Home
Microsoft
SC-401 Exam Info
SC-401 Exam Questions

Home ❯
Microsoft ❯
SC-401 Exam Info ❯
SC-401 Exam Questions

Master Microsoft SC-401: Unlock Cybersecurity Excellence in Microsoft 365

Ready to elevate your cybersecurity game and become the guardian of digital fortresses? Our cutting-edge SC-401 practice questions are your secret weapon to conquering Microsoft's Administering Information Security in Microsoft 365 exam. Crafted by industry veterans, our materials go beyond mere memorization – they're your ticket to real-world expertise. Imagine confidently navigating threat landscapes, implementing zero-trust architectures, and safeguarding cloud environments. With our adaptive learning platform, you'll absorb knowledge like a sponge, transforming into the security pro employers are desperate to hire. Don't let imposter syndrome hold you back – join thousands of successful candidates who've aced the exam using our resources. Whether you prefer PDFs for on-the-go study, interactive web-based quizzes, or feature-rich desktop software, we've got you covered. Time's ticking, and cyberthreats aren't waiting. Invest in your future today and become the Microsoft 365 security expert you've always dreamed of being!

Page: 1 /
Total 72 questions

Want more questions? Get Premium Access.
()

Get Free Questions & Answers PDF

Question 1

You have Microsoft 365 E5 subscription.

You create two alert policies named Policy1 and Policy2 that will be triggered at the times shown in the following table.

How many alerts will be added to the Microsoft Purview portal?

Correct : D

In Microsoft Purview, when multiple alert policies trigger alerts, duplicate alerts within a short period (typically 5 minutes) may be suppressed to avoid redundancy.

Step-by-step Analysis:

Policy1 at 10:00:04 is ignored because Policy1 already triggered at 10:00:00, and it's within 5 minutes.

Policy2 at 10:00:31 is ignored because Policy2 already triggered at 10:00:03, and it's within 5 minutes.

Policy1 at 10:01:01 is a new alert because it's over 1 minute after the previous Policy1 alert.

Policy1 at 10:04:45 is a new alert because it's over 3 minutes after the previous Policy1 alert.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

0 / 1500

Question 2

You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company.

What should you do?

AFrom the Microsoft Purview portal create an insider risk policy

BFrom the Microsoft Defender portal create a file policy

CFrom the Microsoft Defender portal, create an activity policy.

DFrom the Microsoft Purview portal, start a data investigation.

Correct : B

An activity policy in Microsoft Defender for Cloud Apps (Microsoft Defender portal) allows you to track and alert on specific user actions, such as sharing sensitive documents externally from OneDrive. This policy can detect file-sharing activities and send alerts when files are shared with external users, which meets the requirement.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AFrom the Microsoft Purview portal create an insider risk policy

BFrom the Microsoft Defender portal create a file policy

CFrom the Microsoft Defender portal, create an activity policy.

DFrom the Microsoft Purview portal, start a data investigation.

0 / 1500

Question 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You have a user named User1. Several users have full access to the mailbox of User1.

Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

When you search the audit log in the Microsoft Purview portal to identify who signed in to the mailbox of User1, the results are blank.

You need to ensure that you can view future sign-ins to the mailbox of User1.

Solution: You run the Set-MailboxFolderPermission -Identity "User1" -User User1@contoso.com -AccessRights Owner command.

Does that meet the goal?

AYes

BNo

Correct : B

The Set-MailboxFolderPermission -Identity 'User1' -User User1@contoso.com -AccessRights Owner command is incorrect. This assigns folder permissions but does not enable auditing. It does not track who accessed the mailbox or deleted emails.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AYes

BNo

0 / 1500

Question 4

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You have a user named User1. Several users have full access to the mailbox of User1.

Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

When you search the audit log in the Microsoft Purview portal to identify who signed in to the mailbox of User1, the results are blank.

You need to ensure that you can view future sign-ins to the mailbox of User1.

Solution: You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox* command.

Does that meet the goal?

AYes

BNo

Correct : B

The Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox* command is incorrect. This enables admin audit logging, which tracks changes to mailbox configurations (e.g., mailbox settings updates), not user activity inside the mailbox.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AYes

BNo

0 / 1500

Question 5

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You have a user named User1. Several users have full access to the mailbox of User1.

Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

When you search the audit log in the Microsoft Purview portal to identify who signed in to the mailbox of User1, the results are blank.

You need to ensure that you can view future sign-ins to the mailbox of User1.

Solution: You run the Set-Mailbox -Identity "User1" -AuditEnabled $true command.

Does that meet the goal?

AYes

BNo

Correct : A

To track who accesses User1's mailbox, you need to enable mailbox auditing for User1. By default, Exchange mailbox auditing is not enabled per mailbox (even though it is enabled tenant-wide).

The Set-Mailbox -Identity 'User1' -AuditEnabled $true command enables audit logging for mailbox actions like:

Read emails

Delete emails

Send emails as User1

Access by delegated users

Once enabled, you can search for future sign-ins and actions in the Microsoft Purview audit logs.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AYes

BNo

0 / 1500

Page: 1 / 15
Total 72 questions

Unlock Full
SC-401 Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
SC-401 Exam

SC-401 Exam Question 1
SC-401 Exam Question 2
SC-401 Exam Question 3
SC-401 Exam Question 4
SC-401 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login