📘 Free SC-401 Sample Questions
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A
Correct Answer:
A.
Explanation:
The goal is to automatically label documents in Site1 that contain credit card numbers. To achieve
this, we need a sensitivity label with an auto-labeling policy based on a sensitive info type that
Step 1: Create a Sensitive Info Type
? A sensitive info type is needed to detect credit card numbers in documents.
? Microsoft Purview includes built-in sensitive info types for credit card numbers, but we can also
create a custom one if necessary.
Step 2: Create a Sensitivity Label
? A sensitivity label is required to classify and protect documents containing sensitive information.
? This label can apply encryption, watermarking, or access controls to credit card data.
Step 3: Create an Auto-Labeling Policy
SC-401: Actual Exam Q&A | CLEARCATNET
? An auto-labeling policy ensures that the sensitivity label is applied automatically when credit card
numbers are detected in Site1.
? This policy is configured to scan files and automatically apply the correct sensitivity label.
To which user or users must you assign the Sensitivity Label Administrator role?
A
Admin1 only
B
Admin1 and Admin4 only
C
Admin1 and Admin5 only
D
Admin1, Admin2, and Admin3 only
E
Admin1, Admin2, Admin4, and Admin5 only
Correct Answer:
D. Admin1, Admin2, and Admin3 only
Explanation:
To meet the requirement that all administrative users must be able to create Microsoft 365
sensitivity labels, we need to assign the Sensitivity Label Administrator role to the correct users.
Sensitivity Label Administrator Role Responsibilities
This role allows users to:
? Create and manage sensitivity labels in Microsoft Purview.
? Publish and configure auto-labeling policies.
? Modify label encryption and content marking settings.
Users that must be assigned the Sensitivity Label Administrator role:
? Admin2 (Compliance Data Administrator)
? Admin3 (Compliance Administrator)
? Admin1 (Global Reader) (should be assigned this role to fulfill the requirement that all admins can
create labels).
What should you create first, and what should you use for the detection method? To answer, selectthe appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A
Correct Answer:
A.
Explanation:
To detect and protect confidential documents, we need a custom rule to identify project codes that
start with 999 (since they are classified as confidential).
Box 1: A Sensitive Info Type (SIT) allows Microsoft Purview DLP policies to recognize structured data
(e.g., project codes). DLP policies require a sensitive info type to detect content based on patterns,
keywords, or dictionary terms. A sensitivity label alone does not define detection logic—it is used for
classification and protection after content is identified.
Box 2: Since project codes follow a structured 10-digit pattern, we should use a Regular Expression
(Regex) to match project codes that start with 999.
Example Regex pattern:
999\d{7}
This pattern detects a 10-digit number starting with "999".
How many files in Site2 can User1 and User2 access after you turn on DLPpolicy1? To answer, select
the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
A
Correct Answer:
A.
You are reviewing policies for the SharePoint Online environment. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
A
Correct Answer:
A.
Explanation:
Understanding Site4's Retention Policies:
? Site4RetentionPolicy1 deletes items older than 2 years from creation. If a file was created on
January 1, 2021, it would be deleted after January 1, 2023.
? Site4RetentionPolicy2 retains files for 4 years from creation. If a file was created on January 1,
2021, it will be kept until January 1, 2025, but not deleted after that (policy states "Do nothing").
Statement 1 - Yes, because Site4RetentionPolicy2 ensures files are retained for 4 years.
Statement 2 - Yes, because Site4RetentionPolicy2 retains the file for 4 years (until January 1, 2025).
Statement 3 - No, because retention is only for 4 years (until January 1, 2025). After that, the policy
does "nothing," meaning the file is no longer recoverable after that period.
What is the minimum number of retention policies required to achieve the goal?
A
1
B
2
C
3
D
4
E
6
Correct Answer:
B. 2
Explanation:
The requirement states that all Microsoft 365 data for users must be retained for at least one year. In
Microsoft 365, retention policies must be configured for each type of data storage.
Step 1: Identifying Where Data is Stored
From the case study, users store data in the following locations:
? SharePoint Online sites
? OneDrive accounts
? Exchange email
? Exchange public folders
? Teams chats
? Teams channel messages
Answer: B
Since these locations fall under two broad categories:
? Microsoft Exchange data (Emails, Public folders)
? SharePoint, OneDrive, and Teams data
Step 2: Required Retention Policies
1 . A single retention policy can cover:
? SharePoint Online
? OneDrive
? Microsoft Teams
SC-401: Actual Exam Q&A | CLEARCATNET
2. A second retention policy is required for:
? Exchange (Emails & Public Folders)
Thus, the minimum number of retention policies required to meet the requirement is 2.
Microsoft 365 retention policies can be applied broadly across multiple services with just two
policies:
? One for Exchange & Public Folders
? One for SharePoint, OneDrive, and Teams
There's no need for separate policies for each individual workload unless different retention
durations are required, which is not stated in the requirement.
You have a Microsoft 365 E5 subscription that contains a Microsoft Teams channel named Channel1.
Channel1 contains research and development documents.
You plan to implement Microsoft 365 Copilot for the subscription.
You need to prevent the contents of files stored in Channel1 from being included in answers
generated by Copilot and shown to unauthorized users.
What should you use?
A
data loss prevention (DLP)
B
Microsoft Purview insider risk management
C
Microsoft Purview Information Barriers
D
sensitivity labels
Correct Answer:
D. sensitivity labels
Explanation:
To prevent the contents of files stored in Channel1 from being included in Microsoft 365 Copilot
responses and ensure unauthorized users cannot access them, you should use Microsoft Purview
Sensitivity labels allow you to classify, protect, and restrict access to sensitive files. You can configure
label-based encryption and access control policies to ensure that only authorized users can access or
interact with the files in Channel1. Microsoft 365 Copilot respects sensitivity labels, meaning if a file is
labeled with restricted permissions, Copilot will not use it in generated responses for unauthorized
users.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You plan to deploy a Defender for Cloud Apps file policy that will be triggered when the following
conditions are met:
● A file is shared externally.
● A file is labeled as internal only.
Which filter should you use for each condition? To answer, drag the appropriate filters to the correct
conditions. Each filter may be used once, more than once, or not at all. You may need to drag the
split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
A
Correct Answer:
A.
You create the sensitivity labels shown in the following table.
A
Correct Answer:
A.
You have a Microsoft 365 E5 subscription. You need to create a sensitivity label named Label1. The solution must ensure that users can use
Microsoft 365 Copilot to summarize files that have Label1 applied. Which permission should you select for Label1?
A
Export content(EXPORT)
B
Copy and extract content(EXTRACT)
C
Edit content(DOCEDIT)
D
View rights(VIEW)
Correct Answer:
B. Copy and extract content(EXTRACT)
Explanation:
To allow Microsoft 365 Copilot to summarize files that have Label1 applied, the label must grant
permission to extract content from the document. The correct permission for this is Copy and extract
Microsoft 365 Copilot requires access to read and process content in documents to generate
summaries. The EXTRACT permission allows users (and AI tools like Copilot) to copy and extract
content for processing while still maintaining the protection applied by the sensitivity label.
Questions: 1-10 out of 264
Continue Full Practice..
GET ALL 264 QUESTIONS