SC-401 Exam Dumps - Administering Information Security in Microsoft 365

The False positive and override report helps identify rules that were applied but did not generate an actual policy alert, which means they were overridden or deemed false positives.

The DLP policy matches report provides details on files that matched DLP policies, including the top 10 files.

The Incident reports report helps analyze and review alerts, including those that may have been miscategorized.

To create a trainable classifier that can be used in an auto-apply retention label policy, you need to follow these key steps:

1. Create the trainable classifier

This is the first step where you define the classifier, specifying the types of content it should identify.

2. Test the trainable classifier

Before using the classifier in production, you need to validate its accuracy by testing it against sample documents to ensure it correctly classifies the intended data.

3. Publish the trainable classifier

Once testing is successful, you must publish the classifier so that it can be used in policies like auto-apply retention labels in Microsoft Purview.

Microsoft Purview browser extensions for Endpoint DLP are supported on:

● Windows 10/11 (Config1)

● macOS (Config2)

● Not supported on Android (Config3)

Since Microsoft Purview does not support browser extensions on Android, Config3 is excluded from both Google Chrome and Firefox.

When you run a Content Search in the Microsoft Purview compliance portal and want to download/export the search results, you must:

Select Export results in the Content Search tool.

Purview generates an Export key.

Use the eDiscovery Export Tool (ClickOnce application) to download the results.

The Export key is required to authenticate the export process.

Certificate → Not used in this process.

Password → Not required for export.

PIN → Not relevant here.

Export Key → ✅ Mandatory to export search results.

📖 Reference:

Export Content Search results - Microsoft Learn

In Microsoft Purview Exact Data Match (EDM) classifiers, a primary element is a unique, identifying field used for data matching. EDM allows up to two primary elements per schema.

From the provided table, the Match mode indicates how data is analyzed:

● PP (EU Passport Number) → Likely a primary element because it's unique.

● Name (All Full Names) → Typically not a primary element as names are common.

● DateOfBirth (Single-token) → Usually a secondary element, not unique.

● AccountNumber (Multi-token) → Can be a primary element, as it's a unique identifier.

● Since EDM supports a maximum of two primary elements, the correct answer is 2.

The issue where users sometimes can upload files to cloud services and sometimes cannot suggests inconsistent enforcement of Endpoint DLP policies. This can be caused by the unallowed browsers in the Microsoft 365 Endpoint DLP settings are NOT configured. Also, there are file path exclusions in the Microsoft 365 Endpoint DLP settings.

Endpoint DLP can block uploads only when using unallowed browsers. If unallowed browsers are not configured, users might be able to bypass restrictions by switching to a different browser. This could explain why uploads sometimes work and sometimes don’t, depending on which browser is used.

File path exclusions allow certain files or folders to be exempt from DLP restrictions. If a specific file location is excluded, files stored there won’t trigger DLP policies, leading to inconsistent behavior. This could result in some uploads being blocked while others are allowed.

The requirements are:

Detect credit card information → requires a sensitive info type (built-in: Credit Card Number).

Detect keywords “Project1” or “Project2” → can be handled in the same sensitive info type by using keyword matching.

Watermarks (“Confidential”, “Internal Use Only”) are label actions, not sensitive info types.

Therefore, only 2 sensitive info types are required: one for keywords, one for credit card data.