最新の[2026年02月24日]Microsoft SC-401試験練習テスト最高成績で最速合格をゲットせよ!
これを使えば必ず合格させる問題集でMicrosoft SC-401
Microsoft SC-401 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 # 96
You have a Microsoft 365 £5 subscription.
You need to prevent the sharing of sensitive information in Microsoft Teams.
Which entities can you protect by applying a data loss prevention (DLP) policy to each resource? To answer, drag the appropriate activities to the correct entity. Each activity may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE; Each correct selection is worth one point.
正解:
解説:
Explanation:
We are asked which Microsoft Teams activities can be protected by a DLP policy when applied to different resource scopes: user accounts, Microsoft 365 groups, and security groups or distribution lists.
Step 1 - How DLP applies in Teams
User accounts # Controls 1:1 or group chats (1:1/n chats).
Microsoft 365 groups # Controls Team channel messages (general and private channels).
Security groups or distribution lists # Used as a scoping mechanism for users, but only applies to 1:1/n chats, not to channel messages.
# Reference: Learn about DLP in Microsoft Teams
Step 2 - Map activities
User accounts # Can protect 1:1/n chats only.
Microsoft 365 groups # Can protect Private channels only and General chats only (both types of Teams channels).
質問 # 97
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need to deploy a compliance solution that will detect the accidental oversharing of information outside of an organization.
The solution must minimize administrative effort.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 98
You have a Microsoft 565 E5 subscription.
You plan to use Microsoft Purview insider risk management.
You need to create an insider risk management policy that will detect data theft from Microsoft SharePoint Online by users that submitted their resignation or are near their employment termination date.
What should you do first?
- A. Configure a Physical badging connector.
- B. Configure a HR data connector.
- C. Configure Office indicators.
- D. Onboard devices to Microsoft Defender for Endpoint.
正解:B
質問 # 99
You have a Microsoft SharePoint Online site named Site1 that has the users shown in the following table.
You create the retention labels shown in the following table.
You publish the retention labels to Site1.
On March 1,2023, you assign the retention labels to the files shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 100
You have a Microsoft 36S subscription that contains the sensitive information types (SITs) shown in the following exhibit.
Use the drop-down menus To select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct flection is worth one point.
正解:
解説:
Explanation:
Step 1 - Understanding the scenario
The screenshot shows multiple Sensitive Information Types (SITs) in Microsoft Purview, including:
ABA Routing Number (Microsoft-built)
ASP.NET Machine Key (Microsoft-built)
Adatum document patterns (custom, Fingerprint type)
Adatum numbers (custom, Entity type)
Bundled SITs (like All Credential Types, All Full Names)
The question is asking:
Which SITs can you copy to create a new SIT?
Which SITs can you edit directly without copying?
Step 2 - Microsoft rules for SITs
Built-in SITs (published by Microsoft Corporation):
These cannot be edited directly. To modify them, you must create a copy first.
Custom SITs (created in your tenant, e.g., Contoso):
These can be edited directly without making a copy.
Reference: Create a custom sensitive information type
Step 3 - Apply to the exhibit
"Adatum numbers" is published by Contoso (the organization), so it is a custom SIT. This means it can be edited directly.
All SITs, whether built-in or custom, can be copied to form a new SIT.
質問 # 101
You have a Microsoft 365 subscription.
You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From the Microsoft Purview portal, create a label.
- B. From the Microsoft Purview portal, publish a label.
- C. From the SharePoint admin center, modify the Site Settings.
- D. From Microsoft Defender for Cloud Apps, create a file policy.
- E. From the SharePoint ad min center, modify the records management settings.
正解:A、B
解説:
To allow users to apply retention labels to individual documents in Microsoft SharePoint libraries, you need to create a retention label and publish the label.
In Microsoft Purview, retention labels define how long content should be retained or deleted. You must first create a label that specifies the retention rules. After creating the label, you must publish it so that it becomes available for users in SharePoint document libraries. Once published, users can manually apply the retention label to individual documents.
質問 # 102
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.
You need to implement Microsoft Purview data lifecycle management.
What should you create first?
- A. a data loss prevention (DLP) policy
- B. a retention label
- C. an auto-labeling policy
- D. a sensitivity label policy
正解:B
解説:
To implement Microsoft Purview Data Lifecycle Management for SharePoint Online (Site1), you need to create a retention label first. Retention labels define how long content should be retained or deleted based on compliance requirements. Once a retention label is created, it can be manually or automatically applied to content in SharePoint Online, Exchange, OneDrive, and Teams. After creating a retention label, you can configure label policies to apply them to Site1 and other locations.
質問 # 103
How many files in Site2 can User1 and User2 access after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 104
You have a Microsoft 365 E5 subscription.
You have a file named Customer.csv that contains a list of 1,000 customer names.
You plan to use Customer.csv to classify documents stored in a Microsoft SharePoint Online library.
What should you create in the Microsoft Purview portal, and which type of element should you select? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 105
You have a data loss prevention (DIP) policy that has the advanced DIP rules shown in the following table.
You need to identity which rules will apply when content matches multiple advanced DIP rules.
Which rules should you identify? To answer, select the appropriate options in the answer area.
正解:
解説:
Explanation:
Comprehensive Detailed Explanation with References
When multiple advanced DLP rules match content, Microsoft 365 DLP evaluates based on:
Rule priority
Lower number = higher priority (0 highest).
Among Rule2 (priority 1), Rule3 (priority 2), and Rule4 (priority 3), Rule2 has the highest priority.
Conflict resolution (single vs multiple rules applied)
By default, only the highest-priority rule applies if multiple rules match. # That's why in the first dropdown, the correct answer is Only Rule2 takes effect.
However, you can configure advanced DLP to allow multiple matching rules to take effect simultaneously. If this setting is enabled, then Rule2, Rule3, and Rule4 all apply. # That's why in the second dropdown, the correct answer is Rule2, Rule3, and Rule4 take effect.
References:
Microsoft Learn: Order of rule processing in DLP
Microsoft Learn: Advanced DLP rule precedence
質問 # 106
You have a Microsoft J65 subscription linked to a Microsoft Entra tenant that contains a user named User1.
You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege. Which role should you assign to User1?
- A. the Security Reader role in the Microsoft Entra admin center
- B. the Compliance Management role in the Exchange admin center
- C. the View Only Audit Logs role in the Exchange admin center
- D. the Reviewer role in the Microsoft Purview portal
正解:C
解説:
Step 1 - Scenario
You need to grant User1 permission to search Microsoft 365 audit logs while following the principle of least privilege.
Step 2 - Roles that can search audit logs
Audit log search in Microsoft 365 is tied to Exchange Online role groups, because audit log data is stored in Exchange.
The following roles are relevant:
View-Only Audit Logs # Grants the ability to search and view audit logs, but not configure auditing or take other compliance actions. This is the least privilege role.
Audit Logs # Grants broader permissions, including turning auditing on/off.
Compliance Management # A broader role group that includes audit log search and many other compliance functions, violating least privilege.
Security Reader (Entra ID) # Grants read-only access to security features, but not audit logs.
Reviewer (Purview) # Used in eDiscovery, not audit logs.
Step 3 - Why "View-Only Audit Logs" is correct
According to Microsoft documentation:
"Users must be assigned the Audit Logs or View-Only Audit Logs role in Exchange Online to search the audit log. To minimize permissions, assign View-Only Audit Logs."
# Reference: Permissions required to search the audit log
Step 4 - Elimination of other options
A). Security Reader role # Allows reading security-related info in Microsoft 365 Defender, not Purview audit logs.
B). Compliance Management role # Includes more than just audit logs, not least privilege.
C). View-Only Audit Logs role # Correct and least privilege.
D). Reviewer role # For eDiscovery cases, not audit logs.
質問 # 107
You have Microsoft 365 E5 tenant that has a domain name of 86s40q.ofimicrosoft.com. The tenant contains the users shown in the following table.
You have a published sensitivity label.
The Access control settings for the sensitivity label are configured as shown in the exhibit (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Explanation:
Comprehensive Detailed Explanation with References
We are given a sensitivity label with the following Access control settings:
Assign permissions now # meaning admins define permissions, not end users.
User access to content expires = Never.
Allow offline access = Always.
Permissions explicitly assigned:
LegalTeam@... # Co-Author
USSales@... # Reviewer
Dynamic watermarking and Double Key Encryption are not enabled.
Reference: Restrict access to content with sensitivity labels
Statement 1: Only users at your company can view an email that has the sensitivity label applied.
False, because permissions are explicitly assigned to two groups (LegalTeam, USSales).
If any external users were added, they would also get access. The configuration does not inherently restrict to only internal users.
answer: NO
Statement 2: The owner of an email can assign permissions when applying the sensitivity label.
False, because the sensitivity label was configured with "Assign permissions now".
This means permissions are fixed by admins and cannot be modified by the email sender.
If "Let users assign permissions" was enabled, this would be YES.
answer: NO
# Statement 3: [email protected]
can print an email that has the sensitivity label applied.
USSales group has the Reviewer role.
Reviewer = Can view, read, and save, but cannot print, copy, or export.
Reference: Usage rights and role mapping for sensitivity labels
answer: NO
質問 # 108
You have a Microsoft 365 E5 subscription that contains a retention policy named RP1 as shown in the following table.
You place a preservation lock on RP1.
You need to modify RP1.
Which two modifications can you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Add locations to the policy.
- B. Remove locations from the policy.
- C. Disable the policy.
- D. Decrease the retention period of the policy.
- E. Increase the retention period of the policy.
- F. Delete the policy.
正解:A、E
解説:
A Preservation Lock in Microsoft Purview Retention Policies enforces strict compliance and prevents certain modifications to ensure data is retained according to compliance requirements.
When a Preservation Lock is applied:
1. You cannot disable or delete the policy.
2. You cannot remove locations from the policy.
3. You cannot decrease the retention period.
4. You can add locations to the policy.
5. You can increase the retention period.
You can expand the retention policy to cover additional locations (e.g., more Exchange mailboxes, SharePoint sites). You can extend the retention duration (e.g., increase from 5 years to 10 years) since this aligns with stricter compliance.
質問 # 109
You have a Microsoft 365 E5 subscription that contains the adaptive scopes shown in the following table.
You create the retention policies shown in the following table.
Which retention policies support a preservation lock?
- A. RPolicy1 and RPolicy3 only
- B. RPolicy1 and RPolicy2 only
- C. RPolicy2only
- D. RPolicy3on1y
- E. RPolicy1, RPolicy2, and RPolicy3
正解:D
質問 # 110
You have a Microsoft 365 IS subscription that contains the resources shown in the following table.
The subscription contains a Windows 11 device named Device 1 and has the Microsoft Purview Information Protection client installed. Device i contains the resources shown in the following table.
You publish a sensitivity label named Label1 to User1 and Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Explanation:
Step 1 - Label publishing and scope
The sensitivity label Label1 is published to User1 and Group1.
User1 # Directly included in label publishing.
User2 # Member of Group1, so also included indirectly.
This means both User1 and User2 are eligible to use Label1.
Step 2 - File vs Folder labeling with the Information Protection client The Microsoft Purview Information Protection (AIP unified labeling) client can apply labels to files such as .
docx, .png, .pdf, etc.
It cannot label folders directly. Labels are applied to items (files and emails), not folders.
Reference: Apply sensitivity labels using the AIP client
Step 3 - Analyze each statement
User1 can apply Label1 to File1.png
File1.png is a file type supported by the Information Protection client.
User1 has Label1 published directly.
answer: Yes
User1 can apply Label1 to Folder2
Sensitivity labels cannot be applied to folders in File Explorer.
answer: No
User2 can apply Label1 to File2.docx
File2.docx is a supported file type (Word document).
User2 is a member of Group1, and Label1 is published to Group1.
answer: Yes
質問 # 111
You have a Microsoft OneDrive folder that contains the files shown in the following table.
In Microsoft Defender for Cloud Apps, you create a file policy to automatically apply a classification. What is the effect of applying the policy?
- A. The policy will apply to only the .docx and .txt files. The policy will classify the files within 24 hours.
- B. The policy will apply to only the docx and txt files. The policy will classify the files immediately.
- C. The policy will apply to all the files. The policy will classify only 100 files daily.
- D. The policy will apply to only the .docx files. The policy will classify only 100 files daily.
正解:A
質問 # 112
You have a Microsoft 365 E5 tenant that uses a domain named contoso.com.
A user named User 1 sends link based, branded emails that are encrypted by using Microsoft Purview Advanced Message Encryption to the recipients shown in the following table.
For which recipients Can User1 revoke the emails?
- A. Reclpient3 and Recipients only
- B. Reciptent1 and Recipient4 only
- C. Recipient4 only
- D. Recipient1 only
- E. Reciptent1, Recipient2. Recipient3, and Recipient4
正解:E
解説:
Step 1 - Scenario
Tenant domain = contoso.com
Encryption method = Microsoft Purview Advanced Message Encryption (AME) using branded, link-based emails.
Recipients:
Recipient1 # Contoso internal user (same tenant).
Recipient2 # External Microsoft 365 user (Fabrikam).
Recipient3 # Outlook.com consumer email.
Recipient4 # Gmail.com consumer email.
The question asks: For which recipients can User1 revoke the emails?
Step 2 - Revocation in Advanced Message Encryption
Microsoft Purview AME allows senders to:
Revoke sent encrypted emails.
Revoke applies to all recipients who receive a link-based branded encrypted message.
When revoked, the secure message link no longer works, regardless of whether the recipient is internal, external Microsoft 365, Outlook.com, Gmail, or another email provider.
This differs from traditional RMS-based encryption where revocation is tenant-specific. In AME, the revocation is possible because the recipient must open the message through a secure browser portal (Office
365 Message Encryption portal).
Step 3 - Evaluate each recipient
Recipient1 (contoso.com, internal) # Yes, message can be revoked.
Recipient2 (fabrikam.onmicrosoft.com, external Microsoft 365) # Yes, message can be revoked because AME link enforcement works across tenants.
Recipient3 (outlook.com, consumer) # Yes, message can be revoked, they use the secure OME portal.
Recipient4 (gmail.com, consumer) # Yes, message can be revoked, they also use the secure OME portal.
Step 4 - Microsoft Reference
From Microsoft Docs:
"With Advanced Message Encryption, admins can configure branding and revocation for encrypted email messages. Revocation applies to encrypted emails sent to both internal and external recipients, including those using Outlook.com, Gmail.com, and other email services." Reference: Microsoft Purview Advanced Message Encryption
質問 # 113
HOTSPOT
You need to meet the technical requirements for the confidential documents.
What should you create first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
A screenshot of a computer AI-generated content may be incorrect.
To detect and protect confidential documents, we need a custom rule to identify project codes that start with
999 (since they are classified as confidential).
Box 1: A Sensitive Info Type (SIT) allows Microsoft Purview DLP policies to recognize structured data (e.g., project codes). DLP policies require a sensitive info type to detect content based on patterns, keywords, or dictionary terms. A sensitivity label alone does not define detection logic-it is used for classification and protection after content is identified.
Box 2: Since project codes follow a structured 10-digit pattern, we should use a Regular Expression (Regex) to match project codes that start with 999.
Example Regex pattern:
999\d{7}
This pattern detects a 10-digit number starting with "999".
質問 # 114
You have a Microsoft 365 E5 tenant.
You create a data loss prevention (DLP) policy.
You need to ensure that the policy protects documents in Microsoft Teams chat sessions.
Which location should you enable in the policy?
- A. Teams chat and channel messages
- B. Exchange email
- C. OneDrive accounts
- D. SharePoint sites
正解:A
解説:
To extend DLP to Teams, you must enable Teams chat and channel messages as a location in the DLP policy.
SharePoint and OneDrive protect stored content, but chat sessions require the Teams-specific location.
Reference: DLP in Microsoft Teams
質問 # 115
You have a Microsoft 365 £5 subscription that contains the groups shown in the following table.
The subscription contains the users shown in the following table.
You create the mail flow rules shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 116
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need ensure that an incident will be generated when a user visits a phishing website.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 117
You need to meet the technical requirements for the creation of the sensitivity labels.
To which user or users must you assign the Sensitivity Label Administrator role?
- A. Admin1, Admin2, Admin4, and Admin5 only
- B. Admin1 and Admin5 only
- C. Admin1 only
- D. Admin1 and Admin4 only
- E. Admin1, Admin2, and Admin3 only
正解:E
解説:
To meet the requirement that all administrative users must be able to create Microsoft 365 sensitivity labels, we need to assign the Sensitivity Label Administrator role to the correct users.
Sensitivity Label Administrator Role Responsibilities
This role allows users to:
# Create and manage sensitivity labels in Microsoft Purview.
# Publish and configure auto-labeling policies.
# Modify label encryption and content marking settings.
Review of Admin Roles from the Table:
A screenshot of a computer AI-generated content may be incorrect.
Users that must be assigned the Sensitivity Label Administrator role:
# Admin2 (Compliance Data Administrator)
# Admin3 (Compliance Administrator)
# Admin1 (Global Reader) (should be assigned this role to fulfill the requirement that all admins can create labels).
質問 # 118
You have a Microsoft J65 E5 subscription. You plan to implement retention policies for Microsoft Teams.
Which item types can be retained?
- A. code snippets
- B. embedded images
- C. voice memos from the Teams mobile client
正解:B
質問 # 119
You have a Microsoft 365 subscription that contains two Microsoft SharePoint Online sites named Site1 and Site2. You plan to use policies to meet the following requirements:
* Add a watermark of Confidential to a document if the document contains the words Project1 or Project2.
* Retain a document for seven years if the document contains credit card information.
* Add a watermark of Internal Use Only to all the documents stored on Site2.
* Add a watermark of Confidential to all the documents stored on Site1.
You need to recommend the minimum number of sensitive info types required.
How many sensitive info types should you recommend?
- A. 0
- B. 1
- C. 2
- D. 3
正解:A
解説:
The requirements are:
Detect credit card information # requires a sensitive info type (built-in: Credit Card Number).
Detect keywords "Project1" or "Project2" # can be handled in the same sensitive info type by using keyword matching.
Watermarks ("Confidential", "Internal Use Only") are label actions, not sensitive info types.
Therefore, only 2 sensitive info types are required: one for keywords, one for credit card data.
Reference: Sensitive info types in Microsoft Purview
質問 # 120
......
正真正銘のベスト問題集資料を使おうSC-401オンライン練習試験:https://www.goshiken.com/Microsoft/SC-401-mondaishu.html
最大一年間毎日更新されるSC-401ブレーン問題集:https://drive.google.com/open?id=1Q_OXkeweLOIg8-SNxzeBCvDW2nIBnRBY