, or to a custom selection of users.
Reference:
https://learn.microsoft.com/en-us/purview/insider-risk-management-settings-priority-user-groups
Question 10
You have a Microsoft 365 subscription.
You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer: C,D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 11
Hotspot Question
You have a Microsoft 365 E5 tenant that contains the users shown in the following table.
You have a retention policy that has the following configurations:
- Retain items for a specific period: 5 years
- Locations to apply the policy: Exchange email, SharePoint sites
You place a Preservation Lock on Policy1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 tenant that contains the users shown in the following table.
You have a retention policy that has the following configurations:
- Retain items for a specific period: 5 years
- Locations to apply the policy: Exchange email, SharePoint sites
You place a Preservation Lock on Policy1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: No
When a retention policy is locked:
No one, including the global admin, can disable the policy or delete it Locations can be added but not removed You can extend the retention period but not decrease it Box 2: Yes You can extend the retention period but not decrease it Box 3: No You can extend the retention period but not decrease it Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-preservation-lock
Question 12
You have a Microsoft 365 E5 tenant.
You need to add a new keyword dictionary.
What should you create?
You need to add a new keyword dictionary.
What should you create?
Correct Answer: A
Question 13
You have a Microsoft 365 subscription that contains a user named User1.
You create a Highly Confidential sensitivity label named Label1.
You need to prevent User1 from using Microsoft 365 Copilot to summarize content that has Label1 applied. The solution must ensure that User1 can directly access the content.
Which type of policy should you create?
You create a Highly Confidential sensitivity label named Label1.
You need to prevent User1 from using Microsoft 365 Copilot to summarize content that has Label1 applied. The solution must ensure that User1 can directly access the content.
Which type of policy should you create?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 14
SIMULATION
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and select the username below.
To enter your password, place your cursor in the Enter password box and select the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: XXXXXXXXX
If the Microsoft Edge browser or Microsoft 365 portal does not load successfully, select the Microsoft Edge browser icon from the task bar, type the URL "https://admin.microsoft.com", and press Enter.
The following information is for technical support purposes only:
Lab Instance: XXXXXXXXX
Task 2
You need to ensure that email sent to external recipients with the word Falcon in the subject line will be encrypted by using an RMS template named Highly Confidential \ All Employees.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and select the username below.
To enter your password, place your cursor in the Enter password box and select the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: XXXXXXXXX
If the Microsoft Edge browser or Microsoft 365 portal does not load successfully, select the Microsoft Edge browser icon from the task bar, type the URL "https://admin.microsoft.com", and press Enter.
The following information is for technical support purposes only:
Lab Instance: XXXXXXXXX
Task 2
You need to ensure that email sent to external recipients with the word Falcon in the subject line will be encrypted by using an RMS template named Highly Confidential \ All Employees.
Correct Answer:
To encrypt emails with "Falcon" in the subject to external recipients, you must first create an Information Protection sensitivity label with RMS encryption, then create a mail flow rule in the Purview compliance portal that applies this label to emails that are sent externally and have
"Falcon" in the subject line.
Task 1: Set up the Information Protection sensitivity label
Step 1: Go to the Microsoft Purview compliance portal and navigate to Information protection.
Step 2: Open the Labels tab and click Create a label.
Step 3: Follow the wizard to configure the new label. On the label settings page, enable Encrypt and then select the RMS template that you want to apply.
Task 2: Create the mail flow rule
Step 4: Go to the Purview compliance portal and navigate to Mail flow rules.
Step 5: Click New rule.
Step 6: Set the conditions:
Condition 1: Select "The subject contains..." and enter "Falcon".
Condition 2: Select "The recipient is located..." and choose "External".
Step 7: Set the action:
Select "Apply the sensitivity label..." and choose the label you created in the previous step.
Step 8: Review and save the rule.
Reference:
https://learn.microsoft.com/en-us/purview/ome
"Falcon" in the subject line.
Task 1: Set up the Information Protection sensitivity label
Step 1: Go to the Microsoft Purview compliance portal and navigate to Information protection.
Step 2: Open the Labels tab and click Create a label.
Step 3: Follow the wizard to configure the new label. On the label settings page, enable Encrypt and then select the RMS template that you want to apply.
Task 2: Create the mail flow rule
Step 4: Go to the Purview compliance portal and navigate to Mail flow rules.
Step 5: Click New rule.
Step 6: Set the conditions:
Condition 1: Select "The subject contains..." and enter "Falcon".
Condition 2: Select "The recipient is located..." and choose "External".
Step 7: Set the action:
Select "Apply the sensitivity label..." and choose the label you created in the previous step.
Step 8: Review and save the rule.
Reference:
https://learn.microsoft.com/en-us/purview/ome
Question 15
Hotspot Question
You have Microsoft 365 subscription that is enabled to support trainable classifiers.
You plan to create a custom trainable classifier based on an organizational form template.
You need to identify which role-based access control (RBAC) role is required to create the trainable classifier and where to store the seed content for the trainable classifier. The solution must use the principle of least privilege.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have Microsoft 365 subscription that is enabled to support trainable classifiers.
You plan to create a custom trainable classifier based on an organizational form template.
You need to identify which role-based access control (RBAC) role is required to create the trainable classifier and where to store the seed content for the trainable classifier. The solution must use the principle of least privilege.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
