100% Free SC-401 Exam Dumps Use Real Microsoft Certified: Information Security Administrator Associate Dumps With 275 Questions!
Pass Your SC-401 Exam Easily With 100% Exam Passing Guarantee [2026]
NEW QUESTION # 77
Hotspot Question
You have a Microsoft 365 E5 subscription that contains the device configurations shown in the following table.
Each configuration uses either Google Chrome or Firefox as a default browser.
You need to implement Microsoft Purview and deploy the Microsoft Purview browser extension to the configurations.
To which configuration can each extension be deployed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Microsoft Purview browser extensions for Endpoint DLP are supported on:
- Windows 10/11 (Config1)
- macOS (Config2)
- Not supported on Android (Config3)
Since Microsoft Purview does not support browser extensions on Android, Config3 is excluded from both Google Chrome and Firefox.
NEW QUESTION # 78
You have a Microsoft 36S ES subscription that contains two Windows devices named Devicel1and Device2 Device1 has the default browser set to Microsoft Edge. Devke2 has the default browser set to Google Chrome.
You need to ensure that Microsoft Purview insider risk management can collect signals when a user copies files to a USB device by using their default browser.
What should you deploy to each device? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 79
You have a Microsoft 365 subscription. Auditing is enabled.
A user named User1 is a member of a dynamic security group named Group1.
You discover that User1 is no longer a member of Group1.
You need to search the audit log to identify why User1 was removed from Group1.
Which two activities should you use in the search? To answer, select the appropriate activities in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Step 1 - Scenario
A user named User1 was a member of a dynamic security group (Group1).
User1 is no longer a member of that group.
You need to determine why User1 was removed by searching the audit log.
Step 2 - How group membership changes are logged in Microsoft 365 audit logs Microsoft 365 audit logs record group membership activities in Azure AD. The most relevant activities for a user disappearing from a group are:
Removed member from group - Directly indicates that a user was removed from a group.
Updated group - Logged when group properties or membership rules (for dynamic groups) are modified. If Group1 is a dynamic group, changes to membership rules could have caused User1 to no longer qualify, and this would appear as an Updated group event.
Step 3 - Why not other options
Deleted user / Deleted group: Would mean the entire user or group object was deleted, not just removal.
Changed user password, Reset user password, Set license properties, Changed user license: These are account- related, not group membership-related.
Added member to group: The opposite action.
Step 4 - Microsoft Reference
From Microsoft documentation:
Audit logs include events such as when a member is added or removed from a group, and when group properties or membership rules are updated.
Reference: Search the audit log in the Microsoft Purview compliance portal
NEW QUESTION # 80
You implement Microsoft 365 Endpoint data loss prevention (Endpoint DIP).
You have computers that run Windows 11 and have Microsoft 365 Apps instated. The computers are joined to a Microsoft Entra tenant You need to ensure that Endpoint DIP policies can protect content on the computers.
Solution: You deploy the Endpoint DLP configuration package to the computers.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
NEW QUESTION # 81
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need to perform a content search for email messages that meet the following requirements:
- Are delivered to both [email protected] and [email protected]
- Are sent from a user account that has a name that starts with the
word Compliance
How should you complete the query in the KQL editor? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: "[email protected] AND [email protected]"
Delivered to both, so we must use AND.
Note:
A space between two keywords or two property:value expressions is the same as using OR. For example, from:"Sara Davis" subject:reorganization returns all messages sent by Sara Davis or messages that contain the word reorganization in the subject line.
Box 2: "Compliance*"
Reference:
https://learn.microsoft.com/en-us/purview/ediscovery-keyword-queries-and-search-conditions
NEW QUESTION # 82
You have a Microsoft 365 subscription that has a retention label named Retention1. The subscription contains the files shown in the following table.
You create an auto-labeling policy named Policy1 that will automatically apply Retention1 as shown in the Auto-labeling policy Exhibit. (Click the Auto-labeling policy tab.) You configure Policy1 to apply Retention1 as shown in the Locations exhibit. (Click the Locations tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 83
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-MailboxFolderPermission -Identity "User1" -User [email protected] - AccessRights Owner command.
Does that meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
The Set-MailboxFolderPermission -Identity "User1" -User [email protected] -AccessRights Owner command is incorrect.
This assigns folder permissions but does not enable auditing. It does not track who accessed the mailbox or deleted emails.
NEW QUESTION # 84
You have a Microsoft 365 E5 subscription that has a Microsoft Purview exact data match (EDM) classifier named EDM1.
You plan to create the Microsoft Purview policies shown in the following table.
Which policies can use EDM1?
- A. DLP1 and Insider1 only
- B. DLP1 only
- C. DLP1, Insider1, and Retention1
- D. Retention1 only
- E. Insider1 and Retention1 only
Answer: A
Explanation:
EDM SITs can be used in:
Auto-labeling (service and client side) [See note below]
*-> Microsoft Purview Data Loss Prevention [DLP1]
*-> Microsoft Purview Insider Risk Management policies [Insider1]
Microsoft Purview eDiscovery
Microsoft Purview Insider Risk Management
Microsoft Defender for Cloud Apps
Reference:
https://learn.microsoft.com/en-us/purview/sit-get-started-exact-data-match-based-sits-overview
https://learn.microsoft.com/en-us/purview/apply-sensitivity-label-automatically
NEW QUESTION # 85
You have a Microsoft 365 sensitivity label that is published to all the users in your Microsoft Entra tenant as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation:
Statement 1 - No. The sensitivity label includes content marking (watermark: INTERNAL), but it only applies to documents where the label is manually or automatically applied, not to all documents by default.
Statement 2 - No. The sensitivity label only specifies a watermark, not a header. If a header marking was configured, it would explicitly appear in the label settings.
Statement 3 - No. There is no indication that auto-labeling is configured to apply the label only to documents with the word "rebranding". Auto-labeling is an optional setting that needs explicit configuration.
NEW QUESTION # 86
HOTSPOT
How many files in Site2 can User1 and User2 access after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
A screenshot of a computer AI-generated content may be incorrect.
Understanding DLP Policy Impact on File Access
The DLP policy (DLPpolicy1) applies to Site2 and restricts access when:
# Content contains SWIFT Codes.
# Instance count is 2 or more.
File Analysis (Based on SWIFT Codes Count)
A screenshot of a computer AI-generated content may be incorrect.
Files that remain accessible (not restricted by DLP):
# File1.docx (Contains only 1 SWIFT Code # Below restriction threshold) User access after DLP policy is applied:
A screenshot of a computer AI-generated content may be incorrect.
User1 (Site Owner):
# Has higher privileges and can override DLP restrictions (through admin intervention).
# Can access 2 files (File1.docx + override access to another file).
User2 (Site Visitor):
# Has read-only access but DLP blocks access to restricted files.
# Can only access 1 file (File1.docx), since all others are restricted.
NEW QUESTION # 87
You have a Microsoft J65 E5 subscription. You plan to implement retention policies for Microsoft Teams.
Which item types can be retained?
- A. embedded images
- B. voice memos from the Teams mobile client
- C. code snippets
Answer: A,C
Explanation:
The question is asking what item types can be retained when implementing Microsoft Teams retention policies in Microsoft 365 E5.
Retention policies in Teams can apply to:
Teams chat messages (1:1 or group chats)
Teams channel messages
Items within those messages, including text, links, and supported embedded objects.
Step 2 - Supported Teams retention items
According to Microsoft documentation:
Retention policies support Teams messages (chats and channel posts) and their associated attachments or in- line content such as:
Embedded images
Code snippets
Tables, links, and reactions
Retention policies do not support certain Teams items, including:
Voicemails
Calls and meetings recordings
Whiteboards
Message reactions (stored separately in Azure services)
Reference: Learn about retention for Teams in Microsoft Purview
Step 3 - Apply to options
A). Voice memos from the Teams mobile client # Not retained by retention policies.
B). Embedded images # Retained because they are part of Teams messages.
C). Code snippets # Retained because they are supported message content.
NEW QUESTION # 88
You have a Microsoft $65 subscription.
You plan to retain the following audit log record types and activities for the next three years.
* Copilotlnteraction: All activities selected (1/1)
o Interacted with Copilot
* Compliance DLP endpoint: All activities selected {2/2)
o Matched DIP rule
o Removed Dl P rule from document
* AzureActiveDirectory 2 of 25 activities selected (2/25)
o Reset user password o Changed user password
What is the minimum number of audit retention policies you should create to retain only the selected record types and activities?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
NEW QUESTION # 89
You are creating a DLP policy named Policy1 that will be applied to the locations as shown in the following exhibit.
Policy1 contains an advanced data loss prevention (DLP) rule named Rule1.
Which two conditions can you use in Rule1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Content contains
- B. Content is shared from Microsoft 365
- C. Document property is
- D. Document size equals or is greater than
- E. Attachment's file extension is
Answer: A,B
Explanation:
You are creating a Data Loss Prevention (DLP) policy in Microsoft 365 with advanced rules. Advanced DLP rules provide more granular conditions and actions than standard DLP rules.
Conditions available in advanced DLP
According to Microsoft Docs on Conditions in DLP policies:
* # Content contains # Used to detect sensitive information types, keywords, or exact data matches.
This is one of the most common and fundamental DLP conditions.
* # Content is shared from Microsoft 365 # Used to detect whether content has been shared externally or with specific domains/users. This is a modern advanced DLP condition.
Why the others are not correct:
* A. Document property is # This condition applies to information governance retention policies
/labels (not DLP). Not available in DLP rules.
* B. Attachment's file extension is # This is supported in Exchange mail flow rules (transport rules) but not in advanced DLP rules.
* C. Document size equals or is greater than # Also applies in Exchange transport rules and certain SharePoint restrictions, but not available as a DLP rule condition.
NEW QUESTION # 90
You have a Microsoft 365 E5 tenant.
You need to add a new keyword dictionary.
What should you create?
- A. a retention policy
- B. a sensitivity label
- C. a trainable classifier
- D. a sensitive info type
Answer: D
Explanation:
To add a new keyword dictionary in Microsoft Purview Data Loss Prevention (DLP), you must create a Sensitive Information Type (SIT).
Sensitive Info Types (SITs) allow you to define custom detection rules, including keyword dictionaries, regular expressions, and functions for identifying sensitive content in emails, documents, and other Microsoft 365 locations. A keyword dictionary is a list of predefined words/phrases that Microsoft Purview can use to identify and classify content for DLP policies.
Steps to add a keyword dictionary:
1. Go to Microsoft Purview compliance portal
2. Navigate to Data classification > Sensitive info types
3. Create a new sensitive info type
4. Add a keyword dictionary
5. Save and use it in a DLP policy
NEW QUESTION # 91
You create a data loss prevention (DLP) policy. The Advanced DLP rules page is shown in the Rules exhibit. (Click the Rules tab)
The Review your settings page is shown in the Review exhibit. (Click the Review tab.)
You need to review the potential impact of enabling the policy without applying the actions.
What should you do?
- A. Exit the policy, and then select I'd like to test it out first.
- B. Edit the policy, remove all the actions in DLP rule 1, and select I'd like to test it out first.
- C. Edit the policy, remove the Restrict access to the content and Send incident report to Administrator actions, and then select Yes, turn it on right away.
- D. Edit the policy, remove all the actions in DLP rule 1, and select Yes, turn it on right away.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-dlp-policy-from-a-template
NEW QUESTION # 92
You have a Microsoft 365 E5 tenant that contains a user named User1. User1 is assigned the Compliance Administrator role. User1 cannot view the regular expression in the IP Address sensitive info type. You need to ensure that User! can view the regular expression. What should you do?
- A. Assign Used to the Reviewer role group
- B. Create a copy of the IP Address sensitive info type and instruct User1 to edit the copy.
- C. Assign User1 the Global Reader role.
- D. Instruct User1 to use the Test function on the sensitive info type.
Answer: B
Explanation:
Step 1 - Problem statement
User1 has the Compliance Administrator role but cannot view the regular expression in the built-in IP Address sensitive info type.
This is expected because:
Microsoft provides a large set of built-in sensitive info types (SITs).
For these built-in SITs, the underlying regular expressions, keywords, or detection logic are not exposed to administrators for security reasons.
As a result, even with Compliance Administrator privileges, User1 cannot directly see or modify the regex in the built-in IP Address SIT.
Step 2 - Microsoft solution
To view or modify the regex:
You must create a copy of the built-in SIT.
Once copied, the new custom SIT allows you to edit and view the regex and supporting elements.
This is the only supported way to customize or examine the detection logic.
# Reference: Create a custom sensitive information type
"You can't directly modify the definitions of built-in sensitive information types, but you can create a copy of an existing SIT and then edit it." Step 3 - Why not the other options?
A). Reviewer role group # Reviewers are for records management/discovery, not SIT regex visibility.
C). Test function # Allows you to test SIT detection but does not reveal the regex.
D). Global Reader role # Read-only access, does not expose regex definitions either.
NEW QUESTION # 93
......
Microsoft SC-401 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
Study resources for the Valid SC-401 Braindumps: https://www.bootcamppdf.com/SC-401_exam-dumps.html
SC-401 Dumps are Available for Instant Access: https://drive.google.com/open?id=1PA0CF-ySMUM0C-R7CWTw2l8vS5hySDII