Exam SC-401 Topic 3 Question 11 Discussion
Actual exam question for Microsoft's SC-401 exam
Question #: 11
Topic #: 3
Question #: 11
Topic #: 3
You have a Microsoft 36S ES subscription that contains a Windows 11 device named Device 1 and three users named User 1. User2. and User3.
You plan to deploy Azure Information Protection (AIP) and the Microsoft Purview Information Protection client to Device 1.
You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment
* User 1 will test the functionality of the client.
* User2 will install and configure the Microsoft Rights Management connector.
* User3 will be configured as the service account for the information protection scanner.
The solution must maximize the security of the sign-in process for the users What should you do?
You plan to deploy Azure Information Protection (AIP) and the Microsoft Purview Information Protection client to Device 1.
You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment
* User 1 will test the functionality of the client.
* User2 will install and configure the Microsoft Rights Management connector.
* User3 will be configured as the service account for the information protection scanner.
The solution must maximize the security of the sign-in process for the users What should you do?
Suggested Answer: D Vote an answer
Goal: maximize sign#in security for users who will test the AIP client (User1), install/configure the Microsoft Rights Management connector (User2), and act as the AIP scanner service account (User3).
Excluding users from MFA lowers security and is not recommended.
Passwordless with FIDO2 security keys (passkeys) provides strong phishing#resistant authentication and is fully supported for Azure AD sign#ins, including admin tasks and service scenarios that require interactive sign#in during setup.
Therefore, enabling all three for FIDO2 passkey authentication best meets the "maximize security" requirement.
References:
Microsoft Entra ID - Passwordless authentication with FIDO2 security keys
https://learn.microsoft.com/azure/active-directory/authentication/concept-authentication-passwordless
Excluding users from MFA lowers security and is not recommended.
Passwordless with FIDO2 security keys (passkeys) provides strong phishing#resistant authentication and is fully supported for Azure AD sign#ins, including admin tasks and service scenarios that require interactive sign#in during setup.
Therefore, enabling all three for FIDO2 passkey authentication best meets the "maximize security" requirement.
References:
Microsoft Entra ID - Passwordless authentication with FIDO2 security keys
https://learn.microsoft.com/azure/active-directory/authentication/concept-authentication-passwordless
by Gladys at May 14, 2026, 09:20 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).