Microsoft SC-401 시험

Question No : 1

You have a Microsoft 365 E5 subscription.
You need to create static retention policies for the following locations:
● Teams chats
● Exchange email
● SharePoint sites
● Microsoft 365 Groups
● Teams channel messages
What is the minimum number of retention policies required?

• A.1
• B.2
• C.3
• D.4
• E.5

답을 확인하기

정답:
Explanation:
In Microsoft Purview Data Lifecycle Management, different Microsoft 365 locations require separate retention policies because they fall under different storage and compliance models.
Teams Chats & Teams Channel Messages (1 Policy) require a separate retention policy because Teams messages are stored differently than Exchange and SharePoint content. One policy can cover both Teams chats and Teams channel messages. Exchange Email (1 Policy) requires its own separate policy since emails are managed differently than Teams or SharePoint content. SharePoint Sites & Microsoft 365 Groups (1 Policy) are both stored in SharePoint Online, so they can be managed under one policy.

Question No : 2

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.
You need to implement Microsoft Purview data lifecycle management.
What should you create first?

• A.a sensitivity label policy
• B.a data loss prevention (DLP) policy
• C.an auto-labeling policy
• D.a retention label

답을 확인하기

정답:
Explanation:
To implement Microsoft Purview Data Lifecycle Management for SharePoint Online (Site1), you need to create a retention label first. Retention labels define how long content should be retained or deleted based on compliance requirements. Once a retention label is created, it can be manually or automatically applied to content in SharePoint Online, Exchange, OneDrive, and Teams. After creating a retention label, you can configure label policies to apply them to Site1 and other locations.

Question No : 3

You have a Microsoft 365 subscription.
You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A.From Microsoft Defender for Cloud Apps, create a file policy.
• B.From the SharePoint admin center, modify the Site Settings.
• C.From the SharePoint ad min center, modify the records management settings.
• D.From the Microsoft Purview portal, publish a label.
• E.From the Microsoft Purview portal, create a label.

답을 확인하기

정답:
Explanation:
To allow users to apply retention labels to individual documents in Microsoft SharePoint libraries, you need to create a retention label and publish the label.
In Microsoft Purview, retention labels define how long content should be retained or deleted. You must first create a label that specifies the retention rules. After creating the label, you must publish it so that it becomes available for users in SharePoint document libraries. Once published, users can manually apply the retention label to individual documents.

Question No : 4

You are planning a data loss prevention (DLP) solution that will apply to Windows Client computers.
You need to ensure that when users attempt to copy a file that contains sensitive information to a USB storage device, the following requirements are met:
● If the users are members of a group named Group1, the users must be allowed to copy the file, and an event must be recorded in the audit log.
● All other users must be blocked from copying the file.
What should you create?

• A.one DLP policy that contains one DLP rule
• B.one DLP policy that contains two DLP rules
• C.two DLP policies that each contains one DLP rule

답을 확인하기

정답:
Explanation:
To meet the requirements, you need one DLP policy with two separate DLP rules to handle the different conditions:

Question No : 5

HOTSPOT
You have a Microsoft SharePoint Online site that contains the following files.



Users are assigned roles for the site as shown in the following table.



Which files can User1 and User2 open? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

답을 확인하기

정답:

Question No : 6

HOTSPOT
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.



The subscription contains the resources shown in the following table.



You create a sensitivity label named Label1.
You need to publish Label1 and have the label apply automatically.
To what can you publish Label1, and to what can Label1 be auto-applied? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

답을 확인하기

정답:


Explanation:
Box 1: Publishing a Sensitivity Label
Sensitivity labels can be published to Microsoft 365 groups, security groups, SharePoint Online sites, and Microsoft Teams. Since we have:
● Group1 (Microsoft 365 group) - Supported
● Group2 (Security group) - Supported
● Site1 (SharePoint Online site) - Supported
● Team1 (Microsoft Teams team) - Supported
This means we can publish Label1 to Group1, Group2, Site1, and Team1.
Box 2: Auto-Applying a Sensitivity Label
Auto-apply policies for sensitivity labels work on:
● SharePoint Online sites (documents)
● OneDrive (documents)
● Exchange email (messages)
However, labels cannot be auto-applied to Microsoft 365 groups or Teams directly because labels are applied to files and emails, not to groups or Teams as entities. Since Site1 (a SharePoint Online site) supports auto-apply, it is the correct option.

Question No : 7

You have a Microsoft SharePoint Online site named Site1 that contains a document library. The library contains more than 1,000 documents. Some of the documents are job applicant resumes. All the documents are in the English language.
You plan to apply a sensitivity label automatically to any document identified as a resume. Only documents that contain work experience, education, and accomplishments must be labeled automatically.
You need to identify and categorize the resumes. The solution must minimize administrative effort.
What should you include in the solution?

• A.a trainable classifier
• B.a keyword dictionary
• C.a function
• D.an exact data match (EDM) classifier

답을 확인하기

정답:
Explanation:
Since you need to automatically apply a sensitivity label to resumes based on their content and structure (work experience, education, accomplishments), a trainable classifier is the best choice.
Trainable classifiers use machine learning to identify unstructured data, such as resumes, contracts, or legal documents. Instead of relying on predefined patterns (like keywords or regular expressions), a trainable classifier learns from sample documents and can accurately identify resumes even if they are formatted differently.
Final Approach:
● Train a trainable classifier using sample resumes.
● Deploy the classifier in Microsoft Purview.
● Configure a sensitivity label to be automatically applied when a document matches the classifier.

Question No : 8

HOTSPOT
You have a Microsoft 365 E5 subscription.
You need to identify documents that contain patent application numbers containing the letters PA followed by eight digits, for example, PA 12345678. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

답을 확인하기

정답:


Explanation:
Box 1: Since you are looking for a specific pattern (PA followed by eight digits, e.g., PA 12345678), the best classification method is Sensitive Info Type. Sensitive Info Types allow pattern-based matching to identify structured data. Exact Data Match (EDM) is not needed because you're not comparing against a fixed dataset. Trainable classifier is not appropriate because this is a structured pattern, not an unstructured document classification.
Box 2: Since PA 12345678 follows a structured pattern, the most effective method is Regular Expression (Regex). A Regular Expression (Regex) can be written to match "PA" followed by exactly eight digits (e.g., PA\s\d{8}). Keyword dictionary is not ideal because it works for predefined words, not number patterns. Function is unnecessary because there is no need for checksum validation or predefined validation rules.

Question No : 9

You have a Microsoft 365 E5 subscription.
You need to ensure that encrypted email messages sent to an external recipient can be revoked or
will expire within seven days.
What should you configure first?

• A.a custom branding template
• B.a mail flow rule
• C.a sensitivity label
• D.a Conditional Access policy

답을 확인하기

정답:
Explanation:
To ensure that encrypted email messages sent to external recipients can be revoked or expire within seven days, you need to configure a sensitivity label with encryption settings in Microsoft Purview Information Protection. A sensitivity label allows you to encrypt emails and documents, set expiration policies (e.g., emails expire after 7 days), and enable email revocation.
How to configure it?
● Go to Microsoft Purview compliance portal → Information Protection
● Create a sensitivity label
● Enable encryption and configure the content expiration policy
● Publish the label to users

Question No : 10

You have a Microsoft 365 subscription.
You need to customize encrypted email for the subscription. The solution must meet the following requirements.
● Ensure that when an encrypted email is sent, the email includes the company logo.
● Minimize administrative effort.
Which PowerShell cmdlet should you run?

• A.Set-IRMConfiguration
• B.Set-OMEConfiguration
• C.Set-RMSTemplate
• D.New-OMEConfiguration

답을 확인하기

정답:
Explanation:
To customize encrypted email in Microsoft 365, including adding a company logo, you need to modify the Office Message Encryption (OME) branding settings.
The Set-OMEConfiguration PowerShell cmdlet allows you to configure branding elements such as:
● Company logo
● Custom text
● Background color
This cmdlet is used to update existing OME branding settings, ensuring that encrypted emails sent from your organization include the required customizations.

Question No : 11

You have a Microsoft 365 E5 subscription.
You need to enable support for sensitivity labels in Microsoft SharePoint Online.
What should you use?

• A.the Microsoft Purview portal
• B.the Microsoft Entra admin center
• C.the SharePoint admin center
• D.the Microsoft 365 admin center

답을 확인하기

정답:
Explanation:
To enable support for sensitivity labels in Microsoft SharePoint Online, you must configure the setting in the SharePoint admin center.
Sensitivity labels in SharePoint Online allow labeling and protection of files stored in SharePoint and OneDrive. This feature must be enabled in the SharePoint admin center → Settings → Information protection to allow sensitivity labels to apply encryption and protection to stored documents.

Question No : 12

HOTSPOT
You have a Microsoft 365 E5 subscription.
You have a file named Customer.csv that contains a list of 1,000 customer names.
You plan to use Customer.csv to classify documents stored in a Microsoft SharePoint Online library.
What should you create in the Microsoft Purview portal, and which type of element should you select? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

답을 확인하기

정답:

Question No : 13

HOTSPOT
You have a new Microsoft 365 E5 tenant.
You need to create a custom trainable classifier that will detect product order forms. The solution must use the principle of least privilege.
What should you do first? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

답을 확인하기

정답:


Explanation:
To create a custom trainable classifier in Microsoft Purview (formerly Microsoft Compliance Center), you must first opt into the trainable classifier feature.
Before using custom trainable classifiers, Microsoft requires manual opt-in through the Microsoft Purview compliance portal. Without this step, you cannot create a new classifier.
The Compliance Administrator role has the necessary permissions to configure data classification, DLP policies, and trainable classifiers. Global Administrator has higher privileges but is not required for this task, violating the principle of least privilege. Security Administrator is focused on security-related settings but does not manage compliance features like classifiers.

Question No : 14

HOTSPOT
You have a Microsoft 365 E5 tenant that contains a sensitivity label named label1.
You plan to enable co-authoring for encrypted files.
You need to ensure that files that have label1 applied support co-authoring.
Which two settings should you modify? To answer, select the settings in the answer area. NOTE: Each correct selection is worth one point.

답을 확인하기

정답:

Question No : 15

HOTSPOT
You have a Microsoft 365 sensitivity label that is published to all the users in your Microsoft Entra tenant as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

답을 확인하기

정답:


Explanation:
Statement 1 - No. The sensitivity label includes content marking (watermark: INTERNAL), but it only applies to documents where the label is manually or automatically applied, not to all documents by default.
Statement 2 - No. The sensitivity label only specifies a watermark, not a header. If a header marking was configured, it would explicitly appear in the label settings.
Statement 3 - No. There is no indication that auto-labeling is configured to apply the label only to documents with the word "rebranding". Auto-labeling is an optional setting that needs explicit configuration.