[Q81-Q103] Valid SC-401 Practice Test Dumps with 100% Passing Guarantee [Dec-2025]

Share

Valid SC-401 Practice Test Dumps with 100% Passing Guarantee [Dec-2025]

SC-401 PDF Dumps Are Helpful To produce Your Dreams Correct QA's

NEW QUESTION # 81
You have a Microsoft 36S subscription that contains the sensitive information types (SITs) shown in the following exhibit.

Use the drop-down menus To select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct flection is worth one point.

Answer:

Explanation:

Explanation:

Step 1 - Understanding the scenario
The screenshot shows multiple Sensitive Information Types (SITs) in Microsoft Purview, including:
ABA Routing Number (Microsoft-built)
ASP.NET Machine Key (Microsoft-built)
Adatum document patterns (custom, Fingerprint type)
Adatum numbers (custom, Entity type)
Bundled SITs (like All Credential Types, All Full Names)
The question is asking:
Which SITs can you copy to create a new SIT?
Which SITs can you edit directly without copying?
Step 2 - Microsoft rules for SITs
Built-in SITs (published by Microsoft Corporation):
These cannot be edited directly. To modify them, you must create a copy first.
Custom SITs (created in your tenant, e.g., Contoso):
These can be edited directly without making a copy.
Reference: Create a custom sensitive information type
Step 3 - Apply to the exhibit
"Adatum numbers" is published by Contoso (the organization), so it is a custom SIT. This means it can be edited directly.
All SITs, whether built-in or custom, can be copied to form a new SIT.


NEW QUESTION # 82
You need to provide a user with the ability to view data loss prevention (DIP) alerts in the Microsoft Purview portal. The solution must use the principle of least privilege.
Which role should you assign to the user?

  • A. Security Reader
  • B. Security Operator
  • C. Compliance Data Administrator
  • D. Compliance Administrator

Answer: D


NEW QUESTION # 83
You need to meet the retention requirement for the users' Microsoft 365 data.
What is the minimum number of retention policies required to achieve the goal?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: A

Explanation:
The requirement states that all Microsoft 365 data for users must be retained for at least one year. In Microsoft 365, retention policies must be configured for each type of data storage.
Step 1: Identifying Where Data is Stored
From the case study, users store data in the following locations:
*SharePoint Online sites
*OneDrive accounts
*Exchange email
*Exchange public folders
*Teams chats
*Teams channel messages
Since these locations fall under two broad categories:
*Microsoft Exchange data (Emails, Public folders)
*SharePoint, OneDrive, and Teams data
Step 2: Required Retention Policies
A single retention policy can cover:
*SharePoint Online
*OneDrive
*Microsoft Teams
2. A second retention policy is required for:
*Exchange (Emails & Public Folders)
Thus, the minimum number of retention policies required to meet the requirement is 2.
Microsoft 365 retention policies can be applied broadly across multiple services with just two policies:
*One for Exchange & Public Folders
*One for SharePoint, OneDrive, and Teams
There's no need for separate policies for each individual workload unless different retention durations are required, which is not stated in the requirement.


NEW QUESTION # 84
You have a Microsoft 365 subscription. Auditing is enabled.
A user named User1 is a member of a dynamic security group named Group1.
You discover that User1 is no longer a member of Group1.
You need to search the audit log to identify why User1 was removed from Group1.
Which two activities should you use in the search? To answer, select the appropriate activities in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 85
HOTSPOT
You have a Microsoft SharePoint Online site that contains the following files.

Users are assigned roles for the site as shown in the following table.

Which files can User1 and User2 open? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 86
You have a Microsoft 365 E5 tenant that has devices onboarded to Microsoft Defender for Endpoint as shown in the following table.

You plan to start using Microsoft 365 Endpoint data loss protection (Endpoint DLP).
Which devices support Endpoint DLP?

  • A. Device1 and Device2 only
  • B. Device1, Device2, and Device4 only
  • C. Device1 and Device4 only
  • D. Device1, Device2, Device3, and Device4
  • E. Device1 only

Answer: A

Explanation:
Microsoft 365 Endpoint data loss prevention (Endpoint DLP) is supported only on Windows 10 and Windows
11 devices. It does not support macOS or iOS at this time.
From the provided table:
# Device1 (Windows 11) - Supported
# Device2 (Windows 10) - Supported
# Device3 (iOS) - Not supported
# Device4 (macOS) - Not supported
Thus, only Device1 and Device2 support Endpoint DLP.


NEW QUESTION # 87
You have a Microsoft 365 E5 subscriptions.
You deploy Microsoft Purview Data Security Posture Management for Al (DSPM for Al).
You need to edit the default policies created as part of the deployment.
Which two Microsoft Purview solutions should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Information Barriers
  • B. DSPMforAI
  • C. Data Lifecycle Management
  • D. Compliance Manager
  • E. Insider Risk Management
  • F. Information Protection
  • G. Data Loss Prevention

Answer: F,G


NEW QUESTION # 88
You have a Microsoft 365 E5 subscription.
You need to enable support for sensitivity labels in Microsoft SharePoint Online.
What should you use?

  • A. the Microsoft 365 admin center
  • B. the SharePoint admin center
  • C. the Microsoft Purview portal
  • D. the Microsoft Entra admin center

Answer: B

Explanation:
To enable support for sensitivity labels in Microsoft SharePoint Online, you must configure the setting in the SharePoint admin center.
Sensitivity labels in SharePoint Online allow labeling and protection of files stored in SharePoint and OneDrive. This feature must be enabled in the SharePoint admin center → Settings → Information protection to allow sensitivity labels to apply encryption and protection to stored documents.


NEW QUESTION # 89
You have a Microsoft 365 E5 subscription.
You receive the data loss prevention (DLP) alert shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 90
You have a Microsoft 36S ES subscription.
You need to create the Microsoft Purview insider risk management policies shown in the following table.

Which policy template should you use for each policy? To answer, drag the appropriate policy templates to the correct polices Each template may be used once more than once or not at all. You may need to drag the split bar between panes or scroll to view..

Answer:

Explanation:

Explanation:


NEW QUESTION # 91
HOTSPOT
You have a Microsoft SharePoint Online site that contains the following files.

Users are assigned roles for the site as shown in the following table.

Which files can User1 and User2 open? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Let's break it down:
File1.docx # DLP action = None
No DLP restrictions, so it is fully accessible to both User1 (owner) and User2 (member).
File2.docx # DLP action = Matched by DLP
"Matched" means the DLP policy detected sensitive content but has not blocked access. Instead, it may generate an alert or policy tip.
Both User1 and User2 can still open this file.
File3.docx # DLP action = Blocked by DLP
"Blocked" means the DLP policy actively restricts access or sharing of the file.
User2 (member) cannot open this file.
However, User1 (site owner) can open it because site collection admins and owners always retain full control over content, even if a DLP rule applies.
Ref: Microsoft Purview DLP policy tips and enforcement
# DLP policies do not prevent SharePoint/OneDrive site collection admins (owners) from accessing content.
# Final Answer Table:
User1 (Site Owner): File1.docx, File2.docx, File3.docx
User2 (Site Member): File1.docx, File2.docx


NEW QUESTION # 92
You have two Microsoft 365 subscriptions named Contoso and Fabrikam. The subscriptions contain the users shown in the following table.

You have a sensitivity label named Sensitivity! as shown in the exhibit. (Click the Exhibit tab) you have the files shown in the following table.

For each of the following statements, select yes if the statement is true. Otherwise select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 93
You need to meet the technical requirements for the creation of the sensitivity labels.
To which user or users must you assign the Sensitivity Label Administrator role?

  • A. Admin1, Admin2, and Admin3 only
  • B. Admin1 only
  • C. Admin1 and Admin5 only
  • D. Admin1, Admin2, Admin4, and Admin5 only
  • E. Admin1 and Admin4 only

Answer: A

Explanation:
To meet the requirement that all administrative users must be able to create Microsoft 365 sensitivity labels, we need to assign the Sensitivity Label Administrator role to the correct users.
Sensitivity Label Administrator Role Responsibilities
This role allows users to:
# Create and manage sensitivity labels in Microsoft Purview.
# Publish and configure auto-labeling policies.
# Modify label encryption and content marking settings.
Review of Admin Roles from the Table:
A screenshot of a computer AI-generated content may be incorrect.

Users that must be assigned the Sensitivity Label Administrator role:
# Admin2 (Compliance Data Administrator)
# Admin3 (Compliance Administrator)
# Admin1 (Global Reader) (should be assigned this role to fulfill the requirement that all admins can create labels).


NEW QUESTION # 94
You have a Microsoft 36S subscription that contains the users shown in the following table.

You create the data loss prevention (DLP) policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 95
You have a Microsoft 365 E5 tenant.
You have sensitivity labels as shown in the Sensitivity Labels exhibit. (Click the Sensitivity Labels tab.)

The Confidential/External sensitivity label is configured to encrypt files and emails when applied to content.
The sensitivity labels ate published as shown in the Published exhibit. (Click the Published tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 96
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need ensure that an incident will be generated when a user visits a phishing website.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 97
Your company has a Microsoft 365 tenant.
The company performs annual employee assessments. The assessment results are recorded in a document named AssessmentTemplate.docx that is created by using a Microsoft Word template. Copies of the employee assessments are sent to employees and their managers.
The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive folders. A copy of each assessment is also stored in a SharePoint Online folder named Assessments.
You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users. You will use a document fingerprint to identify the assessment documents. The solution must minimize effort.
What should you include in the solution?

  • A. Create a fingerprint of 100 sample documents in the Assessments folder.
  • B. Create a fingerprint of AssessmentTemplate.docx.
  • C. Create a sensitive info type that uses Exact Data Match (EDM).
  • D. Import 100 sample documents from the Assessments folder to a seed folder.

Answer: B

Explanation:
Since all employee assessments follow a specific template (AssessmentTemplate.docx), the best way to identify these documents for Data Loss Prevention (DLP) is to create a document fingerprint of that template.
Document fingerprinting allows Microsoft 365 DLP policies to recognize documents based on their structure and format, even when content inside varies (such as different employee names and results). By creating a fingerprint of AssessmentTemplate.docx, any copy derived from that template will be automatically detected by the DLP policy and blocked from being emailed externally.
Steps to implement:
*Create a document fingerprint of AssessmentTemplate.docx using PowerShell and the Microsoft Purview compliance portal.
*Apply a DLP policy to prevent external sharing of documents matching this fingerprint.
*Test the policy by attempting to email an assessment externally.


NEW QUESTION # 98
You have Microsoft 365 E5 tenant that has a domain name of 86s40q.ofimicrosoft.com. The tenant contains the users shown in the following table.

You have a published sensitivity label.
The Access control settings for the sensitivity label are configured as shown in the exhibit (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation:


NEW QUESTION # 99
You have a Microsoft 365 E5 subscription. The subscription contains devices that are onboarded to Microsoft Purview and configured as shown in the following table.

The subscription contains the users shown in the following table.

You need to review the activities.
What should you use for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 100
You have a Microsoft J65 E5 subscription that contains a user named User1.
All users are assigned Microsoft 365 Copilot licenses.
You deploy Microsoft Purview Data Security Posture Management for Al (DSPM for Al).
You need to ensure that User1 can analyze prompts and responses for Al interaction events. The solution must follow the principle of least privilege.
To which two role groups should you add User1? Each correct answer presents part of the solution.
NOTE; Each correct selection is worth one point.

  • A. Content Explorer Content Viewer
  • B. Security Reader
  • C. Information Protection Analysts
  • D. Insider Risk Management Investigators
  • E. Content Explorer list Viewer

Answer: C,E

Explanation:
The requirement is that User1 must be able to analyze prompts and responses for AI interaction events in Microsoft Purview DSPM for AI, while following the principle of least privilege.
Information Protection Analysts role group:
Members can review and analyze sensitive data activity, including AI interaction events collected by Purview DSPM. This role is specifically intended for analysts monitoring sensitive information and is therefore necessary for User1.
Content Explorer List Viewer role group:
Members can see metadata about items with sensitive information, such as file names, locations, sensitivity labels, and policy matches, without accessing the actual file content. This provides the required visibility for AI-related data classification and interaction analysis while adhering to the least privilege principle.
Roles not required:
Content Explorer Content Viewer would give the ability to view the actual content of files, which is more access than needed.
Security Reader is intended for reviewing alerts and incidents but not for analyzing AI prompts and responses.
Insider Risk Management Investigators focus on insider risk investigations, not AI event analysis.
References:
Microsoft Learn: Microsoft Purview compliance portal permissions
Microsoft Learn: Use Content Explorer in data classification


NEW QUESTION # 101
You have a Microsoft 36S subscription that contains the sensitive information types (SITs) shown in the following exhibit.

Use the drop-down menus To select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct flection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 102
DRAG DROP
You need to create a trainable classifier that can be used as a condition in an auto-apply retention label policy.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation:

To create a trainable classifier that can be used in an auto-apply retention label policy, you need to follow these key steps:
1. Create the trainable classifier
This is the first step where you define the classifier, specifying the types of content it should identify.
2. Test the trainable classifier
Before using the classifier in production, you need to validate its accuracy by testing it against sample documents to ensure it correctly classifies the intended data.
3. Publish the trainable classifier
Once testing is successful, you must publish the classifier so that it can be used in policies like auto-apply retention labels in Microsoft Purview.


NEW QUESTION # 103
......

Cover SC-401 Exam Questions Make Sure You 100% Pass: https://simplilearn.lead1pass.com/Microsoft/SC-401-practice-exam-dumps.html