Describe security, compliance, privacy, and trust in Microsoft 365 questions on this certification test your ability to deploy and manage describe security, compliance, privacy, and trust in microsoft 365 concepts in scenario-based situations.
Start practicing
Describe security, compliance, privacy, and trust in Microsoft 365 — choose a session length
Free · No account required
Domain overview
Use this page to practise Describe security, compliance, privacy, and trust in Microsoft 365 questions for this certification. Focus on how the exam tests describe security, compliance, privacy, and trust in microsoft 365 in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.
Exam objectives
Core Describe security, compliance, privacy, and trust in Microsoft 365 concepts and how they apply in real-world cloud scenarios.
How to deploy describe security, compliance, privacy, and trust in microsoft 365 correctly and verify the outcome.
Troubleshooting describe security, compliance, privacy, and trust in microsoft 365 issues by interpreting error output and system state.
Cloud best practices and Describe security, compliance, privacy, and trust in Microsoft 365 design trade-offs tested by this certification.
Selecting the most expensive service when a simpler managed option meets the requirement.
Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
Choosing a global service fix when the issue is region-specific.
Overlooking cost implications of cross-region data transfer in architecture questions.
Click any question to see the full explanation and answer options, or start a focused practice session above.
An organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?
2A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?
3A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?
4A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)
5A healthcare organization stores patient records in SharePoint Online. They need to ensure that the data is encrypted at rest and in transit. Which statement is true regarding Microsoft 365 encryption?
6A company uses Microsoft Purview to monitor for potential data security incidents. They want to automatically detect and remediate activities like downloading large amounts of data to a personal device. Which solution should they configure?
7A company wants to ensure that only IT administrators can install browser extensions in Microsoft Edge. Which Microsoft 365 security feature should be used?
8An administrator needs to monitor and investigate potential data breaches by reviewing detailed records of file access and sharing activities across Microsoft 365. They require a centralized report showing who accessed what, from where, and any unusual patterns. Which tool should they use?
9A compliance officer wants to ensure that all data in Microsoft 365 is encrypted using a key that the organization manages and stores in their own Azure Key Vault. Microsoft will not have access to the key. Which solution should they implement?
10A security administrator needs to ensure that all users accessing Microsoft 365 resources from unmanaged devices are prompted to sign in using multi-factor authentication (MFA) and are blocked from downloading sensitive files. Which conditional access policy should be configured?
11A security administrator needs to ensure that all guest users who access Microsoft Teams are required to accept a terms of use agreement before accessing any company resources. Which Microsoft 365 identity protection feature should they configure?
12A company wants to ensure that all administrative actions in Microsoft 365 are logged and that any changes to roles and permissions are reviewed on a monthly basis. Which Microsoft Purview solution should the compliance team use?
13A security administrator needs to audit all activities related to a specific user in Exchange Online, SharePoint Online, and Microsoft Entra ID for the past 90 days. They also need to export the audit log as a CSV file. Which Microsoft Purview solution provides this capability without additional licensing beyond Microsoft 365 E3?
14A multinational corporation must ensure that all Microsoft 365 admin actions—such as adding a new user or changing a role—are recorded and searchable for at least 90 days. They also need to create custom alert rules to notify the security team when critical events occur, like disabling multi-factor authentication. Which Microsoft Purview solution should they use to meet both requirements?
15A company uses Microsoft 365 (a SaaS offering). A security incident occurs where an employee's account is compromised because the employee reused their corporate password on a personal website. According to the shared responsibility model, who is primarily responsible for this security failure?
16A security analyst receives an alert about a user who downloaded a large number of files from a SharePoint document library in a short period. The analyst needs to investigate the user's activities across Exchange, SharePoint, and Teams to determine if data exfiltration is occurring. Which Microsoft Purview solution should the analyst use to review detailed activity logs?
17A security team needs to ensure that all Microsoft 365 administrative actions—such as creating user accounts or resetting passwords—are logged and searchable for at least 90 days. They also need to create custom alert rules for suspicious admin activity. Which Microsoft Purview solution should they use?
18A security administrator needs to review all sign-in attempts and identify suspicious login patterns for the past 30 days. Which Microsoft 365 portal should they use to access this information?
19A security team needs to monitor all administrative activities in Microsoft 365, including creating users, resetting passwords, and modifying policies. They require that logs be retained for at least 90 days and want to create custom alerts for suspicious admin actions (e.g., multiple password resets in a short time). Which Microsoft Purview solution should they use?
20A legal firm needs to send a confidential document to a client via email. The firm requires that the client cannot forward or print the email and that the email expires after seven days. Which Microsoft Purview solution should they use?
21A help desk lead is documenting the correct Microsoft 365 approach to require users to approve sign-ins with a mobile app after entering a password. Microsoft security, identity, or compliance capability should it use?
22A compliance-aware administrator is selecting the right Microsoft 365 capability to require MFA only for sign-ins from outside trusted locations. Microsoft security, identity, or compliance capability should it use?
23A department head asks which Microsoft 365 option should be used to provide a cloud identity platform for Microsoft 365 and approved SaaS applications. Microsoft security, identity, or compliance capability should it use?
24An administrator is reviewing a request from users who need to detect risky users and suspicious sign-ins. Microsoft security, identity, or compliance capability should it use?
25During a Microsoft 365 planning workshop, let users reset forgotten passwords without calling the help desk. Microsoft security, identity, or compliance capability should it use?
26A tenant administrator is advising a department that wants to grant temporary, approved privileged administrator access. Microsoft security, identity, or compliance capability should it use?
27A business stakeholder asks how Microsoft 365 can help them manage laptops and mobile devices with compliance policies and app protection. Microsoft security, identity, or compliance capability should it use?
28While preparing a Microsoft 365 adoption plan, a consultant is asked to protect corporate data inside mobile apps without enrolling the whole personal device. Microsoft security, identity, or compliance capability should it use?
29A service owner is comparing Microsoft 365 capabilities and needs to block emails containing credit card numbers from being sent externally. Microsoft security, identity, or compliance capability should it use?
30During requirements gathering, an IT manager says the organization must classify files as Confidential and apply encryption to the most sensitive content. Microsoft security, identity, or compliance capability should it use?
31A healthcare organization must encrypt outbound email automatically when a message contains passport numbers. Which two Microsoft Purview capabilities are commonly combined? (Choose two.)
32A compliance-aware administrator is selecting the right Microsoft 365 capability to delete content automatically after a defined retention period. Microsoft security, identity, or compliance capability should it use?
33A department head asks which Microsoft 365 option should be used to review file access, sharing changes, and administrator actions during an investigation. Microsoft security, identity, or compliance capability should it use?
34An administrator is reviewing a request from users who need to protect users from phishing, unsafe links, and malicious attachments. Microsoft security, identity, or compliance capability should it use?
35During a Microsoft 365 planning workshop, provide baseline anti-spam and anti-malware filtering for Exchange Online. Microsoft security, identity, or compliance capability should it use?
36A tenant administrator is advising a department that wants to investigate incidents across identities, email, endpoints, and cloud apps in one experience. Microsoft security, identity, or compliance capability should it use?
37A business stakeholder asks how Microsoft 365 can help them protect Windows endpoints with endpoint detection and response capabilities. Microsoft security, identity, or compliance capability should it use?
38While preparing a Microsoft 365 adoption plan, a consultant is asked to identify risky user behaviour such as unusual downloads or policy violations. Microsoft security, identity, or compliance capability should it use?
39A service owner is comparing Microsoft 365 capabilities and needs to prevent communication and collaboration between two business groups. Microsoft security, identity, or compliance capability should it use?
40During requirements gathering, an IT manager says the organization must review employee messages for harassment or regulatory policy violations. Microsoft security, identity, or compliance capability should it use?
41A help desk lead is documenting the correct Microsoft 365 approach to track compliance assessments and improvement actions. Microsoft security, identity, or compliance capability should it use?
42A compliance-aware administrator is selecting the right Microsoft 365 capability to encrypt email messages sent to internal or external recipients. Microsoft security, identity, or compliance capability should it use?
43A security team wants Microsoft 365 access to be allowed only when a user's device is marked compliant by management policy. Which two capabilities are normally combined? (Choose two.)
44An administrator is reviewing a request from users who need to analyze attachments in a protected environment before delivery. Microsoft security, identity, or compliance capability should it use?
45During a Microsoft 365 planning workshop, allow access to Exchange Online only from compliant devices. Microsoft security, identity, or compliance capability should it use?
46A tenant administrator is advising a department that wants to let users sign in once and access connected Microsoft 365 and SaaS apps. Microsoft security, identity, or compliance capability should it use?
47A business stakeholder asks how Microsoft 365 can help them periodically review group memberships and application access. Microsoft security, identity, or compliance capability should it use?
48While preparing a Microsoft 365 adoption plan, a consultant is asked to give external partners controlled access to Teams and SharePoint resources. Microsoft security, identity, or compliance capability should it use?
49A service owner is comparing Microsoft 365 capabilities and needs to detect exact customer records rather than only generic data patterns. Microsoft security, identity, or compliance capability should it use?
50During requirements gathering, an IT manager says the organization must discover where sensitive information is stored across Microsoft 365. Microsoft security, identity, or compliance capability should it use?
51A help desk lead is documenting the correct Microsoft 365 approach to allow browser access to SharePoint from unmanaged devices but restrict downloads. Microsoft security, identity, or compliance capability should it use?
52A compliance-aware administrator is selecting the right Microsoft 365 capability to manage formal records that must be retained and disposed of according to policy. Microsoft security, identity, or compliance capability should it use?
53A department head asks which Microsoft 365 option should be used to search, review, and export content for a legal investigation. Microsoft security, identity, or compliance capability should it use?
54An administrator is reviewing a request from users who need to discover cloud apps being used by employees and assess their risk. Microsoft security, identity, or compliance capability should it use?
55During a Microsoft 365 planning workshop, show security recommendations and a score for Microsoft 365 posture. Microsoft security, identity, or compliance capability should it use?
56A tenant administrator is advising a department that wants to automatically apply a label when sensitive customer identifiers are detected. Microsoft security, identity, or compliance capability should it use?
57A business stakeholder asks how Microsoft 365 can help them allow sign-in using biometrics or FIDO2 security keys. Microsoft security, identity, or compliance capability should it use?
58While preparing a Microsoft 365 adoption plan, a consultant is asked to let users report suspicious phishing messages from Outlook for investigation. Microsoft security, identity, or compliance capability should it use?
59A service owner is comparing Microsoft 365 capabilities and needs to make sign-in decisions based on risk, location, and device compliance. Microsoft security, identity, or compliance capability should it use?
60During requirements gathering, an IT manager says the organization must make document protection persist after a file is downloaded or emailed. Microsoft security, identity, or compliance capability should it use?
61A help desk lead is documenting the correct Microsoft 365 approach to preserve relevant mailboxes and SharePoint content during a legal case. Microsoft security, identity, or compliance capability should it use?
62A compliance officer wants to proactively prevent users from sending emails that contain sensitive personal data (e.g., credit card numbers) to external recipients. When a user attempts to send such an email, they should see a policy tip explaining the restriction and be blocked from sending. Which Microsoft Purview feature should be configured?
63A legal team needs to ensure that all documents related to an ongoing case are retained for exactly 7 years and then automatically deleted. During the retention period, no user should be able to permanently delete these documents. Which two Microsoft Purview features should be used together to meet this requirement? (Choose two.)
64A company wants to ensure that sensitive documents stored in SharePoint Online are automatically classified and protected if they contain credit card numbers or social security numbers. Which Microsoft Purview feature should they implement?
65A compliance officer needs to ensure that all user activities related to sensitive data in Microsoft 365 are recorded and available for forensic investigation. They require detailed logs of who accessed specific files in SharePoint Online, including attempts to access files that were blocked by DLP policies. Which solution should they enable?
66An organization needs to automatically delete Microsoft Teams chat messages after 90 days to comply with a data minimization policy. Which Microsoft Purview feature should they use?
67A company must comply with a regulation that requires all data stored in Microsoft 365 to remain within the European Union. Which Microsoft 365 feature should an administrator configure to enforce this geographic restriction?
68A compliance officer wants to automatically encrypt outgoing emails containing credit card numbers and also prevent recipients from forwarding or copying the content. Which Microsoft Purview solution should be applied?
69An organization wants to prevent employees from sharing sensitive files with external users via SharePoint Online, but they need to allow sharing with a specific external partner for a single project. What is the most efficient configuration?
70A compliance officer needs to set up a policy that automatically monitors and detects activities related to accessing sensitive data from outside the corporate network. When a user from a foreign country accesses a confidential file, the policy should trigger an alert and require additional authentication. Which combination of Microsoft 365 solutions achieves this?
71A company wants to ensure that all outgoing emails containing sensitive financial data are encrypted automatically. The encryption should require the recipient to authenticate to read the message. Which Microsoft 365 solution should the administrator configure?
72A compliance officer needs to automatically detect when employees share customers' personal data (e.g., social security numbers) via email and block such sharing. Which Microsoft Purview solution should they configure?
73A security administrator needs to automatically restrict access to documents labeled as 'Highly Confidential' when accessed from devices that are not joined to the domain. The restriction should block editing and printing, and apply encryption. Which combination of Microsoft 365 solutions should the administrator use?
74A legal team is involved in a court case and needs to identify all emails and documents related to a specific project across the entire organization. They need to place these items on hold to prevent deletion or modification. Which Microsoft Purview solution should they use?
75A compliance administrator needs to ensure that any document containing a patient's health information (e.g., medical record number) is automatically encrypted and restricted to authorized users. The encryption should be enforced regardless of where the document is saved (SharePoint, OneDrive, or email). Which Microsoft Purview feature should they configure?
76A compliance administrator needs to automatically detect when employees share documents containing a customer's credit card number via email and block such sharing before the email is sent. Which Microsoft Purview solution should they configure?
77A security administrator needs to automatically restrict access to documents that contain 'PII' (personally identifiable information) so that only employees in the 'Data Privacy' security group can view them. Additionally, editing and printing of these documents must be disabled. Which combination of Microsoft Purview features should be used?
78A legal team is preparing for litigation. They need to place a hold on all content (emails, documents, Teams messages) related to a specific project across the entire organization. The hold must prevent any deletion or modification of the content. Which Microsoft Purview solution should they use?
79A compliance officer needs to automatically label and encrypt documents that contain personally identifiable information (PII) when they are saved in SharePoint. The labeling should happen without manual user intervention. Which Microsoft Purview feature should they configure?
80A compliance officer needs to automatically detect when an employee attempts to send an email containing a social security number (SSN) to an external recipient. The solution should block the email from being sent and notify the employee with a policy tip. Which Microsoft Purview solution should be configured?
81A compliance officer needs to ensure that any document containing passport numbers automatically gets a 'Highly Confidential' label and is encrypted when saved in SharePoint. The labeling should occur without any user interaction. Which Microsoft Purview feature should they configure?
82A compliance officer needs to automatically encrypt any outgoing email that contains a customer's credit card number. The solution should work without requiring the sender to take any manual action. Which Microsoft Purview feature should be configured?
83A global financial services firm needs to protect highly confidential documents containing trade secrets. The protection must restrict access to a specific group of employees, prevent editing and printing, and remain enforced even if the document is downloaded and saved to an external device. Which Microsoft Purview solution should be used?
84A compliance administrator needs to automatically protect sensitive data by applying a 'Confidential' label that encrypts documents and restricts access to a specific user group. The label must be applied when a document containing a credit card number is saved in SharePoint. Which Microsoft Purview feature should be configured?
85A multinational corporation needs to ensure that all emails containing a customer's passport number are automatically blocked from being sent externally. Additionally, the sending user should receive a policy tip explaining the block. Which Microsoft Purview solution should be configured?
86A compliance officer needs to automatically retain all SharePoint documents that contain a specific project code for exactly 5 years. The retention must be applied automatically when the document is uploaded, without any user interaction. Which Microsoft Purview feature should they configure?
87A compliance officer needs to ensure that all outgoing emails containing a customer's credit card number are automatically encrypted before delivery. External recipients must be able to reply with the same level of encryption without a separate signing-up process. Which Microsoft Purview solution should be configured?
88A global company needs to ensure that only employees in the 'HR' security group can access a specific set of HR documents stored in SharePoint. If a user outside the group attempts to view or copy the content, it must be blocked. The protection must persist even if someone downloads the files and shares them externally, or if the files are saved to a personal device. Which Microsoft Purview solution should be used?
89A legal firm needs to automatically encrypt and apply access restrictions to all documents that contain case numbers considered highly confidential. The protection must remain enforced even if the document is emailed to external parties or saved to a personal device. Which Microsoft Purview solution should be configured?
90A global company has a strict policy that any Microsoft 365 administrator who needs to access a user's mailbox for troubleshooting must first obtain explicit approval from the user. The company wants to implement a process that requires approval for such access and logs the activity. Which Microsoft Purview feature should they use?
91A compliance team needs to ensure that any email sent from the Finance department that contains a bank account number is automatically encrypted. External recipients must be able to reply securely without needing to sign up for any service. Which Microsoft Purview solution should they configure?
92A legal firm must ensure that all documents containing a specific project code are automatically retained for 7 years after the project ends. After the 7-year period, the documents should be permanently deleted. The firm already uses sensitivity labels to classify documents. Which Microsoft Purview solution should they configure?
93A compliance officer needs to identify users who are at risk of leaking sensitive data based on their activities such as copying files to USB drives or emailing content outside the organization. The solution must also allow reviewing the activities in a case-based workflow. Which Microsoft Purview solution should they use?
94A healthcare provider must ensure that patient health information (PHI) is not accidentally shared outside the organization. They want to automatically detect if an email contains PHI (such as diagnosis codes) and block it from being sent externally. Additionally, the sender should receive a notification explaining the block. Which Microsoft Purview solution should be configured?
95A company wants to ensure that sensitive documents classified as 'Confidential' are automatically encrypted and have restricted access permissions applied when they are shared via email. The protection must persist even if the email is forwarded to external parties. Which Microsoft Purview solution should be used?
96A company wants to ensure that all Microsoft 365 admin actions are recorded and searchable for at least 180 days. They also need to create custom alert rules to notify the security team when critical events occur, such as a user being added to the Global Admin role. Which Microsoft Purview solution should they use?
97A legal department requires that when an employee deletes any email message in Exchange Online that is related to active litigation, the message must be automatically retained for an additional 5 years after deletion. The retention must be applied based on keywords found in the email content. Which Microsoft Purview solution should be configured?
98A healthcare organization needs to automatically apply a sensitivity label to any document stored in a SharePoint document library that contains patient diagnosis codes. The label should prevent the document from being shared externally. The classification must happen after the document is saved, not during creation. Which Microsoft Purview solution should be configured?
99A company is preparing for a merger and wants to prevent communication between the Human Resources and Research departments regarding sensitive salary data during the due diligence period. They need a Microsoft Purview solution that can block all email and chat between users in these two groups, as well as prevent file sharing in Teams and SharePoint. Which solution should they configure?
100A compliance officer needs to automatically detect documents stored in SharePoint Online that contain sensitive data types (e.g., credit card numbers) and apply a sensitivity label that restricts access to only certain users. The classification should occur without user intervention and the label must be applied to the document. Which Microsoft Purview solution should be configured?
101A healthcare organization must ensure that all outgoing emails containing protected health information (PHI) are automatically encrypted. External recipients must be able to read the encrypted messages without installing any software or signing up for a service. Which Microsoft Purview solution should be configured?
102A legal team needs to place a hold on all data belonging to a specific user who is involved in a lawsuit. The hold must preserve Exchange Online email, SharePoint sites, and Teams chat messages. Which Microsoft Purview solution should they use?
103A compliance officer needs to automatically classify and protect documents stored in SharePoint Online that contain personal data such as passport numbers. The classification should happen without user intervention and must apply encryption and access restrictions. Which Microsoft Purview solution should be configured?
104A legal team needs to preserve all data belonging to a former employee who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, Teams messages, and OneDrive files. Which Microsoft Purview solution should they use to enforce the preservation?
105A legal team at a company needs to preserve all data belonging to a user who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, OneDrive for Business files, and Teams chat messages. They also need to be able to search the preserved content and export it. Which Microsoft Purview solution should they use?
106An organization needs to prevent users from sharing documents that contain credit card numbers via email and Microsoft Teams. When a user attempts to share such a document, they should see a policy tip explaining the restriction. Which Microsoft Purview solution should the compliance team configure?
107A compliance officer needs to automatically classify documents stored in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. The classification must apply a sensitivity label that encrypts the document and restricts access to only employees in the Legal department. The process should run without any user interaction. Which Microsoft Purview solution should be configured?
108A compliance officer needs to ensure that all emails and documents in Exchange Online and SharePoint are automatically retained for five years. After five years, the data should be automatically deleted. Which Microsoft Purview solution should they configure?
109A security team wants to ensure that only devices that are compliant with company security policies (e.g., antivirus enabled, disk encrypted) can access Exchange Online and SharePoint Online. Which feature should they configure in Microsoft 365?
110An organization wants to automatically detect when a user attempts to share a document containing a customer's credit card number via email. The system should block the sharing and display a warning to the user. Which Microsoft Purview solution should they configure?
111A multinational corporation must comply with GDPR. They need to ensure that personal data of EU residents is retained for a specific period and then securely deleted. Additionally, they must be able to respond to data subject access requests (DSARs) within 30 days by finding and exporting relevant data. Which two Microsoft Purview solutions should they use together? (Choose two.)
112A legal team needs to preserve all data related to a specific user involved in litigation, including Exchange emails, SharePoint documents, OneDrive files, and Teams chats. They require a hold that cannot be removed by the user and must allow for later searching and export. Which Microsoft Purview solution should they use?
113A compliance officer needs to automatically retain all emails in Exchange Online for exactly 7 years, and then permanently delete them. Which Microsoft Purview solution should they configure?
114A company wants to prevent users from sharing documents that contain credit card numbers via email. When a user attempts to share such a document, they should see a policy tip explaining the restriction and the share should be blocked. Which Microsoft Purview solution should the compliance team configure?
115A compliance team needs to implement a Data Loss Prevention (DLP) policy to protect credit card information. What is the correct order of steps for a successful implementation?
116A compliance team needs to prevent employees from copying sensitive data (such as financial records or customer PII) to USB drives and other removable media from their Windows 10/11 devices. When a user attempts to copy data to an unapproved USB device, the action should be blocked and an alert should be generated. Which Microsoft Purview solution should they configure?
117An organisation wants to identify documents containing credit card numbers and prevent users from sharing them externally from SharePoint Online and Exchange Online. Which two Microsoft Purview capabilities are most relevant? (Choose 2.)
118A compliance manager wants a dashboard that maps Microsoft 365 controls to regulatory standards and gives recommended improvement actions. Which portal capability should they use?
119An organization wants to block sharing of documents containing credit card numbers. Which two statements are accurate about the Microsoft 365 capability involved?
120A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit?
121A compliance administrator needs to investigate emails that may be part of a phishing campaign. Which Microsoft 365 capability is the best fit?
122A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit?
123An organization wants to retain mailbox content for legal investigation. Which two statements are accurate about the Microsoft 365 capability involved?
124A compliance administrator needs to manage user sign-in risk and require MFA for risky sign-ins. Which Microsoft 365 capability is the best fit?
125A compliance administrator needs to block sharing of documents containing credit card numbers. Which Microsoft 365 capability is the best fit?
126A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.
127An organization wants to investigate emails that may be part of a phishing campaign. Which two statements are accurate about the Microsoft 365 capability involved?
128A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.
129A compliance administrator needs to retain mailbox content for legal investigation. Which Microsoft 365 capability is the best fit?
130Which three of the following are core components of Microsoft’s Zero Trust security model as implemented in Microsoft 365? (Choose three.)
131A company is expanding globally and needs to meet data residency and compliance requirements in multiple regions. Which three Microsoft 365 compliance and privacy features should they consider? (Choose three.)
132Which three options describe key capabilities of Microsoft Purview that help organizations manage compliance and data governance in Microsoft 365? (Choose three.)
133Which four of the following are key components of the Microsoft 365 defense-in-depth security strategy? (Choose all that apply. There are four correct answers.)
134Drag and drop the steps to deploy Microsoft 365 Apps for enterprise to a Windows device using the Microsoft 365 Apps admin center into the correct order.
135Drag and drop the steps to configure a data loss prevention (DLP) policy in the Microsoft 365 compliance center into the correct order.
136Match each Microsoft 365 compliance term to its definition.
137Match each Microsoft 365 pricing model to its description.
138Your organization is deploying Microsoft 365 and needs to ensure that data stored in SharePoint Online and OneDrive for Business is protected against accidental deletion by end users. The compliance team requires that deleted files be recoverable for at least 90 days. What should you implement?
139Refer to the exhibit. You are reviewing a Microsoft Purview Information Protection policy created by a colleague. The policy is intended to prevent users from sharing files labeled 'Highly Confidential' with external parties. However, users are still able to share these files externally. Which of the following is the most likely reason?
140A company wants to ensure that all Microsoft 365 users authenticate using multi-factor authentication (MFA). Which Microsoft 365 security feature should they configure?
141Your organization uses Microsoft 365 E5 and wants to automatically classify emails containing credit card numbers as 'Sensitive' and apply encryption when sent externally. Which Microsoft Purview feature should you use?
142A multinational company must comply with the General Data Protection Regulation (GDPR). They need to be able to search for and delete personal data of a user upon request (right to erasure). Which Microsoft Purview solution should they use?
143Your organization uses Microsoft 365 Business Premium. You need to protect users from phishing attacks by blocking malicious links in real-time when they click them in emails. Which feature provides this capability?
144Refer to the exhibit. A Microsoft 365 administrator runs the PowerShell script against Microsoft Entra ID. The script outputs several enabled Conditional Access policies. However, users report they are not prompted for MFA even though there is an enabled policy that should require MFA for all users. What is the most likely reason?
145An organization needs to ensure that all Microsoft 365 data is encrypted at rest and in transit. Which of the following is a built-in encryption mechanism in Microsoft 365?
146Your company uses Microsoft 365 E5 and has enabled Microsoft Purview Audit (Premium). The security team needs to investigate a potential data breach by searching for all activities related to a specific user in the last 90 days. Which tool should they use?
147Which TWO of the following are features of Microsoft Purview that help organizations meet compliance requirements for data lifecycle management? (Choose two.)
148Which THREE of the following are capabilities of Microsoft Entra ID that support identity security? (Choose three.)
149Which TWO of the following are examples of Microsoft's commitments to data privacy as outlined in the Microsoft Privacy Statement and related agreements? (Choose two.)
150Which THREE of the following are security features included in Microsoft 365 Business Premium? (Choose three.)
151Which TWO of the following are requirements for implementing Microsoft Purview Customer Key? (Choose two.)
152Refer to the exhibit. A security analyst runs this KQL query in Microsoft Sentinel to investigate a user's deleted files. The query returns no results even though the user has deleted files. Which of the following is the most likely reason?
153Your organization is deploying Microsoft 365 for a healthcare company that must comply with HIPAA. Which Microsoft 365 compliance feature should you use to prevent sensitive patient data from being shared externally via email?
154Your company wants to ensure that only managed and compliant devices can access Microsoft 365 resources. Which Microsoft 365 security feature enforces conditional access based on device compliance?
155A user reports receiving a phishing email that bypassed Exchange Online Protection (EOP). You need to investigate the threat and automate a response across email, endpoints, and identities. Which Microsoft 365 security solution should you use?
156Your organization uses Microsoft Purview to manage data governance. A data owner needs to classify sensitive data across SharePoint, OneDrive, and Exchange automatically based on content patterns. Which Microsoft Purview feature should they use?
157A multinational corporation needs to restrict access to Microsoft 365 services based on user location and device state. They have offices in countries with strict data sovereignty laws. Which combination of Microsoft Entra ID features should they use to enforce these policies?
158Your company wants to run a phishing simulation to test employee awareness. Which Microsoft 365 tool can you use to create and launch a simulated phishing campaign?
159Your organization is required to retain all communications related to a legal case for 5 years. Emails and Teams messages must be preserved immutably. Which Microsoft 365 feature should you use?
160An organization uses Microsoft 365 Copilot for Microsoft 365. The security team wants to ensure that Copilot responses are based only on data that users already have permission to access. Which principle does this enforce?
161Your company is deploying Microsoft Purview to manage data subject requests (DSRs) under GDPR. Users need to submit requests to access or delete their personal data. Which Microsoft Purview solution should you use?
162Which TWO of the following are features of Microsoft Purview Information Protection?
163Which THREE of the following are included in Microsoft 365 E5 compliance features?
164Which TWO of the following are required to implement Microsoft Entra ID Conditional Access?
165Your organization is deploying Microsoft 365 Copilot for sales teams. The compliance team requires that Copilot interactions with customer data in Dynamics 365 Sales be subject to retention policies. Which Microsoft Purview feature should you configure to manage this data?
166A multinational company uses Microsoft 365 E5 and needs to meet data residency requirements in the EU and Asia. They plan to use Microsoft Purview Data Loss Prevention (DLP) to prevent sensitive data from leaving approved geographic boundaries. Which action should they take to enforce this policy?
167Your organization is implementing Microsoft Entra ID (formerly Azure AD) for identity management. Users report that they are prompted for multifactor authentication (MFA) every time they sign in, even from trusted devices. What should you configure to reduce MFA prompts while maintaining security?
168Your company uses Microsoft Defender for Office 365 and wants to prevent users from clicking malicious links in email. A user reports that a known phishing link was not blocked. Which step should you take to investigate?
169A healthcare organization is using Microsoft 365 and needs to ensure that patient data (protected health information) is not accidentally shared externally. They want to classify all documents containing medical terms and apply automatic encryption when shared outside the organization. Which two Microsoft Purview features should they combine? (Select TWO)
170Your organization is migrating from on-premises Exchange to Exchange Online. You need to ensure that email communications comply with regulatory requirements for retention. Which Microsoft 365 feature should you use to define retention periods for emails?
171Which TWO actions should you take to protect against ransomware attacks in Microsoft 365?
172Which THREE conditions must be met for a Microsoft 365 tenant to use Customer Lockbox?
173A law firm uses Microsoft 365 and wants to ensure that only authorized users can access client files stored in SharePoint Online. They also need to track when these files are accessed. Which combination of features should they use?
174Your organization has a Microsoft 365 E5 subscription and wants to use Microsoft Purview to identify and protect sensitive data. Which feature should you use to automatically discover sensitive data across Exchange Online, SharePoint Online, and OneDrive?
175Your company uses Microsoft 365 and wants to ensure that when employees access Microsoft 365 from unmanaged devices, they can only view data but not download or print it. Which technology should you use?
176Refer to the exhibit. The exhibit shows a Conditional Access policy. Which requirement does this policy enforce?
177Refer to the exhibit. The exhibit shows an auto-labeling policy configuration. What will happen when a document labeled 'EU PII' is shared externally via SharePoint?
178Refer to the exhibit. The exhibit shows an anti-phishing policy in Microsoft Defender for Office 365. Which users receive the highest level of protection?
179Which THREE statements about the Microsoft Service Trust Portal are true?
180Your organization wants to ensure that users can only access Microsoft 365 resources from compliant devices. Which security feature should you implement?
181A company is subject to GDPR and needs to respond to a data subject request to delete a user's personal data from Microsoft 365. Which Microsoft Purview solution should be used?
182Your organization has a Microsoft 365 E5 subscription and wants to centrally manage security incidents across identities, endpoints, and cloud apps. Which Microsoft solution provides this capability?
183Refer to the exhibit. You are reviewing a Conditional Access policy configuration. What is the effect of this policy on a user who signs in from a known device but with medium sign-in risk?
184Refer to the exhibit. An administrator configured a sensitivity label with auto-labeling for credit card numbers. What happens when a user creates a document containing a credit card number and saves it to SharePoint Online?
185Refer to the exhibit. The JSON shows compliance scores from Microsoft Purview Compliance Manager. Which action should the organization prioritize to improve its HIPAA compliance score?
186Your organization uses Microsoft 365 Copilot and wants to ensure that sensitive data is not exposed through AI-powered features. Which Microsoft Purview capability should be configured?
187A healthcare organization must ensure that electronic protected health information (ePHI) in Microsoft 365 is encrypted both at rest and in transit. Which Microsoft 365 feature provides encryption for data in transit?
188Your organization is adopting Microsoft 365 Copilot and wants to prevent the AI from using internal customer data in its training models. Which data protection option should be enabled?
189Which TWO of the following are key capabilities of Microsoft Purview Communication Compliance? (Choose two.)
190Which THREE of the following are included in Microsoft 365 E5 compliance features? (Choose three.)
191Which TWO of the following are examples of security defaults in Microsoft Entra ID? (Choose two.)
192Which THREE of the following are valid data subject rights under GDPR? (Choose three.)
193Which TWO of the following are capabilities of Microsoft Priva? (Choose two.)
194Which THREE of the following are key pillars of the Microsoft Trusted Cloud? (Choose three.)
195A company is deploying Microsoft 365 Copilot and wants to ensure that only users with the appropriate sensitivity labels can access Copilot-generated content. What should the administrator configure to enforce this requirement?
196A user reports receiving a phishing email in their Outlook inbox. The organization uses Microsoft Defender for Office 365. Which feature should the user use to report the email to the security team?
197An administrator configures the SharePoint Online sharing policy as shown in the exhibit. What is the result of this configuration?
198A company uses Microsoft Purview Communication Compliance to detect inappropriate messages. Which action can an administrator take after reviewing a flagged message?
199An organization wants to ensure that only compliant devices can access Microsoft 365 resources. They use Microsoft Intune for device management. Which policy should they configure?
200An administrator is assigned the Global Reader role in Microsoft Entra ID as shown in the exhibit. What can this administrator do?
201A company needs to meet GDPR compliance requirements for data subject requests. Which Microsoft Purview tool should they use to manage these requests?
202An organization uses Microsoft Defender XDR and wants to investigate a potential ransomware attack. Which portal should the security team use to see the full attack timeline?
203A user needs to sign in to Microsoft 365 from an untrusted device. The company requires multifactor authentication (MFA) for all external access. Which Microsoft Entra ID feature enforces this requirement?
204Which TWO components are part of Microsoft's Service Trust Portal?
205Which THREE actions can be performed using Microsoft Purview Data Loss Prevention (DLP) policies?
206Which TWO are true about Microsoft's data residency commitments in the Microsoft 365 Trust Center?
207Which THREE are features of Microsoft Purview Information Protection?
208Which TWO are valid data classification labels in Microsoft Purview?
209Which THREE are core pillars of the Microsoft Trust Center?
210Your organization wants to ensure that data sent to Microsoft 365 is encrypted in transit. Which protocol should you enforce for all client connections?
211A user reports receiving a phishing email that bypassed Exchange Online Protection (EOP). What should you configure to add a second layer of defense against sophisticated phishing attacks?
212Your organization is required to retain all customer emails for 7 years due to industry regulations. The legal team also needs to be able to search and hold relevant emails during active litigation. Which two Microsoft Purview features should you implement? (Choose two.)
213Your company uses Microsoft 365 and wants to ensure that when employees share sensitive documents externally, access is automatically revoked after 30 days. Which solution should you use?
214A user accidentally shared a file containing credit card numbers with a partner organization. You need to prevent similar incidents and detect when such data is shared externally. What should you configure?
215Which THREE capabilities are provided by Microsoft Purview Information Protection? (Choose three.)
216Your organization is using Microsoft 365 Copilot. You want to ensure that Copilot uses only data that users have permission to access. Which principle does this enforce?
217Your company is subject to the General Data Protection Regulation (GDPR). Which Microsoft 365 compliance feature helps you respond to a Data Subject Request (DSR) to export a user's personal data?
218You are configuring a Communication Compliance policy to detect workplace harassment. The policy currently includes conditions for sensitive information types (credit card numbers, SSN) and keywords. After deployment, the policy generates many irrelevant alerts for routine HR communications that contain the keywords but no harassment. What should you modify to improve detection accuracy?
219Which TWO Microsoft 365 security solutions are included in Microsoft Defender XDR (Extended Detection and Response)? (Choose two.)
220A company wants to ensure that employees can access corporate email on personal mobile devices without the company being able to wipe the entire device. What should you use?
221Which THREE statements about Microsoft Purview Audit (Standard) are true? (Choose three.)
222Your organization is deploying Microsoft 365 Copilot. The compliance team is concerned that Copilot might expose sensitive data in its responses. What should you configure to prevent Copilot from using sensitive content?
223You are reviewing an Azure Policy assignment in the exhibit. The policy set definition ID corresponds to the 'Microsoft cloud security benchmark' initiative. The effect is set to 'Deny'. What is the most likely outcome of this policy assignment?
224Which TWO are key capabilities of Microsoft Defender for Cloud Apps? (Choose two.)
225A company is deploying Microsoft 365 and needs to ensure that external sharing of sensitive documents is blocked. Which Microsoft Purview feature should they configure?
226An organization uses Microsoft 365 Copilot and wants to ensure that AI-generated content is automatically labeled with a sensitivity label. What should they configure?
227A company needs to audit user activities in Microsoft 365 for compliance. Which tool should they use?
228A user reports that they cannot access a SharePoint site that contains sensitive data. The administrator confirms the user is licensed and the site permissions are correct. What should the administrator check next?
229An organization must comply with GDPR and needs to respond to a data subject access request (DSAR) within 30 days. Which Microsoft Purview solution helps search for personal data across Microsoft 365?
230A company wants to prevent employees from forwarding sensitive emails outside the organization. Which Microsoft Purview feature should they use?
231An organization uses Microsoft 365 Copilot and wants to ensure that Copilot responses are based only on data the user has permission to access. Which principle does this enforce?
232A company needs to enforce that all documents marked as 'Confidential' are encrypted and cannot be printed. Which combination of Microsoft Purview features should they use?
233An administrator needs to ensure that only compliant devices can access Exchange Online. Which Microsoft Entra ID feature should they configure?
234Which TWO Microsoft 365 tools can help an organization detect and respond to insider data theft?
235Which THREE Microsoft Purview features are part of the eDiscovery workflow for legal investigations?
236Which TWO Microsoft 365 compliance centers provide tools for managing compliance requirements?
237You have the above Microsoft Purview DLP policy JSON. What will this policy do?
238You run the above PowerShell cmdlets against Microsoft Entra ID. What is the output?
239Contoso Ltd. is a multinational corporation with 10,000 employees. They have recently adopted Microsoft 365 E5 and want to implement a comprehensive security and compliance strategy. Their requirements include: 1) All sensitive emails must be encrypted in transit and at rest. 2) Access to SharePoint sites containing financial data must be restricted to employees from the finance department only, and only from compliant devices. 3) They need to detect and remediate insider threats involving data exfiltration via email and cloud storage. 4) They must comply with GDPR and be able to respond to DSARs within 30 days. 5) They want to use Microsoft 365 Copilot but ensure that Copilot only accesses data that users already have permission to see. Which combination of Microsoft 365 solutions should Contoso implement?
240A company is deploying Microsoft 365 and wants to ensure that customer financial data remains within the European Union. Which Microsoft 365 feature should the administrator configure?
241A healthcare organization uses Microsoft 365 and needs to prevent sensitive patient data from being emailed externally. They have enabled Microsoft Purview Data Loss Prevention (DLP). What additional step should they take to ensure that end users are educated when they attempt to send such data?
242Refer to the exhibit. A Microsoft Purview sensitivity label policy is defined as shown. A user applies this label to a document in Microsoft 365. Which action will occur automatically?
243A company is adopting Microsoft 365 and wants to ensure they can investigate security incidents across email, endpoints, and identities in a unified console. Which Microsoft 365 workload should they use?
244An organization uses Microsoft 365 and wants to automatically classify and protect sensitive data in SharePoint Online based on content patterns. Which Microsoft Purview solution should they implement?
245A multinational corporation uses Microsoft 365 and must comply with the General Data Protection Regulation (GDPR). They need to respond to a data subject access request (DSAR) within the mandated timeframe. Which Microsoft Purview tool should they use to search for personal data across Exchange Online, SharePoint Online, and OneDrive for Business?
246A company wants to ensure that only managed and compliant devices can access corporate email in Microsoft 365. Which Microsoft Entra ID capability should they configure?
247A financial services firm uses Microsoft 365 and must retain all business communications for 7 years to comply with SEC regulations. They also need to prevent users from permanently deleting emails. Which Microsoft Purview feature should they implement?
248Refer to the exhibit. A Microsoft Entra ID role assignment is shown. An administrator is assigned the Global Reader role with a condition. What is the effect of the condition?
249Which TWO of the following are key benefits of using Microsoft Purview Information Protection? (Choose two.)
250Which THREE of the following are included in Microsoft Defender XDR? (Choose three.)
251Which TWO are features of Microsoft Entra ID? (Choose two.)
252You are the security administrator for Contoso, a global consulting firm with 10,000 employees. Contoso uses Microsoft 365 E5 and Microsoft Entra ID P2. The company has a strict policy that all sensitive client data must be encrypted at rest and in transit. Additionally, the legal team requires that any document labeled as 'Highly Confidential' must be automatically encrypted and cannot be printed or forwarded. You have created a sensitivity label called 'Highly Confidential' with encryption and a protection setting that restricts actions like printing. However, you notice that users are still able to print documents that have the label applied. After investigation, you find that the label is correctly configured but users are manually applying the label. What should you do to ensure the label is consistently applied and printing is blocked?
253You are the compliance officer for Fabrikam, a medium-sized company with 500 users on Microsoft 365 Business Premium. Fabrikam must comply with the California Consumer Privacy Act (CCPA). The legal team has identified that they need to be able to respond to consumer requests to delete personal data within 45 days. They also need to ensure that personal data is not retained longer than necessary. You have been asked to configure Microsoft Purview to meet these requirements. Specifically, you need to search for and delete personal data when a deletion request is received, and set up a data retention policy to automatically delete personal data after 2 years. What should you do?
254You are the IT administrator for a non-profit organization that uses Microsoft 365 Business Basic. The organization has 50 volunteers who use their own personal devices to access email and SharePoint Online. The board of directors wants to ensure that if a volunteer's device is lost or stolen, the organization's data on that device can be removed remotely. They also want to ensure that volunteers use multi-factor authentication (MFA) to access corporate resources. What should you do?
255Your organization is deploying Microsoft 365 and needs to ensure that data stored in Exchange Online is protected against accidental deletion. You need to implement a solution that allows users to recover deleted emails for up to 30 days, but also enables administrators to recover items for up to 90 days. Which feature should you configure?
256A multinational company uses Microsoft 365 and wants to ensure that data stored in SharePoint Online is only accessible from specific geographic regions. The company has offices in the US, EU, and Asia. You need to implement a solution that restricts access based on the user's physical location. Which feature should you configure?
257Your organization is planning to use Microsoft Purview to meet compliance requirements. Which TWO capabilities are part of Microsoft Purview? (Choose two.)
258You are responsible for securing identities in Microsoft 365. Which THREE actions should you take to improve the security posture of user accounts? (Choose three.)
259Your company is adopting Microsoft 365 Copilot and wants to ensure that data security and compliance requirements are met. Which THREE considerations should be addressed? (Choose three.)
260Refer to the exhibit. You are reviewing a sensitivity label policy configuration in Microsoft Purview. What is the outcome of this configuration?
261Your company, Contoso Ltd., has a Microsoft 365 E5 subscription with 500 users. The IT department recently discovered that some employees are sharing sensitive customer data via email with external parties. You need to implement a solution that automatically detects and prevents the sharing of credit card numbers and social security numbers in emails. The solution should notify the sender when a potential violation occurs and allow them to override the block by providing a business justification. The compliance team must be able to review these overrides. What should you configure?
262Northwind Traders is a legal firm that uses Microsoft 365 E5. They have strict regulatory requirements to retain all email communications for 7 years. Additionally, they need to ensure that employees cannot permanently delete emails before the retention period ends. The IT team has implemented a retention policy in Microsoft Purview to retain all Exchange Online mailboxes for 7 years after creation. However, users are still able to delete emails and permanently delete them from the Recoverable Items folder. You need to ensure that emails are preserved even if users try to delete them. What should you do?
263Adventure Works is a global manufacturing company with 10,000 employees using Microsoft 365 E3. They have a hybrid identity setup with Microsoft Entra Connect syncing on-premises Active Directory to Microsoft Entra ID. The company wants to implement a zero-trust security model and has identified that many users still use weak passwords and do not use MFA. They want to enforce MFA for all users, but they also want to allow users to register for MFA on their own using the Microsoft Authenticator app. The security team is concerned about phishing attacks and wants to use a more secure MFA method. Additionally, they want to ensure that any new user created in on-premises AD is automatically enabled for MFA within 24 hours. What should you recommend?
264Tailwind Traders uses Microsoft 365 Business Premium. They have 200 users and want to ensure that company data on mobile devices is protected. They have implemented Microsoft Intune for mobile device management (MDM). Now they need to ensure that if a device is lost or stolen, the company data on the device can be removed without affecting personal data. The devices are personally owned (BYOD). What should you configure?
265Wide World Importers is a financial services company that must comply with GDPR. They use Microsoft 365 E5 and have enabled audit logging. The Data Protection Officer (DPO) needs to be able to search and export all audit records related to a specific user's activities for the past 90 days. The DPO is not a global admin and should only have permissions to view and export audit logs. You need to provide the DPO with the appropriate access. What should you do?
266Contoso Pharmaceuticals uses Microsoft 365 E5 with Microsoft Purview. They have a requirement to automatically classify and protect documents containing research and development (R&D) data. The R&D data is stored in SharePoint Online and is defined by a custom sensitive info type that matches a specific pattern (e.g., 'R&D-XXXX-XXXX'). They want to apply a sensitivity label called 'Highly Confidential' to any document containing this pattern. The label should encrypt the document and restrict access to members of the R&D team only. Additionally, they want users to be prompted to apply the label when they create a new document in the R&D site. What should you configure?
267Litware Inc. is a law firm that uses Microsoft 365 E5. They have a requirement to preserve all communications between attorneys and clients as legal hold for ongoing litigation. The legal team needs to identify and preserve all relevant emails and documents from specific users. The preservation should be indefinite until the hold is released. The IT team has enabled Litigation Hold for the mailboxes of the involved users. However, the legal team also needs to preserve documents in SharePoint Online and OneDrive for Business. What should you do to preserve the documents?
268South Ridge School District uses Microsoft 365 Education A5. They have 10,000 students and 1,000 staff. The district wants to ensure that student data is protected and that only authorized staff can access student records. They also need to comply with FERPA (Family Educational Rights and Privacy Act). The IT team has created security groups for teachers, administrators, and support staff. They want to restrict access to a specific SharePoint site containing student records to only the teachers group. Additionally, they want to prevent teachers from sharing the site with external users. What should you configure?
269Fabrikam Inc. is a technology company that uses Microsoft 365 E5. They have implemented Microsoft Defender XDR to monitor for threats. The security team wants to receive alerts when a user is compromised, such as when a user's credentials are used from an unusual location. They also want to automatically block the user from signing in until the risk is mitigated. You need to configure a solution that automatically detects and responds to such identity risks. What should you configure?
Describe security, compliance, privacy, and trust in Microsoft 365 questions on this certification test your ability to deploy and manage describe security, compliance, privacy, and trust in microsoft 365 concepts in scenario-based situations.
The Courseiva MS-900 question bank contains 269 questions in the Describe security, compliance, privacy, and trust in Microsoft 365 domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Describe security, compliance, privacy, and trust in Microsoft 365 domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included