All SC-401 Test Inside Microsoft Questions

When configuring an advanced DLP rule in Microsoft Purview Data Loss Prevention (DLP), you can use a Sensitive Information Type (SIT) condition to detect and classify specific types of sensitive data, such as credit card numbers, Social Security numbers, or custom sensitive data patterns. This allows you to apply protection and trigger actions based on the identified content.

EDM does not store raw data; instead, it requires hashed versions of sensitive data for privacy and security. To upload the hashed data, Microsoft provides the EDM upload agent. This ensures that the data is securely processed and recognized by the EDM service in Microsoft 365.

A. Create a DLP policy → Needed to detect sensitive information being shared externally.

B. Turn on Indicators → Required for insider risk policies to detect risky activities like external sharing.

C. Configure adaptive protection → Optional for tailoring enforcement, not mandatory here.

D. Turn on analytics → Helps assess policy impact but not required to generate alerts.

E. Create an insider risk policy → Required to generate insider risk alerts.

Policy1 monitors printing of files by users that submitted their resignation. In Insider Risk Management, the Data theft by departing users template is designed for users marked as leaving and watches for exfiltration indicators such as printing, USB copy, or uploads to cloud services.

Ref: Microsoft Purview Insider Risk Management – Policy templates: Data theft by departing users (monitors exfiltration activities for departing users).

Policy2 monitors accidental sharing of data outside the organization by users in a priority user group. The template for this is Data leaks by priority users, which targets a defined priority user group and focuses on oversharing/leak indicators (external sharing, email to external, cloud uploads, etc.).

Ref: Insider Risk Management – Data leaks by priority users template.

Policy3 monitors downloading of files from SharePoint Online to personal cloud storage services. This is a classic data leak/exfiltration scenario without a departing/priority qualifier, so the general Data leaks template is appropriate (covers uploads to personal cloud services and other exfiltration vectors).

Ref: Insider Risk Management – Data leaks template (monitors exfiltration such as uploads to personal cloud services).

These mappings align with Microsoft’s template purposes: Departing user exfiltration → Data theft by departing users; Priority users oversharing → Data leaks by priority users; Generic exfiltration → Data leaks.