SC-401 Exam Dumps - Microsoft Certified: Information Security Administrator Associate Questions and Answers

The goal is to automatically label documents in Site1 that contain credit card numbers. To achieve this, we need a sensitivity label with an auto-labeling policy based on a sensitive info type that detects credit card numbers.

Step 1: Create a Sensitive Info Type

● A sensitive info type is needed to detect credit card numbers in documents.

● Microsoft Purview includes built-in sensitive info types for credit card numbers, but we can also create a custom one if necessary.

Step 2: Create a Sensitivity Label

● A sensitivity label is required to classify and protect documents containing sensitive information.

● This label can apply encryption, watermarking, or access controls to credit card data.

Step 3: Create an Auto-Labeling Policy

● An auto-labeling policy ensures that the sensitivity label is applied automatically when credit card numbers are detected in Site1.

● This policy is configured to scan files and automatically apply the correct sensitivity label.

The requirement states that all Microsoft 365 data for users must be retained for at least one year. In Microsoft 365, retention policies must be configured for each type of data storage.

Step 1: Identifying Where Data is Stored

From the case study, users store data in the following locations:

● SharePoint Online sites

● OneDrive accounts

● Exchange email

● Exchange public folders

● Teams chats

● Teams channel messages

Since these locations fall under two broad categories:

● Microsoft Exchange data (Emails, Public folders)

● SharePoint, OneDrive, and Teams data

Step 2: Required Retention Policies

1️. A single retention policy can cover:

● SharePoint Online

● OneDrive

● Microsoft Teams

2. A second retention policy is required for:

● Exchange (Emails & Public Folders)

Thus, the minimum number of retention policies required to meet the requirement is 2.

Microsoft 365 retention policies can be applied broadly across multiple services with just two policies:

● One for Exchange & Public Folders

● One for SharePoint, OneDrive, and Teams

There ' s no need for separate policies for each individual workload unless different retention durations are required, which is not stated in the requirement.

Let’s analyze each scenario based on the given retention policies and Microsoft 365 documentation.

???? Policies Recap

Policy1

Teams channel messages → All Teams → Retain 7 years → Delete automatically.

Teams chats → User1 → Retain 7 years → Delete automatically.

Policy2

Teams channel messages → Team1 → Retain 5 years → Delete automatically.

Teams chats → User2 → Retain 5 years → Delete automatically.

???? Reference: Retention policies in Microsoft Teams

???? Statement 1: The message edited by User1 will be deleted after five years.

Location = Team1 channel.

Policy1 applies (7 years for all Teams).

Policy2 applies (5 years for Team1).

Conflict rule: For retention, the longest duration wins.

Therefore, the message stays 7 years, not 5.

✅ Answer: NO

???? Statement 2: User1 can see the message sent by User2 for up to seven years.

Location = Private 1:1 chat (User2 → User1).

For User1’s mailbox: Policy1 applies (7 years).

For User2’s mailbox: Policy2 applies (5 years).

Retention in Teams chats is per-user, so each participant may have different durations.

For User1, the retention is 7 years.

✅ Answer: YES

???? Statement 3: The message deleted by User1 will be moved to the SubstrateHolds folder.

Location = Team2 channel.

User1 deletes the message, but retention policy (Policy1) applies (7 years).

Retention overrides user deletion: message is moved to the SubstrateHolds folder in the hidden mailbox for preservation.

???? Reference: How retention works with SubstrateHolds

✅ Answer: YES

Understanding DLP Policy Impact on File Access

The DLP policy (DLPpolicy1) applies to Site2 and restricts access when:

● Content contains SWIFT Codes.

● Instance count is 2 or more.

File Analysis (Based on SWIFT Codes Count)

Files that remain accessible (not restricted by DLP):

● File1.docx (Contains only 1 SWIFT Code → Below restriction threshold)

User access after DLP policy is applied:

User1 (Site Owner):

● Has higher privileges and can override DLP restrictions (through admin intervention).

● Can access 2 files (File1.docx + override access to another file).

User2 (Site Visitor):

● Has read-only access but DLP blocks access to restricted files.

● Can only access 1 file (File1.docx), since all others are restricted.

Understanding Site4 ' s Retention Policies:

● Site4RetentionPolicy1 deletes items older than 2 years from creation. If a file was created on January 1, 2021, it would be deleted after January 1, 2023.

● Site4RetentionPolicy2 retains files for 4 years from creation. If a file was created on January 1, 2021, it will be kept until January 1, 2025, but not deleted after that (policy states " Do nothing " ).

Statement 1 - Yes, because Site4RetentionPolicy2 ensures files are retained for 4 years.

Statement 2 - Yes, because Site4RetentionPolicy2 retains the file for 4 years (until January 1, 2025).

Statement 3 - No, because retention is only for 4 years (until January 1, 2025). After that, the policy does " nothing, " meaning the file is no longer recoverable after that period.

To detect and protect confidential documents, we need a custom rule to identify project codes that start with 999 (since they are classified as confidential).

Box 1: A Sensitive Info Type (SIT) allows Microsoft Purview DLP policies to recognize structured data (e.g., project codes). DLP policies require a sensitive info type to detect content based on patterns, keywords, or dictionary terms. A sensitivity label alone does not define detection logic—it is used for classification and protection after content is identified.

Box 2: Since project codes follow a structured 10-digit pattern, we should use a Regular Expression (Regex) to match project codes that start with 999.

Example Regex pattern:

999\d{7}

This pattern detects a 10-digit number starting with " 999 " .

To meet the requirement that all administrative users must be able to create Microsoft 365 sensitivity labels, we need to assign the Sensitivity Label Administrator role to the correct users.

Sensitivity Label Administrator Role Responsibilities

This role allows users to:

● Create and manage sensitivity labels in Microsoft Purview.

● Publish and configure auto-labeling policies.

● Modify label encryption and content marking settings.

Review of Admin Roles from the Table:

Users that must be assigned the Sensitivity Label Administrator role:

● Admin2 (Compliance Data Administrator)

● Admin3 (Compliance Administrator)

● Admin1 (Global Reader) (should be assigned this role to fulfill the requirement that all admins can create labels).

Microsoft 365 Copilot can only process (summarize, answer questions about) a labeled file when the user has the Copy and extract content (EXTRACT) usage right granted by the applied sensitivity label.

From the table of labels:

Label1 → VIEW only (no EXTRACT ) → Copilot cannot summarize.

Label2 → VIEW and EXTRACT granted → Copilot can summarize.

Label3 → VIEW and EXPORT (no EXTRACT ) → Copilot cannot summarize.

Since File2 is labeled Label2 , it’s the only file for which User1 has the required EXTRACT permission, so it’s the only file Copilot can summarize.

Step 1 – Understanding the requirement

You want to retain specific audit log record types and activities for 3 years:

CopilotInteraction → All activities (1/1)

Compliance DLP endpoint → All activities (2/2)

Azure Active Directory → Only 2 out of 25 activities selected (Reset user password, Changed user password)

The goal is to minimize the number of audit retention policies while meeting the requirement to store only the selected record types and activities.

Step 2 – Audit retention policies in Microsoft Purview

Audit retention policies let you define which activities and record types are retained and for how long.

A single retention policy can include multiple record types and multiple activities.

Limitation: Each policy can only define one set of retention settings per included record types/activities.

If you want to retain different subsets of activities (e.g., only 2 out of 25 in Azure AD), you must create a separate policy for that.

???? Reference: Set up audit (Premium) retention policies in Microsoft Purview

Step 3 – Applying to the scenario

CopilotInteraction: Since you need all activities, you can include them in one policy.

Compliance DLP endpoint: Since you also need all activities, they can be added to the same policy as CopilotInteraction.

✅ These two can be covered by 1 policy.

Azure Active Directory: You only need 2 out of 25 activities. Since this requires activity-level filtering, it must be placed in a separate policy.

Thus:

Policy 1 → CopilotInteraction (all) + Compliance DLP endpoint (all)

Policy 2 → Azure AD “Reset user password”

Policy 3 → Azure AD “Changed user password”

That equals 3 total policies.

Endpoint DLP builds on Microsoft Defender for Endpoint integration. Before enabling Endpoint DLP, you must turn on device onboarding in Microsoft Purview to allow devices (like Device1) to be enrolled. After onboarding, you can assign DLP policies to endpoints.