CCNA Manage compliance by using Microsoft Purview Questions

16 of 166 questions · Page 3/3 · Manage compliance by using Microsoft Purview · Answers revealed

151
Multi-Selecthard

A Microsoft Purview auto-labeling policy for sensitivity labels is matching too many SharePoint documents after simulation. Which two changes would most directly reduce false positives before enabling automatic labeling? (Choose two.)

Select 2 answers
A.Increase the confidence level or instance-count requirement for the sensitive information type
B.Add supporting keyword or contextual conditions to the auto-labeling rule
C.Turn on automatic labeling immediately and wait for users to report problems
D.Replace the sensitivity label with a retention label
AnswersA, B

Higher confidence or occurrence thresholds reduce accidental matches from isolated or ambiguous patterns.

Why this answer

Increasing the confidence level or instance-count requirement for the sensitive information type (SIT) directly reduces false positives by raising the threshold for what qualifies as a match. A higher confidence level means the classification engine requires stronger evidence (e.g., more keywords or a closer proximity to a pattern), while a higher instance count requires the sensitive data to appear multiple times in the document. Both adjustments make the auto-labeling rule more selective, ensuring only documents with a high likelihood of containing the specified sensitive content are labeled.

Exam trap

The trap here is that candidates may think immediate enforcement (Option C) is the fastest way to fix false positives, but Microsoft explicitly recommends using simulation mode to tune rules before enabling automatic labeling, and waiting for user reports is not a valid tuning strategy.

152
MCQmedium

A compliance administrator needs to preserve all communications in a user's mailbox and OneDrive for an ongoing litigation. The user must continue working normally, but their data should not be altered or deleted. Which Microsoft Purview feature should be applied?

A.eDiscovery Hold
B.Litigation Hold
C.Retention policy
D.Data Loss Prevention (DLP) policy
AnswerB

Litigation Hold preserves all mailbox and OneDrive content for a user, while allowing normal operations.

Why this answer

Litigation Hold is the correct feature because it preserves all mailbox and OneDrive content in its original state, including deleted and modified items, while allowing the user to continue working normally. Unlike eDiscovery Hold, which is applied to specific search results, Litigation Hold is placed directly on the user's mailbox and OneDrive to prevent any data from being altered or deleted during ongoing litigation.

Exam trap

The trap here is that candidates often confuse Litigation Hold with eDiscovery Hold, mistakenly thinking that eDiscovery Hold is the primary tool for preserving all user data, when in fact Litigation Hold is the direct hold applied to a user's entire mailbox and OneDrive for legal preservation.

How to eliminate wrong answers

Option A is wrong because eDiscovery Hold is used to preserve content that matches a specific search query within an eDiscovery case, not to preserve all communications in a user's mailbox and OneDrive for litigation. Option C is wrong because a retention policy is designed to retain or delete content based on a schedule, but it does not prevent users from modifying or deleting data while the policy is active. Option D is wrong because a Data Loss Prevention (DLP) policy monitors and protects sensitive data from being shared or leaked, but it does not preserve or hold data for legal purposes.

153
Multi-Selecteasy

Which TWO features are part of Microsoft Purview Communication Compliance?

Select 2 answers
A.Restricting communication between specific groups.
B.Applying retention labels to communications.
C.Policy tips to notify users of policy violations.
D.Detection of inappropriate or offensive language in emails.
E.Automatic encryption of sensitive communications.
AnswersC, D

Policy tips can be configured in Communication Compliance.

Why this answer

Communication Compliance includes detection of inappropriate language and policy tips for violations. Option A is correct because it can detect offensive language. Option D is correct because it can provide policy tips.

Option B is wrong because encryption is not a Communication Compliance feature. Option C is wrong because retention labels are separate. Option E is wrong because information barriers are separate.

154
MCQmedium

Your organization has a Microsoft Purview data classification policy that automatically applies a 'General' label to all documents. However, users are complaining that the label is not being applied to documents stored in SharePoint Online. You confirm that the policy is configured correctly and the license is assigned. What is the most likely cause?

A.The sensitivity label is not published to the users.
B.The auto-labeling policy is disabled.
C.The sensitivity label requires encryption and the users don't have the encryption key.
D.The auto-labeling policy is not configured to scan SharePoint Online.
AnswerD

Auto-labeling policies must include the locations to scan; SharePoint must be selected.

Why this answer

Option B is correct because auto-labeling requires the scanner to crawl the content; if scanning is not enabled for SharePoint, labels won't be applied. Option A is wrong because the label is already published. Option C is wrong because sensitivity labels do not require encryption.

Option D is wrong because the policy is enabled.

155
MCQeasy

You need to implement a solution that allows users to classify documents containing personal data as 'Highly Confidential' and automatically encrypt them when shared via email. What should you configure?

A.A sensitivity label with auto-labeling and encryption.
B.A retention label with a disposition action.
C.An information barrier policy.
D.A DLP policy with an action to block sharing.
AnswerA

Sensitivity labels can apply encryption automatically.

Why this answer

Sensitivity labels can apply encryption automatically when content is shared. Option B is correct. Option A is wrong because DLP policies block or monitor, not encrypt.

Option C is wrong because retention labels manage lifecycle. Option D is wrong because information barriers restrict communication.

156
MCQmedium

Your organization has a Microsoft 365 E5 subscription and uses Microsoft Teams. You need to prevent external users from being added to sensitive teams that contain financial data. What should you configure?

A.A sensitivity label for containers that blocks guest access.
B.Azure AD Conditional Access policy for guest users.
C.An information barrier policy between finance and external.
D.A DLP policy for Teams chat and channel messages.
AnswerA

Sensitivity labels can control guest access to teams and groups.

Why this answer

Sensitivity labels for containers can restrict guest access. Option D is correct. Option A is wrong because DLP policies monitor content, not guest access.

Option B is wrong because Azure AD Conditional Access controls sign-in, not team membership. Option C is wrong because information barriers restrict communication, not guest access.

157
MCQhard

A compliance officer needs to automatically identify and label content that is conceptually similar to existing sensitive documents, such as internal strategy memos or proprietary technical specifications, without relying on explicit keywords or recognized sensitive information types. Which Microsoft Purview solution should the officer use to achieve this?

A.trainable classifier
B.sensitive information type
C.An auto-labeling policy with a retention label
D.Data Loss Prevention (DLP) policy that blocks sharing
AnswerA

Trainable classifiers are designed to identify content based on examples and can learn to recognize documents that are conceptually similar, such as internal memos or proprietary specs, without needing exact keywords or predefined sensitive info types.

Why this answer

A trainable classifier uses machine learning to identify content based on patterns and context learned from sample documents, making it ideal for recognizing conceptually similar content without relying on explicit keywords or predefined sensitive information types. This allows the compliance officer to automatically label internal strategy memos or proprietary technical specifications that share conceptual similarity with existing sensitive documents.

Exam trap

The trap here is that candidates often confuse trainable classifiers with sensitive information types, assuming that keyword or regex-based patterns are sufficient for conceptual similarity, when in fact trainable classifiers are the only Microsoft Purview solution that uses machine learning to identify content based on learned patterns rather than explicit rules.

How to eliminate wrong answers

Option B is wrong because sensitive information types rely on predefined patterns (e.g., regex, keywords, checksums) and cannot identify conceptually similar content without explicit keywords or recognized types. Option C is wrong because an auto-labeling policy with a retention label applies labels based on conditions like sensitive info types or trainable classifiers, but the retention label itself does not perform conceptual identification; the labeling policy would still require a trainable classifier to trigger. Option D is wrong because a Data Loss Prevention (DLP) policy that blocks sharing can use classifiers or sensitive info types to enforce actions, but it is a protective control, not a labeling solution for automatic identification and labeling of conceptually similar content.

158
MCQeasy

You need to monitor which users have accessed a specific document stored in SharePoint Online over the last 90 days. What should you use?

A.Data Loss Prevention reports.
B.eDiscovery (Premium) case.
C.Content search in Microsoft Purview.
D.Audit log search in Microsoft Purview.
AnswerD

Audit logs track file access events.

Why this answer

Audit log in Microsoft Purview records user activities including file access. Option A is correct. Option B is wrong because DLP reports show policy matches, not access.

Option C is wrong because content search searches for content, not access. Option D is wrong because eDiscovery cases are for legal holds and reviews.

159
Multi-Selectmedium

A compliance administrator wants to automatically apply a 'Confidential' sensitivity label to documents that contain tax identification numbers. Which two configurations are required? (Choose two.)

Select 2 answers
A.Define a sensitive information type for tax IDs
B.Create a sensitivity label with the desired protection settings
C.Configure a data loss prevention (DLP) rule
D.Create an auto-labeling policy
AnswersA, D

Sensitive information types define patterns (e.g., regex) to detect specific data like tax IDs.

Why this answer

Option A is correct because a sensitive information type (SIT) defines the pattern to detect tax identification numbers (e.g., using regex or keyword lists) in content. Option D is correct because an auto-labeling policy automatically applies the sensitivity label to documents when the SIT is matched, without requiring user intervention. Together, they enable automatic classification based on content inspection.

Exam trap

The trap here is that candidates often confuse DLP rules with auto-labeling policies, but DLP rules enforce actions like blocking or alerting on sensitive data, while auto-labeling policies specifically apply sensitivity labels based on content matching.

160
MCQmedium

Your organization uses Microsoft Purview to classify and protect data. You need to create a custom sensitive info type that detects employee IDs formatted as 'EMP-XXXXX' where X is a digit. Which approach should you use?

A.Create a custom sensitive info type using a regular expression.
B.Use a keyword dictionary for the pattern.
C.Use exact data match (EDM) based classification.
D.Use the built-in 'Employee ID' sensitive info type.
AnswerA

Custom sensitive info types can use regex patterns to detect specific formats.

Why this answer

Option B is correct because you can create a custom sensitive info type using a regular expression pattern. Option A is wrong because the built-in type may not match exactly. Option C is wrong because the keyword dictionary can be used as an additional element, but the pattern is best defined by regex.

Option D is wrong because exact data match requires a source of truth, not a pattern.

161
MCQmedium

A legal hold is required for all emails in a user's mailbox related to a litigation case. The administrator needs to ensure that the mailbox content is preserved even if the user tries to delete emails. Which Microsoft Purview feature should be used?

A.Litigation Hold
B.eDiscovery (Standard) case hold
C.Retention policy
D.In-Place Hold
AnswerA

Litigation Hold preserves all mailbox items until the hold is removed, even if the user deletes them. It is suitable for legal holds.

Why this answer

Litigation Hold is the correct choice because it is a Microsoft Purview feature specifically designed to preserve all mailbox content, including deleted items and original versions of modified items, for legal or compliance purposes. When enabled, it places the user's entire mailbox on hold, preventing permanent deletion by the user or automated processes, and ensures that all data related to a litigation case is retained indefinitely until the hold is removed.

Exam trap

The trap here is that candidates often confuse Litigation Hold with eDiscovery case holds or retention policies, but Litigation Hold is the simplest and most direct feature for preserving an entire mailbox indefinitely for legal purposes, without needing to create a case or define retention rules.

How to eliminate wrong answers

Option B (eDiscovery (Standard) case hold) is wrong because it is used to preserve content for a specific eDiscovery case, but it requires creating an eDiscovery case and associating a hold with that case, which is more complex and not the simplest direct method for a single user's mailbox in a litigation scenario. Option C (Retention policy) is wrong because retention policies are designed for managing data lifecycle based on age or other criteria, not for indefinite preservation in response to a legal hold, and they can allow deletion after a specified period. Option D (In-Place Hold) is wrong because In-Place Hold is a legacy Exchange Online feature that has been deprecated in favor of Litigation Hold and eDiscovery holds; it is no longer available in modern Microsoft Purview deployments.

162
MCQmedium

A user is leaving the organization, and a litigation hold must be placed on their Exchange Online mailbox to preserve all existing and future data indefinitely. The user's mailbox will continue to be monitored for any attempts to delete data. Which Microsoft Purview feature should the compliance officer use?

A.Litigation Hold
B.eDiscovery hold (Core or Advanced)
C.retention policy with 'Preserved forever' state
D.In-Place Hold (Exchange Online)
AnswerA

Litigation Hold places a hold on the entire mailbox, preserving all content until the hold is explicitly released. Even after the user is deleted, the mailbox remains preserved.

Why this answer

Litigation Hold is the correct feature because it is specifically designed to preserve all mailbox content indefinitely, including future data, and prevents any deletion or modification of items by users or automated processes. It also allows the compliance officer to monitor the mailbox for deletion attempts, as the hold is placed directly on the mailbox via the Exchange Admin Center or PowerShell, ensuring immutable retention.

Exam trap

The trap here is that candidates often confuse Litigation Hold with eDiscovery holds or retention policies, but Litigation Hold is the only feature that provides indefinite, mailbox-specific preservation with built-in monitoring for deletion attempts, as it is a direct hold on the mailbox rather than a policy-based retention.

How to eliminate wrong answers

Option B is wrong because eDiscovery holds (Core or Advanced) are intended for preserving data related to specific legal cases or investigations, not for indefinite preservation of all mailbox data for a departing user; they require a defined search query and are not designed for indefinite monitoring. Option C is wrong because a retention policy with 'Preserved forever' state applies to all content across the organization or specific locations, but it does not provide the same mailbox-level monitoring for deletion attempts as Litigation Hold, and it may not prevent users from deleting items if the policy is not configured correctly. Option D is wrong because In-Place Hold is a legacy feature from on-premises Exchange that has been deprecated in Exchange Online; it is not available in the cloud and cannot be used for modern compliance requirements.

163
MCQmedium

Your company uses Microsoft Purview to manage data classification. A user reports that a sensitive document is being blocked from external sharing even though the applied sensitivity label allows external sharing. The document is stored in SharePoint Online. What should you check first?

A.Verify that the sensitivity label is published to the user.
B.Check the DLP policies in Microsoft Purview compliance portal for any rules that block external sharing.
C.Confirm that the document is not under a retention policy.
D.Review the SharePoint external sharing settings for the site collection.
AnswerB

DLP policies can block external sharing even if the label allows it.

Why this answer

The issue is that external sharing is blocked despite a permissive label. This is often caused by a restrictive data loss prevention (DLP) policy overriding the label. Checking DLP policies is the first step.

Option A is wrong because sensitivity labels define encryption and marking, not sharing permissions directly. Option C is wrong because SharePoint sharing settings are tenant-wide and affect all content. Option D is wrong because retention policies do not control sharing.

164
MCQhard

Your company is migrating from an on-premises file server to SharePoint Online. You need to ensure that files containing personally identifiable information (PII) are automatically detected and classified with a sensitivity label. What should you use?

A.A retention label auto-applied by a trainable classifier.
B.Microsoft Information Protection scanner.
C.A DLP policy to block sharing of PII.
D.Auto-labeling for sensitivity labels in Microsoft 365.
AnswerD

Auto-labeling can scan SharePoint sites and apply labels automatically.

Why this answer

Auto-labeling for sensitivity labels can scan files at rest in SharePoint and apply labels based on sensitive info types. Option C is correct. Option A is wrong because Microsoft Information Protection scanner is for on-premises file servers, not SharePoint.

Option B is wrong because DLP policies do not apply labels. Option D is wrong because retention labels are for lifecycle, not classification.

165
MCQhard

An administrator is creating a Microsoft Purview auto-labeling policy for documents containing personally identifiable information. Before turning the policy on automatically, what should the administrator do to reduce false positives?

A.Run the auto-labeling policy in simulation mode and review matches
B.Publish the label directly to all users and enable automatic application immediately
C.Create an eDiscovery hold for the SharePoint locations
D.Configure a retention policy before creating the sensitivity label
AnswerA

Simulation mode validates the detection logic and helps tune the policy before enforcement.

Why this answer

Running the auto-labeling policy in simulation mode allows the administrator to review which documents would be matched by the policy without actually applying labels. This enables analysis of the detection results to identify and reduce false positives before enabling automatic application, ensuring the policy accurately targets only documents containing the specified PII.

Exam trap

The trap here is that candidates may confuse simulation mode with other compliance features like eDiscovery or retention, or assume that immediate application is safe because the policy uses predefined PII types, but Microsoft explicitly recommends simulation mode to validate and reduce false positives before enabling automatic labeling.

How to eliminate wrong answers

Option B is wrong because publishing the label to all users and enabling automatic application immediately skips the validation step, leading to potential false positives and incorrect labeling across the tenant. Option C is wrong because an eDiscovery hold is used to preserve content for legal or investigative purposes, not to test or refine auto-labeling policy accuracy. Option D is wrong because configuring a retention policy before creating the sensitivity label does not address false positives; retention policies manage data lifecycle, not classification accuracy.

166
MCQhard

Refer to the exhibit. You have two DLP compliance rules as shown. A user sends an email containing both PII and credit card numbers. Which rule will be applied?

A.Block PII rule only
B.Block Credit Cards rule only
C.Neither rule will apply because they conflict.
D.Both rules will be evaluated, and the most restrictive action will be applied.
AnswerD

DLP evaluates all matching rules and applies the most restrictive action. Since both block, the block action is applied.

Why this answer

Option D is correct because the DLP system evaluates all rules and applies the most restrictive action. Since both rules have BlockAccess, both would block, but in practice, the system applies the highest priority rule (lowest number) or the most restrictive. In this case, both have BlockAccess, so the rule with priority 1 (Block Credit Cards) takes precedence.

However, the correct answer is that both rules are evaluated and the most restrictive action is applied; since both block, the block action from either is applied. But given the options, D correctly states that both rules are evaluated and the most restrictive action is taken.

← PreviousPage 3 of 3 · 166 questions total

Ready to test yourself?

Try a timed practice session using only Manage compliance by using Microsoft Purview questions.