Microsoft Updated SC-401 Exam Questions and Answers by mahnoor

You are creating a Data Loss Prevention (DLP) policy in Microsoft 365 with advanced rules. Advanced DLP rules provide more granular conditions and actions than standard DLP rules.

Conditions available in advanced DLP

According to Microsoft Docs on Conditions in DLP policies:

✅ Content contains → Used to detect sensitive information types, keywords, or exact data matches. This is one of the most common and fundamental DLP conditions.

✅ Content is shared from Microsoft 365 → Used to detect whether content has been shared externally or with specific domains/users. This is a modern advanced DLP condition.

Why the others are not correct:

A. Document property is → This condition applies to information governance retention policies/labels (not DLP). Not available in DLP rules.

B. Attachment's file extension is → This is supported in Exchange mail flow rules (transport rules) but not in advanced DLP rules.

C. Document size equals or is greater than → Also applies in Exchange transport rules and certain SharePoint restrictions, but not available as a DLP rule condition.

Comprehensive Detailed Explanation with References

When multiple advanced DLP rules match content, Microsoft 365 DLP evaluates based on:

Rule priority

Lower number = higher priority (0 highest).

Among Rule2 (priority 1), Rule3 (priority 2), and Rule4 (priority 3), Rule2 has the highest priority.

Conflict resolution (single vs multiple rules applied)

By default, only the highest-priority rule applies if multiple rules match. → That’s why in the first dropdown, the correct answer is Only Rule2 takes effect.

However, you can configure advanced DLP to allow multiple matching rules to take effect simultaneously. If this setting is enabled, then Rule2, Rule3, and Rule4 all apply. → That’s why in the second dropdown, the correct answer is Rule2, Rule3, and Rule4 take effect.

Since you need to automatically apply a sensitivity label to resumes based on their content and structure (work experience, education, accomplishments), a trainable classifier is the best choice.

Trainable classifiers use machine learning to identify unstructured data, such as resumes, contracts, or legal documents. Instead of relying on predefined patterns (like keywords or regular expressions), a trainable classifier learns from sample documents and can accurately identify resumes even if they are formatted differently.

Final Approach:

● Train a trainable classifier using sample resumes.

● Deploy the classifier in Microsoft Purview.

● Configure a sensitivity label to be automatically applied when a document matches the classifier.

Trainable classifiers in Microsoft Purview learn from sample documents. When the initial results are unsatisfactory, retraining is done by reviewing and reclassifying items through Content explorer under the Data classification section of the Purview compliance portal. This allows you to give feedback by marking documents as “relevant” or “not relevant” to improve classifier accuracy.

The other options do not support retraining:

Labels from Information protection → Used to configure and manage sensitivity labels, not train classifiers.

Labels from Information governance → Used for retention labels, not classifiers.

Content search → Used for eDiscovery and searching content, not classifier training.