Microsoft Administering Information Security in Microsoft 365 - SC-401 Exam Practice Test
Hotspot Question
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
The subscription contains the groups shown in the following table.
You plan to create a priority user group named Priority1.
You need to identify the following:
- Which users and groups can be added to Priority1?
- Which users can be enabled to view alerts that involve the members of Priority1?
What should you identify? To answer, select the appropriate options in the answer area.
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
The subscription contains the groups shown in the following table.
You plan to create a priority user group named Priority1.
You need to identify the following:
- Which users and groups can be added to Priority1?
- Which users can be enabled to view alerts that involve the members of Priority1?
What should you identify? To answer, select the appropriate options in the answer area.
Correct Answer:
Explanation:
Box 1: User1, User2, and User3 only
* User1 - Yes
User1 is Global Administrator.
A Global Administrator in Microsoft 365 can be added to a priority user group.
Priority User Groups:
These groups are often used to grant specific access or prioritize certain users. Global Administrators can add themselves or other users to these groups.
* User2 - Yes
An Insider Risk Management Analyst can be added to a priority user group.
* User3 - Yes
Insider Risk Management Investigations can be associated with or scoped to a Priority User Group (PUG).
* Group1 - No
You cannot directly add a security group as a member of a priority user group.
* Group2 - No
Box 2: User2 and User3 only
* User1 - No
* User2 - Yes, User3 - Yes
Instead of being open to review by all analysts and investigators, priority user groups might also need to restrict review activities to specific users or insider risk role groups. You can choose to assign individual users and role groups to review users, alerts, cases, and reports for each priority user group. Priority user groups can have review permissions assigned to the built-in Insider Risk Management, Insider Risk Management Analysts, and Insider Risk Management Investigators role groups, one or more of these role groups, or to a custom selection of users.
Reference:
https://learn.microsoft.com/en-us/purview/insider-risk-management-settings-priority-user-groups
Hotspot Question
You have a Microsoft 365 E5 subscription.
You create an adaptive scope named Scope1 as shown in the following exhibit.
You create a retention policy named Policy1 that includes Scope1.
To which three locations can you apply Policy1? To answer select the appropriate locations in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
You create an adaptive scope named Scope1 as shown in the following exhibit.
You create a retention policy named Policy1 that includes Scope1.
To which three locations can you apply Policy1? To answer select the appropriate locations in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
A retention policy with an adaptive scope defined by the Microsoft 365 Groups type can be applied to Exchange email, SharePoint sites, and OneDrive accounts. However, the scope is most effective when applied to locations that are a part of the Microsoft 365 Group, such as the group's mailbox (Exchange email) and the group's associated SharePoint site, which includes its OneDrive for Business account.
Box 1: Exchange email
Box 2: SharePoint sites
Box 3: OneDrive accounts
How it works
Adaptive Scopes: These scopes are dynamic filters that automatically identify target locations for a retention policy.
Group Type Scope: When you use the "Microsoft 365 Groups" scope type, it targets content associated with a group, which includes:
The group's mailbox in Exchange.
The group's associated SharePoint site.
The group's associated OneDrive for Business account.
Application: The policy is automatically applied to all users and sites within the group, making it a scalable solution for managing retention across the group's entire ecosystem.
Flexibility: This is particularly useful for organizations where group membership and content locations change frequently, as the policy automatically adapts to these changes.
Reference:
https://learn.microsoft.com/en-us/purview/purview-adaptive-scopes
Drag and Drop Question
You have a Microsoft 365 subscription that contains 20 data loss prevention (DLP) policies.
You need to identify the following:
- Rules that are applied without triggering a policy alert
- The top 10 files that have matched DLP policies
- Alerts that are miscategorized
Which report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that contains 20 data loss prevention (DLP) policies.
You need to identify the following:
- Rules that are applied without triggering a policy alert
- The top 10 files that have matched DLP policies
- Alerts that are miscategorized
Which report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Correct Answer:
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Purview and just-in-time (JIT) protection. The subscription contains the users shown in the following table.
The subscription contains the devices shown in the following table.
The devices contain the files shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Purview and just-in-time (JIT) protection. The subscription contains the users shown in the following table.
The subscription contains the devices shown in the following table.
The devices contain the files shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Statement 1 - No. User1 is included in JIT protection. File1.docx is on Device1, which is onboarded to Microsoft Defender. However, File1.docx has not been evaluated for file classification, meaning JIT cannot enforce protection on it. If User2 signs in to Device2 and attempts to attach File2.pdf to an email, JIT will block the action.
Statement 2 - No. User2 is not configured for JIT protection (JIT does not apply to them).
File2.pdf has been evaluated for classification, but since User2 is not included in JIT protection, no blocking occurs. If User3 attempts to copy File3.xlsx to a network share, JIT will generate an audit event.
Statement 3 - No. User3 is included in JIT protection. However, Device3 is not onboarded to Microsoft Defender, meaning JIT protection cannot enforce actions on it. File3.xlsx has not been evaluated, so even if the device were onboarded, JIT would not have classification data to act upon.
Hotspot Question
You have a Microsoft 365 tenant that uses Microsoft Teams.
You create a data loss prevention (DLP) policy to prevent Microsoft Teams users from sharing sensitive information, You need to identify which locations must be selected to meet the following requirements:
- Documents that contain sensitive information must not be shared
inappropriately in Microsoft Teams.
- If a user attempts to share sensitive information during a Microsoft
Teams chat session, the message must be deleted immediately.
Which three locations should you select? To answer, select the appropriate locations in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 tenant that uses Microsoft Teams.
You create a data loss prevention (DLP) policy to prevent Microsoft Teams users from sharing sensitive information, You need to identify which locations must be selected to meet the following requirements:
- Documents that contain sensitive information must not be shared
inappropriately in Microsoft Teams.
- If a user attempts to share sensitive information during a Microsoft
Teams chat session, the message must be deleted immediately.
Which three locations should you select? To answer, select the appropriate locations in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Reference:
https://learn.microsoft.com/en-us/microsoft-365/compliance/retention
You have a data loss prevention (DLP) policy configured for endpoints as shown in the following exhibit.
From a computer named Computer1, a user can sometimes upload files to cloud services and sometimes cannot. Other users experience the same issue.
What are two possible causes of the issue? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
From a computer named Computer1, a user can sometimes upload files to cloud services and sometimes cannot. Other users experience the same issue.
What are two possible causes of the issue? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Correct Answer: B,E
Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.
In the Microsoft Purview portal, you create a content search named Content1 and configure the search conditions as shown in the following exhibit.
Which files will be returned by Content1?
In the Microsoft Purview portal, you create a content search named Content1 and configure the search conditions as shown in the following exhibit.
Which files will be returned by Content1?
Correct Answer: A
Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).
You need to test Microsoft Purview Advanced Message Encryption capabilities for your company.
The test must verify the following information:
- The acquired default template names
- The encryption and decryption verification status
Which PowerShell cmdlet should you run?
The test must verify the following information:
- The acquired default template names
- The encryption and decryption verification status
Which PowerShell cmdlet should you run?
Correct Answer: D
Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).
Hotspot Question
You have a Microsoft 365 E5 subscription.
You plan to implement Microsoft Purview insider risk management.
You need to recommend policy templates that meet the following requirements:
- Contain risk indicators and scoring for when a user receives a poor
performance review.
- Contain risk indicators and scoring for when a user disables security features on a device.
Which template should you use for each requirement? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
You plan to implement Microsoft Purview insider risk management.
You need to recommend policy templates that meet the following requirements:
- Contain risk indicators and scoring for when a user receives a poor
performance review.
- Contain risk indicators and scoring for when a user disables security features on a device.
Which template should you use for each requirement? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: Security policy violations by risky users
Contain risk indicators and scoring for when a user receives a poor performance review.
Security policy violations by risky users
Users that experience employment stressors might be at a higher risk for inadvertent or malicious security policy violations. These stressors could include a user being placed on a performance improvement plan, having a poor performance review, or experiencing a demotion. This policy template starts risk scoring based on these indicators and activities associated with these types of events.
Box 2: Security policy violations
Contain risk indicators and scoring for when a user disables security features on a device.
Security policy violations
In many organizations, users have permission to install software on their devices or to modify device settings to help with their tasks. Either inadvertently or with malicious intent, users might install malware or *disable important security features* that help protect information on their device or on your network resources. This policy template uses security alerts from Microsoft Defender for Endpoint to start scoring these activities and focus detection and alerts to this risk area. Use this template to provide insights for security policy violations in scenarios when users might have a history of security policy violations that might be an indicator of insider risk.
Reference:
https://learn.microsoft.com/en-us/purview/insider-risk-management-policy-templates
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Teams and contains the users shown in the following table.
You have the retention policies shown in the following table.
The users perform the actions shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Teams and contains the users shown in the following table.
You have the retention policies shown in the following table.
The users perform the actions shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
Box 1: No
It will be retained for seven years.
Both Policy1 and Policy2 apply.
If there is a conflict in how long to retain the same content, it is retained in the secured location for the longest retention period.
Note: If you configure a Teams retention policy to retain chats or channel messages, users Box 2: No User2 creates the message in chat. Policy2 applies. The message will be retained for 5 years.
Box 3: Yes
After a retention policy is configured for chat and channel messages, a timer job from the Exchange service periodically evaluates items in the hidden mailbox folder where these Teams messages are stored. The timer job typically takes 1-7 days to run. When these items have expired their retention period, they are moved to the SubstrateHolds folder-another hidden folder that's in every user or group mailbox to store "soft-deleted" items before they're permanently deleted.
Messages remain in the SubstrateHolds folder for at least 1 day, and then if they're eligible for deletion, the timer job permanently deletes them the next time it runs.
Reference:
https://docs.microsoft.com/en-us/microsoftteams/retention-policies
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-teams