SC-401 Administering Information Security in Microsoft 365 Practice Exam
Preparing for the SC-401 Administering Information Security in Microsoft 365 certification exam? You’ve come to the right place. This exam validates your expertise in securing Microsoft 365 environments, helping organizations protect data, manage threats, and ensure compliance across cloud services.
What is the SC-401 Certification Exam?
The SC-401 exam is designed for IT professionals and security administrators who want to demonstrate their skills in configuring and managing security features in Microsoft 365. It tests your knowledge of identity and access management, threat protection, information governance, and compliance solutions in Microsoft’s cloud platform. Earning this certification proves you can effectively safeguard an organization’s Microsoft 365 environment against modern cybersecurity threats.
What Will You Learn?
By preparing for and passing the SC-401 exam, you will gain comprehensive skills in:
Implementing identity and access management strategies using Azure Active Directory and Conditional Access policies.
Configuring Microsoft Defender for Endpoint, Defender for Office 365, and other threat protection services.
Managing data loss prevention (DLP) policies, sensitivity labels, and information governance.
Monitoring and responding to security alerts and incidents using Microsoft 365 Defender and Security & Compliance centers.
Ensuring regulatory compliance and privacy by leveraging Microsoft 365 compliance tools.
Key Topics Covered
Identity and Access Management (IAM) in Microsoft 365
Threat Protection and Microsoft Defender Solutions
Information Protection with Sensitivity Labels and Encryption
Data Loss Prevention (DLP) Configuration
Security Monitoring, Incident Response, and Investigation
Compliance Management and Data Governance
Managing Microsoft Secure Score and Security Baselines
Why Choose Exam Sage for Your SC-401 Exam Preparation?
At Exam Sage, we specialize in providing high-quality, up-to-date practice tests that mirror the real SC-401 exam structure and difficulty. Our carefully crafted questions are designed to reinforce your understanding, improve retention, and boost confidence. Each question includes detailed explanations to help you grasp complex concepts clearly.
With Exam Sage, you get:
Authentic practice questions updated to reflect the latest Microsoft 365 security features.
Clear, step-by-step answer explanations to deepen your learning.
Flexible online access to prepare anytime, anywhere.
A proven resource trusted by thousands of certification candidates.
Take the next step in your cybersecurity career and prepare effectively with Exam Sage’s SC-401 Administering Information Security in Microsoft 365 practice exam. Build your skills, pass your exam, and become a certified Microsoft 365 security administrator.
Sample Questions and Answers
1. Which Microsoft 365 tool is primarily used to create and manage data loss prevention (DLP) policies?
A) Microsoft Defender for Endpoint
B) Microsoft Compliance Center
C) Azure Security Center
D) Microsoft Intune
Answer: B) Microsoft Compliance Center
Explanation: The Microsoft Compliance Center is the main hub for managing compliance features in Microsoft 365, including Data Loss Prevention (DLP) policies.
2. What feature in Microsoft 365 allows administrators to classify and protect sensitive data across cloud services?
A) Azure Sentinel
B) Microsoft Defender for Office 365
C) Microsoft Information Protection (MIP)
D) Windows Defender Firewall
Answer: C) Microsoft Information Protection (MIP)
Explanation: MIP provides tools to classify, label, and protect sensitive data wherever it resides in Microsoft 365.
3. Which of the following policies can be configured in Microsoft 365 to restrict access to corporate resources based on device compliance?
A) Conditional Access Policies
B) App Protection Policies
C) DLP Policies
D) Retention Policies
Answer: A) Conditional Access Policies
Explanation: Conditional Access policies in Azure AD help restrict or allow access to resources based on user, device, location, and risk factors.
4. What role should an administrator have to manage Microsoft Defender for Office 365?
A) Global Administrator
B) Security Administrator
C) Exchange Administrator
D) Compliance Administrator
Answer: B) Security Administrator
Explanation: The Security Administrator role allows management of Microsoft Defender for Office 365 and other security-related settings.
5. In Microsoft 365, what is the primary purpose of Sensitivity Labels?
A) To classify content for retention only
B) To enforce multifactor authentication
C) To classify and protect content with encryption and access restrictions
D) To create device compliance reports
Answer: C) To classify and protect content with encryption and access restrictions
Explanation: Sensitivity Labels help classify data and apply protections such as encryption and access controls.
6. What component of Microsoft 365 helps identify phishing attempts and malicious attachments in emails?
A) Microsoft Cloud App Security
B) Microsoft Defender for Office 365 Safe Attachments
C) Microsoft Endpoint Manager
D) Azure Sentinel
Answer: B) Microsoft Defender for Office 365 Safe Attachments
Explanation: Safe Attachments scans emails and attachments for malicious content before delivery.
7. How can an administrator configure email encryption for messages sent within the organization?
A) Using Exchange Online Transport Rules
B) By enabling Microsoft Teams Policies
C) Through Microsoft Intune Compliance Policies
D) By setting up Azure AD Conditional Access
Answer: A) Using Exchange Online Transport Rules
Explanation: Transport rules can apply encryption like Office 365 Message Encryption (OME) to emails based on specific conditions.
8. What is the function of Microsoft Defender for Identity?
A) To monitor user activity and detect identity-related threats
B) To manage device encryption policies
C) To provide firewall protection for endpoints
D) To manage compliance audits
Answer: A) To monitor user activity and detect identity-related threats
Explanation: Defender for Identity uses signals from Active Directory to detect suspicious user behaviors.
9. Which Microsoft 365 compliance feature allows organizations to ensure emails are retained or deleted according to policy?
A) Data Loss Prevention
B) Retention Policies and Retention Labels
C) Sensitivity Labels
D) Azure Information Protection
Answer: B) Retention Policies and Retention Labels
Explanation: Retention policies automatically keep or delete emails and documents according to regulatory or business requirements.
10. What does enabling Multi-Factor Authentication (MFA) in Microsoft 365 help prevent?
A) Email retention
B) Data encryption
C) Unauthorized access due to compromised credentials
D) Network intrusions
Answer: C) Unauthorized access due to compromised credentials
Explanation: MFA requires a second form of verification, making unauthorized access much harder.
11. Where can an administrator review detailed alerts about suspicious activities across Microsoft 365 services?
A) Microsoft Endpoint Manager
B) Microsoft Defender Security Center
C) Azure AD Portal
D) Microsoft Compliance Center
Answer: B) Microsoft Defender Security Center
Explanation: The Defender Security Center consolidates security alerts and recommendations.
12. What is the best practice when configuring Data Loss Prevention (DLP) policies?
A) Apply policies organization-wide without testing
B) Test policies in audit mode before enforcement
C) Only apply policies to guest users
D) Disable DLP for mobile devices
Answer: B) Test policies in audit mode before enforcement
Explanation: Audit mode allows administrators to monitor potential policy impacts before enforcing restrictions.
13. What Microsoft 365 feature allows automatic classification of files based on content patterns?
A) Auto-labeling
B) Manual labeling only
C) Azure Sentinel
D) Microsoft Endpoint Manager
Answer: A) Auto-labeling
Explanation: Auto-labeling policies scan content and apply sensitivity labels automatically based on defined conditions.
14. Which Microsoft 365 compliance tool can help investigate user activity and email communication patterns?
A) Compliance Manager
B) Microsoft 365 eDiscovery (Core)
C) Azure Information Protection
D) Defender for Endpoint
Answer: B) Microsoft 365 eDiscovery (Core)
Explanation: eDiscovery tools enable searching, analyzing, and exporting relevant data during investigations.
15. How can an administrator enforce device encryption for Windows 10 devices in Microsoft 365?
A) Configure BitLocker policies via Microsoft Endpoint Manager
B) Use Microsoft Defender for Identity
C) Set up Conditional Access policies only
D) Apply retention labels
Answer: A) Configure BitLocker policies via Microsoft Endpoint Manager
Explanation: Endpoint Manager allows centralized management of BitLocker encryption settings on Windows devices.
16. What Microsoft 365 tool enables monitoring of cloud app usage and risky behavior?
A) Microsoft Defender for Endpoint
B) Microsoft Cloud App Security (MCAS)
C) Azure AD Identity Protection
D) Microsoft Compliance Center
Answer: B) Microsoft Cloud App Security (MCAS)
Explanation: MCAS provides visibility, control, and threat detection for cloud app activities.
17. Which policy type helps secure access by requiring device compliance and location-based rules?
A) Retention Policy
B) Conditional Access Policy
C) DLP Policy
D) Sensitivity Label Policy
Answer: B) Conditional Access Policy
Explanation: Conditional Access policies allow granular access control based on user risk, device compliance, and location.
18. What is the recommended role to assign to an administrator responsible for managing Microsoft 365 compliance features?
A) Global Reader
B) Compliance Administrator
C) Exchange Administrator
D) Security Reader
Answer: B) Compliance Administrator
Explanation: This role provides the permissions needed to configure and manage compliance settings.
19. Which Microsoft 365 feature provides automated investigation and remediation of security incidents?
A) Azure Sentinel
B) Microsoft Defender for Endpoint
C) Automated Investigation and Response (AIR)
D) Microsoft Intune
Answer: C) Automated Investigation and Response (AIR)
Explanation: AIR automates threat investigations and remediation to reduce response time and workload.
20. What action does Microsoft Defender for Office 365 Safe Links perform?
A) Blocks malicious attachments
B) Provides time-of-click verification of URLs in emails
C) Encrypts outbound emails
D) Applies sensitivity labels
Answer: B) Provides time-of-click verification of URLs in emails
Explanation: Safe Links protects users by checking URLs when clicked, blocking malicious sites.
21. What type of Microsoft 365 label can be used to enforce automatic encryption on documents?
A) Retention Label
B) Sensitivity Label
C) Compliance Label
D) Security Label
Answer: B) Sensitivity Label
Explanation: Sensitivity Labels can be configured to apply encryption automatically to documents and emails.
22. How can administrators limit access to Microsoft 365 services only from trusted IP addresses?
A) Using Conditional Access named locations
B) Deploying Intune device profiles
C) Setting retention policies
D) Configuring DLP policies
Answer: A) Using Conditional Access named locations
Explanation: Named locations allow defining trusted IP ranges for access controls.
23. What is the main benefit of using Microsoft Secure Score?
A) To encrypt emails
B) To assess and improve security posture
C) To configure device policies
D) To manage Azure subscriptions
Answer: B) To assess and improve security posture
Explanation: Secure Score provides a measurement of the security health of an organization and actionable recommendations.
24. Which Microsoft 365 feature helps protect sensitive data in Teams chat messages?
A) Sensitivity Labels
B) Retention Policies
C) Microsoft Defender for Endpoint
D) Azure Sentinel
Answer: A) Sensitivity Labels
Explanation: Sensitivity Labels can be applied to Teams messages to enforce encryption and access controls.
25. What type of alert can Microsoft Defender for Office 365 generate when suspicious email activity is detected?
A) Security Alert
B) Compliance Alert
C) Audit Alert
D) Retention Alert
Answer: A) Security Alert
Explanation: Security Alerts notify admins about potential threats like phishing or malware attempts.
26. Which Microsoft 365 service provides a centralized dashboard for compliance score and improvement actions?
A) Microsoft Compliance Manager
B) Microsoft Defender for Endpoint
C) Azure Sentinel
D) Microsoft Cloud App Security
Answer: A) Microsoft Compliance Manager
Explanation: Compliance Manager helps organizations track, manage, and improve compliance with regulations.
27. What is the key benefit of using Microsoft Endpoint Manager in information security administration?
A) Managing on-premises servers
B) Managing and securing devices and apps across platforms
C) Email filtering
D) Access to audit logs
Answer: B) Managing and securing devices and apps across platforms
Explanation: Endpoint Manager allows administrators to manage device compliance and apply security policies remotely.
28. How does Microsoft 365 handle insider risk management?
A) By blocking all external sharing
B) Through Insider Risk Management policies and detection tools
C) By disabling email forwarding
D) Using only Conditional Access policies
Answer: B) Through Insider Risk Management policies and detection tools
Explanation: Insider Risk Management helps detect, investigate, and mitigate insider threats by monitoring user activity.
29. Which Microsoft 365 compliance feature can be used to create a legal hold on mailboxes during litigation?
A) Retention Labels
B) Litigation Hold
C) Sensitivity Labels
D) DLP Policies
Answer: B) Litigation Hold
Explanation: Litigation Hold preserves mailbox content to comply with legal requirements.
30. What is the recommended way to implement encryption for data stored in SharePoint Online and OneDrive?
A) Using Sensitivity Labels with encryption policies
B) Enabling device encryption on client computers
C) Applying retention labels
D) Configuring Azure Sentinel
Answer: A) Using Sensitivity Labels with encryption policies
Explanation: Sensitivity Labels can encrypt documents stored in SharePoint and OneDrive automatically.
31. Which Microsoft 365 service integrates with Azure AD Identity Protection to automate risk-based conditional access?
A) Microsoft Defender for Endpoint
B) Microsoft Cloud App Security
C) Azure AD Conditional Access
D) Microsoft Compliance Center
Answer: C) Azure AD Conditional Access
Explanation: Azure AD Conditional Access can integrate with Identity Protection signals to enforce policies based on user risk levels.
32. What is a key benefit of configuring Unified Labeling in Microsoft Information Protection?
A) It allows labels to be managed across multiple Microsoft 365 services centrally.
B) It enables multi-factor authentication for users.
C) It automates device enrollment in Endpoint Manager.
D) It replaces all retention policies.
Answer: A) It allows labels to be managed across multiple Microsoft 365 services centrally.
Explanation: Unified Labeling provides a single management experience for sensitivity labels across Office apps and other Microsoft 365 services.
33. Which Microsoft 365 feature helps detect data exfiltration attempts by monitoring unusual file download activities?
A) Microsoft Defender for Endpoint
B) Microsoft Cloud App Security (MCAS)
C) Azure Information Protection
D) Microsoft Compliance Manager
Answer: B) Microsoft Cloud App Security (MCAS)
Explanation: MCAS can detect and alert on unusual activities such as large or unusual downloads indicating data leaks.
34. How can an administrator use Microsoft 365 to prevent users from forwarding sensitive emails externally?
A) By setting a DLP policy to block external sharing
B) By applying Sensitivity Labels with encryption and rights management
C) Enforcing device compliance policies
D) Setting up Exchange transport rules without encryption
Answer: B) By applying Sensitivity Labels with encryption and rights management
Explanation: Sensitivity Labels can restrict actions like forwarding or copying by applying Rights Management protections.
35. What role is required to configure Microsoft 365 retention policies?
A) Security Administrator
B) Compliance Administrator
C) Global Reader
D) Exchange Administrator
Answer: B) Compliance Administrator
Explanation: The Compliance Administrator role has permissions to create and manage retention policies.
36. What is the purpose of Safe Attachments in Microsoft Defender for Office 365?
A) To encrypt attachments
B) To scan email attachments in a sandbox environment for malware
C) To apply sensitivity labels automatically
D) To restrict attachment downloads
Answer: B) To scan email attachments in a sandbox environment for malware
Explanation: Safe Attachments protects users by analyzing attachments for threats before delivery.
37. Which Microsoft 365 tool provides an overview of your organization’s compliance status with built-in assessments?
A) Microsoft Compliance Manager
B) Azure Sentinel
C) Microsoft Defender Security Center
D) Microsoft Endpoint Manager
Answer: A) Microsoft Compliance Manager
Explanation: Compliance Manager offers compliance score and detailed assessments against standards like GDPR and HIPAA.
38. What is the effect of enabling ‘Block legacy authentication’ in Azure AD Conditional Access?
A) It prevents users from authenticating using outdated protocols that lack MFA support.
B) It blocks access from mobile devices.
C) It disables device compliance checks.
D) It applies DLP policies automatically.
Answer: A) It prevents users from authenticating using outdated protocols that lack MFA support.
Explanation: Blocking legacy authentication reduces risk by forcing use of modern authentication methods that support MFA.
39. What Microsoft 365 capability helps administrators investigate a user’s email and OneDrive activities during a security incident?
A) Insider Risk Management
B) Microsoft 365 eDiscovery (Advanced)
C) Microsoft Endpoint Manager
D) Azure Sentinel
Answer: B) Microsoft 365 eDiscovery (Advanced)
Explanation: Advanced eDiscovery enables deep search and export of relevant data across Microsoft 365 workloads.
40. How can administrators apply encryption to Microsoft Teams chats and channel messages?
A) Using Sensitivity Labels with encryption policies
B) By enabling retention policies
C) Using DLP policies only
D) Through device compliance policies
Answer: A) Using Sensitivity Labels with encryption policies
Explanation: Sensitivity Labels can protect Teams messages by applying encryption and access restrictions.
41. Which Microsoft 365 tool is best suited for creating and managing Insider Risk Management policies?
A) Microsoft Compliance Center
B) Azure AD Identity Protection
C) Microsoft Defender for Endpoint
D) Microsoft Endpoint Manager
Answer: A) Microsoft Compliance Center
Explanation: Insider Risk Management policies are created and managed through the Microsoft Compliance Center.
42. What is a common use case for Microsoft 365’s Information Barriers?
A) To prevent communication between defined groups within the organization
B) To enforce device encryption
C) To apply retention policies
D) To configure Conditional Access
Answer: A) To prevent communication between defined groups within the organization
Explanation: Information Barriers help enforce compliance or legal requirements by restricting communication between departments.
43. What is the primary method for securing mobile devices accessing Microsoft 365 resources?
A) Using Azure AD Conditional Access with device compliance checks
B) Applying Exchange Online transport rules
C) Setting up Data Loss Prevention policies
D) Configuring litigation hold
Answer: A) Using Azure AD Conditional Access with device compliance checks
Explanation: Conditional Access ensures only compliant, managed devices can access resources.
44. What Microsoft 365 feature helps automate the remediation of phishing emails?
A) Automated Investigation and Response (AIR) in Microsoft Defender for Office 365
B) Azure Sentinel alerts
C) Microsoft Endpoint Manager policies
D) Compliance Manager
Answer: A) Automated Investigation and Response (AIR) in Microsoft Defender for Office 365
Explanation: AIR automates investigation and remediation steps for phishing and malware threats.
45. What is the function of a Microsoft 365 Compliance Score?
A) It provides a security rating for user devices.
B) It measures the organization’s compliance with regulatory standards and recommends improvements.
C) It rates network firewall performance.
D) It tracks email encryption status.
Answer: B) It measures the organization’s compliance with regulatory standards and recommends improvements.
Explanation: Compliance Score helps track compliance posture and guides actions to reduce risk.
46. Which Microsoft 365 service is used for managing data retention and deletion schedules?
A) Microsoft Endpoint Manager
B) Microsoft 365 Compliance Center Retention Policies
C) Azure Information Protection
D) Microsoft Cloud App Security
Answer: B) Microsoft 365 Compliance Center Retention Policies
Explanation: Retention policies control how long data is kept or deleted to meet compliance needs.
47. How can administrators ensure that sensitive files in SharePoint Online are only accessible to authorized users?
A) Using Sensitivity Labels with encryption and access restrictions
B) Enabling device encryption on users’ computers
C) Applying Exchange transport rules
D) Setting up Conditional Access for email only
Answer: A) Using Sensitivity Labels with encryption and access restrictions
Explanation: Sensitivity Labels secure content by applying encryption and limiting access permissions.
48. What Microsoft 365 feature detects unusual sign-in activity and risky users?
A) Azure AD Identity Protection
B) Microsoft Defender for Endpoint
C) Microsoft Compliance Manager
D) Microsoft Cloud App Security
Answer: A) Azure AD Identity Protection
Explanation: Identity Protection detects and reports risky user accounts based on anomalous sign-in behaviors.
49. Which of the following is NOT a capability of Microsoft Defender for Endpoint?
A) Endpoint detection and response
B) Threat and vulnerability management
C) Retention policy management
D) Automated investigation and remediation
Answer: C) Retention policy management
Explanation: Retention policy management is a compliance feature, not part of Defender for Endpoint’s capabilities.
50. How does Microsoft 365 support compliance with GDPR?
A) By providing tools like Compliance Manager, Data Subject Requests, and data classification
B) By blocking all external emails automatically
C) By enforcing multi-factor authentication only
D) By limiting data storage to on-premises only
Answer: A) By providing tools like Compliance Manager, Data Subject Requests, and data classification
Explanation: Microsoft 365 offers a suite of tools to help organizations comply with GDPR requirements.
51. What type of Microsoft 365 alert informs administrators about compromised user accounts?
A) Compliance Alert
B) Security Alert
C) Audit Alert
D) Retention Alert
Answer: B) Security Alert
Explanation: Security alerts notify about threats like account compromises and suspicious activities.
52. How can administrators restrict access to Microsoft 365 resources from unmanaged devices?
A) Using Conditional Access policies requiring device compliance
B) Applying retention labels
C) Setting up litigation hold
D) Configuring Exchange transport rules
Answer: A) Using Conditional Access policies requiring device compliance
Explanation: Conditional Access can block or limit access to devices that do not meet compliance requirements.
53. What is the primary purpose of Microsoft Defender for Office 365 Threat Explorer?
A) To monitor user activity logs
B) To analyze and investigate threats found in email environments
C) To configure retention policies
D) To encrypt SharePoint documents
Answer: B) To analyze and investigate threats found in email environments
Explanation: Threat Explorer helps security teams hunt and investigate email threats.
54. Which of the following Microsoft 365 services provides cloud-native SIEM capabilities?
A) Microsoft Defender for Endpoint
B) Azure Sentinel
C) Microsoft Compliance Manager
D) Microsoft Cloud App Security
Answer: B) Azure Sentinel
Explanation: Azure Sentinel is a cloud-native Security Information and Event Management (SIEM) tool.
55. How can Microsoft Information Protection help protect data on non-Microsoft cloud services?
A) Through Microsoft Cloud App Security integration and app governance
B) Only through device encryption
C) By applying retention policies only
D) By enabling litigation hold
Answer: A) Through Microsoft Cloud App Security integration and app governance
Explanation: MCAS can extend data protection and governance across third-party cloud apps.
56. What feature of Microsoft 365 allows administrators to centrally manage all endpoint security configurations?
A) Microsoft Compliance Center
B) Microsoft Endpoint Manager
C) Azure AD Identity Protection
D) Microsoft Defender for Office 365
Answer: B) Microsoft Endpoint Manager
Explanation: Endpoint Manager integrates Intune and Configuration Manager for endpoint security management.
57. How can Microsoft 365 protect against accidental data leaks in emails?
A) By applying Data Loss Prevention (DLP) policies that detect sensitive information
B) Using device encryption only
C) Enforcing MFA on all users
D) Blocking all external communications
Answer: A) By applying Data Loss Prevention (DLP) policies that detect sensitive information
Explanation: DLP policies can identify and block or warn users when sending sensitive data.
58. What is the purpose of Microsoft 365’s Privacy Management?
A) To configure device compliance
B) To identify and manage personal data to support privacy regulations
C) To enforce encryption on emails
D) To block legacy authentication
Answer: B) To identify and manage personal data to support privacy regulations
Explanation: Privacy Management helps organizations handle personal data responsibly per regulations like GDPR.
59. Which Microsoft 365 feature helps protect against email spoofing and phishing attacks?
A) DMARC, SPF, and DKIM
B) BitLocker encryption
C) Retention Policies
D) Information Barriers
Answer: A) DMARC, SPF, and DKIM
Explanation: These protocols help authenticate emails and reduce spoofing and phishing.
60. Which Microsoft 365 role allows read-only access to security reports and alerts?
A) Security Reader
B) Security Administrator
C) Global Administrator
D) Compliance Administrator
Answer: A) Security Reader
Explanation: The Security Reader role permits viewing security-related information without modification privileges.
