Implement information protection
Drill 20 practice questions focused entirely on Implement information protection for the Microsoft SC-401 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
Contoso needs to send encrypted financial reports to external partners via email. Compliance requires that recipients accessing these encrypted messages through the web portal lose access automatically after 14 days, and that the organization can revoke access on demand. Which Purview capability must you configure to meet the automatic expiration requirement?
Your organization uses Microsoft Purview Message Encryption. The legal team frequently sends encrypted emails containing settlement details to external recipients at partner law firms. After a recent dispute, the legal team asks you to enable two capabilities: the ability to revoke access to an already-sent encrypted email, and the ability to set an expiration date so external recipients can no longer open the message after 30 days. Which solution meets both requirements?
Contoso wants to automatically apply a sensitivity label to email messages sent through Exchange Online whenever the message body contains credit card numbers, without requiring any user interaction and without depending on whether the user has the Purview Information Protection client installed. Which approach meets all these requirements?
Your organization has created a new auto-labeling policy in Microsoft Purview to apply the 'Highly Confidential' sensitivity label to documents in SharePoint and OneDrive that contain credit card numbers. Before enabling the policy for all users, the compliance team wants to validate which files would be affected and review potential false positives without actually applying any labels. What should you do?
Contoso needs a sensitive information type that flags any document containing one of roughly 5,000 internal project code names your R&D team maintains in a spreadsheet. The list changes frequently and must be easy for a compliance admin to update without editing regular expressions. Which approach in Microsoft Purview should you use?
Your organization uses Microsoft Purview to classify documents with sensitivity labels. A compliance analyst named Dana needs to browse the actual content of files that have been labeled or that contain sensitive information types across SharePoint and Exchange, so she can verify that classification is working correctly. Dana can currently see aggregated label counts but receives an access error when she tries to open individual items in Content explorer. Which role should you assign to Dana to allow her to view the actual content of the classified items?
You are a compliance administrator at Contoso. Management asks for a report that shows the current count of documents and emails that carry each sensitivity label across SharePoint, OneDrive, and Exchange, and they also want to open individual labeled files to verify the applied classification is correct. Which Microsoft Purview capability should you use to see both the aggregated per-label counts and drill into the actual underlying items?
Contoso created a custom sensitive information type (SIT) to detect internal project codes formatted as three uppercase letters followed by a hyphen and five digits. During testing, a DLP policy using this SIT is generating too many false positives because it matches unrelated text strings that happen to fit the pattern. The security team wants to reduce false positives without abandoning the custom SIT. What should they do?
Contoso stores sensitive project files in a sanctioned third-party SaaS cloud storage app that is connected to Microsoft Defender for Cloud Apps via the API connector. The security team wants files in that app that contain credit card numbers to automatically receive the 'Highly Confidential' sensitivity label, which is already published to users. What must you configure to accomplish this?
Your organization uses a standardized patent application intake form that all engineers must fill out. The blank template has fixed field labels and boilerplate text, while the completed forms contain highly confidential invention details. The compliance team wants a custom detection method that recognizes any document based on this specific form template, so DLP policies can protect completed submissions. Which Purview data classification capability should you implement?
Your organization maintains a table of 2 million patient records (medical record number, patient name, date of birth) in a SQL database. You must create an exact data match (EDM) sensitive information type so DLP policies can detect only these specific records, not any values that merely resemble the pattern. After defining the schema in the Purview portal, what must you do to make the actual record values available for matching while ensuring the raw sensitive data never leaves your environment in clear text?
Your organization uses an exact data match (EDM) sensitive information type to detect customer account numbers in outbound email. The source data file changes weekly as new customers are added. After uploading the initial hashed data, you notice that recently added customer records are not being detected in DLP policy matches, even though they exist in the current source file. What must you do to ensure new records are detected?
Contoso stores a structured database of 90,000 employee records that includes full names, national ID numbers, and salaries. The compliance team wants a Data Loss Prevention solution that detects when an email or document contains an exact combination of these specific employee values, rather than any generic pattern that merely resembles a national ID. The solution must scale to the full record set and be refreshable as the database changes. Which sensitive information classification method should you implement?
Contoso created an exact data match (EDM) sensitive information type based on a schema that includes CustomerID, LastName, and CreditCardNumber. Compliance analysts report that DLP is generating too many false positives because a match is triggered whenever a CreditCardNumber alone appears in a document, even without any related customer data. You need to reduce false positives by requiring that a detected CreditCardNumber must appear together with at least one other field from the same data row before it counts as an EDM match. Which EDM configuration change should you make?
Contoso uses Microsoft 365 Apps for enterprise on all Windows 11 workstations. The security team has published sensitivity labels and wants users to apply them from within Word, Excel, PowerPoint, and Outlook desktop apps. They want the simplest supported configuration with the least additional software to install and maintain. What should you recommend?
Contoso has deployed the Purview Information Protection scanner in discovery mode against several on-premises file shares. The results show many documents that match a sensitive information type but have no sensitivity label. The compliance team now wants the scanner to automatically apply the appropriate sensitivity label and its associated encryption to matching files during subsequent scans. Which change must you make to accomplish this?
Contoso deploys the Microsoft Purview Information Protection scanner to discover and label sensitive files on several on-premises Windows file servers. The security team wants the scanner to run unattended, apply sensitivity labels automatically, and access all target file shares without interactive sign-in. When configuring the scanner service account, which requirement must be met for the scanner to function correctly?
Contoso stores millions of legacy documents on Windows file servers in an on-premises data center. Security wants these files automatically discovered, classified, and labeled with existing Purview sensitivity labels without users manually opening each file. The solution must run on-premises against SMB file shares. Which component should you deploy?
Your organization uses Purview Message Encryption. The legal department requires that all encrypted emails sent to external recipients display the company logo, a custom disclaimer statement, and a specific portal text so recipients recognize the message as legitimate. You need to apply these branding elements to the encryption experience. What should you do?
Contoso wants to send emails to external partners that are encrypted so only intended recipients can read them, but the security team specifically requires that recipients can still forward and copy the message content once received. Which Purview Message Encryption protection option should the administrator apply to meet this requirement?
More SC-401 practice
Keep going with the other Microsoft Information Security Administrator domains, or take a full timed mock exam.
← Back to SC-401 overview