SC-401日本語 無料問題集「Microsoft Administering Information Security in Microsoft 365(SC-401日本語版)」

解説: (JPNTest メンバーにのみ表示されます)

解説: (JPNTest メンバーにのみ表示されます)

Explanation:
Box 1: To include the sensitive info type detected for each DLP rule match, you need to add a custom column in Activity Explorer. This ensures that the exported file contains specific details about the detected sensitive information types.
Box 2: DLP activity exports from Activity Explorer are always in CSV (Comma-Separated Values) format.
This format allows for easy data analysis and reporting in Excel or other data-processing tools.

解説: (JPNTest メンバーにのみ表示されます)

解説: (JPNTest メンバーにのみ表示されます)

Explanation:

Comprehensive Detailed Explanation with References
We are given a sensitivity label with the following Access control settings:
Assign permissions now # meaning admins define permissions, not end users.
User access to content expires = Never.
Allow offline access = Always.
Permissions explicitly assigned:
LegalTeam@... # Co-Author
USSales@... # Reviewer
Dynamic watermarking and Double Key Encryption are not enabled.
Reference: Restrict access to content with sensitivity labels
Statement 1: Only users at your company can view an email that has the sensitivity label applied.
False, because permissions are explicitly assigned to two groups (LegalTeam, USSales).
If any external users were added, they would also get access.
The configuration does not inherently restrict to only internal users.
# Answer: NO
Statement 2: The owner of an email can assign permissions when applying the sensitivity label.
False, because the sensitivity label was configured with "Assign permissions now".
This means permissions are fixed by admins and cannot be modified by the email sender.
If "Let users assign permissions" was enabled, this would be YES.
# Answer: NO
# Statement 3: [email protected]
can print an email that has the sensitivity label applied.
USSales group has the Reviewer role.
Reviewer = Can view, read, and save, but cannot print, copy, or export.
Reference: Usage rights and role mapping for sensitivity labels
# Answer: NO

Explanation:
A screenshot of a questionnaire AI-generated content may be incorrect.

The goal is to automatically label documents in Site1 that contain credit card numbers. To achieve this, we need a sensitivity label with an auto-labeling policy based on a sensitive info type that detects credit card numbers.
Step 1: Create a Sensitive Info Type
# A sensitive info type is needed to detect credit card numbers in documents.
# Microsoft Purview includes built-in sensitive info types for credit card numbers, but we can also create a custom one if necessary.
Step 2: Create a Sensitivity Label
# A sensitivity label is required to classify and protect documents containing sensitive information.
# This label can apply encryption, watermarking, or access controls to credit card data.
Step 3: Create an Auto-Labeling Policy
# An auto-labeling policy ensures that the sensitivity label is applied automatically when credit card numbers are detected in Site1.
# This policy is configured to scan files and automatically apply the correct sensitivity label.
Topic 1, Contoso, Ltd Case Study 1
Instructions
This is a case study. Case studies are not timed separately from other exam sections. You can use as much exam time as you would like to complete each case study. However, there might be additional case studies or other exam sections. Manage your time to ensure that you can complete all the exam sections in the time provided. Pay attention to the Exam Progress at the top of the screen so you have sufficient time to complete any exam sections that follow this case study.
To answer the case study questions, you will need to reference information that is provided in the case. Case studies and associated questions might contain exhibits or other resources that provide more information about the scenario described in the case. Information provided in an individual question does not apply to the other questions in the case study.
A Review Screen will appear at the end of this case study. From the Review Screen, you can review and change your answers before you move to the next exam section. After you leave this case study, you will NOT be able to return to it.
To start the case study
To display the first question in this case study, select the "Next" button. To the left of the question, a menu provides links to information such as business requirements, the existing environment, and problem statements. Please read through all this information before answering any questions. When you are ready to answer a question, select the "Question" button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.
Existing Environment
Microsoft 365 Environment
Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.

Users store data in the following locations:
# SharePoint sites
# OneDrive accounts
# Exchange email
# Exchange public folders
# Teams chats
# Teams channel messages
When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.
SharePoint Online Environment
Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.
Site2 contains the files shown in the following table.

Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.

Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.
Site4 has the following two retention policies applied:
# Name: Site4RetentionPolicy1
# Locations to apply the policy: Site4
# Delete items older than: 2 years
# Delete content based on: When items were created
# Name: Site4RetentionPolicy2
# Locations to apply the policy: Site4
# Retain items for a specific period: 4 years
# Start the retention period based on: When items were created
# At the end of the retention period: Do nothing
Problem Statements
Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.
Requirements
Planned Changes
Contoso plans to create the following data loss prevention (DLP) policy:
# Name: DLPpolicy1
# Locations to apply the policy: Site2
# Conditions:
# Content contains any of these sensitive info types: SWIFT Code
# Instance count: 2 to any
# Actions: Restrict access to the content
Technical Requirements
Contoso must meet the following technical requirements:
# All administrative users must be able to review DLP reports.
# Whenever possible, the principle of least privilege must be used.
# For all users, all Microsoft 365 data must be retained for at least one year.
# Confidential documents must be detected and protected by using Microsoft 365.
# Site1 documents that include credit card numbers must be labeled automatically.
# All administrative users must be able to create Microsoft 365 sensitivity labels.
# After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.

Explanation:

Comprehensive Detailed Explanation with References
When multiple advanced DLP rules match content, Microsoft 365 DLP evaluates based on:
Rule priority
Lower number = higher priority (0 highest).
Among Rule2 (priority 1), Rule3 (priority 2), and Rule4 (priority 3), Rule2 has the highest priority.
Conflict resolution (single vs multiple rules applied)
By default, only the highest-priority rule applies if multiple rules match. # That's why in the first dropdown, the correct answer is Only Rule2 takes effect.
However, you can configure advanced DLP to allow multiple matching rules to take effect simultaneously. If this setting is enabled, then Rule2, Rule3, and Rule4 all apply. # That's why in the second dropdown, the correct answer is Rule2, Rule3, and Rule4 take effect.
References:
Microsoft Learn: Order of rule processing in DLP
Microsoft Learn: Advanced DLP rule precedence

解説: (JPNTest メンバーにのみ表示されます)