SC-401 exam domains
The SC-401 exam is weighted across 3 domains. Pick any domain below to drill it — or read the full breakdown in the FAQ.
| Exam domain | Exam weight | Practice |
|---|---|---|
| Implement information protection | 34% | Practice this topic |
| Implement data loss prevention and retention | 33% | Practice this topic |
| Manage risks, alerts, and activities | 33% | Practice this topic |
Sample SC-401 questions
A sample of the SC-401 questions on this hub. Each links through to the full question, the correct answer, and an explanation of why every other option is wrong.
- A security analyst at Contoso needs to determine which users have recently lowered the sensitivity label on documents from 'Confidential' to 'General'…View question
- Contoso needs to send encrypted financial reports to external partners via email. Compliance requires that recipients accessing these encrypted messag…View question
- Your organization uses Microsoft Purview Message Encryption. The legal team frequently sends encrypted emails containing settlement details to externa…View question
- A compliance investigator at Contoso needs to determine which user accessed a specific highly confidential file stored in SharePoint Online, when it w…View question
- A security analyst at Contoso is investigating a suspected business email compromise. They need to determine exactly which email messages in a comprom…View question
- Contoso wants to automatically apply a sensitivity label to email messages sent through Exchange Online whenever the message body contains credit card…View question
- Your organization has created a new auto-labeling policy in Microsoft Purview to apply the 'Highly Confidential' sensitivity label to documents in Sha…View question
- Contoso needs a sensitive information type that flags any document containing one of roughly 5,000 internal project code names your R&D team maintains…View question
- Your organization uses Microsoft Purview to classify documents with sensitivity labels. A compliance analyst named Dana needs to browse the actual con…View question
- You are a compliance administrator at Contoso. Management asks for a report that shows the current count of documents and emails that carry each sensi…View question
Key SC-401 terms
Start with these terms, then explore the full glossary. Each links to a plain-English definition written for the SC-401 exam.
SC-401 frequently asked questions
What is the SC-401 certification?+
Microsoft positions the Information Security Administrator as planning and implementing information security of sensitive data with Microsoft Purview and related services, protecting data from internal and external threats and protecting data used by AI services.
It expects familiarity with all Microsoft 365 services, PowerShell, Microsoft Entra, the Microsoft Defender portal, and Microsoft Defender for Cloud Apps.
What topics are on the SC-401 exam?+
The SC-401 exam is organised into three weighted domains. Microsoft publishes all three at the same 30–35% range, so treat them as equally weighted — the percentages below are the shared midpoint, normalized to total 100, with a one-point rounding difference only because thirds do not divide evenly.
Implement information protection (34%)
Covers data classification (sensitive info types, document fingerprinting, exact data match, trainable classifiers, OCR), sensitivity labels for items and containers (protection settings, publishing and auto-labeling), and information protection for Windows, file shares, and Exchange (Information Protection client and scanner, Message Encryption).
Implement data loss prevention and retention (33%)
Covers data loss prevention (DLP policies, roles, Adaptive Protection, policy precedence), Endpoint DLP (device requirements, advanced rules, just-in-time protection), and retention (retention labels and policies, adaptive scopes, policy precedence, recovering retained content).
Manage risks, alerts, and activities (33%)
Covers Insider Risk Management (connectors, policy templates and indicators, cases, forensic evidence, Adaptive Protection), managing security alerts and activities (Purview Audit, Activity explorer, DLP alerts, eDiscovery), and protecting data used by AI services with Data Security Posture Management (DSPM) for AI.
Is the SC-401 hard?+
SC-401 is an associate exam that expects genuine Purview skill — building classifiers and labels, configuring DLP and retention, and managing insider risk — not just recognition of features.
The difficulty comes from the breadth across information protection, DLP, retention, and insider risk, plus the newer DSPM-for-AI content, and from scenario questions that hinge on the right Purview control. Hands-on time in the Purview portal is the key.
How many questions are on the SC-401 exam and how long is it?+
Microsoft does not fix a single public question count for SC-401; it typically presents roughly 40–60 questions in a mix of formats — multiple choice, multiple response, and case studies — and Microsoft allots 100 minutes to complete the assessment.
Our full-length practice mock uses a 60-question, 100-minute session so you can rehearse pacing under realistic time pressure before test day.
What score do you need to pass the SC-401?+
Microsoft scores SC-401 on a scale of 1 to 1,000, and the passing score is 700. That is a scaled score rather than a raw 70%, because Microsoft adjusts for question difficulty, and there is no penalty for wrong answers, so you should never leave a question blank. Our practice mock uses a 70% threshold to give you a comparable target.
How much does the SC-401 exam cost?+
The SC-401 exam fee is set by Microsoft and varies by region — check the Microsoft certification page for current pricing. Microsoft associate certifications are valid for one year and can be renewed for free through an online assessment on Microsoft Learn. Everything on this hub is free.
Who should take the SC-401?+
SC-401 is aimed at information security administrators who protect sensitive data with Microsoft Purview, working alongside governance, data, and security roles.
Microsoft recommends familiarity with all Microsoft 365 services, PowerShell, Microsoft Entra, the Defender portal, and Defender for Cloud Apps, though there is no formal prerequisite.
What jobs and salaries can the SC-401 lead to?+
SC-401 maps to roles such as information security administrator, data protection administrator, and compliance or governance specialist working in Microsoft Purview.
How much any certification affects pay depends heavily on geography, seniority, and hands-on experience, so treat any single salary figure with caution. SC-401 is best viewed as validation of Purview information-security skill rather than a guaranteed raise on its own.
How long does it take to study for the SC-401?+
Candidates with Microsoft 365 security or compliance experience often need four to eight weeks; those newer to Purview should plan longer. The most efficient path is to study each domain while configuring labels, DLP, retention, and insider risk in the Purview portal.
Review every explanation, including for questions you answered correctly, because SC-401 distractors are built from plausible but incorrect Purview choices. Use the per-domain results here to find and shore up your weakest area, then finish with full-length timed mocks.
How should you prepare for the SC-401?+
Study the three equally weighted domains above, then drill scenario questions domain by domain. Every MockAPI question reveals a full explanation and tells you why each wrong answer is wrong — essential for an exam that turns on exact Purview configuration.
When you can answer scenarios comfortably, move to full-length timed mocks alongside hands-on Purview practice. Use the glossary to keep concepts like sensitivity labels, DLP, Adaptive Protection, and DSPM for AI straight, and aim to score consistently above the pass mark before you book.
Can you take the SC-401 exam online?+
Yes. Microsoft delivers SC-401 through Pearson VUE, so you can test at a physical Pearson VUE centre or online with remote proctoring (OnVUE). The online exam requires a private, quiet room, a clear workspace, a webcam and microphone, a stable connection, and government-issued photo ID, with a proctor monitoring you and a room scan before you start.
If you do not pass, Microsoft requires a 24-hour wait before a second attempt; after that, a 14-day wait applies between further attempts, with a limit of five attempts in a 12-month period, and each attempt needs its own registration.
What certification should you take after the SC-401?+
After SC-401, common next steps include the Cybersecurity Architect Expert (SC-100) for broader security architecture, or the Identity and Access Administrator (SC-300) and Security Operations Analyst (SC-200) to round out the security portfolio.
For many, the real next step is owning information protection in production. Pairing SC-401 with hands-on Purview experience is what turns the certificate into a career.