Pass the Microsoft Microsoft Certified: Information Security Administrator Associate SC-401 Questions and answers with CertsForce

Step 1 – Requirement

You need to configure a mail flow rule in Exchange Online to apply a Microsoft Purview Advanced Message Encryption (OME) branding template named OME1.

Step 2 – Mail Flow Rule Conditions

In Exchange Online, to trigger encryption based on sensitivity labels (classifications):

You use the condition "Apply this rule if: The sender … Includes the classification".

This lets the rule detect when the sender applies a particular sensitivity label (classification) to the email.

Step 3 – Mail Flow Rule Action

To apply a custom branding template (such as OME1), you configure the action:

"Modify the message security".

This is the action that allows applying encryption and assigning a specific OME template for branding.

Step 1 – Where to configure Insider Risk Management notices

Insider risk management notices are part of the Microsoft Purview Insider Risk Management solution.

They are created and managed within the Microsoft Purview compliance portal.

The Microsoft 365 admin center, Microsoft Defender portal, or Microsoft Entra admin center are not used for notice templates.

Therefore, the correct choice for the portal is: Microsoft Purview portal.

Step 2 – Supported formats for notice templates

When creating an Insider Risk Management notice template, Microsoft Purview allows customization of the message body in HTML format.

HTML provides rich text formatting (fonts, colors, links, branding).

Markdown, RTF, and XML are not supported options for Purview notice templates.

Therefore, the correct format is: HTML.

Step 3 – Microsoft Reference

Microsoft documentation states:

“Notice templates are created and managed in the Microsoft Purview compliance portal. The body of the notice message is authored in HTML format to allow for full customization.”

Step 1 – Requirement

The scenario requires using Microsoft Purview Insider Risk Management to import HR data (such as employee hire dates, resignations, and department changes). HR data connectors allow insider risk policies to use workforce signals to detect risky user activities.

Step 2 – What to do first

Before importing HR data, you must configure Insider Risk Management settings in the Microsoft Purview compliance portal. This is a prerequisite step that enables HR data connectors and policies to be created.

Microsoft Endpoint DLP relies on Microsoft Defender for Endpoint (MDE) for its enforcement.

Onboarding Windows 10/11 devices to Defender for Endpoint ensures the Endpoint DLP policies can be applied, including monitoring and protecting content across apps and browsers.

In Microsoft Purview, when multiple alert policies trigger alerts, duplicate alerts within a short period (typically 5 minutes) may be suppressed to avoid redundancy.

Step-by-step Analysis:

● Policy1 at 10:00:04 is ignored because Policy1 already triggered at 10:00:00, and it's within 5 minutes.

● Policy2 at 10:00:31 is ignored because Policy2 already triggered at 10:00:03, and it's within 5 minutes.

● Policy1 at 10:01:01 is a new alert because it's over 1 minute after the previous Policy1 alert.

● Policy1 at 10:04:45 is a new alert because it's over 3 minutes after the previous Policy1 alert.

The Endpoint DLP “configuration package” approach was required before Microsoft fully integrated Endpoint DLP with Microsoft Defender for Endpoint.

Currently, the supported and required method is to onboard devices to Microsoft Defender for Endpoint. Deploying just a configuration package will not ensure Endpoint DLP policy enforcement.

To track interactions between users and generative AI websites in Microsoft Purview Audit, you need to deploy the Microsoft Purview browser extension to the devices. This extension enables tracking of user activities on web-based applications, including AI-related tools like ChatGPT, Microsoft Copilot, and other generative AI platforms.

Microsoft Purview extension provides visibility into browser-based activities, including AI tool usage, ensuring compliance and risk management within Microsoft Purview. This extension works with Microsoft Edge and Google Chrome to track and log user interactions.

To ensure User1 can perform insider risk management tasks only for the users and devices in Office1, the first step is to create an administrative unit in Microsoft Entra ID (formerly Azure AD).

Administrative units allow you to scope permissions to specific users, devices, and locations. By creating an administrative unit for Office1 and assigning User1 to the Insider Risk Management Admins role group within that unit, User1 will only have access to users and devices in Office1.

To create a document fingerprint in Microsoft 365 Data Loss Prevention (DLP), you need to use PowerShell for Microsoft Purview. The correct cmdlet to connect to the Microsoft 365 Security & Compliance Center (where DLP policies are managed) is Connect-IPPSSession. This cmdlet establishes a PowerShell session to manage DLP policies, compliance settings, and document fingerprinting.

To extend DLP to Teams, you must enable Teams chat and channel messages as a location in the DLP policy. SharePoint and OneDrive protect stored content, but chat sessions require the Teams-specific location.