SC-401 Exam Dumps - Administering Information Security in Microsoft 365

In Microsoft Purview Exact Data Match (EDM) classifiers, a primary element is a unique, identifying field used for data matching. EDM allows up to two primary elements per schema.

From the provided table, the Match mode indicates how data is analyzed:

● PP (EU Passport Number) → Likely a primary element because it's unique.

● Name (All Full Names) → Typically not a primary element as names are common.

● DateOfBirth (Single-token) → Usually a secondary element, not unique.

● AccountNumber (Multi-token) → Can be a primary element, as it's a unique identifier.

● Since EDM supports a maximum of two primary elements, the correct answer is 2.

Box 1: To include the sensitive info type detected for each DLP rule match, you need to add a custom column in Activity Explorer. This ensures that the exported file contains specific details about the detected sensitive information types.

Box 2: DLP activity exports from Activity Explorer are always in CSV (Comma-Separated Values) format. This format allows for easy data analysis and reporting in Excel or other data-processing tools.

Box 1: Insider Risk Management policies in Microsoft Purview can be configured to detect risky behavior, such as accessing phishing websites. These policies monitor user activity, generate alerts, and help organizations investigate potential security threats.

Box 2: Microsoft Defender Browser Protection extension helps in detecting unsafe or phishing websites and integrating this detection with Insider Risk Management policies. This extension works with Microsoft Edge and Google Chrome to identify risky browsing activity and trigger alerts.

Let’s analyze each scenario based on the given retention policies and Microsoft 365 documentation.

🔹 Policies Recap

Policy1

Teams channel messages → All Teams → Retain 7 years → Delete automatically.

Teams chats → User1 → Retain 7 years → Delete automatically.

Policy2

Teams channel messages → Team1 → Retain 5 years → Delete automatically.

Teams chats → User2 → Retain 5 years → Delete automatically.

📖 Reference: Retention policies in Microsoft Teams

🔹 Statement 1: The message edited by User1 will be deleted after five years.

Location = Team1 channel.

Policy1 applies (7 years for all Teams).

Policy2 applies (5 years for Team1).

Conflict rule: For retention, the longest duration wins.

Therefore, the message stays 7 years, not 5.

✅ Answer: NO

🔹 Statement 2: User1 can see the message sent by User2 for up to seven years.

Location = Private 1:1 chat (User2 → User1).

For User1’s mailbox: Policy1 applies (7 years).

For User2’s mailbox: Policy2 applies (5 years).

Retention in Teams chats is per-user, so each participant may have different durations.

For User1, the retention is 7 years.

✅ Answer: YES

🔹 Statement 3: The message deleted by User1 will be moved to the SubstrateHolds folder.

Location = Team2 channel.

User1 deletes the message, but retention policy (Policy1) applies (7 years).

Retention overrides user deletion: message is moved to the SubstrateHolds folder in the hidden mailbox for preservation.

📖 Reference: How retention works with SubstrateHolds

✅ Answer: YES

Step 1 – Review what’s configured

Labels: Public, General, Confidential, Internal, External.

Also shown in policy: Confidential/Internal and Confidential/External.

Policy setting: Users must provide justification to remove a label or lower its classification.

Confidential/External → encrypts content when applied.

Step 2 – Analyze each statement

Statement 1: The Internal sensitivity label inherits all the settings from the Confidential label.

Sub-labels (e.g., Confidential/Internal, Confidential/External) do not inherit settings from the parent.

They are independent labels grouped under a parent for organization, but each sub-label must have its own protection settings defined.

Answer: No

Statement 2: Users must provide justification if they change the label of content from Confidential/Internal to Confidential/External.

The policy requires justification only when removing a label or downgrading classification (lowering).

Changing between two sub-labels of the same parent (Confidential/Internal → Confidential/External) is considered a lateral move (not a downgrade).

Answer: No

Statement 3: Content that has the Confidential/External label applied will retain the encryption settings if the sensitivity label is removed from the label policy.

If a label is removed from a published policy, content already labeled retains its protection settings (such as encryption).

The label metadata stays applied to the file/email, even if unpublished.

Answer: Yes

The issue where users sometimes can upload files to cloud services and sometimes cannot suggests inconsistent enforcement of Endpoint DLP policies. This can be caused by the unallowed browsers in the Microsoft 365 Endpoint DLP settings are NOT configured. Also, there are file path exclusions in the Microsoft 365 Endpoint DLP settings.

Endpoint DLP can block uploads only when using unallowed browsers. If unallowed browsers are not configured, users might be able to bypass restrictions by switching to a different browser. This could explain why uploads sometimes work and sometimes don’t, depending on which browser is used.

File path exclusions allow certain files or folders to be exempt from DLP restrictions. If a specific file location is excluded, files stored there won’t trigger DLP policies, leading to inconsistent behavior. This could result in some uploads being blocked while others are allowed.