Practice SC-900 Describe the capabilities of Microsoft compliance solutions questions with full explanations on every answer.
Start practicing
Describe the capabilities of Microsoft compliance solutions — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A healthcare organization uses Microsoft Purview to protect patient health information (PHI). They need to identify sensitive data stored in Microsoft SharePoint Online and prevent unauthorized sharing. Which two Purview solutions should they implement? (Select all that apply.)
2A multinational corporation must comply with the General Data Protection Regulation (GDPR). They use Microsoft Purview Compliance Manager to manage compliance activities. The compliance manager wants to automatically assign each control to the appropriate team member for remediation. What should they configure?
3A company is subject to a legal hold for an ongoing investigation. The IT administrator must prevent the deletion of any documents related to this case across SharePoint Online and OneDrive, overriding any existing deletion policies. Which Microsoft Purview capability should the administrator use?
4A company wants to automatically apply a 'Confidential' sensitivity label to any document that contains a credit card number, and also encrypt the document as part of the label. Which two components must be configured to achieve this? (Choose two.)
5A company must retain all customer contracts for 10 years to comply with industry regulations. After 10 years, the contracts must be permanently deleted. Which Microsoft Purview solution should be used to automate this process?
6A healthcare organization uses Microsoft 365 and wants to prevent users from sending emails that contain patient health information (PHI) to external recipients. Which Microsoft Purview solution should they implement?
7A multinational corporation must retain all financial records for 7 years and then permanently delete them. The compliance officer wants to ensure that even a global administrator cannot modify or delete the retention policy. Which Microsoft Purview solution and configuration should they use?
8A company is subject to a legal investigation and must preserve all email communications related to the case for an indefinite period, even if users try to delete them. The compliance officer needs a solution that can place a hold on specific user mailboxes and prevent any permanent deletion of relevant content. Which Microsoft Purview feature should be used?
9A financial services organization needs to prevent communication between its research analysts and investment bankers to comply with regulatory requirements. Which Microsoft Purview solution should the compliance team implement?
10A financial institution uses Microsoft 365 and must ensure that Microsoft support engineers cannot access the institution's content (e.g., Exchange Online mailboxes, SharePoint sites) without explicit approval from the institution's compliance officer. The compliance officer needs to review and approve or reject each access request. Which Microsoft Purview feature should be configured?
11A financial services organization must prevent employees in the Research department from communicating via email or Microsoft Teams with employees in the Investment Banking department to avoid conflicts of interest. Additionally, they need to prevent any credit card numbers from being shared in emails sent to external recipients. Which combination of Microsoft Purview solutions should they implement?
12A company's security team needs to detect and investigate potential data theft by employees who have legitimate access to sensitive data. They want a solution that uses heuristics and behavioral analytics to identify risky user actions such as data exfiltration to personal cloud storage. Which Microsoft Purview solution should they use?
13A company must retain all vendor contracts for 10 years to meet regulatory requirements. After 10 years, the contracts must be permanently destroyed with no possibility of recovery. The compliance team wants to automate this lifecycle and ensure that during the retention period, the contracts cannot be edited or deleted by users. Which Microsoft Purview solution should they use?
14A compliance officer needs to evaluate their organization's security and compliance posture against multiple regulatory frameworks such as HIPAA, GDPR, and ISO 27001. The solution must provide a continuous assessment score, actionable improvement actions, and the ability to track implementation progress. Which Microsoft Purview solution should they use?
15A multinational corporation must comply with several regulatory frameworks, including GDPR, SOX, and HIPAA. The compliance officer wants to continuously assess the organization's compliance posture against these regulations, receive prioritized improvement actions, and track the implementation progress of those actions. Which Microsoft Purview solution should the compliance officer use?
16A financial services company must comply with a regulation that requires all audit-related documents to be retained for 7 years and then permanently deleted. The compliance officer wants to ensure that even if a user modifies or deletes a file, the original content is preserved for the full 7 years, and at the end of the period the files are automatically destroyed without any manual approval. The company uses Microsoft 365 and stores these documents in SharePoint Online and Microsoft Teams. Which Microsoft Purview solution should the compliance officer configure?
17A company receives a subject rights request (SRR) from a customer under GDPR, asking for the deletion of all personal data held about them. The compliance team needs a tool to orchestrate the discovery of this data across Microsoft 365 and other systems, and to track the response and fulfillment of the request. Which Microsoft Purview solution should they use?
18A law firm uses Microsoft 365 and has two legal teams working on opposing sides of the same lawsuit. The compliance officer needs to prevent any communication (email, Teams chat, file sharing) between the two teams. Additionally, the firm must block emails containing the case name from being sent outside the organization. Which two Microsoft Purview solutions should be configured to meet these requirements? (Choose two.)
19A legal team is involved in a lawsuit and needs to ensure that all emails and documents related to the case are preserved in their original state, even if users edit or delete them. They also need the ability to search for these items and export them for legal review. Which Microsoft Purview solution should the compliance team configure to meet these requirements?
20A multinational organization uses Microsoft 365 and must demonstrate compliance with both GDPR and ISO 27001. The compliance team needs a centralized tool to assess their current compliance posture against these frameworks, receive prioritized improvement actions, and track the implementation of those actions over time. Which Microsoft Purview solution should they use?
21A company has a policy that prohibits employees from sharing confidential customer data with unauthorized parties. The compliance team needs to detect patterns of unusual user activity that may indicate insider data theft, such as downloading large volumes of data to a personal device or emailing sensitive files to external recipients. They also want to investigate the activity and take remediation actions like generating a case for litigation or notifying the user's manager. Which Microsoft Purview solution should they use?
22A financial services firm is required by regulatory bodies to monitor employee communications (email, Teams chats) for potential insider trading or market manipulation. They need a solution that allows them to define policies to detect messages containing specific keywords or phrases (e.g., 'confidential', 'insider info'), and then assign flagged messages to designated reviewers for investigation. Which Microsoft Purview solution should they use?
23A company stores financial reports in SharePoint Online that contain credit card numbers. The compliance team needs to automatically apply a sensitivity label that encrypts the documents when they detect credit card data. Which Microsoft Purview solution should they configure?
24A financial services company uses Microsoft 365 and must prevent employees from emailing credit card numbers in plain text. The compliance team wants to automatically detect credit card numbers in outgoing emails and block them before delivery. They also want to allow users to override the block with a business justification. Which Microsoft Purview solution should they configure?
25A legal team is preparing for a lawsuit and needs to perform a detailed investigation of user activities across Microsoft 365 services. They need to view the 'before' and 'after' values whenever a critical item in SharePoint or Exchange is updated or deleted. The investigation requires high-volume export performance and the ability to search by specific activities like 'MailboxFolderAccess' and 'Send'. Which Microsoft Purview solution should be enabled and configured to meet these advanced auditing requirements?
26A company stores HR documents in SharePoint Online. The compliance team wants to automatically apply a sensitivity label that encrypts the document whenever it contains a passport number. They do not want users to be able to override this classification. Which Microsoft Purview solution should they configure?
27A legal team is preparing for litigation and needs to collect relevant data from Microsoft Teams chats, email, and SharePoint documents. They need to place a hold on the data to prevent deletion, review it, and then use advanced analytics such as relevance ranking and email threading to reduce the review set. Which Microsoft Purview solution should they use to perform these tasks?
28A company stores sensitive financial data on on-premises Windows Server file shares. The compliance team needs to automatically discover files containing credit card numbers, classify them by applying a sensitivity label, and optionally enforce protection actions like encryption. They want this solution to run on the on-premises file servers without needing to manually scan. Which Microsoft Purview solution should the compliance team deploy?
29A financial services organization must comply with a regulation that requires all communications related to trades (including emails and Teams messages) to be retained for a period of 7 years. During retention, no user may edit or delete these records. After the 7 years, the records must be disposed of with an irreversible deletion that is verified by a compliance officer. Which Microsoft Purview solution should the organization use to enforce both retention and regulatory disposition?
30A financial services company is subject to regulations that require monitoring of employee communications for potential market manipulation. The compliance team needs to create policies that automatically detect messages containing phrases like 'insider info' or 'confidential trade' in Microsoft Teams chats and Exchange Online emails. Detected messages should be routed to designated reviewers for investigation, and the company wants a built-in Microsoft Purview solution to handle this process. Which Microsoft Purview solution should they use?
31A government agency has extremely sensitive classified data that must be protected even from Microsoft. They require a solution where the encryption keys are stored and managed on-premises within their own hardware security module (HSM), ensuring that Microsoft cannot decrypt their data. Which Microsoft Purview solution should they implement?
32A company uses Microsoft 365. The compliance team needs to create a policy that automatically blocks outgoing emails that contain personally identifiable information (PII) such as social security numbers. However, they want to allow users to override the block with a business justification if necessary. Which Microsoft Purview solution should they configure?
33A healthcare organization must comply with HIPAA regulations. They store patient health information (PHI) in SharePoint Online documents. The compliance team needs to automatically detect PHI (e.g., medical record numbers) in documents, apply a sensitivity label that encrypts the document, and prevent users from removing that label. Which Microsoft Purview solution should they configure?
34A large enterprise is concerned about insider threats. The compliance team needs to detect and investigate potential data theft scenarios, such as when employees nearing their resignation date suddenly copy large amounts of sensitive data to USB drives or email confidential files to personal accounts. They require a solution that uses machine learning to identify risky activities and create alerts for investigation. Which Microsoft Purview solution should they deploy?
35A financial services firm has a strict compliance requirement to prevent insider trading. The firm must ensure that employees in the Investment Banking division cannot communicate or share documents via Microsoft Teams and SharePoint Online with employees in the Equity Research division. The solution must automatically block all communication and collaboration between the two groups, and any attempts to share must be denied. Which Microsoft Purview solution should they implement?
36A company operates in multiple countries and must comply with GDPR (EU) and CCPA (California). The compliance officer needs a single tool to assess the company's compliance posture against both regulations, get a consolidated compliance score, and receive prioritized improvement actions that can be assigned to responsible teams. The tool should also track progress over time. Which Microsoft Purview solution should the compliance officer use?
37A compliance officer needs to investigate a potential data exfiltration incident. They must search the unified audit log for all activities where users accessed a specific sensitive SharePoint site in the last 7 days. Additionally, they need to create a custom alert that triggers when more than 10 file downloads occur from that site within an hour. Which Microsoft Purview solution should they use?
38A legal department is preparing for litigation. They need to preserve all potentially relevant content in Exchange Online, SharePoint Online, and Teams to prevent deletion or modification. Additionally, they must search across these locations for specific keywords and export the results for external review. Which Microsoft Purview solution should they use?
39A company uses Microsoft Purview. A compliance officer applies a retention label to a set of legal documents and configures the label to mark the items as records. After the label is applied, a user attempts to delete one of these documents from SharePoint Online. What will be the outcome?
40A multinational corporation stores highly sensitive intellectual property in SharePoint Online. To meet regulatory requirements, they need an additional layer of encryption beyond Microsoft's baseline encryption. The company wants to manage their own encryption keys using Azure Key Vault, so that if they remove the key from the service, the data becomes unreadable. Which Microsoft Purview solution should they implement?
41A company wants to monitor employee communications in Microsoft Teams and Exchange Online for potential policy violations such as harassment or inappropriate sharing of confidential information. They need a solution that allows them to define policies, review flagged messages, and manage investigations. Which Microsoft Purview solution should they use?
42A multinational corporation has data stored across multiple clouds (Azure, AWS) and on-premises. The data governance team needs to create a single inventory of all data assets, automatically classify sensitive data (e.g., credit card numbers) across these sources, and track how data moves and transforms (lineage). Which Microsoft Purview solution should they use?
43A company uses Microsoft Purview to manage data lifecycle. They configure a retention label that marks content as a regulatory record and apply it to sensitive documents. A user with edit permissions attempts to modify a document that has this label applied. What will be the outcome?
44A financial services company is required by regulation to prevent sensitive customer financial information from being shared externally via email. The compliance team wants to automatically scan all outgoing emails for patterns that match credit card numbers or account numbers. If a match is found, the email should be blocked and the sender should receive a policy tip. Which Microsoft Purview solution should be configured?
45A healthcare organization must comply with HIPAA regulations. They need to automatically detect and classify sensitive health information such as medical record numbers stored in SharePoint Online and OneDrive. When detected, the solution should apply encryption and restrict access to only authorized personnel. Which Microsoft Purview solution should they configure?
46A healthcare organization subject to HIPAA regulations stores patient health information (PHI) in SharePoint Online and OneDrive. The compliance team needs to automatically detect and classify medical record numbers and other PHI when documents are uploaded. Detected sensitive content must be protected by encryption and restricted to authorized users only. Additionally, the team wants to prevent users from sharing such documents externally. Which TWO Microsoft Purview solutions should they combine to achieve these requirements? (Choose two.)
47A compliance officer is tasked with continuously assessing the organization's compliance posture against GDPR and ISO 27001. The solution should generate a compliance score based on implemented controls, provide recommended improvement actions, and track remediation progress over time. Which Microsoft Purview solution should they use?
48An organization's security team needs to investigate a security incident that occurred two months ago. They need to search the unified audit log for specific activities performed by a user, such as file access, email actions, and sign-in events, to understand the scope of the compromise. Which Microsoft Purview solution provides these audit log search capabilities?
49A company is involved in litigation. The legal team needs to preserve all relevant electronic documents that reside in Exchange Online, SharePoint Online, and OneDrive for Business. They must prevent users from deleting or modifying these documents while the lawsuit is active. Additionally, they need to search across these locations for specific keywords and export the results for review. Which Microsoft Purview solution should they use?
50A data analyst is planning to leave the company in two weeks and has access to a large volume of sensitive customer data. The compliance team wants to detect if the analyst starts downloading large amounts of files to a personal USB drive or sending sensitive content to an external email address. They need to set up a policy that alerts on such anomalous data exfiltration activities without blocking operations until a thorough investigation is completed. Which Microsoft Purview solution should they configure?
51A legal team is preparing for an internal investigation related to a potential policy violation. They need to identify all relevant documents stored in Exchange Online and SharePoint Online, but there are millions of items across the organization. The team wants to use a machine learning model that learns from a set of manually reviewed relevant and non-relevant documents to predict relevance and prioritize review. Which Microsoft Purview solution provides this capability?
52An organization needs to detect and address potential policy violations in Microsoft Teams chat messages and channel conversations. They want to configure a policy that automatically scans for keywords related to confidential information and for sensitive data patterns like credit card numbers. When a violation is found, the policy should notify the user and their manager, and optionally escalate to a designated reviewer. Which Microsoft Purview solution should they configure?
53A legal team is managing a large litigation case involving over two million documents in SharePoint Online and Exchange Online. They want to reduce the time required for manual review by using a machine learning model that learns from a seed set of relevant and non-relevant documents and then predicts the relevance of the remaining documents. Which Microsoft Purview solution provides this advanced analytical capability?
54A legal team needs to preserve all electronic documents related to an ongoing lawsuit. These documents reside in Exchange Online mailboxes, SharePoint Online sites, and OneDrive for Business accounts. The team also needs the ability to search across these locations for specific keywords and export the results for review. Which Microsoft Purview solution should they use?
55A financial services company is required by the Payment Card Industry Data Security Standard (PCI-DSS) to retain all documents containing credit card numbers for at least seven years. The compliance team has created a custom sensitive information type (SIT) to detect credit card numbers in Microsoft 365. They want to automatically apply a retention label (e.g., "7-Year Retention") to any document in SharePoint or OneDrive that matches this SIT. Which Microsoft Purview solution should they configure to apply the label automatically based on content?
56A company wants to monitor Microsoft Teams messages and corporate emails for policy violations related to potential harassment and inappropriate behavior. They need a solution that allows them to define policies with conditions (e.g., keywords, patterns), automatically flag suspicious conversations, and optionally send notifications to the sender or escalate to a reviewer. Additionally, they need the ability to train employees when a minor violation is detected. Which Microsoft Purview solution should they use?
57A multinational corporation wants to detect scenarios where employees in the finance department are accessing and downloading customer credit card data from a CRM system and then emailing that data to personal accounts. The security team needs to define policies that identify this pattern of activity, analyze user behavior over time (e.g., building a user's baseline), and automatically escalate high-risk incidents for investigation. Which Microsoft Purview solution should they deploy?
58A company stores customer data in Microsoft 365 and needs to identify which data is subject to GDPR. Which Microsoft Purview solution should be used?
59An organization wants to automatically retain emails for 7 years and then delete them. They also need to place a legal hold on specific users' mailboxes to preserve all emails during litigation. Which combination of Microsoft Purview features should they use?
60A multinational corporation must comply with regulations that require them to keep financial records for 7 years and then permanently delete them. However, they are currently involved in litigation that requires preservation of all documents related to a specific project. They use Microsoft Purview. Which combination of features should they use to meet both requirements?
61A company wants to monitor internal communications for inappropriate content such as harassment or threats, and also prevent employees from accidentally sharing credit card numbers via email. Which combination of Microsoft Purview solutions should they use?
62A financial organization is required by regulation to keep all customer transaction records for 10 years. After 10 years, the records must be permanently deleted. In addition, during the retention period, records must not be modifiable or deletable by any user, including administrators. Which Microsoft Purview solution should they use to meet these requirements?
63A company uses Microsoft 365 and needs to comply with a regulatory requirement to retain all customer contracts for 5 years after the contract's end date, after which they must be automatically deleted. Additionally, the legal department needs the ability to preserve all documents related to an ongoing lawsuit, overriding any deletion timelines. Which Microsoft Purview solution should the company use?
64A healthcare organization must demonstrate compliance with HIPAA by assessing their current posture against regulatory controls, tracking improvement actions, and generating reports for auditors. Which Microsoft Purview solution should they use?
65A company is involved in litigation and needs to search for specific emails and documents across Exchange Online, SharePoint Online, and Teams. They also need to place a hold on relevant content to prevent deletion. Which Microsoft Purview solution should they use?
66A company uses Microsoft Purview Compliance Manager to improve their compliance posture. They are preparing for a SOC 2 audit and need to score compliance with SOC 2 controls, track improvement actions, and assign tasks to responsible teams. Which component of Compliance Manager should they use to assign and track specific actions to improve their compliance score?
67A financial institution uses Microsoft 365 and needs to prevent employees from accidentally sharing sensitive financial data (e.g., account numbers) via email. They also need to inform the sender with a policy tip if they attempt to send such data and block the email if it's shared externally. Which Microsoft Purview solution should they use?
68A company uses Microsoft 365 and needs to identify and protect sensitive data, such as credit card numbers, stored in SharePoint Online and OneDrive for Business. They also want to prevent users from sharing this data externally. Which Microsoft Purview solution should they use?
69A financial services company uses Microsoft Purview and must comply with a regulation that requires communication surveillance for market abuse. They need to capture all electronic communications (email, Teams chats) of traders and scan for specific keywords and trading patterns. Which Microsoft Purview solution is specifically designed for this?
70A security team is investigating a data exfiltration incident. They need to see detailed events such as when a user accessed a file, the exact action (read, write, delete), and the file name. They also need to perform custom searches across all users. Which Microsoft Purview audit solution should they use to meet these requirements?
71A compliance officer needs to retain customer records for 7 years and then automatically delete them. However, during an ongoing legal case, the legal team must preserve specific documents indefinitely without affecting the retention policy for other documents. Which combination of Microsoft Purview solutions should the company use?
72A financial services organization needs to automatically classify and protect sensitive documents containing credit card information in SharePoint Online and OneDrive for Business. They want a purple-colored label to be applied automatically when the document is saved, and the document should be encrypted with a predefined template that restricts editing to internal users only. Which Microsoft Purview solution should they configure?
73A company is involved in litigation and needs to preserve all Exchange Online mailboxes and SharePoint sites related to the case. The legal team also requires the ability to search, review, and export relevant content. Which Microsoft Purview solution should they use?
74A company uses Microsoft 365. The compliance department requires that all financial documents be retained for 10 years and then automatically deleted, while marketing documents must be retained for 3 years and then deleted. Additionally, they want to apply a default retention policy to all SharePoint Online sites. Which Microsoft Purview solution should the company use?
75A company uses Microsoft 365 and needs to classify and protect sensitive documents by applying encryption and visual markings (headers/footers) based on the content's sensitivity. They also want to automatically revoke access to documents that leave the organization. Which Microsoft Purview solution should they configure?
76A company wants to detect potentially malicious insider activities, such as employees copying large volumes of files to external drives or sending sensitive emails to personal accounts. The security team needs to investigate these activities with visual timelines and assign cases for review. Which Microsoft Purview solution should they use?
77A compliance officer wants a central dashboard to assess the organization's compliance posture against regulatory standards such as GDPR and ISO 27001. They need actionable recommendations to improve their compliance score and track progress over time. Which Microsoft Purview solution should they use?
78A healthcare organization must comply with HIPAA. They need to automatically detect protected health information (PHI) such as medical record numbers in outgoing email, prevent users from sharing these emails with unauthorized external recipients, and apply a retention label that retains PHI emails for six years. Which Microsoft Purview solution should they use?
79A company uses Microsoft 365 and needs to automatically apply a retention label to documents that contain personally identifiable information (PII) in SharePoint Online. The label should retain the documents for 5 years and then delete them. Which Microsoft Purview solution should they use?
80A compliance officer needs to identify and monitor potentially risky user activities, such as users copying large amounts of data to external devices or sharing sensitive files with unauthorized recipients. They want to create a policy that detects these activities and automatically escalates them for investigation. Which Microsoft Purview solution should they use?
81A healthcare organization must comply with HIPAA. They need to automatically detect protected health information (PHI) in emails sent from Exchange Online, prevent users from sharing these emails with unauthorized external recipients, and apply a retention label that retains PHI emails for six years. Which Microsoft Purview solution should they configure?
82A financial organization needs to automatically detect documents containing credit card numbers in SharePoint Online and apply a sensitivity label that encrypts the document and restricts editing to internal users. The label must also be automatically assigned when the sensitive content is detected. Which Microsoft Purview solution should they configure?
83A security team needs to investigate a potential data leak where an employee may have emailed sensitive customer information to a competitor. They want to search the unified audit log for specific email activities, such as 'Send' or 'Forward', and generate a detailed report. Which Microsoft Purview solution should they use?
84A company needs to ensure that employees cannot share sensitive financial reports with external parties via email. They want to automatically detect and block emails that contain the phrase 'Confidential-Financial' in the subject line or body, regardless of the recipient's domain. Which Microsoft Purview solution should they configure?
85A financial services firm must monitor employee communications (email and Microsoft Teams) for potential insider trading. The compliance team wants to automatically detect messages containing specific financial keywords (e.g., 'non-public material information') and flag them for review. They also need to be able to remove violating messages from recipients' inboxes. Which Microsoft Purview solution should they configure?
86A company needs to automatically detect and protect sensitive information such as credit card numbers in emails sent from Exchange Online and documents stored in SharePoint Online. They want to create policies that can block emails if such data is detected, and also automatically encrypt documents with specific labels. Which Microsoft Purview solution should they use?
87A security team needs to investigate a potential data breach that may involve unauthorized access to sensitive files in SharePoint Online and OneDrive for Business. They want to search the unified audit log for file access events, including accesses from mobile devices and third-party applications. Additionally, they need to create custom alert policies that trigger when specific high-privilege users download large volumes of files in a short period. Which Microsoft Purview solution should they use?
88A compliance officer needs to automatically detect documents containing passport numbers in SharePoint Online and apply a retention label that retains the documents for 10 years before deleting them. They also want to prevent users from permanently deleting these documents before the retention period ends. Which Microsoft Purview solution should they use to achieve this?
89A legal team is handling a lawsuit and needs to gather all electronically stored information (ESI) related to a specific case from across Microsoft 365, including emails, Teams messages, and SharePoint documents. They need to place a hold on the custodians' data to prevent deletion or modification, and then collect, review, and export the data. Which Microsoft Purview solution should they use?
90A financial organization needs to automatically detect emails containing the phrase 'Non-Public Material Information' and apply a retention policy that retains those emails for 7 years. They also need to train senders with a policy tip before sending, and if they still send the email, it should be encrypted and blocked from being forwarded outside the organization. Which Microsoft Purview solution should they use?
91An organization is subject to regulatory requirements that mandate retention of employee records for 5 years after termination. After the retention period, the records must be permanently deleted. The compliance team wants to automatically enforce this process across all Microsoft 365 locations (Exchange, SharePoint, Teams). Which Microsoft Purview solution should they configure?
92A healthcare organization must automatically detect documents containing patient health information (PHI) in SharePoint Online and apply a retention label that retains the documents for 10 years. Additionally, they want to prevent users from permanently deleting these documents during the retention period. Which Microsoft Purview solution should they use to achieve this?
93A financial company needs to prevent any communication between their mergers and acquisitions (M&A) team and the trading desk across all Microsoft 365 channels, including email, Microsoft Teams, and SharePoint. They must ensure that no user in one group can send emails to or chat with users in the other group. Which Microsoft Purview solution should they implement?
94A company must retain all customer service emails in Exchange Online for 7 years for regulatory purposes. After 7 years, the emails must be automatically deleted. Additionally, employees must not be able to permanently delete these emails before the retention period ends. Which Microsoft Purview solution should they configure?
95A company must comply with the General Data Protection Regulation (GDPR). They need a unified solution that provides a compliance score, actionable recommendations to improve their security posture, and the ability to track their progress over time. Additionally, they want to assign improvement actions to specific teams and automate the collection of evidence for controls. Which two Microsoft Purview solutions should the administrator use? (Select two.)
96A financial services company needs to monitor employee communications in Microsoft Teams and Exchange Online for potential policy violations, such as sharing insider trading tips. They want to automatically detect specific keywords and phrases, and then allow designated reviewers to flag and escalate the messages. Which Microsoft Purview solution should they use?
97A company wants to automatically detect emails in Exchange Online that contain credit card numbers and apply encryption to those emails before they are sent. Which Microsoft Purview solution should the administrator configure?
98A security team needs to investigate a potential data breach in Microsoft 365. They require detailed forensic logs showing every instance of mailbox access, mailbox search performed by administrators, and changes to email forwarding rules in Exchange Online. The logs must be retained for 1 year. Which Microsoft Purview solution should they use?
99A law firm uses Microsoft 365. They must retain all client communication records for 10 years due to regulatory requirements. After 10 years, the records must be permanently deleted. Additionally, they need to ensure that users cannot permanently delete these records before the retention period ends. Which Microsoft Purview solution should they configure?
100A company uses Microsoft 365 and needs to automatically detect documents in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. When such documents are detected, they want to apply a sensitivity label that encrypts the document and restricts access to only the compliance team. Which Microsoft Purview solution should they use?
101A company must retain all HR documents stored in SharePoint Online for exactly 7 years. After 7 years, the documents must be automatically deleted. Additionally, employees must not be able to permanently delete these documents before the retention period ends. Which Microsoft Purview solution should they configure?
102A multinational corporation must comply with several regulations including GDPR, ISO 27001, and NIST. They need a single solution that provides a compliance score, tracks their progress, and recommends specific improvement actions that can be assigned to different departments. Which Microsoft Purview solution meets these requirements?
103A company uses Microsoft 365 and needs to prevent employees in the Mergers & Acquisitions (M&A) department from communicating with employees in the Trading department via Microsoft Teams chat, email, and SharePoint sharing. They must ensure that these restrictions are automatically enforced by Microsoft 365. Which Microsoft Purview solution should the administrator configure?
104A company is involved in a legal dispute and must preserve all emails and documents related to the case. The legal team needs to identify specific custodians (employees) and place a hold on their Exchange Online mailboxes and SharePoint sites to prevent any deletion or alteration of relevant content. Additionally, they need to collect the preserved data for review and analysis. Which Microsoft Purview solution should they use?
105A company wants to create a sensitivity label called 'Highly Confidential' in Microsoft 365. When applied to a document, the label should automatically encrypt the document and restrict access to employees in the finance department only. Which Microsoft Purview solution should the administrator use to configure this label?
106A company uses Microsoft 365 and wants to automatically detect when employees attempt to share credit card numbers in emails or Microsoft Teams messages. The company also wants to block the message if it contains such sensitive data, and notify the sender with a policy tip. Which Microsoft Purview solution should the administrator configure?
107A company has a SharePoint Online site that stores project documents. Due to legal requirements, all documents in this site must be retained for exactly 5 years from the date they were created, and then automatically deleted. No user should be able to permanently delete a document before the retention period ends. Which Microsoft Purview solution should the administrator configure?
108A financial services firm must comply with regulatory requirements that mandate supervisory review of communications between advisors and clients. They need to automatically capture emails and Microsoft Teams messages from a specific group of advisors, assign them to a supervisor for review, and flag messages containing potential code words for insider trading. Which Microsoft Purview solution should they use?
109A company needs to retain all customer emails for 7 years for regulatory compliance. After 7 years, they must be permanently deleted. They also need a legal hold for an ongoing investigation. Which Microsoft Purview solution should they use for the retention and deletion requirement?
110A company has a SharePoint Online library containing legal contracts. They must satisfy a regulatory requirement that contracts cannot be modified or deleted after they are signed. Additionally, they need to retain the contracts for 10 years after the contract end date, after which they can be disposed of manually. Which Microsoft Purview solution should they implement?
111A consulting firm is involved in a legal investigation. They need to preserve all emails and documents from two specific employees (custodians) related to a contract dispute. The data must be collected and stored in a secure location for legal review without modifying the original data. Which Microsoft Purview solution should they use?
112A multinational company uses Microsoft 365 and has a retention policy that automatically applies a 7-year retention label to any document containing a credit card number. The retention label must be automatically applied at the time the document is created or modified. Which Microsoft Purview solution should the administrator use to configure this automatic labeling rule?
113A company uses Microsoft 365 and wants to automatically apply a 3-year retention label to any document that contains a patent number in the format PAT-XXXXXX. The label should be applied at the time the document is created or modified. Which Microsoft Purview solution should the administrator configure?
114A company is required by a compliance regulation to retain all user and admin activity audit logs for 2 years. They also need the ability to perform faster, historical searches on this audit data. Which Microsoft Purview solution should they use?
115A company wants to proactively detect and investigate potential insider security risks, such as a departing employee copying large amounts of data to a personal USB drive or sharing confidential files with unauthorized individuals. Which Microsoft Purview solution should they use?
116A healthcare organization uses Microsoft 365 and must comply with HIPAA regulations. They need to assess their current compliance posture, identify gaps, and implement improvement actions. They want a tool that provides a compliance score based on best practices and regulatory frameworks, and offers recommended actions to improve the score. Which Microsoft Purview solution should they use?
117A company uses Microsoft 365 and must comply with a regulation that requires all business records, including emails and documents, to be retained for exactly 5 years. They need to automatically apply a retention label to any item that contains the keyword 'Contract' when the item is created or modified. Which Microsoft Purview solution should they use to configure this automatic labeling?
118A financial services company uses Microsoft 365 and must comply with PCI DSS. They want to automatically prevent users from sending emails that contain credit card numbers to external recipients. If a user tries to send such an email, the system should block the message and notify the user with a policy tip. Which Microsoft Purview solution should they configure?
119A healthcare organization uses Microsoft 365. They need to prevent employees from sharing emails or documents that contain patient medical record numbers (MRNs) with external recipients. If an attempt is made, the message should be blocked and the sender should receive a policy tip notification. Which Microsoft Purview solution should they configure?
120A company is involved in a lawsuit. The legal team needs to preserve all emails, documents, and Teams messages from five key employees (custodians) that are related to a specific project. The data must be collected securely and provided for legal review without modifying the original data. Which Microsoft Purview solution should they use?
121A company is involved in a legal case and must preserve all emails and documents sent by a specific employee (custodian) that are related to a particular matter. The legal team needs to collect this data into a tamper-proof container for review, ensuring that no original items are modified or deleted. Which Microsoft Purview solution should they use?
122An organization uses Microsoft 365. They need to prevent users from sharing credit card numbers in emails and Microsoft Teams messages. When a user attempts to share such sensitive information externally, the message should be blocked and the user should receive a policy tip notification. Which Microsoft Purview solution should they configure?
123A company must retain all financial records for exactly 7 years and then automatically delete them. They need to automatically apply a retention label to any document that contains the words 'Invoice' or 'Statement'. Which Microsoft Purview solution should they use?
124Arrange the steps to conduct a data classification scan using Microsoft Purview Information Protection.
125Order the steps to deploy Microsoft Intune for mobile device management.
126Match each security control type to its example.
127Match each compliance framework to its primary focus.
128Your organization uses Microsoft Purview to enforce data loss prevention (DLP) policies. You need to ensure that when a user attempts to share a document containing credit card numbers via email, the document is blocked and the user receives a policy tip. What should you configure in the DLP policy?
129Your company uses Microsoft Purview Communication Compliance to detect and remediate inappropriate messages. You need to create a policy that monitors Microsoft Teams chats for potential harassment. Which type of policy should you create?
130Your organization is implementing Microsoft Purview to manage data governance. You need to classify sensitive data such as social security numbers automatically. What should you create?
131Your organization uses Microsoft Purview Data Lifecycle Management to retain data for regulatory compliance. You need to ensure that all documents in a SharePoint site are retained for 7 years after they are last modified. What should you create?
132Your organization uses Microsoft Purview eDiscovery to manage legal holds. You need to place a hold on mailboxes and OneDrive accounts for a specific user who is involved in a litigation. Which eDiscovery solution should you use?
133Your organization wants to classify documents based on whether they contain confidential business information like trade secrets. You need to use a classifier that learns from example documents. What should you use?
134Your organization uses Microsoft Purview Records Management to manage high-value records that must not be deleted. You need to apply a label that marks content as a regulatory record. What label type should you use?
135Your organization needs to ensure that emails containing personally identifiable information (PII) like passport numbers are automatically encrypted before being sent externally. What should you configure in Microsoft Purview?
136Your organization wants to audit all activities related to accessing sensitive files in Microsoft SharePoint. Which Microsoft Purview solution should you use?
137Which TWO Microsoft Purview features can be used to automatically classify and protect sensitive data in documents?
138Which THREE actions can Microsoft Purview Data Loss Prevention (DLP) policies perform when a sensitive data match is detected?
139Which TWO Microsoft Purview compliance solutions are used to manage data retention and deletion?
140A compliance administrator configures the above retention policy. A document created on January 1, 2025, in SharePoint Online will be retained until when?
141A security analyst runs the above KQL query in Microsoft Sentinel. What is the primary purpose of this query?
142A compliance administrator creates the above custom sensitive information type for detecting social security numbers (SSNs). What is required for a document to be classified as containing an SSN?
143Your organization needs to retain all customer communications data for 7 years due to regulatory requirements. Which Microsoft Purview solution should you use?
144A compliance officer wants to automatically classify emails containing credit card numbers as 'Highly Confidential' and apply encryption. Which Microsoft Purview feature should be used?
145Your organization is implementing Microsoft Purview Information Protection and needs to ensure that files shared externally cannot be forwarded or printed. Which protection mechanism should be applied?
146Your legal team needs to search for all emails from a specific executive that mention a project name 'ProjectX' for a litigation hold. Which Microsoft Purview tool should they use?
147A company wants to automatically detect and remediate inappropriate messages in Microsoft Teams. Which Microsoft Purview solution should be configured?
148Your organization uses Microsoft Purview to manage data classification. You need to ensure that a specific Azure Blob Storage account is automatically classified for sensitivity labels. Which step is required?
149A user receives a sensitivity label that automatically marks the email as 'Confidential' and prevents forwarding. The label was applied without user intervention. Which mechanism most likely applied the label?
150Your organization needs to audit all changes to sensitive files in SharePoint Online for at least 180 days. Which Microsoft Purview feature should be enabled?
151A company wants to prevent users from sharing files containing personally identifiable information (PII) with external recipients. They also need to notify users if they attempt to share such files. Which Microsoft Purview solution should be configured?
152Which TWO Microsoft Purview solutions are primarily used for investigating and responding to compliance incidents?
153Which THREE actions can be performed by Microsoft Purview Data Loss Prevention (DLP) policies?
154Which TWO Microsoft Purview solutions can help protect sensitive data in Microsoft Teams?
155Refer to the exhibit. You are reviewing a Microsoft Purview DLP policy configuration for a compliance team. What is the effect of this policy?
156Refer to the exhibit. You are analyzing a Microsoft Purview Data Lifecycle Management retention policy. What is the outcome of this policy?
157Refer to the exhibit. You are reviewing the results of a Microsoft Purview eDiscovery search. Which statement is correct about the search results?
158A company is implementing Microsoft Purview to classify sensitive data. They need to automatically detect credit card numbers in emails and apply a retention label. Which solution should they use?
159An organization uses Microsoft Purview Information Protection. They want to ensure that when a user manually applies a 'Highly Confidential' sensitivity label to a document, the label is automatically applied to any new content pasted from that document into another app. Which configuration should they enable?
160A compliance officer needs to search for emails containing trade secrets across all mailboxes in the organization. Which Microsoft Purview solution should they use?
161Your organization is required to retain all HR-related documents for 7 years after an employee leaves. After that period, the documents must be permanently deleted. Which two Microsoft Purview features should you use together?
162Refer to the exhibit. A Microsoft Purview retention policy is configured as shown. Which statement about this policy is accurate?
163A company wants to automatically prevent users from sharing files containing personal data (e.g., passport numbers) via email. Which Microsoft Purview solution should they configure?
164Your organization uses Microsoft Purview to manage records. For legal reasons, you need to preserve all documents related to a specific litigation case and prevent any modification or deletion. Which feature should you use?
165An organization uses Microsoft Purview Compliance Manager. They need to track their progress against a specific regulatory standard and assign improvement actions to different teams. Which component should they use?
166A compliance administrator needs to generate a report showing all user activities related to accessing highly sensitive documents in SharePoint. Which Microsoft Purview solution should they use?
167Which TWO of the following are capabilities of Microsoft Purview Information Protection?
168Which THREE of the following are features of Microsoft Purview Compliance Manager?
169Which TWO of the following are valid uses for Microsoft Purview eDiscovery?
170Refer to the exhibit. An administrator creates a DLP rule as shown. What is the expected outcome when a user tries to share a file containing a U.S. Social Security Number with an external recipient?
171Refer to the exhibit. A sensitivity label is configured as shown. Which statement about the label's behavior is accurate?
172An organization uses Microsoft Purview Communication Compliance. They need to monitor Microsoft Teams messages for potential insider trading language. What should they configure?
173Your organization needs to automatically detect and prevent accidental sharing of sensitive data in Microsoft Teams messages. Which Microsoft Purview solution should you use?
174Your company is implementing records management for legal retention requirements. Documents must be locked and cannot be modified or deleted after a specific event. Which Microsoft Purview capability should you use?
175A multinational corporation must comply with GDPR and requires that personal data of EU users be retained for a maximum of 90 days after account closure. After that, all personal data must be permanently deleted. Which combination of Microsoft Purview capabilities should be used?
176Your organization uses Microsoft 365 and wants to classify and protect documents based on their content, such as credit card numbers. Which Microsoft Purview feature automatically classifies content based on sensitive information types?
177Your company uses Microsoft Purview Data Lifecycle Management. You need to ensure that emails in users' mailboxes are retained for 7 years for compliance, but users should be able to delete emails they no longer need before that period. Which configuration achieves this?
178Your organization uses Microsoft Purview Insider Risk Management. You need to create a policy that detects users exfiltrating sensitive data via email to external recipients. Which policy type should you configure?
179Your organization uses Microsoft Purview Communication Compliance to detect potential policy violations in Microsoft Teams chats. Which action can the policy automatically take when a violation is detected?
180Your organization uses Microsoft Purview eDiscovery (Premium) to manage a legal case. You need to place a hold on custodians' mailboxes and SharePoint sites to preserve relevant data. Which step must you first take in the eDiscovery workflow?
181Your organization uses Microsoft Purview Audit (Standard) and needs to investigate a data breach that occurred 120 days ago. You discover that the required audit logs are not available. What is the most likely reason?
182Which TWO Microsoft Purview solutions can help an organization detect and remediate insider risks such as data theft or unauthorized sharing?
183Which THREE capabilities are part of Microsoft Purview Data Lifecycle Management?
184Which TWO of the following are Microsoft Purview solutions that help protect sensitive data?
185Refer to the exhibit. You are reviewing a sensitivity label configuration in Microsoft Purview. Based on the exhibit, what is the result when a user applies this label to a document?
186Refer to the exhibit. You are evaluating a Microsoft Purview retention policy. The policy is applied to Exchange Online, SharePoint Online, and OneDrive for Business. What is the behavior of this policy?
187Refer to the exhibit. An administrator runs the PowerShell command shown. What is the purpose of this command?
188Your company is implementing data loss prevention (DLP) policies in Microsoft Purview. You need to create a policy that prevents users from sharing credit card numbers via email to external recipients. The policy should only apply to users in the Finance department. Which action should you take?
189A healthcare organization needs to automatically classify documents containing patient health information (PHI) in Microsoft SharePoint. The solution should apply a 'Confidential - Healthcare' sensitivity label to any document that matches the HIPAA content pattern. Which Microsoft Purview feature should be used?
190Your organization uses Microsoft Purview for data governance. You need to ensure that when a user marks an email as 'Confidential' using a sensitivity label, the email is automatically encrypted and cannot be forwarded. What configuration is required?
191Your company is subject to GDPR and must be able to respond to data subject requests (DSRs) by finding all personal data of a specific user across Microsoft 365. Which Microsoft Purview solution should you use?
192Your organization uses Microsoft Purview Information Barriers to prevent certain user groups from communicating with each other. You need to test the configuration before fully enforcing it. What should you do?
193A multinational corporation needs to enforce data residency requirements by storing data in specific geographic locations. They are using Microsoft Purview for data governance. Which capability should they leverage to meet this requirement?
194Your organization uses Microsoft Purview to manage insider risk. You need to create a policy that detects users who exfiltrate sensitive data by copying it to personal cloud storage services like Dropbox. Which solution should you use?
195Your company uses Microsoft Purview to manage records. You need to ensure that financial records are retained for 7 years and then permanently deleted. Which type of policy should you create?
196Your organization is implementing Microsoft Purview Communication Compliance to detect potential regulatory violations. You need to configure a policy that alerts when employees discuss insider trading in emails and Microsoft Teams messages. The solution should minimize false positives. Which action should you take?
197Which TWO of the following are capabilities of Microsoft Purview that help organizations manage compliance? (Choose two.)
198Which THREE of the following are features of Microsoft Purview Communication Compliance? (Choose three.)
199Which TWO of the following are types of retention actions available in Microsoft Purview? (Choose two.)
200Your organization is implementing a data loss prevention (DLP) policy to prevent sensitive data from being shared via email. Users in the finance department need to send financial reports to external auditors. What should you configure?
201A company uses Microsoft Purview Information Protection to classify and protect sensitive data. They want to automatically apply a sensitivity label to documents containing credit card numbers. Which should you configure?
202Your organization uses Microsoft Purview Audit to investigate a security incident. You need to search for activities performed by a specific user over the past 90 days. Which solution should you use?
203Refer to the exhibit. A Microsoft Purview retention policy is configured as shown. A document in SharePoint is labeled as 'Highly Confidential' and was created 5 years ago. What will happen to this document?
204A healthcare organization must comply with HIPAA regulations. They need to classify and protect medical records stored in Microsoft 365. Which Microsoft Purview solution should they use?
205Your organization uses Microsoft Purview eDiscovery to manage a legal case. You need to place a hold on emails for specific users, but you want to allow the system to apply the hold automatically. Which eDiscovery solution should you use?
206Refer to the exhibit. An administrator runs this KQL query in Microsoft Purview Audit. What is the purpose of this query?
207A company wants to automatically detect and remediate compliance issues such as sharing sensitive data externally. Which Microsoft Purview solution should they use?
208Your organization uses Microsoft Purview to manage compliance. You need to create a policy that ensures data is retained for a specific period and then automatically deleted. Which solution should you use?
209Which TWO of the following are capabilities of Microsoft Purview Communication Compliance? (Select TWO.)
210Which THREE of the following are features of Microsoft Purview Compliance Manager? (Select THREE.)
211Which TWO of the following are examples of sensitive information types in Microsoft Purview? (Select TWO.)
212Which THREE of the following are retention actions in Microsoft Purview Data Lifecycle Management? (Select THREE.)
213Which TWO of the following are capabilities of Microsoft Purview Insider Risk Management? (Select TWO.)
214You are a compliance administrator for Contoso, a multinational company that uses Microsoft 365. The company has the following requirements: 1. Automatically retain all documents containing personally identifiable information (PII) for 7 years. 2. Prevent users from sharing PII via email with external recipients unless they provide a business justification. 3. Monitor and alert when users access sensitive data outside of business hours. 4. Generate a compliance score for GDPR and ISO 27001. You need to configure the appropriate Microsoft Purview solutions. For each requirement, match the correct solution. Which combination of solutions should you use?
215Your organization uses Microsoft Purview to manage data classification. You need to ensure that sensitive data containing social security numbers is automatically labeled when stored in SharePoint Online. What should you configure?
216A company wants to ensure that emails containing credit card numbers are blocked from being sent externally. Which Microsoft Purview solution should they use?
217Your organization has a Microsoft Purview compliance portal. You need to audit who deleted a specific file from SharePoint Online last week. What should you do?
218You are designing a compliance solution for a healthcare organization that must comply with HIPAA. You need to ensure that patient health information (PHI) is encrypted at rest in Microsoft 365. What should you use?
219An organization has a Microsoft Purview Data Lifecycle Management policy that retains all documents for 5 years. However, legal requires that documents related to a specific lawsuit be preserved indefinitely. What should you do?
220Your company needs to detect and prevent employees from sharing confidential product plans via email with external parties. Which Microsoft Purview solution should you configure?
221A financial services company uses Microsoft Purview to manage compliance. They need to automatically apply a 'Confidential' label to all documents containing financial data in SharePoint. What should they configure?
222Which TWO Microsoft Purview solutions can be used to protect sensitive data in Microsoft Teams?
223Which THREE capabilities are included in Microsoft Purview Audit (Premium)?
224Which TWO Microsoft Purview solutions help organizations respond to data subject requests under GDPR?
225Refer to the exhibit. You are reviewing a Microsoft Purview classification rule. The rule is enabled and set to apply a sensitivity label. However, you notice that documents containing EU personal data are not being labeled automatically. What is the most likely cause?
226Refer to the exhibit. You run the PowerShell command to search the unified audit log for file deletions. The command returns no results, but you know a file was deleted last week. What is the most likely reason?
227You are the compliance administrator for Contoso, a multinational corporation with headquarters in the US and subsidiaries in Europe and Asia. Contoso uses Microsoft 365 E5 and Microsoft Purview. The company handles personal data subject to GDPR and CCPA. You need to design a compliance solution that meets the following requirements: - Automatically classify and protect documents containing personal data in SharePoint Online and OneDrive for Business. - Ensure that data subject requests (DSRs) for access and deletion can be fulfilled within the regulatory timeframes. - Prevent accidental sharing of sensitive data via email and Teams. - Maintain an audit trail of all activities related to personal data for at least one year. - Manage data retention to comply with local laws that require different retention periods for different types of data. Which combination of Microsoft Purview solutions should you use?
228You work for a law firm that uses Microsoft 365 E5. The firm handles highly confidential client information and must comply with attorney-client privilege. You need to implement a compliance solution that: - Prevents unauthorized sharing of privileged documents via email. - Enables lawyers to easily classify documents as 'Privileged' and automatically encrypt them. - Allows the compliance team to monitor for accidental exposure of privileged information in Teams chats. - Ensures that privileged documents are retained for 7 years after case closure, then automatically deleted. - Provides the ability to search for privileged documents in case of a legal hold. What should you configure?
229You are the compliance administrator for a retail company that uses Microsoft 365 Business Premium. The company needs to: - Block customers' credit card numbers from being sent via email. - Retain all sales invoices for 3 years as per financial regulations. - Allow managers to search and export employee emails for HR investigations. - Ensure that only HR can access employee salary information. Which Microsoft Purview solutions should you use?
230Your organization is implementing Microsoft Purview to govern data across Microsoft 365 and Azure. Which TWO capabilities should you use to discover and classify sensitive data?
231A company uses Microsoft Purview to manage data compliance. They need to meet regulatory requirements that mandate retention of financial records for 7 years and deletion of personal data after 3 years. Which THREE capabilities should they configure?
232Refer to the exhibit. A Microsoft Purview administrator imported this JSON policy for automatic sensitivity labeling. After deployment, users report that emails containing German social security numbers are not being automatically labeled. What is the most likely cause?
233As a compliance administrator for Contoso Ltd., you are responsible for implementing Microsoft Purview solutions to meet regulatory requirements. The organization operates in the healthcare sector and handles Protected Health Information (PHI). Your key objectives are: (1) Automatically detect PHI in documents stored in SharePoint Online and OneDrive for Business using built-in sensitive information types. (2) Apply a 'Highly Confidential - PHI' sensitivity label that encrypts the content and adds a custom header. (3) Ensure that the label is automatically applied when PHI is detected, with a policy that allows users to override the label with justification. (4) Audit all label application activities for compliance reporting. (5) Retain documents containing PHI for a minimum of 7 years. You have access to Microsoft Purview compliance portal. Which action should you take FIRST to achieve these objectives?
234You are a compliance administrator for a multinational corporation that uses Microsoft Purview. The company must comply with the General Data Protection Regulation (GDPR). You need to implement a solution that allows data subjects to request access to their personal data stored in Exchange Online, SharePoint Online, and OneDrive for Business. The solution must provide a centralized portal for data subjects to submit requests and for privacy officers to manage the entire process, including searching for data, reviewing results, and exporting or redacting data. You also need to ensure that requests are automatically routed to the appropriate privacy officer based on the data subject's region. Microsoft Purview has been licensed for the entire organization. What should you configure?
235Your organization, Fabrikam Inc., uses Microsoft 365 and has Microsoft Purview licensed. You need to implement a compliance solution to monitor and prevent the sharing of confidential financial data via email. Specifically, you want to: (1) Detect when users send emails containing financial account numbers (e.g., credit card numbers) to external recipients. (2) Automatically block such emails with a policy tip notifying the sender. (3) Allow the sender to override the block if they provide a business justification. (4) Create a report of all blocked emails for compliance review. Which Microsoft Purview feature should you configure?
236A multinational company deploys Microsoft Purview Data Loss Prevention (DLP) to protect credit card numbers. The compliance team reports that a DLP policy blocks a legitimate payment processing workflow. What should the compliance administrator do to allow the workflow while maintaining protection?
237A healthcare organization stores patient records in SharePoint Online. The compliance officer needs to ensure that records containing Protected Health Information (PHI) are retained for 7 years per regulatory requirements. Which Microsoft Purview solution should they implement?
238A company uses Microsoft 365 and wants to automatically classify documents based on sensitive information types like Social Security numbers. Which Microsoft Purview feature should be used?
239An organization needs to prevent users from sharing files containing trade secrets with external parties via email. The solution must allow internal sharing. Which Microsoft Purview capability should be configured?
240A financial services firm uses Microsoft Purview Information Barriers to prevent traders from communicating with investment bankers. A new employee in the trading department cannot access a SharePoint site used for compliance training. What should the administrator do?
241A law firm needs to retain client documents for 10 years after case closure, but automatically delete drafts after 30 days. Which two Microsoft Purview solutions should be combined?
242A company wants to automatically apply a 'Confidential' sensitivity label to all documents containing credit card numbers. Which Microsoft Purview feature should be used to create the auto-labeling policy?
243An organization uses Microsoft Purview Compliance Manager to track compliance with regulations. The compliance officer needs to create a custom assessment for a new internal policy. What should they do?
244A company uses Microsoft Teams and wants to ensure that messages containing offensive language are flagged for review. Which Microsoft Purview solution should be used?
245Which TWO of the following are capabilities of Microsoft Purview Data Loss Prevention?
246Which THREE are benefits of using Microsoft Purview Compliance Manager?
247Which TWO scenarios are appropriate uses of Microsoft Purview Audit (Standard)?
248Refer to the exhibit. You are reviewing a Microsoft Purview sensitivity label configuration. A user reports that a document containing a sensitive info type with confidence 80 was not automatically labeled. What is the most likely cause?
249Refer to the exhibit. A compliance administrator runs the PowerShell commands to create a DLP policy. Users complain that they are blocked from sending emails containing credit card numbers but cannot override the block. The administrator wants to allow override with a business justification. What should they do?
250Refer to the exhibit. A legal team needs to preserve all documents in SharePoint and OneDrive for 5 years. The current policy retains for 1 year. What should the administrator do to meet the requirement?
251Your organization is implementing Microsoft Purview to manage sensitive data. You need to ensure that documents containing credit card numbers are automatically detected and protected. Which Microsoft Purview solution should you configure?
252Your organization uses Microsoft Purview to label documents. Users report that some documents are automatically labeled as 'Confidential' even though the content is public. Which action should you take to resolve this issue?
253Refer to the exhibit. You are a compliance administrator managing a DLP policy in Microsoft Purview. The policy is set to 'enforce' mode but you notice that internal users can still share credit card numbers via email to external recipients. What is the most likely cause?
254Your organization needs to retain all email communications with customers for 7 years due to regulatory requirements. Which Microsoft Purview solution should you use?
255A user reports that a sensitive document labeled 'Highly Confidential' was accidentally shared with an external vendor. You need to investigate how the sharing occurred. Which two Microsoft Purview tools should you use together?
256Your organization is subject to GDPR and must respond to data subject deletion requests within 30 days. You have identified all personal data in Microsoft 365. Which Microsoft Purview solution should you use to permanently delete the data?
257Your organization uses Microsoft Purview to classify documents containing health information. You need to ensure that only users with explicit permission can access these documents. Which Microsoft Purview capability should you use?
258Your organization has a Microsoft Purview Data Lifecycle Management policy that deletes emails after 3 years. A legal hold is placed on a user's mailbox. What happens to the emails?
259Refer to the exhibit. You run the PowerShell command shown to investigate a potential data exfiltration incident. The output is empty. Which is the most likely reason?
260Your organization is implementing Microsoft 365 and needs to prevent sensitive data from being copied to USB drives. Which Microsoft Purview solution should you configure?
261Your organization uses Microsoft Purview to classify data. You need to automatically apply a 'Confidential' label to documents that contain salary information. Which type of sensitivity label configuration should you use?
262Your organization uses Microsoft Purview Communication Compliance to detect harassing messages. You receive an alert for a message that appears to be a joke between colleagues. What should you do to prevent similar false positives?
263Your organization must ensure that financial reports are protected with encryption and cannot be forwarded. Which two Microsoft Purview features should you combine?
264Your organization uses Microsoft 365 and needs to identify internal users who are sending confidential data to external domains repeatedly. Which Microsoft Purview solution should you use?
265Your organization has a Microsoft Purview retention policy that retains SharePoint documents for 5 years. After 5 years, you want an administrator to review and approve deletion. Which configuration is required?
266Your organization uses Microsoft Purview to manage data governance. You need to ensure that sensitive financial data containing credit card numbers is automatically detected and labeled when stored in SharePoint Online. Which compliance solution should you configure?
267A company is implementing Microsoft Purview Communication Compliance to detect inappropriate messages. They need to monitor Microsoft Teams channel messages and chat messages for potential policy violations. Which configuration is required?
268Refer to the exhibit. The JSON snippet shows a sensitivity label configuration. What is the purpose of the 'SensitiveInfoTypes' property in this label?
269Your organization uses Microsoft Purview Records Management to manage high-value contracts. You need to ensure that once a contract is declared as a record, it cannot be modified or deleted by any user, including administrators. Which type of record should you use?
270A multinational corporation must comply with the EU General Data Protection Regulation (GDPR). They need to respond to a data subject access request (DSAR) by searching for personal data across Exchange Online, SharePoint Online, and OneDrive for Business. Which Microsoft Purview solution should they use?
271Your organization wants to automatically retain all customer emails for 7 years and then delete them. Which Microsoft Purview feature should you configure?
272Refer to the exhibit. You are reviewing a Communication Compliance policy. What does this policy do when a user sends an email containing EU GDPR PII to privacy@contoso.com?
273A company uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They want to receive alerts when a user attempts to share a file containing personally identifiable information (PII) via email. Which DLP rule component is used to define the notification action?
274Refer to the exhibit. An administrator created a retention label with the settings shown. What is the behavior of this label when applied to content?
275Which TWO of the following are Microsoft Purview compliance solutions?
276Which THREE of the following are capabilities of Microsoft Purview Information Protection?
277Which TWO of the following are required to use Microsoft Purview Audit (Premium)?
278Refer to the exhibit. An administrator runs this PowerShell command. What is the purpose of this command?
279Your organization uses Microsoft Purview Data Lifecycle Management. You need to ensure that content in a SharePoint site is retained for 3 years after the last modification date. What should you create?
280Refer to the exhibit. A Microsoft Purview Data Loss Prevention (DLP) policy is configured. What does this policy do?
281Your organization wants to automatically retain customer emails for 5 years after they are received, and then delete them. You need to configure the appropriate Microsoft Purview solution. What should you use?
282A user accidentally shared a confidential document with an external vendor. You need to revoke access immediately for all copies, even if the file has been downloaded. Which Microsoft Purview feature should you use?
283Your organization needs to classify documents containing personally identifiable information (PII) like social security numbers. Which Microsoft Purview solution should you configure?
284Your organization uses Microsoft Purview to manage data lifecycle. You need to ensure that after a project ends, all related files are automatically deleted after 3 years. What should you configure?
285You are investigating a potential data leak. You need to find all emails that contain the word 'confidential' sent to external recipients in the last 30 days. Which Microsoft Purview tool should you use?
286Your organization needs to monitor Microsoft Teams chats for inappropriate language and alert compliance officers. Which Microsoft Purview solution should you implement?
287Your organization uses Microsoft 365 and wants to automatically quarantine suspicious emails before they reach users' inboxes. Which solution should you configure?
288You are designing a compliance solution for a global company. You need to ensure that data stored in SharePoint Online is not accessible from a specific geographic region. Which Microsoft Purview feature should you use?
289Your organization needs to create a policy that prevents users from sharing credit card numbers in emails. Which Microsoft Purview solution should you configure?
290Which TWO Microsoft Purview solutions can be used to automatically classify sensitive data at rest?
291Which THREE actions can be performed using a Microsoft Purview Data Loss Prevention (DLP) policy?
292Which TWO Microsoft Purview features allow you to monitor and manage data across hybrid environments (on-premises and cloud)?
293Refer to the exhibit. A Microsoft Purview retention policy is configured as shown. What will happen to emails after 365 days?
294Refer to the exhibit. A Microsoft Purview sensitivity label is configured as shown. What is the purpose of this label?
295Refer to the exhibit. A Microsoft Purview DLP policy is configured as shown. What will happen when a user tries to email an external recipient a document containing a credit card number?
296A company wants to automatically classify and protect sensitive documents stored in SharePoint Online. The compliance administrator needs to create a policy that detects credit card numbers and applies encryption. Which Microsoft Purview solution should the administrator use?
297A compliance officer needs to monitor internal emails for inappropriate language and potential data leaks. The officer wants to detect policy violations and allow users to report concerns. Which Microsoft Purview solution should be used?
298A multinational organization must comply with GDPR and local data residency requirements. The compliance team needs to ensure that personal data is not stored in regions outside the permitted locations. Which Microsoft Purview capability should they use to discover and map personal data across the organization's data estate?
299An organization wants to automatically retain all financial documents for seven years and then delete them. Which Microsoft Purview solution should be used to create the retention policy?
300A company has been fined for failing to respond to a data subject access request (DSAR) within the required timeframe. The compliance team needs to streamline the process of identifying and exporting personal data when a DSAR is received. Which Microsoft Purview solution should they use?
The Describe the capabilities of Microsoft compliance solutions domain covers the key concepts tested in this area of the SC-900 exam blueprint published by Microsoft. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SC-900 domains — no account required.
The Courseiva SC-900 question bank contains 300 questions in the Describe the capabilities of Microsoft compliance solutions domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Describe the capabilities of Microsoft compliance solutions domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included