Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Describe security, compliance, privacy, and trust in Microsoft 365 practice sets

MS-900 Describe security, compliance, privacy, and trust in Microsoft 365 • Complete Question Bank

MS-900 Describe security, compliance, privacy, and trust in Microsoft 365 — All Questions With Answers

Complete MS-900 Describe security, compliance, privacy, and trust in Microsoft 365 question bank — all 0 questions with answers and detailed explanations.

269
Questions
Free
No signup
Certifications/MS-900/Practice Test/Describe security, compliance, privacy, and trust in Microsoft 365/All Questions
Question 1mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?

Question 3easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?

Question 4hardmulti select
Read the full NAT/PAT explanation →

A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)

Question 5easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization stores patient records in SharePoint Online. They need to ensure that the data is encrypted at rest and in transit. Which statement is true regarding Microsoft 365 encryption?

Question 6mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company uses Microsoft Purview to monitor for potential data security incidents. They want to automatically detect and remediate activities like downloading large amounts of data to a personal device. Which solution should they configure?

Question 7mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that only IT administrators can install browser extensions in Microsoft Edge. Which Microsoft 365 security feature should be used?

Question 8mediummultiple choice
Read the full NAT/PAT explanation →

An administrator needs to monitor and investigate potential data breaches by reviewing detailed records of file access and sharing activities across Microsoft 365. They require a centralized report showing who accessed what, from where, and any unusual patterns. Which tool should they use?

Question 9hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer wants to ensure that all data in Microsoft 365 is encrypted using a key that the organization manages and stores in their own Azure Key Vault. Microsoft will not have access to the key. Which solution should they implement?

Question 10mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security administrator needs to ensure that all users accessing Microsoft 365 resources from unmanaged devices are prompted to sign in using multi-factor authentication (MFA) and are blocked from downloading sensitive files. Which conditional access policy should be configured?

Question 11mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security administrator needs to ensure that all guest users who access Microsoft Teams are required to accept a terms of use agreement before accessing any company resources. Which Microsoft 365 identity protection feature should they configure?

Question 12mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that all administrative actions in Microsoft 365 are logged and that any changes to roles and permissions are reviewed on a monthly basis. Which Microsoft Purview solution should the compliance team use?

Question 13hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security administrator needs to audit all activities related to a specific user in Exchange Online, SharePoint Online, and Microsoft Entra ID for the past 90 days. They also need to export the audit log as a CSV file. Which Microsoft Purview solution provides this capability without additional licensing beyond Microsoft 365 E3?

Question 14hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation must ensure that all Microsoft 365 admin actions—such as adding a new user or changing a role—are recorded and searchable for at least 90 days. They also need to create custom alert rules to notify the security team when critical events occur, like disabling multi-factor authentication. Which Microsoft Purview solution should they use to meet both requirements?

Question 15hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company uses Microsoft 365 (a SaaS offering). A security incident occurs where an employee's account is compromised because the employee reused their corporate password on a personal website. According to the shared responsibility model, who is primarily responsible for this security failure?

Question 16mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security analyst receives an alert about a user who downloaded a large number of files from a SharePoint document library in a short period. The analyst needs to investigate the user's activities across Exchange, SharePoint, and Teams to determine if data exfiltration is occurring. Which Microsoft Purview solution should the analyst use to review detailed activity logs?

Question 17hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security team needs to ensure that all Microsoft 365 administrative actions—such as creating user accounts or resetting passwords—are logged and searchable for at least 90 days. They also need to create custom alert rules for suspicious admin activity. Which Microsoft Purview solution should they use?

Question 18easymultiple choice
Read the full NAT/PAT explanation →

A security administrator needs to review all sign-in attempts and identify suspicious login patterns for the past 30 days. Which Microsoft 365 portal should they use to access this information?

Question 19hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security team needs to monitor all administrative activities in Microsoft 365, including creating users, resetting passwords, and modifying policies. They require that logs be retained for at least 90 days and want to create custom alerts for suspicious admin actions (e.g., multiple password resets in a short time). Which Microsoft Purview solution should they use?

Question 20mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal firm needs to send a confidential document to a client via email. The firm requires that the client cannot forward or print the email and that the email expires after seven days. Which Microsoft Purview solution should they use?

Question 21mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A help desk lead is documenting the correct Microsoft 365 approach to require users to approve sign-ins with a mobile app after entering a password. Microsoft security, identity, or compliance capability should it use?

Question 22mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance-aware administrator is selecting the right Microsoft 365 capability to require MFA only for sign-ins from outside trusted locations. Microsoft security, identity, or compliance capability should it use?

Question 23mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A department head asks which Microsoft 365 option should be used to provide a cloud identity platform for Microsoft 365 and approved SaaS applications. Microsoft security, identity, or compliance capability should it use?

Question 24mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An administrator is reviewing a request from users who need to detect risky users and suspicious sign-ins. Microsoft security, identity, or compliance capability should it use?

Question 25mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During a Microsoft 365 planning workshop, let users reset forgotten passwords without calling the help desk. Microsoft security, identity, or compliance capability should it use?

Question 26mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A tenant administrator is advising a department that wants to grant temporary, approved privileged administrator access. Microsoft security, identity, or compliance capability should it use?

Question 27mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A business stakeholder asks how Microsoft 365 can help them manage laptops and mobile devices with compliance policies and app protection. Microsoft security, identity, or compliance capability should it use?

Question 28mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

While preparing a Microsoft 365 adoption plan, a consultant is asked to protect corporate data inside mobile apps without enrolling the whole personal device. Microsoft security, identity, or compliance capability should it use?

Question 29mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A service owner is comparing Microsoft 365 capabilities and needs to block emails containing credit card numbers from being sent externally. Microsoft security, identity, or compliance capability should it use?

Question 30mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During requirements gathering, an IT manager says the organization must classify files as Confidential and apply encryption to the most sensitive content. Microsoft security, identity, or compliance capability should it use?

Question 31mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A healthcare organization must encrypt outbound email automatically when a message contains passport numbers. Which two Microsoft Purview capabilities are commonly combined? (Choose two.)

Question 32mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance-aware administrator is selecting the right Microsoft 365 capability to delete content automatically after a defined retention period. Microsoft security, identity, or compliance capability should it use?

Question 33mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A department head asks which Microsoft 365 option should be used to review file access, sharing changes, and administrator actions during an investigation. Microsoft security, identity, or compliance capability should it use?

Question 34mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An administrator is reviewing a request from users who need to protect users from phishing, unsafe links, and malicious attachments. Microsoft security, identity, or compliance capability should it use?

Question 35mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During a Microsoft 365 planning workshop, provide baseline anti-spam and anti-malware filtering for Exchange Online. Microsoft security, identity, or compliance capability should it use?

Question 36mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A tenant administrator is advising a department that wants to investigate incidents across identities, email, endpoints, and cloud apps in one experience. Microsoft security, identity, or compliance capability should it use?

Question 37mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A business stakeholder asks how Microsoft 365 can help them protect Windows endpoints with endpoint detection and response capabilities. Microsoft security, identity, or compliance capability should it use?

Question 38mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

While preparing a Microsoft 365 adoption plan, a consultant is asked to identify risky user behaviour such as unusual downloads or policy violations. Microsoft security, identity, or compliance capability should it use?

Question 39mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A service owner is comparing Microsoft 365 capabilities and needs to prevent communication and collaboration between two business groups. Microsoft security, identity, or compliance capability should it use?

Question 40mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During requirements gathering, an IT manager says the organization must review employee messages for harassment or regulatory policy violations. Microsoft security, identity, or compliance capability should it use?

Question 41mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A help desk lead is documenting the correct Microsoft 365 approach to track compliance assessments and improvement actions. Microsoft security, identity, or compliance capability should it use?

Question 42mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance-aware administrator is selecting the right Microsoft 365 capability to encrypt email messages sent to internal or external recipients. Microsoft security, identity, or compliance capability should it use?

Question 43mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security team wants Microsoft 365 access to be allowed only when a user's device is marked compliant by management policy. Which two capabilities are normally combined? (Choose two.)

Question 44mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An administrator is reviewing a request from users who need to analyze attachments in a protected environment before delivery. Microsoft security, identity, or compliance capability should it use?

Question 45mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During a Microsoft 365 planning workshop, allow access to Exchange Online only from compliant devices. Microsoft security, identity, or compliance capability should it use?

Question 46mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A tenant administrator is advising a department that wants to let users sign in once and access connected Microsoft 365 and SaaS apps. Microsoft security, identity, or compliance capability should it use?

Question 47mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A business stakeholder asks how Microsoft 365 can help them periodically review group memberships and application access. Microsoft security, identity, or compliance capability should it use?

Question 48mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

While preparing a Microsoft 365 adoption plan, a consultant is asked to give external partners controlled access to Teams and SharePoint resources. Microsoft security, identity, or compliance capability should it use?

Question 49mediummultiple choice
Read the full NAT/PAT explanation →

A service owner is comparing Microsoft 365 capabilities and needs to detect exact customer records rather than only generic data patterns. Microsoft security, identity, or compliance capability should it use?

Question 50mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During requirements gathering, an IT manager says the organization must discover where sensitive information is stored across Microsoft 365. Microsoft security, identity, or compliance capability should it use?

Question 51mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A help desk lead is documenting the correct Microsoft 365 approach to allow browser access to SharePoint from unmanaged devices but restrict downloads. Microsoft security, identity, or compliance capability should it use?

Question 52mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance-aware administrator is selecting the right Microsoft 365 capability to manage formal records that must be retained and disposed of according to policy. Microsoft security, identity, or compliance capability should it use?

Question 53mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A department head asks which Microsoft 365 option should be used to search, review, and export content for a legal investigation. Microsoft security, identity, or compliance capability should it use?

Question 54mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An administrator is reviewing a request from users who need to discover cloud apps being used by employees and assess their risk. Microsoft security, identity, or compliance capability should it use?

Question 55mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During a Microsoft 365 planning workshop, show security recommendations and a score for Microsoft 365 posture. Microsoft security, identity, or compliance capability should it use?

Question 56mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A tenant administrator is advising a department that wants to automatically apply a label when sensitive customer identifiers are detected. Microsoft security, identity, or compliance capability should it use?

Question 57mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A business stakeholder asks how Microsoft 365 can help them allow sign-in using biometrics or FIDO2 security keys. Microsoft security, identity, or compliance capability should it use?

Question 58mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

While preparing a Microsoft 365 adoption plan, a consultant is asked to let users report suspicious phishing messages from Outlook for investigation. Microsoft security, identity, or compliance capability should it use?

Question 59mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A service owner is comparing Microsoft 365 capabilities and needs to make sign-in decisions based on risk, location, and device compliance. Microsoft security, identity, or compliance capability should it use?

Question 60mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

During requirements gathering, an IT manager says the organization must make document protection persist after a file is downloaded or emailed. Microsoft security, identity, or compliance capability should it use?

Question 61mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A help desk lead is documenting the correct Microsoft 365 approach to preserve relevant mailboxes and SharePoint content during a legal case. Microsoft security, identity, or compliance capability should it use?

Question 62hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer wants to proactively prevent users from sending emails that contain sensitive personal data (e.g., credit card numbers) to external recipients. When a user attempts to send such an email, they should see a policy tip explaining the restriction and be blocked from sending. Which Microsoft Purview feature should be configured?

Question 63hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal team needs to ensure that all documents related to an ongoing case are retained for exactly 7 years and then automatically deleted. During the retention period, no user should be able to permanently delete these documents. Which two Microsoft Purview features should be used together to meet this requirement? (Choose two.)

Question 64mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that sensitive documents stored in SharePoint Online are automatically classified and protected if they contain credit card numbers or social security numbers. Which Microsoft Purview feature should they implement?

Question 65hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to ensure that all user activities related to sensitive data in Microsoft 365 are recorded and available for forensic investigation. They require detailed logs of who accessed specific files in SharePoint Online, including attempts to access files that were blocked by DLP policies. Which solution should they enable?

Question 66easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization needs to automatically delete Microsoft Teams chat messages after 90 days to comply with a data minimization policy. Which Microsoft Purview feature should they use?

Question 67mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company must comply with a regulation that requires all data stored in Microsoft 365 to remain within the European Union. Which Microsoft 365 feature should an administrator configure to enforce this geographic restriction?

Question 68hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer wants to automatically encrypt outgoing emails containing credit card numbers and also prevent recipients from forwarding or copying the content. Which Microsoft Purview solution should be applied?

Question 69hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization wants to prevent employees from sharing sensitive files with external users via SharePoint Online, but they need to allow sharing with a specific external partner for a single project. What is the most efficient configuration?

Question 70hardmultiple choice
Read the full NAT/PAT explanation →

A compliance officer needs to set up a policy that automatically monitors and detects activities related to accessing sensitive data from outside the corporate network. When a user from a foreign country accesses a confidential file, the policy should trigger an alert and require additional authentication. Which combination of Microsoft 365 solutions achieves this?

Question 71easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that all outgoing emails containing sensitive financial data are encrypted automatically. The encryption should require the recipient to authenticate to read the message. Which Microsoft 365 solution should the administrator configure?

Question 72mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically detect when employees share customers' personal data (e.g., social security numbers) via email and block such sharing. Which Microsoft Purview solution should they configure?

Question 73hardmultiple choice
Read the full NAT/PAT explanation →

A security administrator needs to automatically restrict access to documents labeled as 'Highly Confidential' when accessed from devices that are not joined to the domain. The restriction should block editing and printing, and apply encryption. Which combination of Microsoft 365 solutions should the administrator use?

Question 74mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal team is involved in a court case and needs to identify all emails and documents related to a specific project across the entire organization. They need to place these items on hold to prevent deletion or modification. Which Microsoft Purview solution should they use?

Question 75hardmultiple choice
Read the full NAT/PAT explanation →

A compliance administrator needs to ensure that any document containing a patient's health information (e.g., medical record number) is automatically encrypted and restricted to authorized users. The encryption should be enforced regardless of where the document is saved (SharePoint, OneDrive, or email). Which Microsoft Purview feature should they configure?

Question 76mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to automatically detect when employees share documents containing a customer's credit card number via email and block such sharing before the email is sent. Which Microsoft Purview solution should they configure?

Question 77hardmultiple choice
Read the full NAT/PAT explanation →

A security administrator needs to automatically restrict access to documents that contain 'PII' (personally identifiable information) so that only employees in the 'Data Privacy' security group can view them. Additionally, editing and printing of these documents must be disabled. Which combination of Microsoft Purview features should be used?

Question 78hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal team is preparing for litigation. They need to place a hold on all content (emails, documents, Teams messages) related to a specific project across the entire organization. The hold must prevent any deletion or modification of the content. Which Microsoft Purview solution should they use?

Question 79mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically label and encrypt documents that contain personally identifiable information (PII) when they are saved in SharePoint. The labeling should happen without manual user intervention. Which Microsoft Purview feature should they configure?

Question 80mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically detect when an employee attempts to send an email containing a social security number (SSN) to an external recipient. The solution should block the email from being sent and notify the employee with a policy tip. Which Microsoft Purview solution should be configured?

Question 81hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to ensure that any document containing passport numbers automatically gets a 'Highly Confidential' label and is encrypted when saved in SharePoint. The labeling should occur without any user interaction. Which Microsoft Purview feature should they configure?

Question 82mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically encrypt any outgoing email that contains a customer's credit card number. The solution should work without requiring the sender to take any manual action. Which Microsoft Purview feature should be configured?

Question 83hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A global financial services firm needs to protect highly confidential documents containing trade secrets. The protection must restrict access to a specific group of employees, prevent editing and printing, and remain enforced even if the document is downloaded and saved to an external device. Which Microsoft Purview solution should be used?

Question 84mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to automatically protect sensitive data by applying a 'Confidential' label that encrypts documents and restricts access to a specific user group. The label must be applied when a document containing a credit card number is saved in SharePoint. Which Microsoft Purview feature should be configured?

Question 85hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation needs to ensure that all emails containing a customer's passport number are automatically blocked from being sent externally. Additionally, the sending user should receive a policy tip explaining the block. Which Microsoft Purview solution should be configured?

Question 86mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically retain all SharePoint documents that contain a specific project code for exactly 5 years. The retention must be applied automatically when the document is uploaded, without any user interaction. Which Microsoft Purview feature should they configure?

Question 87hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to ensure that all outgoing emails containing a customer's credit card number are automatically encrypted before delivery. External recipients must be able to reply with the same level of encryption without a separate signing-up process. Which Microsoft Purview solution should be configured?

Question 88hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A global company needs to ensure that only employees in the 'HR' security group can access a specific set of HR documents stored in SharePoint. If a user outside the group attempts to view or copy the content, it must be blocked. The protection must persist even if someone downloads the files and shares them externally, or if the files are saved to a personal device. Which Microsoft Purview solution should be used?

Question 89hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal firm needs to automatically encrypt and apply access restrictions to all documents that contain case numbers considered highly confidential. The protection must remain enforced even if the document is emailed to external parties or saved to a personal device. Which Microsoft Purview solution should be configured?

Question 90hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A global company has a strict policy that any Microsoft 365 administrator who needs to access a user's mailbox for troubleshooting must first obtain explicit approval from the user. The company wants to implement a process that requires approval for such access and logs the activity. Which Microsoft Purview feature should they use?

Question 91mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance team needs to ensure that any email sent from the Finance department that contains a bank account number is automatically encrypted. External recipients must be able to reply securely without needing to sign up for any service. Which Microsoft Purview solution should they configure?

Question 92mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal firm must ensure that all documents containing a specific project code are automatically retained for 7 years after the project ends. After the 7-year period, the documents should be permanently deleted. The firm already uses sensitivity labels to classify documents. Which Microsoft Purview solution should they configure?

Question 93mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to identify users who are at risk of leaking sensitive data based on their activities such as copying files to USB drives or emailing content outside the organization. The solution must also allow reviewing the activities in a case-based workflow. Which Microsoft Purview solution should they use?

Question 94hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare provider must ensure that patient health information (PHI) is not accidentally shared outside the organization. They want to automatically detect if an email contains PHI (such as diagnosis codes) and block it from being sent externally. Additionally, the sender should receive a notification explaining the block. Which Microsoft Purview solution should be configured?

Question 95mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that sensitive documents classified as 'Confidential' are automatically encrypted and have restricted access permissions applied when they are shared via email. The protection must persist even if the email is forwarded to external parties. Which Microsoft Purview solution should be used?

Question 96hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that all Microsoft 365 admin actions are recorded and searchable for at least 180 days. They also need to create custom alert rules to notify the security team when critical events occur, such as a user being added to the Global Admin role. Which Microsoft Purview solution should they use?

Question 97mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal department requires that when an employee deletes any email message in Exchange Online that is related to active litigation, the message must be automatically retained for an additional 5 years after deletion. The retention must be applied based on keywords found in the email content. Which Microsoft Purview solution should be configured?

Question 98mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization needs to automatically apply a sensitivity label to any document stored in a SharePoint document library that contains patient diagnosis codes. The label should prevent the document from being shared externally. The classification must happen after the document is saved, not during creation. Which Microsoft Purview solution should be configured?

Question 99mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company is preparing for a merger and wants to prevent communication between the Human Resources and Research departments regarding sensitive salary data during the due diligence period. They need a Microsoft Purview solution that can block all email and chat between users in these two groups, as well as prevent file sharing in Teams and SharePoint. Which solution should they configure?

Question 100mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically detect documents stored in SharePoint Online that contain sensitive data types (e.g., credit card numbers) and apply a sensitivity label that restricts access to only certain users. The classification should occur without user intervention and the label must be applied to the document. Which Microsoft Purview solution should be configured?

Question 101hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A healthcare organization must ensure that all outgoing emails containing protected health information (PHI) are automatically encrypted. External recipients must be able to read the encrypted messages without installing any software or signing up for a service. Which Microsoft Purview solution should be configured?

Question 102hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal team needs to place a hold on all data belonging to a specific user who is involved in a lawsuit. The hold must preserve Exchange Online email, SharePoint sites, and Teams chat messages. Which Microsoft Purview solution should they use?

Question 103mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically classify and protect documents stored in SharePoint Online that contain personal data such as passport numbers. The classification should happen without user intervention and must apply encryption and access restrictions. Which Microsoft Purview solution should be configured?

Question 104hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal team needs to preserve all data belonging to a former employee who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, Teams messages, and OneDrive files. Which Microsoft Purview solution should they use to enforce the preservation?

Question 105hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal team at a company needs to preserve all data belonging to a user who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, OneDrive for Business files, and Teams chat messages. They also need to be able to search the preserved content and export it. Which Microsoft Purview solution should they use?

Question 106hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization needs to prevent users from sharing documents that contain credit card numbers via email and Microsoft Teams. When a user attempts to share such a document, they should see a policy tip explaining the restriction. Which Microsoft Purview solution should the compliance team configure?

Question 107mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically classify documents stored in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. The classification must apply a sensitivity label that encrypts the document and restricts access to only employees in the Legal department. The process should run without any user interaction. Which Microsoft Purview solution should be configured?

Question 108mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to ensure that all emails and documents in Exchange Online and SharePoint are automatically retained for five years. After five years, the data should be automatically deleted. Which Microsoft Purview solution should they configure?

Question 109mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A security team wants to ensure that only devices that are compliant with company security policies (e.g., antivirus enabled, disk encrypted) can access Exchange Online and SharePoint Online. Which feature should they configure in Microsoft 365?

Question 110mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization wants to automatically detect when a user attempts to share a document containing a customer's credit card number via email. The system should block the sharing and display a warning to the user. Which Microsoft Purview solution should they configure?

Question 111hardmulti select
Read the full NAT/PAT explanation →

A multinational corporation must comply with GDPR. They need to ensure that personal data of EU residents is retained for a specific period and then securely deleted. Additionally, they must be able to respond to data subject access requests (DSARs) within 30 days by finding and exporting relevant data. Which two Microsoft Purview solutions should they use together? (Choose two.)

Question 112mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A legal team needs to preserve all data related to a specific user involved in litigation, including Exchange emails, SharePoint documents, OneDrive files, and Teams chats. They require a hold that cannot be removed by the user and must allow for later searching and export. Which Microsoft Purview solution should they use?

Question 113easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance officer needs to automatically retain all emails in Exchange Online for exactly 7 years, and then permanently delete them. Which Microsoft Purview solution should they configure?

Question 114mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to prevent users from sharing documents that contain credit card numbers via email. When a user attempts to share such a document, they should see a policy tip explaining the restriction and the share should be blocked. Which Microsoft Purview solution should the compliance team configure?

Question 115hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance team needs to implement a Data Loss Prevention (DLP) policy to protect credit card information. What is the correct order of steps for a successful implementation?

Question 116mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance team needs to prevent employees from copying sensitive data (such as financial records or customer PII) to USB drives and other removable media from their Windows 10/11 devices. When a user attempts to copy data to an unapproved USB device, the action should be blocked and an alert should be generated. Which Microsoft Purview solution should they configure?

Question 117mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organisation wants to identify documents containing credit card numbers and prevent users from sharing them externally from SharePoint Online and Exchange Online. Which two Microsoft Purview capabilities are most relevant? (Choose 2.)

Question 118mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance manager wants a dashboard that maps Microsoft 365 controls to regulatory standards and gives recommended improvement actions. Which portal capability should they use?

Question 119mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization wants to block sharing of documents containing credit card numbers. Which two statements are accurate about the Microsoft 365 capability involved?

Question 120mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit?

Question 121mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to investigate emails that may be part of a phishing campaign. Which Microsoft 365 capability is the best fit?

Question 122mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit?

Question 123mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization wants to retain mailbox content for legal investigation. Which two statements are accurate about the Microsoft 365 capability involved?

Question 124mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to manage user sign-in risk and require MFA for risky sign-ins. Which Microsoft 365 capability is the best fit?

Question 125mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to block sharing of documents containing credit card numbers. Which Microsoft 365 capability is the best fit?

Question 126mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.

Question 127mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization wants to investigate emails that may be part of a phishing campaign. Which two statements are accurate about the Microsoft 365 capability involved?

Question 128mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.

Question 129mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A compliance administrator needs to retain mailbox content for legal investigation. Which Microsoft 365 capability is the best fit?

Question 130mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which three of the following are core components of Microsoft’s Zero Trust security model as implemented in Microsoft 365? (Choose three.)

Question 131mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company is expanding globally and needs to meet data residency and compliance requirements in multiple regions. Which three Microsoft 365 compliance and privacy features should they consider? (Choose three.)

Question 132mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which three options describe key capabilities of Microsoft Purview that help organizations manage compliance and data governance in Microsoft 365? (Choose three.)

Question 133mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which four of the following are key components of the Microsoft 365 defense-in-depth security strategy? (Choose all that apply. There are four correct answers.)

Question 134mediumdrag order
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Drag and drop the steps to deploy Microsoft 365 Apps for enterprise to a Windows device using the Microsoft 365 Apps admin center into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 135mediumdrag order
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Drag and drop the steps to configure a data loss prevention (DLP) policy in the Microsoft 365 compliance center into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 136mediummatching
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Match each Microsoft 365 compliance term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Policy to prevent accidental sharing of sensitive information

Process to search and export content for legal cases

Rule to keep or delete content for a specified time

Tags to classify and protect data based on sensitivity

Question 137mediummatching
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Match each Microsoft 365 pricing model to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Each user requires a license; most common model

License assigned to a device, not a user

Additional feature purchased on top of a base plan

Single service subscription, e.g., Exchange Online Plan 1

Question 138mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is deploying Microsoft 365 and needs to ensure that data stored in SharePoint Online and OneDrive for Business is protected against accidental deletion by end users. The compliance team requires that deleted files be recoverable for at least 90 days. What should you implement?

Question 139hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. You are reviewing a Microsoft Purview Information Protection policy created by a colleague. The policy is intended to prevent users from sharing files labeled 'Highly Confidential' with external parties. However, users are still able to share these files externally. Which of the following is the most likely reason?

Exhibit

Refer to the exhibit.

```json
{
  "rules": [
    {
      "name": "Block external sharing for sensitive files",
      "description": "Blocks sharing of files with sensitivity label 'Highly Confidential' outside the organization.",
      "condition": {
        "sensitivityLabels": ["Highly Confidential"]
      },
      "action": {
        "blockAccess": true,
        "blockSharing": {
          "external": true
        }
      }
    }
  ]
}
```
Question 140easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that all Microsoft 365 users authenticate using multi-factor authentication (MFA). Which Microsoft 365 security feature should they configure?

Question 141mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization uses Microsoft 365 E5 and wants to automatically classify emails containing credit card numbers as 'Sensitive' and apply encryption when sent externally. Which Microsoft Purview feature should you use?

Question 142hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company must comply with the General Data Protection Regulation (GDPR). They need to be able to search for and delete personal data of a user upon request (right to erasure). Which Microsoft Purview solution should they use?

Question 143easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization uses Microsoft 365 Business Premium. You need to protect users from phishing attacks by blocking malicious links in real-time when they click them in emails. Which feature provides this capability?

Question 144mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. A Microsoft 365 administrator runs the PowerShell script against Microsoft Entra ID. The script outputs several enabled Conditional Access policies. However, users report they are not prompted for MFA even though there is an enabled policy that should require MFA for all users. What is the most likely reason?

Exhibit

Refer to the exhibit.

```
$policies = Get-MgIdentityConditionalAccessPolicy
foreach ($policy in $policies) {
    if ($policy.State -eq 'enabled') {
        Write-Host "$($policy.DisplayName) is enabled"
    }
}
```
Question 145easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization needs to ensure that all Microsoft 365 data is encrypted at rest and in transit. Which of the following is a built-in encryption mechanism in Microsoft 365?

Question 146hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company uses Microsoft 365 E5 and has enabled Microsoft Purview Audit (Premium). The security team needs to investigate a potential data breach by searching for all activities related to a specific user in the last 90 days. Which tool should they use?

Question 147mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are features of Microsoft Purview that help organizations meet compliance requirements for data lifecycle management? (Choose two.)

Question 148hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE of the following are capabilities of Microsoft Entra ID that support identity security? (Choose three.)

Question 149easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are examples of Microsoft's commitments to data privacy as outlined in the Microsoft Privacy Statement and related agreements? (Choose two.)

Question 150mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE of the following are security features included in Microsoft 365 Business Premium? (Choose three.)

Question 151hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are requirements for implementing Microsoft Purview Customer Key? (Choose two.)

Question 152hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. A security analyst runs this KQL query in Microsoft Sentinel to investigate a user's deleted files. The query returns no results even though the user has deleted files. Which of the following is the most likely reason?

Exhibit

Refer to the exhibit.

```kusto
AuditLogs
| where TimeGenerated > ago(30d)
| where Operation == "FileDeleted"
| where UserId == "user@contoso.com"
| extend FileName = TargetObject
| project TimeGenerated, FileName, Result
```
Question 153easymultiple choice
Read the full NAT/PAT explanation →

Your organization is deploying Microsoft 365 for a healthcare company that must comply with HIPAA. Which Microsoft 365 compliance feature should you use to prevent sensitive patient data from being shared externally via email?

Question 154easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company wants to ensure that only managed and compliant devices can access Microsoft 365 resources. Which Microsoft 365 security feature enforces conditional access based on device compliance?

Question 155mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A user reports receiving a phishing email that bypassed Exchange Online Protection (EOP). You need to investigate the threat and automate a response across email, endpoints, and identities. Which Microsoft 365 security solution should you use?

Question 156mediummultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Purview to manage data governance. A data owner needs to classify sensitive data across SharePoint, OneDrive, and Exchange automatically based on content patterns. Which Microsoft Purview feature should they use?

Question 157hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation needs to restrict access to Microsoft 365 services based on user location and device state. They have offices in countries with strict data sovereignty laws. Which combination of Microsoft Entra ID features should they use to enforce these policies?

Question 158easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company wants to run a phishing simulation to test employee awareness. Which Microsoft 365 tool can you use to create and launch a simulated phishing campaign?

Question 159mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is required to retain all communications related to a legal case for 5 years. Emails and Teams messages must be preserved immutably. Which Microsoft 365 feature should you use?

Question 160hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization uses Microsoft 365 Copilot for Microsoft 365. The security team wants to ensure that Copilot responses are based only on data that users already have permission to access. Which principle does this enforce?

Question 161mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company is deploying Microsoft Purview to manage data subject requests (DSRs) under GDPR. Users need to submit requests to access or delete their personal data. Which Microsoft Purview solution should you use?

Question 162mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are features of Microsoft Purview Information Protection?

Question 163hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE of the following are included in Microsoft 365 E5 compliance features?

Question 164easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are required to implement Microsoft Entra ID Conditional Access?

Question 165mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is deploying Microsoft 365 Copilot for sales teams. The compliance team requires that Copilot interactions with customer data in Dynamics 365 Sales be subject to retention policies. Which Microsoft Purview feature should you configure to manage this data?

Question 166hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company uses Microsoft 365 E5 and needs to meet data residency requirements in the EU and Asia. They plan to use Microsoft Purview Data Loss Prevention (DLP) to prevent sensitive data from leaving approved geographic boundaries. Which action should they take to enforce this policy?

Question 167easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is implementing Microsoft Entra ID (formerly Azure AD) for identity management. Users report that they are prompted for multifactor authentication (MFA) every time they sign in, even from trusted devices. What should you configure to reduce MFA prompts while maintaining security?

Question 168mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company uses Microsoft Defender for Office 365 and wants to prevent users from clicking malicious links in email. A user reports that a known phishing link was not blocked. Which step should you take to investigate?

Question 169hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare organization is using Microsoft 365 and needs to ensure that patient data (protected health information) is not accidentally shared externally. They want to classify all documents containing medical terms and apply automatic encryption when shared outside the organization. Which two Microsoft Purview features should they combine? (Select TWO)

Question 170easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is migrating from on-premises Exchange to Exchange Online. You need to ensure that email communications comply with regulatory requirements for retention. Which Microsoft 365 feature should you use to define retention periods for emails?

Question 171mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO actions should you take to protect against ransomware attacks in Microsoft 365?

Question 172hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE conditions must be met for a Microsoft 365 tenant to use Customer Lockbox?

Question 173mediummultiple choice
Read the full NAT/PAT explanation →

A law firm uses Microsoft 365 and wants to ensure that only authorized users can access client files stored in SharePoint Online. They also need to track when these files are accessed. Which combination of features should they use?

Question 174easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization has a Microsoft 365 E5 subscription and wants to use Microsoft Purview to identify and protect sensitive data. Which feature should you use to automatically discover sensitive data across Exchange Online, SharePoint Online, and OneDrive?

Question 175mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company uses Microsoft 365 and wants to ensure that when employees access Microsoft 365 from unmanaged devices, they can only view data but not download or print it. Which technology should you use?

Question 176hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. The exhibit shows a Conditional Access policy. Which requirement does this policy enforce?

Exhibit

{
  "displayName": "GDPR Compliance",
  "scenario": "Deployment",
  "state": "Enabled",
  "conditions": {
    "applications": {
      "includeApplications": ["All"]
    },
    "users": {
      "includeUsers": ["All"]
    },
    "locations": {
      "includeLocations": ["All"],
      "excludeLocations": ["Trusted IPs"]
    },
    "clientAppTypes": ["All"]
  },
  "grantControls": {
    "builtInControls": ["mfa", "compliantDevice"],
    "operator": "AND"
  },
  "sessionControls": {
    "applicationEnforcedRestrictions": {
      "isEnabled": true
    }
  }
}
Question 177hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. The exhibit shows an auto-labeling policy configuration. What will happen when a document labeled 'EU PII' is shared externally via SharePoint?

Exhibit

{
  "name": "Protect PII",
  "description": "Require encryption for external sharing of content containing EU PII",
  "mode": "Enforce",
  "priority": 1,
  "rules": [
    {
      "name": "EU PII rule",
      "condition": {
        "sensitivity": {
          "hasAnyLabel": ["EU PII"]
        },
        "sharing": {
          "isExternal": true
        }
      },
      "actions": {
        "blockAccess": false,
        "encrypt": true
      }
    }
  ],
  "locations": [
    {
      "serviceName": "SharePoint",
      "include": ["https://contoso.sharepoint.com"]
    },
    {
      "serviceName": "Exchange",
      "include": ["All"]
    }
  ]
}
Question 178mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. The exhibit shows an anti-phishing policy in Microsoft Defender for Office 365. Which users receive the highest level of protection?

Exhibit

{
  "name": "Phishing Campaign",
  "description": "Detect phishing emails based on URL reputation",
  "policyType": "AntiPhish",
  "state": "Enabled",
  "phishThresholdLevel": 2,
  "targetedUserProtection": {
    "enableTargetedUserProtection": true,
    "targetedUsers": ["ceo@contoso.com", "cfo@contoso.com"]
  },
  "spoofedSenderProtection": {
    "enableSpoofedSenderProtection": true,
    "action": "Quarantine"
  }
}
Question 179easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE statements about the Microsoft Service Trust Portal are true?

Question 180easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization wants to ensure that users can only access Microsoft 365 resources from compliant devices. Which security feature should you implement?

Question 181mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company is subject to GDPR and needs to respond to a data subject request to delete a user's personal data from Microsoft 365. Which Microsoft Purview solution should be used?

Question 182hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization has a Microsoft 365 E5 subscription and wants to centrally manage security incidents across identities, endpoints, and cloud apps. Which Microsoft solution provides this capability?

Question 183easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. You are reviewing a Conditional Access policy configuration. What is the effect of this policy on a user who signs in from a known device but with medium sign-in risk?

Exhibit

Refer to the exhibit.
```json
{
  "identitySafeguards": [
    {
      "condition": "SignInRiskLevel >= medium",
      "grantControls": [
        {
          "builtInControls": ["mfa"]
        }
      ]
    }
  ]
}
```
Question 184mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. An administrator configured a sensitivity label with auto-labeling for credit card numbers. What happens when a user creates a document containing a credit card number and saves it to SharePoint Online?

Exhibit

Refer to the exhibit.
```json
{
  "compliance": {
    "labelPolicies": [
      {
        "labelId": "12345",
        "settings": {
          "marking": {
            "encryption": "enabled",
            "protection": {
              "expirationDate": "2026-12-31",
              "allowOfflineAccess": false
            }
          },
          "autoLabeling": {
            "sensitiveInfoTypes": ["Credit Card Number"]
          }
        }
      }
    ]
  }
}
```
Question 185hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. The JSON shows compliance scores from Microsoft Purview Compliance Manager. Which action should the organization prioritize to improve its HIPAA compliance score?

Exhibit

Refer to the exhibit.
```json
{
  "tenantId": "contoso.onmicrosoft.com",
  "complianceRequirements": [
    {
      "regulation": "HIPAA",
      "complianceScore": 0.85
    },
    {
      "regulation": "GDPR",
      "complianceScore": 0.92
    }
  ],
  "recommendedActions": [
    {
      "actionId": "Enable MFA for all users",
      "impact": "high",
      "status": "open"
    }
  ]
}
```
Question 186easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization uses Microsoft 365 Copilot and wants to ensure that sensitive data is not exposed through AI-powered features. Which Microsoft Purview capability should be configured?

Question 187mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A healthcare organization must ensure that electronic protected health information (ePHI) in Microsoft 365 is encrypted both at rest and in transit. Which Microsoft 365 feature provides encryption for data in transit?

Question 188hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is adopting Microsoft 365 Copilot and wants to prevent the AI from using internal customer data in its training models. Which data protection option should be enabled?

Question 189mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are key capabilities of Microsoft Purview Communication Compliance? (Choose two.)

Question 190hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE of the following are included in Microsoft 365 E5 compliance features? (Choose three.)

Question 191easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are examples of security defaults in Microsoft Entra ID? (Choose two.)

Question 192mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE of the following are valid data subject rights under GDPR? (Choose three.)

Question 193hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are capabilities of Microsoft Priva? (Choose two.)

Question 194easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE of the following are key pillars of the Microsoft Trusted Cloud? (Choose three.)

Question 195hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company is deploying Microsoft 365 Copilot and wants to ensure that only users with the appropriate sensitivity labels can access Copilot-generated content. What should the administrator configure to enforce this requirement?

Question 196easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A user reports receiving a phishing email in their Outlook inbox. The organization uses Microsoft Defender for Office 365. Which feature should the user use to report the email to the security team?

Question 197hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An administrator configures the SharePoint Online sharing policy as shown in the exhibit. What is the result of this configuration?

Exhibit

Refer to the exhibit.
```json
{
  "displayName": "External Sharing Policy",
  "sharingAllowedDomainList": ["fabrikam.com"],
  "sharingBlockedDomainList": [],
  "sharingCapability": "ExternalUserAndGuestSharing",
  "requireExternalUserAcceptance": true
}
```
Question 198mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company uses Microsoft Purview Communication Compliance to detect inappropriate messages. Which action can an administrator take after reviewing a flagged message?

Question 199mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization wants to ensure that only compliant devices can access Microsoft 365 resources. They use Microsoft Intune for device management. Which policy should they configure?

Question 200hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An administrator is assigned the Global Reader role in Microsoft Entra ID as shown in the exhibit. What can this administrator do?

Exhibit

Refer to the exhibit.
```json
{
  "roleName": "Global Reader",
  "permissions": [
    "microsoft.directory/domains/allProperties/read",
    "microsoft.directory/users/allProperties/read",
    "microsoft.directory/groups/allProperties/read"
  ]
}
```
Question 201easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company needs to meet GDPR compliance requirements for data subject requests. Which Microsoft Purview tool should they use to manage these requests?

Question 202mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization uses Microsoft Defender XDR and wants to investigate a potential ransomware attack. Which portal should the security team use to see the full attack timeline?

Question 203easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A user needs to sign in to Microsoft 365 from an untrusted device. The company requires multifactor authentication (MFA) for all external access. Which Microsoft Entra ID feature enforces this requirement?

Question 204mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO components are part of Microsoft's Service Trust Portal?

Question 205hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE actions can be performed using Microsoft Purview Data Loss Prevention (DLP) policies?

Question 206easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO are true about Microsoft's data residency commitments in the Microsoft 365 Trust Center?

Question 207mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE are features of Microsoft Purview Information Protection?

Question 208hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO are valid data classification labels in Microsoft Purview?

Question 209easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE are core pillars of the Microsoft Trust Center?

Question 210easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization wants to ensure that data sent to Microsoft 365 is encrypted in transit. Which protocol should you enforce for all client connections?

Question 211mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A user reports receiving a phishing email that bypassed Exchange Online Protection (EOP). What should you configure to add a second layer of defense against sophisticated phishing attacks?

Question 212hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is required to retain all customer emails for 7 years due to industry regulations. The legal team also needs to be able to search and hold relevant emails during active litigation. Which two Microsoft Purview features should you implement? (Choose two.)

Question 213easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company uses Microsoft 365 and wants to ensure that when employees share sensitive documents externally, access is automatically revoked after 30 days. Which solution should you use?

Question 214mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A user accidentally shared a file containing credit card numbers with a partner organization. You need to prevent similar incidents and detect when such data is shared externally. What should you configure?

Question 215hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE capabilities are provided by Microsoft Purview Information Protection? (Choose three.)

Question 216mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is using Microsoft 365 Copilot. You want to ensure that Copilot uses only data that users have permission to access. Which principle does this enforce?

Question 217easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company is subject to the General Data Protection Regulation (GDPR). Which Microsoft 365 compliance feature helps you respond to a Data Subject Request (DSR) to export a user's personal data?

Question 218hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You are configuring a Communication Compliance policy to detect workplace harassment. The policy currently includes conditions for sensitive information types (credit card numbers, SSN) and keywords. After deployment, the policy generates many irrelevant alerts for routine HR communications that contain the keywords but no harassment. What should you modify to improve detection accuracy?

Exhibit

Refer to the exhibit.

```json
{
  "Policy": "Communication Compliance",
  "Configuration": {
    "Name": "Harassment Detection",
    "Scopes": ["AllUsers"],
    "Conditions": [
      {
        "ConditionType": "SensitiveInformationTypes",
        "SensitiveInfoType": ["CreditCardNumber", "USSocialSecurityNumber"]
      },
      {
        "ConditionType": "KeywordMatch",
        "Keywords": ["harass", "bully", "intimidate"]
      }
    ],
    "Actions": ["NotifyManager", "NotifyComplianceOfficer"]
  }
}
```
Question 219mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO Microsoft 365 security solutions are included in Microsoft Defender XDR (Extended Detection and Response)? (Choose two.)

Question 220easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that employees can access corporate email on personal mobile devices without the company being able to wipe the entire device. What should you use?

Question 221hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE statements about Microsoft Purview Audit (Standard) are true? (Choose three.)

Question 222mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is deploying Microsoft 365 Copilot. The compliance team is concerned that Copilot might expose sensitive data in its responses. What should you configure to prevent Copilot from using sensitive content?

Question 223hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You are reviewing an Azure Policy assignment in the exhibit. The policy set definition ID corresponds to the 'Microsoft cloud security benchmark' initiative. The effect is set to 'Deny'. What is the most likely outcome of this policy assignment?

Exhibit

Refer to the exhibit.

```json
{
  "policyAssignment": [
    {
      "policySetDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
      "parameters": {
        "effect": "Deny"
      },
      "scope": "/subscriptions/12345/resourceGroups/RG1"
    }
  ]
}
```
Question 224mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO are key capabilities of Microsoft Defender for Cloud Apps? (Choose two.)

Question 225mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company is deploying Microsoft 365 and needs to ensure that external sharing of sensitive documents is blocked. Which Microsoft Purview feature should they configure?

Question 226hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization uses Microsoft 365 Copilot and wants to ensure that AI-generated content is automatically labeled with a sensitivity label. What should they configure?

Question 227easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company needs to audit user activities in Microsoft 365 for compliance. Which tool should they use?

Question 228mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A user reports that they cannot access a SharePoint site that contains sensitive data. The administrator confirms the user is licensed and the site permissions are correct. What should the administrator check next?

Question 229hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization must comply with GDPR and needs to respond to a data subject access request (DSAR) within 30 days. Which Microsoft Purview solution helps search for personal data across Microsoft 365?

Question 230easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to prevent employees from forwarding sensitive emails outside the organization. Which Microsoft Purview feature should they use?

Question 231mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An organization uses Microsoft 365 Copilot and wants to ensure that Copilot responses are based only on data the user has permission to access. Which principle does this enforce?

Question 232hardmultiple choice
Read the full NAT/PAT explanation →

A company needs to enforce that all documents marked as 'Confidential' are encrypted and cannot be printed. Which combination of Microsoft Purview features should they use?

Question 233easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

An administrator needs to ensure that only compliant devices can access Exchange Online. Which Microsoft Entra ID feature should they configure?

Question 234mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO Microsoft 365 tools can help an organization detect and respond to insider data theft?

Question 235hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE Microsoft Purview features are part of the eDiscovery workflow for legal investigations?

Question 236easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO Microsoft 365 compliance centers provide tools for managing compliance requirements?

Question 237mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You have the above Microsoft Purview DLP policy JSON. What will this policy do?

Exhibit

Refer to the exhibit.

```json
{
  "policy": {
    "name": "Block External Sharing for Confidential",
    "mode": "enforce",
    "rules": [
      {
        "name": "Rule1",
        "condition": {
          "sensitivityLabel": "Confidential",
          "sharingType": "external"
        },
        "action": "blockAccess"
      }
    ]
  }
}
```
Question 238hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You run the above PowerShell cmdlets against Microsoft Entra ID. What is the output?

Exhibit

Refer to the exhibit.

```powershell
Get-MgUser -Filter "userprincipalname eq 'user@contoso.com'" | Get-MgUserMemberOf | Where-Object {$_.AdditionalProperties['@odata.type'] -eq '#microsoft.graph.group'} | Select-Object -Property DisplayName
```
Question 239hardmultiple choice
Read the full NAT/PAT explanation →

Contoso Ltd. is a multinational corporation with 10,000 employees. They have recently adopted Microsoft 365 E5 and want to implement a comprehensive security and compliance strategy. Their requirements include: 1) All sensitive emails must be encrypted in transit and at rest. 2) Access to SharePoint sites containing financial data must be restricted to employees from the finance department only, and only from compliant devices. 3) They need to detect and remediate insider threats involving data exfiltration via email and cloud storage. 4) They must comply with GDPR and be able to respond to DSARs within 30 days. 5) They want to use Microsoft 365 Copilot but ensure that Copilot only accesses data that users already have permission to see. Which combination of Microsoft 365 solutions should Contoso implement?

Question 240easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company is deploying Microsoft 365 and wants to ensure that customer financial data remains within the European Union. Which Microsoft 365 feature should the administrator configure?

Question 241mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization uses Microsoft 365 and needs to prevent sensitive patient data from being emailed externally. They have enabled Microsoft Purview Data Loss Prevention (DLP). What additional step should they take to ensure that end users are educated when they attempt to send such data?

Question 242hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. A Microsoft Purview sensitivity label policy is defined as shown. A user applies this label to a document in Microsoft 365. Which action will occur automatically?

Exhibit

{
  "policyname": "GDPR Compliance Policy",
  "labelid": "12345678-1234-1234-1234-123456789abc",
  "settings": {
    "encryptionenabled": true,
    "markinginfo": {
      "header": "CONFIDENTIAL",
      "footer": "This document is confidential."
    }
  },
  "protectionlevel": "high"
}
Question 243easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company is adopting Microsoft 365 and wants to ensure they can investigate security incidents across email, endpoints, and identities in a unified console. Which Microsoft 365 workload should they use?

Question 244mediummultiple choice
Read the full NAT/PAT explanation →

An organization uses Microsoft 365 and wants to automatically classify and protect sensitive data in SharePoint Online based on content patterns. Which Microsoft Purview solution should they implement?

Question 245hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation uses Microsoft 365 and must comply with the General Data Protection Regulation (GDPR). They need to respond to a data subject access request (DSAR) within the mandated timeframe. Which Microsoft Purview tool should they use to search for personal data across Exchange Online, SharePoint Online, and OneDrive for Business?

Question 246easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A company wants to ensure that only managed and compliant devices can access corporate email in Microsoft 365. Which Microsoft Entra ID capability should they configure?

Question 247mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

A financial services firm uses Microsoft 365 and must retain all business communications for 7 years to comply with SEC regulations. They also need to prevent users from permanently deleting emails. Which Microsoft Purview feature should they implement?

Question 248hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. A Microsoft Entra ID role assignment is shown. An administrator is assigned the Global Reader role with a condition. What is the effect of the condition?

Exhibit

{
  "role": "Global Reader",
  "scope": "/providers/Microsoft.Management/managementGroups/Contoso",
  "condition": "(!(ActionMatches('Microsoft.Authorization/roleAssignments/write')))",
  "description": "Read-only access to all resources in the management group"
}
Question 249mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO of the following are key benefits of using Microsoft Purview Information Protection? (Choose two.)

Question 250hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which THREE of the following are included in Microsoft Defender XDR? (Choose three.)

Question 251easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Which TWO are features of Microsoft Entra ID? (Choose two.)

Question 252hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You are the security administrator for Contoso, a global consulting firm with 10,000 employees. Contoso uses Microsoft 365 E5 and Microsoft Entra ID P2. The company has a strict policy that all sensitive client data must be encrypted at rest and in transit. Additionally, the legal team requires that any document labeled as 'Highly Confidential' must be automatically encrypted and cannot be printed or forwarded. You have created a sensitivity label called 'Highly Confidential' with encryption and a protection setting that restricts actions like printing. However, you notice that users are still able to print documents that have the label applied. After investigation, you find that the label is correctly configured but users are manually applying the label. What should you do to ensure the label is consistently applied and printing is blocked?

Question 253mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You are the compliance officer for Fabrikam, a medium-sized company with 500 users on Microsoft 365 Business Premium. Fabrikam must comply with the California Consumer Privacy Act (CCPA). The legal team has identified that they need to be able to respond to consumer requests to delete personal data within 45 days. They also need to ensure that personal data is not retained longer than necessary. You have been asked to configure Microsoft Purview to meet these requirements. Specifically, you need to search for and delete personal data when a deletion request is received, and set up a data retention policy to automatically delete personal data after 2 years. What should you do?

Question 254easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You are the IT administrator for a non-profit organization that uses Microsoft 365 Business Basic. The organization has 50 volunteers who use their own personal devices to access email and SharePoint Online. The board of directors wants to ensure that if a volunteer's device is lost or stolen, the organization's data on that device can be removed remotely. They also want to ensure that volunteers use multi-factor authentication (MFA) to access corporate resources. What should you do?

Question 255mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is deploying Microsoft 365 and needs to ensure that data stored in Exchange Online is protected against accidental deletion. You need to implement a solution that allows users to recover deleted emails for up to 30 days, but also enables administrators to recover items for up to 90 days. Which feature should you configure?

Question 256hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company uses Microsoft 365 and wants to ensure that data stored in SharePoint Online is only accessible from specific geographic regions. The company has offices in the US, EU, and Asia. You need to implement a solution that restricts access based on the user's physical location. Which feature should you configure?

Question 257easymulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your organization is planning to use Microsoft Purview to meet compliance requirements. Which TWO capabilities are part of Microsoft Purview? (Choose two.)

Question 258mediummulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

You are responsible for securing identities in Microsoft 365. Which THREE actions should you take to improve the security posture of user accounts? (Choose three.)

Question 259hardmulti select
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company is adopting Microsoft 365 Copilot and wants to ensure that data security and compliance requirements are met. Which THREE considerations should be addressed? (Choose three.)

Question 260mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Refer to the exhibit. You are reviewing a sensitivity label policy configuration in Microsoft Purview. What is the outcome of this configuration?

Exhibit

{
  "Version": "2024-03-15",
  "LabelSettings": {
    "DefaultLabelId": "4674b4c5-1234-5678-9101-123456789012",
    "MandatoryLabelType": "none",
    "DefaultSubLabelId": null,
    "PolicyBarsSettings": {
      "Enabled": true,
      "BarTitle": "Sensitivity",
      "BarColor": "#FF0000"
    }
  },
  "Labels": [
    {
      "Id": "4674b4c5-1234-5678-9101-123456789012",
      "DisplayName": "Public",
      "Description": "Public information",
      "Color": "#00FF00",
      "Sensitivity": 0,
      "Tooltip": "Public data",
      "Enabled": true
    },
    {
      "Id": "5678abcd-1234-5678-9101-123456789012",
      "DisplayName": "Confidential",
      "Description": "Confidential information",
      "Color": "#FF0000",
      "Sensitivity": 1,
      "Tooltip": "Confidential data",
      "Enabled": true
    }
  ]
}
Question 261easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Your company, Contoso Ltd., has a Microsoft 365 E5 subscription with 500 users. The IT department recently discovered that some employees are sharing sensitive customer data via email with external parties. You need to implement a solution that automatically detects and prevents the sharing of credit card numbers and social security numbers in emails. The solution should notify the sender when a potential violation occurs and allow them to override the block by providing a business justification. The compliance team must be able to review these overrides. What should you configure?

Question 262mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Northwind Traders is a legal firm that uses Microsoft 365 E5. They have strict regulatory requirements to retain all email communications for 7 years. Additionally, they need to ensure that employees cannot permanently delete emails before the retention period ends. The IT team has implemented a retention policy in Microsoft Purview to retain all Exchange Online mailboxes for 7 years after creation. However, users are still able to delete emails and permanently delete them from the Recoverable Items folder. You need to ensure that emails are preserved even if users try to delete them. What should you do?

Question 263hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Adventure Works is a global manufacturing company with 10,000 employees using Microsoft 365 E3. They have a hybrid identity setup with Microsoft Entra Connect syncing on-premises Active Directory to Microsoft Entra ID. The company wants to implement a zero-trust security model and has identified that many users still use weak passwords and do not use MFA. They want to enforce MFA for all users, but they also want to allow users to register for MFA on their own using the Microsoft Authenticator app. The security team is concerned about phishing attacks and wants to use a more secure MFA method. Additionally, they want to ensure that any new user created in on-premises AD is automatically enabled for MFA within 24 hours. What should you recommend?

Question 264easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Tailwind Traders uses Microsoft 365 Business Premium. They have 200 users and want to ensure that company data on mobile devices is protected. They have implemented Microsoft Intune for mobile device management (MDM). Now they need to ensure that if a device is lost or stolen, the company data on the device can be removed without affecting personal data. The devices are personally owned (BYOD). What should you configure?

Question 265mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Wide World Importers is a financial services company that must comply with GDPR. They use Microsoft 365 E5 and have enabled audit logging. The Data Protection Officer (DPO) needs to be able to search and export all audit records related to a specific user's activities for the past 90 days. The DPO is not a global admin and should only have permissions to view and export audit logs. You need to provide the DPO with the appropriate access. What should you do?

Question 266hardmultiple choice
Read the full NAT/PAT explanation →

Contoso Pharmaceuticals uses Microsoft 365 E5 with Microsoft Purview. They have a requirement to automatically classify and protect documents containing research and development (R&D) data. The R&D data is stored in SharePoint Online and is defined by a custom sensitive info type that matches a specific pattern (e.g., 'R&D-XXXX-XXXX'). They want to apply a sensitivity label called 'Highly Confidential' to any document containing this pattern. The label should encrypt the document and restrict access to members of the R&D team only. Additionally, they want users to be prompted to apply the label when they create a new document in the R&D site. What should you configure?

Question 267mediummultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Litware Inc. is a law firm that uses Microsoft 365 E5. They have a requirement to preserve all communications between attorneys and clients as legal hold for ongoing litigation. The legal team needs to identify and preserve all relevant emails and documents from specific users. The preservation should be indefinite until the hold is released. The IT team has enabled Litigation Hold for the mailboxes of the involved users. However, the legal team also needs to preserve documents in SharePoint Online and OneDrive for Business. What should you do to preserve the documents?

Question 268easymultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

South Ridge School District uses Microsoft 365 Education A5. They have 10,000 students and 1,000 staff. The district wants to ensure that student data is protected and that only authorized staff can access student records. They also need to comply with FERPA (Family Educational Rights and Privacy Act). The IT team has created security groups for teachers, administrators, and support staff. They want to restrict access to a specific SharePoint site containing student records to only the teachers group. Additionally, they want to prevent teachers from sharing the site with external users. What should you configure?

Question 269hardmultiple choice
Read the full Describe security, compliance, privacy, and trust in Microsoft 365 explanation →

Fabrikam Inc. is a technology company that uses Microsoft 365 E5. They have implemented Microsoft Defender XDR to monitor for threats. The security team wants to receive alerts when a user is compromised, such as when a user's credentials are used from an unusual location. They also want to automatically block the user from signing in until the risk is mitigated. You need to configure a solution that automatically detects and responds to such identity risks. What should you configure?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

MS-900 Practice Test 1 — 10 Questions→MS-900 Practice Test 2 — 10 Questions→MS-900 Practice Test 3 — 10 Questions→MS-900 Practice Test 4 — 10 Questions→MS-900 Practice Test 5 — 10 Questions→MS-900 Practice Exam 1 — 20 Questions→MS-900 Practice Exam 2 — 20 Questions→MS-900 Practice Exam 3 — 20 Questions→MS-900 Practice Exam 4 — 20 Questions→Free MS-900 Practice Test 1 — 30 Questions→Free MS-900 Practice Test 2 — 30 Questions→Free MS-900 Practice Test 3 — 30 Questions→MS-900 Practice Questions 1 — 50 Questions→MS-900 Practice Questions 2 — 50 Questions→MS-900 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Describe Microsoft 365 apps and servicesDescribe Microsoft 365 pricing, licensing, and supportDescribe cloud conceptsDescribe security, compliance, privacy, and trust in Microsoft 365Describe Microsoft 365 pricing and support

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Describe security, compliance, privacy, and trust in Microsoft 365 setsAll Describe security, compliance, privacy, and trust in Microsoft 365 questionsMS-900 Practice Hub