Microsoft Administering Information Security in Microsoft 365 - SC-401 FREE EXAM DUMPS QUESTIONS & ANSWERS

Hotspot Question
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

The subscription contains the groups shown in the following table.

You plan to create a priority user group named Priority1.
You need to identify the following:
- Which users and groups can be added to Priority1?
- Which users can be enabled to view alerts that involve the members of Priority1?
What should you identify? To answer, select the appropriate options in the answer area.
Correct Answer:

Explanation:
Box 1: User1, User2, and User3 only
* User1 - Yes
User1 is Global Administrator.
A Global Administrator in Microsoft 365 can be added to a priority user group.
Priority User Groups:
These groups are often used to grant specific access or prioritize certain users. Global Administrators can add themselves or other users to these groups.
* User2 - Yes
An Insider Risk Management Analyst can be added to a priority user group.
* User3 - Yes
Insider Risk Management Investigations can be associated with or scoped to a Priority User Group (PUG).
* Group1 - No
You cannot directly add a security group as a member of a priority user group.
* Group2 - No
Box 2: User2 and User3 only
* User1 - No
* User2 - Yes, User3 - Yes
Instead of being open to review by all analysts and investigators, priority user groups might also need to restrict review activities to specific users or insider risk role groups. You can choose to assign individual users and role groups to review users, alerts, cases, and reports for each priority user group. Priority user groups can have review permissions assigned to the built-in Insider Risk Management, Insider Risk Management Analysts, and Insider Risk Management Investigators role groups, one or more of these role groups, or to a custom selection of users.
Reference:
https://learn.microsoft.com/en-us/purview/insider-risk-management-settings-priority-user-groups
Hotspot Question
You have a Microsoft 365 E5 subscription that contains two users named User1 and User2.
You create the audit retention policies shown in the following table.

The users perform the following actions:
- User1 renames a Microsoft SharePoint Online site.
- User2 sends an email message.
How long will the audit log records be retained for each action? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
The action "SiteRenamed" for SharePoint is covered under the AuditRetention4 policy, which applies to User1 and retains logs for 9 months.
The action "Send" for ExchangeItem is covered under the AuditRetention2 policy, but this policy applies only to User1. Since User2 is not covered under a specific policy, the default retention period for audit logs in Microsoft Purview is 90 days.
You need to enable sensitivity labels for containers in Microsoft Purview and synchronize these labels with Microsoft Entra ID. The labels will be used to configure protection settings for groups and sites, as well as to ensure privacy and external user access settings.
What should you do?
Correct Answer: D Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
You have a Microsoft 365 E5 subscription.
You are implementing insider risk management.
You need to maximize the amount of historical data that is collected when an event is triggered.
What is the maximum number of days that historical data can be collected?
Correct Answer: C Vote an answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 11. The computers are onboarded to Microsoft Purview.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers.
Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Microsoft Defender for Cloud Apps, you mark the application as Unsanctioned.
Does this meet the goal?
Correct Answer: A Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
You have a Microsoft 365 subscription that contains the users shown in the following table.

You review the audit retention period of each user.
Which users' audit logs are retained for nine months?
Correct Answer: C Vote an answer
Hotspot Question
You have a Microsoft 365 E5 tenant that contains two users named User1 and User2 and a Microsoft SharePoint Online site named Sitel as shown in the following exhibit.

For Site1, the users are assigned the roles shown in the following table.

You publish a retention label named Retention1 to Site1.
To which files can the users apply Retention1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
Box 1: File1.docx, File2.docx, and File3.docx
User1 is owner.
Note:
File1 and File2 are normal.
File3 has a red minus-sign (-) denoting the following:
This item is protected by a policy in your organization. It can't be shared with people outside your organization.
Issues
Item contains the following sensitive information: Etc.
Box 2: File1.docx and File2.docx only
User is member and cannot access File3.
Reference:
https://answers.microsoft.com/en-us/msteams/forum/all/a-red-circle-with-a-minus-sign-after-file-name-in/94a98f8e-69e1-46cd-9799-86b4e297ce00
Case Study 1 - Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.
Existing Environment
Microsoft 365 Environment
Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.

Users store data in the following locations:
- SharePoint sites
- OneDrive accounts
- Exchange email
- Exchange public folders
- Teams chats
- Teams channel messages
When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.
SharePoint Online Environment
Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.
Site2 contains the files shown in the following table.

Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.

Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.
Site4 has the following two retention policies applied:
- Name: Site4RetentionPolicy1
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created
- Name: Site4RetentionPolicy2
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created
At the end of the retention period: Do nothing
Problem Statements
Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.
Requirements
Planned Changes
Contoso plans to create the following data loss prevention (DLP) policy:
- Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code
- Instance count: 2 to any
Actions: Restrict access to the content
Technical Requirements
Contoso must meet the following technical requirements:
- All administrative users must be able to review DLP reports.
- Whenever possible, the principle of least privilege must be used.
- For all users, all Microsoft 365 data must be retained for at least
one year.
- Confidential documents must be detected and protected by using
Microsoft 365.
- Site1 documents that include credit card numbers must be labeled
automatically.
- All administrative users must be able to create Microsoft 365
sensitivity labels.
- After a project is complete, the documents in Site3 that relate to
the project must be retained for 10 years.
You need to meet the retention requirement for the users' Microsoft 365 data.
What is the minimum number of retention policies required to achieve the goal?
Correct Answer: C Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
Hotspot Question
You plan to implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You need to identify which end user activities can be audited on the endpoints, and which activities can be restricted on the endpoints.
What should you identify for each activity? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about
You create a label that encrypts email data.
Users report that they cannot use the label in Outlook on the web to protect the email messages they send.
You need to ensure that the users can use the new label to protect their email.
What should you do?
Correct Answer: C Vote an answer
Explanation: Only visible for FreeCram members. You can sign-up / login (it's free).
0
0
0
10