SC-401 Exam Dumps - Microsoft Certified: Information Security Administrator Associate Questions and Answers

Step 1 – Understand the scenario

We have a Microsoft 365 E5 subscription with Copilot available.

File1.docx has a sensitivity label applied.

The sensitivity label controls usage rights (Owner, Editor, Restricted Editor, Viewer).

The question: Which users can summarize File1 with Microsoft 365 Copilot?

Step 2 – Sensitivity labels and usage rights

When a sensitivity label is configured to apply encryption with usage rights, each role has different levels of access:

Owner: Full control (read, edit, reshare, extract, etc.).

Editor: Can read, edit, and copy content.

Restricted Editor: Can read and edit in place, but cannot copy, print, or extract content.

Viewer: Can only read (view) the content.

???? Reference: Rights included in usage rights for sensitivity labels

Step 3 – Copilot’s requirements for summarization

Microsoft 365 Copilot requires that the user has the ability to read and extract text from the document in order to generate a summary.

Owners and Editors: ✅ Can both read and extract → Copilot works.

Restricted Editors: ❌ Cannot copy/extract text → Copilot cannot summarize.

Viewers: ❌ Can only view → Copilot cannot process content for summarization.

???? Reference: Microsoft 365 Copilot and sensitivity labels

“Users must have extract and copy rights in order for Microsoft 365 Copilot to process and summarize labeled documents.”

Step 4 – Apply to the case

User1 (Owner) → Can summarize.

User2 (Editor) → Can summarize.

User3 (Restricted Editor) → Cannot summarize.

User4 (Viewer) → Cannot summarize.

The requirements are:

Detect credit card information → requires a sensitive info type (built-in: Credit Card Number).

Detect keywords “Project1” or “Project2” → can be handled in the same sensitive info type by using keyword matching.

Watermarks (“Confidential”, “Internal Use Only”) are label actions, not sensitive info types.

Therefore, only 2 sensitive info types are required: one for keywords, one for credit card data.

Step 1 – Scenario

The alert in the exhibit is named Alert2.

Current status = Resolved.

The task is to identify which statuses you can change the alert to.

Step 2 – Microsoft 365 Alert Lifecycle

In Microsoft 365 compliance and security alerts, an alert can move between multiple statuses depending on investigation and remediation. The available statuses are:

Active – The alert is new and not yet acted upon.

Investigating – The alert is under review.

Resolved – The alert has been addressed.

Dismissed – The alert is ignored or deemed not relevant.

Step 3 – Status changes from "Resolved"

If an alert is in the Resolved state, administrators can reopen or reclassify it. According to Microsoft documentation, from Resolved, you can change it to:

Active

Investigating

Dismissed

This allows flexibility in continuing investigations if needed or dismissing false positives.

Step 4 – Microsoft Reference

From Microsoft Docs: “You can change the status of an alert between Active, Investigating, Resolved, and Dismissed to reflect its current stage in the triage process.”

To extend DLP to Teams, you must enable Teams chat and channel messages as a location in the DLP policy. SharePoint and OneDrive protect stored content, but chat sessions require the Teams-specific location.

Step 1 – Review what’s configured

Labels: Public, General, Confidential, Internal, External.

Also shown in policy: Confidential/Internal and Confidential/External.

Policy setting: Users must provide justification to remove a label or lower its classification.

Confidential/External → encrypts content when applied.

Step 2 – Analyze each statement

Statement 1: The Internal sensitivity label inherits all the settings from the Confidential label.

Sub-labels (e.g., Confidential/Internal, Confidential/External) do not inherit settings from the parent.

They are independent labels grouped under a parent for organization, but each sub-label must have its own protection settings defined.

Answer: No

Statement 2: Users must provide justification if they change the label of content from Confidential/Internal to Confidential/External.

The policy requires justification only when removing a label or downgrading classification (lowering).

Changing between two sub-labels of the same parent (Confidential/Internal → Confidential/External) is considered a lateral move (not a downgrade).

Answer: No

Statement 3: Content that has the Confidential/External label applied will retain the encryption settings if the sensitivity label is removed from the label policy.

If a label is removed from a published policy, content already labeled retains its protection settings (such as encryption).

The label metadata stays applied to the file/email, even if unpublished.

Answer: Yes

To auto-apply a retention label to documents based on a specific file naming pattern (like abc_XX123.docx), you need to use a detection method that can recognize patterns.

Retention label: This is the outcome (what you apply), not the detection mechanism. It cannot itself identify files.

Trainable classifier: Used for identifying content based on text meaning/semantics (e.g., HR documents, contracts). It is not suitable for structured patterns like file names.

Sensitive info type (SIT): Best option. Custom SITs can be created with regular expressions to match naming formats (such as xxx_XX999). Once the SIT is defined, you can configure an auto-apply retention label policy to apply the “Project Documents” label when the SIT is detected.

We are asked which Microsoft Teams activities can be protected by a DLP policy when applied to different resource scopes: user accounts, Microsoft 365 groups, and security groups or distribution lists.

Step 1 – How DLP applies in Teams

User accounts → Controls 1:1 or group chats (1:1/n chats).

Microsoft 365 groups → Controls Team channel messages (general and private channels).

Security groups or distribution lists → Used as a scoping mechanism for users, but only applies to 1:1/n chats, not to channel messages.

???? Reference: Learn about DLP in Microsoft Teams

Step 2 – Map activities

User accounts → Can protect 1:1/n chats only.

Microsoft 365 groups → Can protect Private channels only and General chats only (both types of Teams channels).

A white paper with black text AI-generated content may be incorrect.

Understanding Site4's Retention Policies:

● Site4RetentionPolicy1 deletes items older than 2 years from creation. If a file was created on January 1, 2021, it would be deleted after January 1, 2023.

● Site4RetentionPolicy2 retains files for 4 years from creation. If a file was created on January 1, 2021, it will be kept until January 1, 2025, but not deleted after that (policy states "Do nothing").

Statement 1 - Yes, because Site4RetentionPolicy2 ensures files are retained for 4 years.

Statement 2 - Yes, because Site4RetentionPolicy2 retains the file for 4 years (until January 1, 2025).

Statement 3 - No, because retention is only for 4 years (until January 1, 2025). After that, the policy does "nothing," meaning the file is no longer recoverable after that period.

In Defender for Cloud Apps file policies, Access level is the filter used to detect how a file is exposed (e.g., Public on the internet, External, Internal, Private). Choosing Access level = External matches files that are shared with users outside your organization—exactly the “shared externally” condition.

Ref: Microsoft Defender for Cloud Apps – Create/Use file policies (File filters: Access level), Microsoft Learn.

See: Microsoft Defender for Cloud Apps > Policies > File policies documentation describing file filters including Access level and its values (Public, External, Internal, Private).

To target files that carry an MIP/AIP classification such as Internal Only, you use the Sensitivity label file filter. Defender for Cloud Apps ingests Microsoft Purview Information Protection labels and lets you build file policies that trigger when a specific label is applied.

Ref: Integrate Microsoft Information Protection with Microsoft Defender for Cloud Apps and File policies – Sensitivity label filter, Microsoft Learn.

These docs explain that MCAS can filter and govern files by Sensitivity label and apply governance based on labels such as Internal Only, Confidential, etc.

Why not the other options?

Collaborators filters by specific users/domains; it’s useful to find files shared with a particular external user but not for the generic “shared externally” condition.

Matched policy is for files already flagged by another policy/DLP engine and does not detect “Internal Only” labeling by itself.