無料でゲット!2026年最新のに更新されたMicrosoft SC-401試験問題と解答
SC-401問題集PDFとテストエンジン試験問題
Microsoft SC-401 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 # 127
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You are creating an exact data match (EDM) classifier named EDM1.
For EDM1, you upload a schema file that contains the fields shown in the following table.
What is the maximum number of primary elements that EDM1 can have?
- A. 0
- B. 1
- C. 2
- D. 3
正解:C
解説:
In Microsoft Purview Exact Data Match (EDM) classifiers, a primary element is a unique, identifying field used for data matching. EDM allows up to two primary elements per schema.
From the provided table, the Match mode indicates how data is analyzed:
# PP (EU Passport Number) # Likely a primary element because it's unique.
# Name (All Full Names) # Typically not a primary element as names are common.
# DateOfBirth (Single-token) # Usually a secondary element, not unique.
# AccountNumber (Multi-token) # Can be a primary element, as it's a unique identifier.
# Since EDM supports a maximum of two primary elements, the correct answer is 2.
質問 # 128
You are reviewing policies for the SharePoint Online environment.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 129
You have a Microsoft 365 E5 tenant.
You create a data loss prevention (DLP) policy.
You need to ensure that the policy protects documents in Microsoft Teams chat sessions.
Which location should you enable in the policy?
- A. OneDrive accounts
- B. Exchange email
- C. SharePoint sites
- D. Teams chat and channel messages
正解:A
解説:
Documents shared in Team Chats are stored in OneDrive and shared in Channel Chats are stored in SharePoint Sites.
質問 # 130
You have a Microsoft 365 subscription that contains a user named User1.
You create a Highly Confidential sensitivity label named Label1.
You need to prevent User1 from using Microsoft 365 Copilot to summarize content that has Label1 applied. The solution must ensure that User1 can directly access the content.
Which type of policy should you create?
- A. retention
- B. data loss prevention (DLP)
- C. communication compliance
- D. insider risk management
正解:B
解説:
To prevent a specific user from using M365 Copilot to summarize content with a "Highly Confidential" label, while allowing them direct access, you use a Microsoft Purview Data Loss Prevention (DLP) policy targeting Copilot, configured to block processing of that specific label for that user, without removing their underlying file permissions. This DLP policy intercepts Copilot's attempts to use the labeled content for summarization, effectively removing the content extraction right for Copilot in that scenario.
How it Works:
The DLP policy overrides Copilot's ability to extract and summarize content from files with the
"Highly Confidential" label when that specific user prompts Copilot.
This doesn't remove the user's direct permissions to open, read, or edit the file; it only stops Copilot from using it as a source for summaries.
This method leverages Purview DLP to create fine-grained controls over what Copilot can process, even when standard permissions allow access.
Reference:
https://learn.microsoft.com/en-us/copilot/microsoft-365/microsoft-365-copilot-privacy
質問 # 131
HOTSPOT
You plan to create a custom sensitive information type that will use Exact Data Match (EDM).
You need to identify what to upload to Microsoft 365, and which tool to use for the upload.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
EDM does not store raw data; instead, it requires hashed versions of sensitive data for privacy and security.
To upload the hashed data, Microsoft provides the EDM upload agent. This ensures that the data is securely processed and recognized by the EDM service in Microsoft 365.
質問 # 132
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage Account keys in plain text to third parties.
You need to ensure that when Azure Storage Account keys are emailed, the emails are encrypted.
Solution: You configure a mail flow rule that matches the text patterns.
Does this meet the goal?
- A. No
- B. Yes
正解:A
解説:
Using the "text patterns" condition in the Exchange transport rule would not work.
The condition to be used in the Exchange transport rule would be "The message contains any of this sensitive information..." and select the Sensitive Info Type "Azure Account Storage Key".
https://docs.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/conditions-and- exceptions?view=exchserver-2019
質問 # 133
HOTSPOT
You have a Microsoft SharePoint Online site that contains the following files.
Users are assigned roles for the site as shown in the following table.
Which files can User1 and User2 open? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 134
Hotspot Question
You have a Microsoft SharePoint Online site named Site1 that contains the files shown in the following table.
You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.
You apply DLP1 to Site1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Box 1: No
File1 has two IP addresses in it.
Both Tip2 and Tip3 rules matches. Tip2 has higher priority.
Note: For the hosted service workloads, like Exchange Online, SharePoint Online and OneDrive for Business, each rule is assigned a priority in the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.
When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the first rule evaluated that has the most restrictive action is enforced.
Box 2: Yes
File2 has six IP addresses in it.
Only Rule3 matches.
Box 3: Yes
File3 has four IP addresses in it.
Both Rule2 and Rule3 matches.
Rule2 has higher priority.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-reference
質問 # 135
You have a Microsoft 36S subscription.
In Microsoft Exchange Online, you configure the mail flow rule shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 136
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You plan to create a Microsoft Purview insider risk management case named Case1.
Which insider risk management object should you select first, and which users will be added as contributors for Case1 by default?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
Box 1: When creating a Microsoft Purview Insider Risk Management case, you must first select a risky user to investigate. The case will be built around this specific user's activities, linking alerts and risk signals to the investigation.
Box 2: The Insider Risk Management role groups determine who can access and contribute to cases:
# Admin1 (Insider Risk Management Admins) # Full admin access.
# Admin2 (Insider Risk Management Analysts) # Analysts who review cases.
# Admin3 (Risk Management Investigators) # Investigators who work on cases.
# Admin4 (Insider Risk Management Auditors) # Auditors who oversee cases.
All these roles have default access to insider risk cases in Microsoft Purview, so all four admins are added as contributors.
質問 # 137
You have a Microsoft 365 tenant that is opt-in for trainable classifiers.
You need to ensure that a user named User1 can create custom trainable classifiers. The solution must use the principle of least privilege.
Which role should you assign to User1?
- A. Security Administrator
- B. Global Administrator
- C. Security Operator
- D. Compliance Administrator
正解:B
質問 # 138
You have a Microsoft 365 E5 subscription that contains four users named User1. User2, User3, and User4 and a file named File1.docx. File1 has a sensitivity label applied. The label is configured as shown in the following table.
Which users can summarize File1 by using Microsoft 365 Copilot?
- A. User1, User2, User3. and User4
- B. User1 only
- C. User1, User2. and User3 only
- D. User1 and User2 only
正解:D
解説:
Step 1 - Understand the scenario
* We have a Microsoft 365 E5 subscription with Copilot available.
* File1.docx has a sensitivity label applied.
* The sensitivity label controls usage rights (Owner, Editor, Restricted Editor, Viewer).
* The question: Which users can summarize File1 with Microsoft 365 Copilot?
Step 2 - Sensitivity labels and usage rights
When a sensitivity label is configured to apply encryption with usage rights, each role has different levels of access:
* Owner: Full control (read, edit, reshare, extract, etc.).
* Editor: Can read, edit, and copy content.
* Restricted Editor: Can read and edit in place, but cannot copy, print, or extract content.
* Viewer: Can only read (view) the content.
# Reference: Rights included in usage rights for sensitivity labels
Step 3 - Copilot's requirements for summarization
Microsoft 365 Copilot requires that the user has the ability to read and extract text from the document in order to generate a summary.
* Owners and Editors: # Can both read and extract # Copilot works.
* Restricted Editors: # Cannot copy/extract text # Copilot cannot summarize.
* Viewers: # Can only view # Copilot cannot process content for summarization.
# Reference: Microsoft 365 Copilot and sensitivity labels
"Users must have extract and copy rights in order for Microsoft 365 Copilot to process and summarize labeled documents." Step 4 - Apply to the case
* User1 (Owner) # Can summarize.
* User2 (Editor) # Can summarize.
* User3 (Restricted Editor) # Cannot summarize.
* User4 (Viewer) # Cannot summarize.
質問 # 139
You have a Microsoft 365 E5 subscription.
You need to create static retention policies for the following locations:
- Teams chats
- Exchange email
- SharePoint sites
- Microsoft 365 Groups
- Teams channel messages
What is the minimum number of retention policies required?
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
正解:C
解説:
If you select the Teams or Yammer locations when you create a retention policy, the other locations are automatically excluded. This means that the instructions to follow depend on whether you need to include the Teams or Yammer locations.
https://learn.microsoft.com/en-us/microsoft-365/compliance/create-retention-policies?view=o365- worldwide&tabs=teams-retention#create-and-configure-a-retention-policy
質問 # 140
You have a Microsoft 365 subscription.
You plan to retain the following audit log record types and activities for the next three years:
- CopilotInteraction: All activities selected (1/1)
- Interacted with Copilot
- ComplianceDLPEndpoint: All activities selected (2/2)
- Matched DLP rule
- Removed DLP rule from document
- AzureActiveDirectory: 2 of 25 activities selected (2/25)
- Reset user password
- Changed user password
What is the minimum number of audit retention policies you should create to retain only the selected record types and activities?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
解説:
You only need one Microsoft 365 audit retention policy to cover CopilotInteraction, ComplianceDLPEndpoint, and AzureActiveDirectory for three years, as a single policy can be configured with a three-year duration to apply to all specified record types. However, this requires having a Microsoft 365 Enterprise E5 subscription and a 10-Year Audit Log Retention add-on license to meet the three-year retention requirement.
Reference:
https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
質問 # 141
You have a Microsoft 365 subscription.
You plan to deploy an audit log retention policy.
You need to perform a search to validate whether the policy will be applied to the intended entries.
Which two fields should you configure for the search? To answer, select the appropriate fields in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:

質問 # 142
You have a Microsoft 365 E5 subscription that contains the sensitive information types (SITs) shown in the following table.
You plan to create the policies shown in the following table and assign them to a Microsoft SharePoint Online site.
Which policies can use SIT1. and which policies can use SIT2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 143
You have Microsoft 365 E5 subscription that uses data loss prevention (DLP) to protect sensitive information.
You have a document named Form.docx.
You plan to use PowerShell to create a document fingerprint based on Form.docx.
You need to first connect to the subscription.
Which cmdlet should you run?
- A. Connect-SPOService
- B. Connect-IPPSSession
- C. Connect-ExchangeOnline
- D. Connect-MgGraph
正解:B
解説:
Currently, you can create a document fingerprint only in Security & Compliance PowerShell, and Connect-IPPSSession is how you connect to it.
https://learn.microsoft.com/en-us/purview/document-fingerprinting#create-a-custom-sensitive- information-type-based-on-document-fingerprinting-using-powershell
https://learn.microsoft.com/en-us/powershell/module/exchange/connect-
ippssession?view=exchange-ps
質問 # 144
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You are evaluating the use of custom data assessment scans to identify the potential oversharing of data in the subscription.
What is the maximum number of items the data assessments can support per location?
- A. 100.000
- B. 200.000
- C. 50.000
- D. 500.000
正解:B
解説:
Comprehensive Detailed Explanation with References
Custom Data Access Governance (DAG) data assessment scans in Microsoft Purview can be run on selected SharePoint Online or OneDrive locations to check for oversharing and exposure. Each custom assessment scan supports up to 200,000 items per location. This cap is documented in Microsoft's guidance for custom data access governance assessments.
質問 # 145
You have a Microsoft 365 tenant named contoso.com that contains two users named User1 and User2. The tenant uses Microsoft Purview Message Encryption.
User1 plans to send emails that contain attachments as shown in the following table.
User2 plans to send emails that contain attachments as shown in the following table.
For which emails will the attachments be encrypted? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 146
You have a Microsoft 365 IS subscription that contains the resources shown in the following table.
The subscription contains a Windows 11 device named Device 1 and has the Microsoft Purview Information Protection client installed. Device i contains the resources shown in the following table.
You publish a sensitivity label named Label1 to User1 and Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
解説:
Explanation:
質問 # 147
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.
Site1 contains three files named File1, File2, and File3.
You create the data loss prevention (DLP) policies shown in the following table.
The DLP rule matches for each file are shown in the following table.
How many DLP policy matches events will be added to Activity explorer, and how many policy matches will be added to the DLP incidents report? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 148
......
検証済みのSC-401テスト問題集と解答で正確な275問題と解答あります:https://jp.fast2test.com/SC-401-premium-file.html
最新をゲットせよ!SC-401認定有効な試験問題集解答:https://drive.google.com/open?id=1Nr0R60DRXy8kBy-tEcwsT1mGA9j6cKP7