SC-401 試験問題を無料オンラインアクセス

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.
Site1 contains three files named File1, File2, and File3.
You create the data loss prevention (DLP) policies shown in the following table.

The DLP rule matches for each file are shown in the following table.

How many DLP policy matches events will be added to Activity explorer, and how many policy matches will be added to the DLP incidents report? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解：

Explanation:

You have a Microsoft 365 subscription.
You create a new trainable classifier.
You need to train the classifier.
Which source can you use to train the classifier?

• A.an on-premises Microsoft SharePoint Server site
• B.a Microsoft SharePoint Online site
• C.an NFS file share
• D.an A2ure Files share

You have a Microsoft 365 E5 subscription that contains a user named User1. You deploy Microsoft Purview Data Security Posture Management for AD (DSPM for AD). You need to ensure that User1 can verify the auditing status of the subscription. The solution must follow the principle of least privilege. To which role group should you add User1?

• A.Security Reader
• B.View-Only Organization Management for Microsoft Exchange Online
• C.Insider Risk Management Investigators
• D.Insider Risk Management Analysts

You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3 and a file named Filetdocx.
You create a sensitivity label named Label1 as shown in the following exhibit.

You apply Label1 to File1.
For which users can Microsoft 365 Copilot summarize File1?

• A.User 1 only
• B.User1 and User2 only
• C.User1, User2, and User3
• D.No user

You have a Microsoft 365 E5 subscription.
You need to implement a compliance solution that meets the following requirements:
# Captures clips of key security-related user activities, such as the exfiltration of sensitive company data.
# Integrates data loss prevention (DLP) capabilities with insider risk management.
What should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解：

Explanation:

Captures clips of key security-related user activities
This requirement refers to recording and surfacing evidence of risky user behavior (e.g., copying sensitive files to USB, uploading to cloud storage, or exfiltrating data).
In Microsoft Purview Insider Risk Management, this is achieved through Forensic evidence, which allows capturing screenshots/clips of user activities on endpoints when a policy is triggered.
Ref: Microsoft Learn - Insider risk forensic evidence
Integrates DLP capabilities with insider risk management
Microsoft introduced Adaptive Protection as part of Purview Insider Risk.
Adaptive Protection uses insider risk signals and DLP together, dynamically adjusting DLP controls (block, restrict, monitor) based on the user's risk level.
This integration reduces false positives and ensures risky users are monitored more strictly while low-risk users are less impacted.
Ref: Microsoft Learn - Adaptive Protection in Microsoft Purview
Other options ruled out:
Adaptive scopes: Used for defining policy targeting groups dynamically, not capturing activities.
Classifiers/Trainable classifiers: Used for content classification, not exfiltration capture or DLP integration.
eDiscovery (Premium): For legal investigations, not insider risk + DLP integration.
Records management: Lifecycle retention, not related to insider risk.