Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. SC-401

Microsoft SC-401 Exam Questions
Administering Information Security in Microsoft 365 (Page 4 )

Updated On: 19-Apr-2026
Page 4 of 27
PDF with 264 Questions
View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You have a Microsoft 365 ES subscription that uses Microsoft Exchange Online and Teams.

You need to ensure that when a user sends a message containing a cloud attachment, a retention label is applied to the cloud attachment by using an auto-labeling policy.

How should you configure the retention label to start the retention period, and to which locations should you apply the auto-labeling policy? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Labeled
Start the retention period based on when the items were:

Automatically apply a retention label to retain or delete content

Auto-apply labels to cloud attachments
You might need to use this option if you're required to capture and retain all copies of files in your tenant that are sent over communications by users, or files that are referenced in Copilot for Microsoft 365. You use this option in conjunction with retention policies for the communication services themselves; Exchange, Teams, Viva Engage, and Copilot for Microsoft 365.

Important
When you select a label to use for auto-applying retention labels for cloud attachments, ensure that the label retention setting Start the retention period based on is When items were labeled.

Box 2: Microsoft 365 Group mailboxes & sites only
Locations:

When you select a label to use for auto-applying retention labels for cloud attachments, make sure the label retention setting Start the retention period based on is When items were labeled.

When you configure the locations for this option, you can select:

* SharePoint classic and communication sites for shared files stored in SharePoint communication sites, team sites that aren't connected by Microsoft 365 groups, and classic sites. *-> Microsoft 365 Groups for shared files that are stored in team sites connected by Microsoft 365 groups.
* OneDrive accounts for shared files stored in users' OneDrive.


Reference:

https://learn.microsoft.com/en-us/purview/apply-retention-labels-automatically



View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You create a data loss prevention (DLP) policy that meets the following requirements:

Prevents guest users from accessing a sensitive document shared during a Microsoft Teams chat


Prevents guest users from accessing a sensitive document stored in a Microsoft Teams channel


Which location should you select for each requirement? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-microsoft-teams https://docs.microsoft.com/en-us/microsoftteams/sharepoint-onedrive-interact



View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You have a Microsoft 365 E5 subscription that uses Microsoft Purview.

You need to create a sensitive information type (SIT) to detect project code content that starts with the letters pjt followed by six digits and ends with the letters sct. The following is an example of the project code.

pjt123456sct

How should you complete the regular expression? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: [0-9]
Pattern: [0-9]{0,3}
Interpretation: Look for zero to three occurrences of the decimal digits 0 through 9.

Box 2: {6}
Quantifiers
A quantifier specifies how many instances of the previous element (which can be a character, a group, or a character class) must be present in the input string for a match to occur. Quantifiers include the language elements listed in the following table.

Quantifier: { n }
Description: Matches the previous element exactly n times.
Pattern: ",\d{3}"
Matches: ",043" in "1,043.6", ",876", ",543", and ",210" in "9,876,543,210"


Reference:

https://learn.microsoft.com/en-us/dotnet/standard/base-types/regular-expressions https://learn.microsoft.com/en-us/dotnet/standard/base-types/regular-expression-language-quick-reference



View Related Case Study

You have a Microsoft 365 E5 subscription that contains a Windows 11 device named Device1 and three users named User1, User2, and User3.

You plan to deploy Azure information Protection (AIP) and the Microsoft Purview information Protection client to Device1.

You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment:

User1 will test the functionality of the client.


User2 will install and configure the Microsoft Rights Management connector.


User3 will be configured as the service account for the information protection scanner.


The solution must maximize the security of the sign-in process for the users.

What should you do?

  1. Exclude User1 and User2 from multifactor authentication (MFA).
  2. Enable User2 and User3 for passwordless authentication.
  3. Exclude User2 and User3 from multifactor authentication (MFA).
  4. Enable User1, User2, and User3 for passkey (FIDO2) authentication.

Answer(s): C

Explanation:

Multi-factor authentication (MFA) and Azure Information Protection Rights Management connector requirements
The Rights Management connector and the Microsoft Purview Information Protection scanner do not support MFA.
If you deploy the connector or scanner, the following accounts must not require MFA:
The account that installs and configures the connector. [User2] The service principal account in Microsoft Entra ID, Aadrm_S-1-7-0, that the connector creates.
The service account that runs the scanner. [User3]


Reference:

https://learn.microsoft.com/en-us/azure/information-protection/requirements-azure-ad



View Related Case Study

Your company has Microsoft 369 E5 subscription and plans to use Microsoft Purview Advanced Message Encryption.

Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft 365 logo.

What should you do to create the branding templates?

  1. Create an RMS template.
  2. Create a Transport rule.
  3. Run the New-OMEConfiguration cmdlet.
  4. Run the Set-IRMConfiguration cmdlet.

Answer(s): C


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/add-your-organization-brand-to-encrypted- messages



View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You use project codes that have a format of three alphabetical characters that represent the project type, followed by three digits, for example Abc123.

You need to create a new sensitive info type for the project codes.

How should you configure the regular expression to detect the content? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://joannecklein.com/2018/08/07/build-and-use-custom-sensitive-information-types-in-office-365/



View Related Case Study

You have a Microsoft 365 alert named Alert2 as shown in the following exhibit.



You need to manage the status of Alert2.

To which status can you change Alert2?

  1. The status cannot be changed.
  2. Dismissed only
  3. Investigating only
  4. Active or Investigating only
  5. Investigating, Active, or Dismissed

Answer(s): E

Explanation:

Despite status showing resolved it still can be changed. Select alert > Under Alert status > Actions > select "Edit comments" > choose new status: Active, Investigating, Dismissed or Resolved. Alert status will change
Note: Alert status
When an alert is created, its status is Active. As you review the details of each alert, you can update its status to any of the states listed below:
Active: default state of the alert until its status is changed Investigating: alert is under investigation
Resolved: the alert doesn't require further investigation or follow-up Dismissed: the alert isn't relevant or doesn't need investigation


Reference:

https://learn.microsoft.com/en-us/purview/compliance-manager-alert-policies https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-configure-view-alerts-policies



View Related Case Study

You have a Microsoft 365 subscription that uses retention label policies.

You need to identify all the changes made to retention labels during the last 30 days.

What should you use in the Microsoft Purview portal?

  1. Reports
  2. Activity explorer
  3. Content search
  4. Use data search

Answer(s): B

Explanation:

Activity explorer rounds out this suite of functionality by allowing you to monitor what's being done with your labeled content. Activity explorer provides a historical view of activities on your labeled content. The activity information is collected from the Microsoft 365 unified audit logs, transformed, and made available in the Activity explorer UI. Activity explorer reports on up to 30 days worth of data.
There are over 30 different filters available for use, some are:
Date range
Activity type
Location
User
Sensitivity label
Retention label
File path
DLP policy


Reference:

https://learn.microsoft.com/en-us/microsoft-365/compliance/data-classification-activity-explore



Viewing page 4 of 27
Viewing questions 25 - 32 out of 264 questions



Post your Comments and Discuss Microsoft SC-401 exam dumps with other Community members:

SC-401 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!