Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. SC-401

Microsoft SC-401 Exam (page: 3)
Microsoft Administering Information Security in 365
Updated on: 12-Feb-2026

Viewing Page 3 of 27
SC-401 PDF 264 Questions

Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

HOTSPOT (Drag and Drop is not supported)

You have a Microsoft 365 ES subscription that uses Microsoft Exchange Online and Teams.

You need to ensure that when a user sends a message containing a cloud attachment, a retention label is applied to the cloud attachment by using an auto-labeling policy.

How should you configure the retention label to start the retention period, and to which locations should you apply the auto-labeling policy? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Labeled
Start the retention period based on when the items were:

Automatically apply a retention label to retain or delete content

Auto-apply labels to cloud attachments
You might need to use this option if you're required to capture and retain all copies of files in your tenant that are sent over communications by users, or files that are referenced in Copilot for Microsoft 365. You use this option in conjunction with retention policies for the communication services themselves; Exchange, Teams, Viva Engage, and Copilot for Microsoft 365.

Important
When you select a label to use for auto-applying retention labels for cloud attachments, ensure that the label retention setting Start the retention period based on is When items were labeled.

Box 2: Microsoft 365 Group mailboxes & sites only
Locations:

When you select a label to use for auto-applying retention labels for cloud attachments, make sure the label retention setting Start the retention period based on is When items were labeled.

When you configure the locations for this option, you can select:

* SharePoint classic and communication sites for shared files stored in SharePoint communication sites, team sites that aren't connected by Microsoft 365 groups, and classic sites. *-> Microsoft 365 Groups for shared files that are stored in team sites connected by Microsoft 365 groups.
* OneDrive accounts for shared files stored in users' OneDrive.


Reference:

https://learn.microsoft.com/en-us/purview/apply-retention-labels-automatically




Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

HOTSPOT (Drag and Drop is not supported)

You create a data loss prevention (DLP) policy that meets the following requirements:

Prevents guest users from accessing a sensitive document shared during a Microsoft Teams chat


Prevents guest users from accessing a sensitive document stored in a Microsoft Teams channel


Which location should you select for each requirement? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-microsoft-teams https://docs.microsoft.com/en-us/microsoftteams/sharepoint-onedrive-interact




Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

HOTSPOT (Drag and Drop is not supported)

You have a Microsoft 365 E5 subscription that uses Microsoft Purview.

You need to create a sensitive information type (SIT) to detect project code content that starts with the letters pjt followed by six digits and ends with the letters sct. The following is an example of the project code.

pjt123456sct

How should you complete the regular expression? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: [0-9]
Pattern: [0-9]{0,3}
Interpretation: Look for zero to three occurrences of the decimal digits 0 through 9.

Box 2: {6}
Quantifiers
A quantifier specifies how many instances of the previous element (which can be a character, a group, or a character class) must be present in the input string for a match to occur. Quantifiers include the language elements listed in the following table.

Quantifier: { n }
Description: Matches the previous element exactly n times.
Pattern: ",\d{3}"
Matches: ",043" in "1,043.6", ",876", ",543", and ",210" in "9,876,543,210"


Reference:

https://learn.microsoft.com/en-us/dotnet/standard/base-types/regular-expressions https://learn.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference




Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

You have a Microsoft 365 E5 subscription that contains a Windows 11 device named Device1 and three users named User1, User2, and User3.

You plan to deploy Azure information Protection (AIP) and the Microsoft Purview information Protection client to Device1.

You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment:

User1 will test the functionality of the client.


User2 will install and configure the Microsoft Rights Management connector.


User3 will be configured as the service account for the information protection scanner.


The solution must maximize the security of the sign-in process for the users.

What should you do?

  1. Exclude User1 and User2 from multifactor authentication (MFA).
  2. Enable User2 and User3 for passwordless authentication.
  3. Exclude User2 and User3 from multifactor authentication (MFA).
  4. Enable User1, User2, and User3 for passkey (FIDO2) authentication.

Answer(s): C

Explanation:

Multi-factor authentication (MFA) and Azure Information Protection Rights Management connector requirements
The Rights Management connector and the Microsoft Purview Information Protection scanner do not support MFA.
If you deploy the connector or scanner, the following accounts must not require MFA:
The account that installs and configures the connector. [User2] The service principal account in Microsoft Entra ID, Aadrm_S-1-7-0, that the connector creates.
The service account that runs the scanner. [User3]


Reference:

https://learn.microsoft.com/en-us/azure/information-protection/requirements-azure-ad




Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

Your company has Microsoft 369 E5 subscription and plans to use Microsoft Purview Advanced Message Encryption.

Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft 365 logo.

What should you do to create the branding templates?

  1. Create an RMS template.
  2. Create a Transport rule.
  3. Run the New-OMEConfiguration cmdlet.
  4. Run the Set-IRMConfiguration cmdlet.

Answer(s): C


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/add-your-organization-brand-to-encrypted- messages




Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

HOTSPOT (Drag and Drop is not supported)

You use project codes that have a format of three alphabetical characters that represent the project type, followed by three digits, for example Abc123.

You need to create a new sensitive info type for the project codes.

How should you configure the regular expression to detect the content? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://joannecklein.com/2018/08/07/build-and-use-custom-sensitive-information-types-in-office-365/




Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

You have a Microsoft 365 alert named Alert2 as shown in the following exhibit.



You need to manage the status of Alert2.

To which status can you change Alert2?

  1. The status cannot be changed.
  2. Dismissed only
  3. Investigating only
  4. Active or Investigating only
  5. Investigating, Active, or Dismissed

Answer(s): E

Explanation:

Despite status showing resolved it still can be changed. Select alert > Under Alert status > Actions > select "Edit comments" > choose new status: Active, Investigating, Dismissed or Resolved. Alert status will change
Note: Alert status
When an alert is created, its status is Active. As you review the details of each alert, you can update its status to any of the states listed below:
Active: default state of the alert until its status is changed Investigating: alert is under investigation
Resolved: the alert doesn't require further investigation or follow-up Dismissed: the alert isn't relevant or doesn't need investigation


Reference:

https://learn.microsoft.com/en-us/purview/compliance-manager-alert-policies https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-configure-view-alerts-policies




Case Study

Instructions

This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.

To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.

A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study

To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions.
When you are ready to answer a question, select the "Question" button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment

Microsoft 365 Environment

Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.



Users store data in the following locations:

SharePoint sites

OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages

When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment

Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.

Site2 contains the files shown in the following table.



Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.



Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.

Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created At the end of the retention period: Do nothing

Problem Statements

Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements

Planned Changes

Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code Instance count: 2 to any
Actions: Restrict access to the content

Technical Requirements

Contoso must meet the following technical requirements:

All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used. For all users, all Microsoft 365 data must be retained for at least one year. Confidential documents must be detected and protected by using Microsoft 365. Site1 documents that include credit card numbers must be labeled automatically. All administrative users must be able to create Microsoft 365 sensitivity labels. After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

You have a Microsoft 365 subscription that uses retention label policies.

You need to identify all the changes made to retention labels during the last 30 days.

What should you use in the Microsoft Purview portal?

  1. Reports
  2. Activity explorer
  3. Content search
  4. Use data search

Answer(s): B

Explanation:

Activity explorer rounds out this suite of functionality by allowing you to monitor what's being done with your labeled content. Activity explorer provides a historical view of activities on your labeled content. The activity information is collected from the Microsoft 365 unified audit logs, transformed, and made available in the Activity explorer UI. Activity explorer reports on up to 30 days worth of data.
There are over 30 different filters available for use, some are:
Date range
Activity type
Location
User
Sensitivity label
Retention label
File path
DLP policy


Reference:

https://learn.microsoft.com/en-us/microsoft-365/compliance/data-classification-activity-explore



Viewing Page 3 of 27



Share your comments for Microsoft SC-401 exam with other users:

Manas 9/9/2023 1:48:00 AM

please upload 1z0-1072-23 exam dups
UNITED STATES


SB 9/12/2023 5:15:00 AM

i was hoping if you could please share the pdf as i’m currently preparing to give the exam.
Anonymous


Jagjit 8/26/2023 5:01:00 PM

i am looking for oracle 1z0-116 exam
UNITED STATES


S Mallik 11/27/2023 12:32:00 AM

where we can get the answer to the questions
Anonymous


PiPi Li 12/12/2023 8:32:00 PM

nice questions
NETHERLANDS


Dan 8/10/2023 4:19:00 PM

question 129 is completely wrong.
UNITED STATES


gayathiri 7/6/2023 12:10:00 AM

i need dump
UNITED STATES


Deb 8/15/2023 8:28:00 PM

love the site.
UNITED STATES


Michelle 6/23/2023 4:08:00 AM

can you please upload it back?
Anonymous


Ajay 10/3/2023 12:17:00 PM

could you please re-upload this exam? thanks a lot!
Anonymous


him 9/30/2023 2:38:00 AM

great about shared quiz
Anonymous


San 11/14/2023 12:46:00 AM

goood helping
Anonymous


Wang 6/9/2022 10:05:00 PM

pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.
UNITED STATES


Mary 5/16/2023 4:50:00 AM

wish you would allow more free questions
Anonymous


thomas 9/12/2023 4:28:00 AM

great simulation
Anonymous


Sandhya 12/9/2023 12:57:00 AM

very g inood
Anonymous


Agathenta 12/16/2023 1:36:00 PM

q35 should be a
Anonymous


MD. SAIFUL ISLAM 6/22/2023 5:21:00 AM

sap c_ts450_2021
Anonymous


Satya 7/24/2023 3:18:00 AM

nice questions
UNITED STATES


sk 5/13/2023 2:10:00 AM

ecellent materil for unserstanding
INDIA


Gerard 6/29/2023 11:14:00 AM

good so far
Anonymous


Limbo 10/9/2023 3:08:00 AM

this is way too informative
BOTSWANA


Tejasree 8/26/2023 1:46:00 AM

very helpfull
UNITED STATES


Yolostar Again 10/12/2023 3:02:00 PM

q.189 - answers are incorrect.
Anonymous


Shikha Bakra 9/10/2023 5:16:00 PM

awesome job in getting these questions
AUSTRALIA


Kevin 10/20/2023 2:01:00 AM

i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you
UNITED STATES


D Mario 6/19/2023 10:38:00 PM

grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.
ITALY


Bharat Kumar Saraf 10/31/2023 4:36:00 AM

some of the answers are incorrect. need to be reviewed.
HONG KONG


JP 7/13/2023 12:21:00 PM

so far so good
Anonymous


Kiky V 8/8/2023 6:32:00 PM

i am really liking it
Anonymous


trying 7/28/2023 12:37:00 PM

thanks good stuff
UNITED STATES


exampei 10/4/2023 2:40:00 PM

need dump c_tadm_23
Anonymous


Eman Sawalha 6/10/2023 6:18:00 AM

next time i will write a full review
GREECE


johnpaul 11/15/2023 7:55:00 AM

first time using this site
ROMANIA