MS-900 Describe security, compliance, privacy, and trust in Microsoft 365 • Complete Question Bank
Complete MS-900 Describe security, compliance, privacy, and trust in Microsoft 365 question bank — all 0 questions with answers and detailed explanations.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Policy to prevent accidental sharing of sensitive information
Process to search and export content for legal cases
Rule to keep or delete content for a specified time
Tags to classify and protect data based on sensitivity
Drag a concept onto its matching description — or click a concept then click the description.
Each user requires a license; most common model
License assigned to a device, not a user
Additional feature purchased on top of a base plan
Single service subscription, e.g., Exchange Online Plan 1
Refer to the exhibit.
```json
{
"rules": [
{
"name": "Block external sharing for sensitive files",
"description": "Blocks sharing of files with sensitivity label 'Highly Confidential' outside the organization.",
"condition": {
"sensitivityLabels": ["Highly Confidential"]
},
"action": {
"blockAccess": true,
"blockSharing": {
"external": true
}
}
}
]
}
```Refer to the exhibit.
```
$policies = Get-MgIdentityConditionalAccessPolicy
foreach ($policy in $policies) {
if ($policy.State -eq 'enabled') {
Write-Host "$($policy.DisplayName) is enabled"
}
}
```Refer to the exhibit. ```kusto AuditLogs | where TimeGenerated > ago(30d) | where Operation == "FileDeleted" | where UserId == "user@contoso.com" | extend FileName = TargetObject | project TimeGenerated, FileName, Result ```
{
"displayName": "GDPR Compliance",
"scenario": "Deployment",
"state": "Enabled",
"conditions": {
"applications": {
"includeApplications": ["All"]
},
"users": {
"includeUsers": ["All"]
},
"locations": {
"includeLocations": ["All"],
"excludeLocations": ["Trusted IPs"]
},
"clientAppTypes": ["All"]
},
"grantControls": {
"builtInControls": ["mfa", "compliantDevice"],
"operator": "AND"
},
"sessionControls": {
"applicationEnforcedRestrictions": {
"isEnabled": true
}
}
}{
"name": "Protect PII",
"description": "Require encryption for external sharing of content containing EU PII",
"mode": "Enforce",
"priority": 1,
"rules": [
{
"name": "EU PII rule",
"condition": {
"sensitivity": {
"hasAnyLabel": ["EU PII"]
},
"sharing": {
"isExternal": true
}
},
"actions": {
"blockAccess": false,
"encrypt": true
}
}
],
"locations": [
{
"serviceName": "SharePoint",
"include": ["https://contoso.sharepoint.com"]
},
{
"serviceName": "Exchange",
"include": ["All"]
}
]
}{
"name": "Phishing Campaign",
"description": "Detect phishing emails based on URL reputation",
"policyType": "AntiPhish",
"state": "Enabled",
"phishThresholdLevel": 2,
"targetedUserProtection": {
"enableTargetedUserProtection": true,
"targetedUsers": ["ceo@contoso.com", "cfo@contoso.com"]
},
"spoofedSenderProtection": {
"enableSpoofedSenderProtection": true,
"action": "Quarantine"
}
}Refer to the exhibit.
```json
{
"identitySafeguards": [
{
"condition": "SignInRiskLevel >= medium",
"grantControls": [
{
"builtInControls": ["mfa"]
}
]
}
]
}
```Refer to the exhibit.
```json
{
"compliance": {
"labelPolicies": [
{
"labelId": "12345",
"settings": {
"marking": {
"encryption": "enabled",
"protection": {
"expirationDate": "2026-12-31",
"allowOfflineAccess": false
}
},
"autoLabeling": {
"sensitiveInfoTypes": ["Credit Card Number"]
}
}
}
]
}
}
```Refer to the exhibit.
```json
{
"tenantId": "contoso.onmicrosoft.com",
"complianceRequirements": [
{
"regulation": "HIPAA",
"complianceScore": 0.85
},
{
"regulation": "GDPR",
"complianceScore": 0.92
}
],
"recommendedActions": [
{
"actionId": "Enable MFA for all users",
"impact": "high",
"status": "open"
}
]
}
```Refer to the exhibit.
```json
{
"displayName": "External Sharing Policy",
"sharingAllowedDomainList": ["fabrikam.com"],
"sharingBlockedDomainList": [],
"sharingCapability": "ExternalUserAndGuestSharing",
"requireExternalUserAcceptance": true
}
```Refer to the exhibit.
```json
{
"roleName": "Global Reader",
"permissions": [
"microsoft.directory/domains/allProperties/read",
"microsoft.directory/users/allProperties/read",
"microsoft.directory/groups/allProperties/read"
]
}
```Refer to the exhibit.
```json
{
"Policy": "Communication Compliance",
"Configuration": {
"Name": "Harassment Detection",
"Scopes": ["AllUsers"],
"Conditions": [
{
"ConditionType": "SensitiveInformationTypes",
"SensitiveInfoType": ["CreditCardNumber", "USSocialSecurityNumber"]
},
{
"ConditionType": "KeywordMatch",
"Keywords": ["harass", "bully", "intimidate"]
}
],
"Actions": ["NotifyManager", "NotifyComplianceOfficer"]
}
}
```Refer to the exhibit.
```json
{
"policyAssignment": [
{
"policySetDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
"parameters": {
"effect": "Deny"
},
"scope": "/subscriptions/12345/resourceGroups/RG1"
}
]
}
```Refer to the exhibit.
```json
{
"policy": {
"name": "Block External Sharing for Confidential",
"mode": "enforce",
"rules": [
{
"name": "Rule1",
"condition": {
"sensitivityLabel": "Confidential",
"sharingType": "external"
},
"action": "blockAccess"
}
]
}
}
```Refer to the exhibit.
```powershell
Get-MgUser -Filter "userprincipalname eq 'user@contoso.com'" | Get-MgUserMemberOf | Where-Object {$_.AdditionalProperties['@odata.type'] -eq '#microsoft.graph.group'} | Select-Object -Property DisplayName
```{
"policyname": "GDPR Compliance Policy",
"labelid": "12345678-1234-1234-1234-123456789abc",
"settings": {
"encryptionenabled": true,
"markinginfo": {
"header": "CONFIDENTIAL",
"footer": "This document is confidential."
}
},
"protectionlevel": "high"
}{
"role": "Global Reader",
"scope": "/providers/Microsoft.Management/managementGroups/Contoso",
"condition": "(!(ActionMatches('Microsoft.Authorization/roleAssignments/write')))",
"description": "Read-only access to all resources in the management group"
}{
"Version": "2024-03-15",
"LabelSettings": {
"DefaultLabelId": "4674b4c5-1234-5678-9101-123456789012",
"MandatoryLabelType": "none",
"DefaultSubLabelId": null,
"PolicyBarsSettings": {
"Enabled": true,
"BarTitle": "Sensitivity",
"BarColor": "#FF0000"
}
},
"Labels": [
{
"Id": "4674b4c5-1234-5678-9101-123456789012",
"DisplayName": "Public",
"Description": "Public information",
"Color": "#00FF00",
"Sensitivity": 0,
"Tooltip": "Public data",
"Enabled": true
},
{
"Id": "5678abcd-1234-5678-9101-123456789012",
"DisplayName": "Confidential",
"Description": "Confidential information",
"Color": "#FF0000",
"Sensitivity": 1,
"Tooltip": "Confidential data",
"Enabled": true
}
]
}