ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-401 All Questions

View all questions & answers for the SC-401 exam
Go to Exam

Exam SC-401 topic 1 question 2 discussion

Actual exam question from Microsoft's SC-401
Question #: 2
Topic #: 1
[All SC-401 Questions]

Case Study -

Instructions -
This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.
To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.
A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.

To start the case study -
To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions. When you are ready to answer a question, select the "Question" button to return to the question.

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.

Existing Environment -

Microsoft 365 Environment -
Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.

Users store data in the following locations:

SharePoint sites -

OneDrive accounts -

Exchange email -

Exchange public folders -

Teams chats -

Teams channel messages -
When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.

SharePoint Online Environment -
Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.
Site2 contains the files shown in the following table.

Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.


Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.
Site4 has the following two retention policies applied:

Name: Site4RetentionPolicy1 -
Locations to apply the policy: Site4
Delete items older than: 2 years
Delete content based on: When items were created

Name: Site4RetentionPolicy2 -
Locations to apply the policy: Site4
Retain items for a specific period: 4 years
Start the retention period based on: When items were created
At the end of the retention period: Do nothing

Problem Statements -
Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.

Requirements -

Planned Changes -
Contoso plans to create the following data loss prevention (DLP) policy:

Name: DLPpolicy1 -
Locations to apply the policy: Site2
Conditions:
Content contains any of these sensitive info types: SWIFT Code

Instance count: 2 to any -
Actions: Restrict access to the content

Technical Requirements -
Contoso must meet the following technical requirements:
All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used.
For all users, all Microsoft 365 data must be retained for at least one year.
Confidential documents must be detected and protected by using Microsoft 365.
Site1 documents that include credit card numbers must be labeled automatically.
All administrative users must be able to create Microsoft 365 sensitivity labels.
After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.
You need to meet the technical requirements for the creation of the sensitivity labels.
To which user or users must you assign the Sensitivity Label Administrator role?

  • A. Admin1 only
  • B. Admin1 and Admin4 only
  • C. Admin1 and Admin5 only
  • D. Admin1, Admin2, and Admin3 only
  • E. Admin1, Admin2, Admin4, and Admin5 only
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by Jo696 at April 1, 2025, 1:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
starlord45
2 days, 7 hours ago
Selected Answer: E
For me Answer E fits the most. A Global Reader only can view only settings and can not create labels. Compliance Data Administrator can keep track of your organization's data across Microsoft 365, make sure it's protected, and get insights into any issues to help mitigate risks. Compliance Administrator can create sensitivity labels. Security Operator can not create labels, has more rights in defender xdr than in purview. Security Administrator, same as Security Operator. More rights in defender xdr, but can not create labels. So answer E. Admin1, Admin2, Admin4, and Admin5 should be right.
upvoted 1 times
...
JFROG
1 week, 5 days ago
Selected Answer: B
I agree with ETUs3r. https://learn.microsoft.com/en-us/entra/architecture/8-secure-access-sensitivity-labels Permissions to create and manage sensitivity levels Team members who need to create sensitivity labels require permissions to: Microsoft 365 Defender portal, Microsoft Purview compliance portal, or Microsoft Purview compliance portal By default, Global Administrators have access to admin centers and can provide access, without granting tenant Admin permissions. For this delegated limited admin access, add users to the following role groups: Compliance Data Administrator, Compliance Administrator, or Security Administrator
upvoted 1 times
...
ETUs3r
1 week, 6 days ago
Selected Answer: B
Correct answer should be B. https://learn.microsoft.com/en-us/defender-office-365/scc-permissions
upvoted 2 times
...
RoMoo
2 weeks, 2 days ago
Selected Answer: E
Admin3 (Compliance Administrator) already has this permission through their existing role. The users who need the "Sensitivity Label Administrator" role assigned are those who do not already have the permission via another role. These are Admin1, Admin2, Admin4, and Admin5.
upvoted 1 times
...
Jo696
2 weeks, 4 days ago
Selected Answer: E
Only admin 3, the compliance administrator, can create sensitivity labels
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago