Free Practice Questions for Microsoft SC-401 Exam

For creating a custom trainable classifier, seed content must be stored in a Microsoft 365 content location that Purview can crawl for training—SharePoint Online (or Exchange mailboxes). OneDrive, Azure Files, or other locations are not supported for training seed sets.

Step 1 – Scenario

Microsoft 365 E5 subscription with 100 users and a Microsoft 365 group (Group1).

A sensitivity label (Label1) is published as the default label for Group1.

Label1 contains two sublabels: Sublabel1 and Sublabel2.

Requirement: Ensure Sublabel1 settings are applied by default to Group1.

Step 2 – Understanding label hierarchy

In Microsoft Purview Information Protection, a parent label (Label1) is a container.

Sublabels (Sublabel1, Sublabel2) inherit the parent name but represent distinct configurations (encryption, watermarking, access, etc.).

A parent label itself cannot have a sublabel’s settings automatically applied unless policy configuration specifies which sublabel is used as the default publishing option.

Step 3 – Why "Modify the policy of Label1" is correct

To apply Sublabel1 by default, the published policy for Label1 must be modified so that Sublabel1 is the default label within the policy.

Simply reordering sublabels (Option A) does not change the default assignment.

Duplicating Sublabel1’s settings into Label1 (Option B) defeats the purpose of having sublabels and adds redundancy.

Deleting the policy of Label1 and publishing Sublabel1 (Option D) would remove flexibility and is unnecessary.

Step 4 – Microsoft Reference

Microsoft Docs: “If you want a sublabel to be applied by default, configure the label policy to select that sublabel as the default label for documents and emails.”

Step 1 – Review scenario

You created a retention label policy Contoso_Policy.

Status shows Off (Error) with message: "It's taking longer than expected to deploy the policy."

Requirement: Reinitiate the policy.

Step 2 – Correct PowerShell cmdlet

To manage retention label policies in Microsoft Purview (compliance), the cmdlet is:

Set-RetentionCompliancePolicy

Other cmdlets:

Set-RetentionPolicy → Legacy Exchange Online retention policies, not Purview label policies.

Start-EdgeSynchronization → Sync for Edge Transport servers, not retention.

Start-RetentionAutoTagLearning → Used for auto-tagging learning, not relevant here.

Step 3 – Correct parameter

To force redistribution of a retention label policy when deployment fails, the parameter is:

-RetryDistribution

Other options:

-ForceFullSync and -FullCrawl → Apply to search/crawl, not retention.

-Train → Related to auto-tagging learning models, not retention.

Final Verified Answer

Set-RetentionCompliancePolicy –id Contoso_Policy –RetryDistribution

Microsoft Endpoint DLP relies on Microsoft Defender for Endpoint (MDE) for its enforcement.

Onboarding Windows 10/11 devices to Defender for Endpoint ensures the Endpoint DLP policies can be applied, including monitoring and protecting content across apps and browsers.

You need to prevent users from sharing sensitive information with third-party generative AI websites.

A. Information Protection → Classifies and labels data but does not block sharing with external AI sites.

B. Information Barriers → Restricts communication between groups of users (e.g., compliance walls), not web uploads.

C. Insider Risk Management → Detects risky behavior (like data exfiltration), but does not actively block data sharing.

D. Data Loss Prevention (DLP) → Detects and prevents sensitive data being copied to browsers, USBs, or uploaded to restricted domains (like ChatGPT, Bard, etc.).

The action "SiteRenamed" for SharePoint is covered under the AuditRetention4 policy, which applies to User1 and retains logs for 9 months.

The action "Send" for ExchangeItem is covered under the AuditRetention2 policy, but this policy applies only to User1. Since User2 is not covered under a specific policy, the default retention period for audit logs in Microsoft Purview is 90 days.

Step 1 – Review the configuration

Sensitivity label name: Contoso Confidential

Scope: Files and emails

Access control:

Encrypts documents/emails.

Permissions assigned to AuthenticatedUsers with Co-Author rights.

Offline access allowed only for 7 days.

Auto-labeling = None (not configured).

Content marking: Footer applied.

Step 2 – Analyze each statement

Statement 1: If a user account is disabled, the user will be immediately prevented from opening a file protected by Contoso Confidential.

Sensitivity labels with encryption enforce Azure AD authentication every time a user tries to access a file.

If the account is disabled in Azure AD, access is blocked immediately.

Answer: Yes

Statement 2: Guest users will be able to open documents protected by Contoso Confidential.

Access control was configured only for AuthenticatedUsers (internal users).

Guest or external users are not included in this group.

Therefore, guest users cannot open the protected documents.

Answer: No

Statement 3: Contoso Confidential will be applied automatically to the files stored in Microsoft SharePoint Online.

Auto-labeling for files and emails = None.

That means labeling must be applied manually by users, not automatically.

Answer: No

Final Verified Answers

If a user account is disabled, the user will be immediately prevented from opening a file protected by Contoso Confidential → Yes

Guest users will be able to open documents protected by Contoso Confidential → No

Contoso Confidential will be applied automatically to the files stored in Microsoft SharePoint Online → No

To enable support for sensitivity labels in Microsoft SharePoint Online, you must configure the setting in the SharePoint admin center.

Sensitivity labels in SharePoint Online allow labeling and protection of files stored in SharePoint and OneDrive. This feature must be enabled in the SharePoint admin center → Settings → Information protection to allow sensitivity labels to apply encryption and protection to stored documents.

To track interactions between users and generative AI websites in Microsoft Purview Audit, you need to deploy the Microsoft Purview browser extension to the devices. This extension enables tracking of user activities on web-based applications, including AI-related tools like ChatGPT, Microsoft Copilot, and other generative AI platforms.

Microsoft Purview extension provides visibility into browser-based activities, including AI tool usage, ensuring compliance and risk management within Microsoft Purview. This extension works with Microsoft Edge and Google Chrome to track and log user interactions.