CCNA Purview Compliance Questions

75 of 166 questions · Page 1/3 · Purview Compliance topic · Answers revealed

1
MCQeasy

A compliance officer needs to ensure that all documents in a SharePoint Online library are automatically labeled with a 'Confidential' sensitivity label if they contain at least one of a predefined list of sensitive information types such as credit card numbers or social security numbers. Users should be able to override the label with a business justification. Which Microsoft Purview feature should the officer configure?

A.Auto-labeling policy for SharePoint Online
B.Data Loss Prevention (DLP) policy
C.Retention label policy
D.Sensitivity label with manual classification
AnswerA

Auto-labeling policies automatically apply sensitivity labels based on conditions like sensitive info types, and allow override with justification.

Why this answer

Auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels to documents in SharePoint Online based on the detection of sensitive information types (e.g., credit card numbers, SSNs). This policy supports user override with a business justification, meeting the compliance officer's requirement exactly. Manual classification (Option D) would not automate the labeling, and DLP policies (Option B) focus on preventing data loss, not applying sensitivity labels.

Exam trap

Microsoft often tests the distinction between auto-labeling policies (which apply sensitivity labels automatically) and DLP policies (which enforce actions like blocking or alerting), causing candidates to confuse the two because both can detect sensitive information types.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies are designed to detect and block the sharing of sensitive data, not to automatically apply sensitivity labels to documents; they can trigger alerts or block actions but do not label content. Option C is wrong because retention label policies manage how long content is kept or deleted, not sensitivity classification; they are unrelated to labeling based on sensitive information types. Option D is wrong because a sensitivity label with manual classification requires users to manually apply the label, which does not satisfy the requirement for automatic labeling based on content detection.

2
Multi-Selecthard

Which THREE components are required to implement Microsoft Purview Data Lifecycle Management for Microsoft 365? (Choose three.)

Select 3 answers
A.Retention labels
B.Retention policies
C.Sensitivity labels
D.Data loss prevention policies
E.File plan
AnswersA, B, E

Retention labels define retention settings for items.

Why this answer

Options A, B, and C are correct because retention labels, policies, and file plan are core components. Option D is incorrect because sensitivity labels are part of Information Protection, not Data Lifecycle Management. Option E is incorrect because DLP is a separate solution.

3
MCQeasy

A compliance officer needs to prevent users from sharing emails that contain credit card numbers with external recipients. When a user attempts to send such an email, it should be blocked immediately, and a policy tip should notify the user. Which Microsoft Purview solution should the officer configure?

A.Data Loss Prevention (DLP) policy
B.sensitivity label
C.retention label
D.An information barrier policy
AnswerA

DLP policies can inspect email content for sensitive info and block delivery while showing a policy tip to the user.

Why this answer

A Data Loss Prevention (DLP) policy is the correct solution because it is specifically designed to detect sensitive information, such as credit card numbers, in transit (e.g., email) and enforce actions like blocking the message and displaying a policy tip to the user. DLP policies use sensitive information types (e.g., Credit Card Number) and rules to inspect content in Exchange Online, SharePoint, OneDrive, and Teams, allowing real-time blocking with user notification. This directly meets the compliance officer's requirement to prevent external sharing and provide immediate feedback.

Exam trap

Microsoft often tests the distinction between DLP policies and sensitivity labels, where candidates mistakenly think a sensitivity label alone can block email transmission, but labels require a DLP policy to enforce actions like blocking, while DLP policies can work independently of labels.

How to eliminate wrong answers

Option B (sensitivity label) is wrong because sensitivity labels classify and protect data at rest (e.g., encryption, visual markings) but do not natively block email transmission based on content inspection or provide policy tips in real-time; they require additional DLP policies to enforce actions on labeled content. Option C (retention label) is wrong because retention labels manage data lifecycle (retention and deletion) and have no capability to inspect email content for sensitive data or block messages. Option D (information barrier policy) is wrong because information barriers restrict communication between specific user groups (e.g., to prevent conflicts of interest) and do not scan for sensitive data like credit card numbers or block external sharing.

4
MCQmedium

A compliance officer needs to ensure that all documents in a Microsoft Teams channel are automatically retained for 3 years after creation and then permanently deleted. The retention policy should apply only to the specific channel, not the entire team. Which approach should the officer use?

A.Create a retention policy in Microsoft Purview and select the location 'Teams channel messages', then specify the channel name
B.Create a retention policy in Microsoft Purview and select the location 'Teams chats' for the entire team
C.Publish a retention label to the channel and configure auto-application rules based on creation date
D.Use Exchange Online PowerShell to create a retention policy for the channel mailbox
AnswerA

Correct. The retention policy can target a specific channel by using the 'Teams channel messages' location and specifying the channel name in the scope.

Why this answer

Option A is correct because Microsoft Purview retention policies can be scoped to specific Teams channel messages by selecting the 'Teams channel messages' location and specifying the channel name. This ensures that only messages in that channel are retained for 3 years and then permanently deleted, without affecting the rest of the team or other content types.

Exam trap

The trap here is that candidates often confuse 'Teams channel messages' with 'Teams chats' or assume that a retention label can automatically enforce deletion for all channel content without understanding that labels require explicit application or complex auto-application rules that may not cover all messages.

How to eliminate wrong answers

Option B is wrong because selecting 'Teams chats' applies the policy to 1:1 and group chats, not to channel messages; it also cannot be scoped to a single channel. Option C is wrong because retention labels are designed for user-applied or auto-classification scenarios, not for automatic retention and deletion of all channel messages based solely on creation date; they require manual application or complex auto-application rules that do not guarantee coverage of all existing and future messages. Option D is wrong because Exchange Online PowerShell can manage mailbox-level retention policies, but Teams channel messages are stored in a dedicated group mailbox and cannot be targeted to a specific channel using Exchange retention policies; the correct method is through Purview's Teams channel messages location.

5
MCQeasy

You need to ensure that all documents in a SharePoint Online site are automatically labeled with a 'Confidential' sensitivity label. Which Microsoft Purview feature should you use?

A.Microsoft Purview auto-labeling policy
B.Microsoft Purview Data Loss Prevention policy
C.Microsoft Purview retention policy
D.Microsoft Purview manual labeling
AnswerA

Auto-labeling automatically applies labels based on conditions.

Why this answer

Option C is correct because auto-labeling policies can automatically apply sensitivity labels to documents in SharePoint. Option A is wrong because DLP policies don't apply labels. Option B is wrong because manual labeling requires user action.

Option D is wrong because retention policies don't apply sensitivity labels.

6
MCQmedium

An organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They want to create a policy that blocks users from pasting credit card numbers into web forms in Microsoft Edge. Which type of DLP policy should they configure?

A.Endpoint DLP
B.Exchange DLP
C.SharePoint DLP
D.Teams DLP
AnswerA

Endpoint DLP monitors devices and can block clipboard paste actions on web forms in Edge.

Why this answer

Endpoint DLP is correct because it monitors and controls activities on Windows 10/11 and macOS endpoints, including the ability to block pasting sensitive data like credit card numbers into web forms in Microsoft Edge. This policy extends DLP protection to unmanaged browsers and specific user actions, such as paste, clipboard, and print, which are not covered by cloud-based DLP policies.

Exam trap

The trap here is that candidates often assume all DLP policies are cloud-based and overlook that only Endpoint DLP can enforce restrictions on local user actions like pasting into web forms, confusing it with Exchange or SharePoint DLP which only inspect data at rest or in transit within Microsoft 365 services.

How to eliminate wrong answers

Option B (Exchange DLP) is wrong because it only applies to email messages in transit or at rest in Exchange Online, not to web form pasting in Edge. Option C (SharePoint DLP) is wrong because it protects documents stored in SharePoint Online and OneDrive for Business, not user actions in a browser. Option D (Teams DLP) is wrong because it covers messages and files in Microsoft Teams chats and channels, not web form interactions in Edge.

7
MCQeasy

A company needs to automatically retain all emails sent to or from external partners for 7 years. They also need to ensure that after 7 years, the emails are permanently deleted. What should you configure in Microsoft Purview?

A.Create a retention label with a retention period of 7 years and publish it to all users.
B.Create a retention policy for Exchange email with a retention period of 7 years, followed by deletion.
C.Create an eDiscovery hold for all external partner communications.
D.Create a data loss prevention (DLP) policy to block deletion of emails after 7 years.
AnswerB

Combines retain and delete automatically.

Why this answer

Option A is correct because a retention policy with both retain and delete actions meets the requirement. Option B is wrong because a retention label requires manual or auto-classification. Option C is wrong because a DLP policy is for preventing data loss, not retention.

Option D is wrong because an eDiscovery hold preserves content indefinitely.

8
Multi-Selecteasy

Which TWO Microsoft Purview solutions are primarily used for data classification?

Select 2 answers
A.Data Loss Prevention
B.Auto-labeling
C.Communication Compliance
D.Data Lifecycle Management
E.Sensitivity labels
AnswersB, E

Auto-labeling automatically classifies content.

Why this answer

Auto-labeling applies labels based on sensitive info types. Sensitivity labels are the classification labels themselves. DLP is for protection.

Data Lifecycle Management is for retention. Communication Compliance is for monitoring.

9
MCQmedium

A compliance officer needs to automatically retain emails that contain personally identifiable information (PII) for 10 years and then permanently delete them. Which Microsoft Purview feature should be configured?

A.Auto-apply retention labels based on sensitive information types
B.Data Lifecycle Management retention policy
C.Data classification
D.eDiscovery
AnswerA

Retention labels can be auto-applied to emails containing PII, triggering a 10-year retention and subsequent deletion.

Why this answer

Auto-apply retention labels based on sensitive information types allow you to automatically classify and retain emails containing PII for a specified period (10 years) and then permanently delete them. This feature uses sensitive information types (e.g., Social Security Number, Credit Card Number) to detect PII and applies a retention label that enforces the retention and deletion actions at the item level, which is required for targeted compliance scenarios.

Exam trap

The trap here is that candidates often confuse Data Lifecycle Management retention policies (which apply broadly to all content in a location) with auto-apply retention labels (which apply only to content matching specific sensitive information types), leading them to incorrectly select option B.

How to eliminate wrong answers

Option B is wrong because Data Lifecycle Management retention policy applies to all content in a location (e.g., entire mailbox or site) and cannot automatically target only emails containing specific sensitive information like PII; it lacks the auto-classification capability based on content inspection. Option C is wrong because Data classification is a discovery and labeling tool that identifies and categorizes data but does not itself enforce retention or deletion actions; it requires a retention label or policy to act on the classification. Option D is wrong because eDiscovery is used for searching and exporting content for legal or investigative purposes, not for automated retention and deletion based on content type.

10
MCQmedium

A compliance officer needs to prevent users from sending emails that contain credit card numbers to external recipients. When a user attempts to send such an email, the action should be blocked and a policy tip should be displayed in Outlook telling them why the email was blocked. Which Microsoft Purview solution should be configured?

A.Data Loss Prevention (DLP) policy
B.Retention label policy
C.Microsoft Purview Information Protection sensitivity label
D.Compliance Manager
AnswerA

DLP policies can identify, monitor, and protect sensitive data across Exchange Online, SharePoint, and OneDrive. They support policy tips and blocking actions.

Why this answer

A Data Loss Prevention (DLP) policy in Microsoft Purview is designed to detect and block sensitive information, such as credit card numbers, from being sent to external recipients. When configured with a 'Block' action and a policy tip, it prevents the email from being sent and displays a customizable notification in Outlook explaining the reason. This directly meets the compliance officer's requirement to block the email and show a policy tip.

Exam trap

The trap here is that candidates often confuse sensitivity labels (which classify and protect data) with DLP policies (which enforce actions like blocking based on content inspection), leading them to choose Option C because they think labeling alone can block emails.

How to eliminate wrong answers

Option B is wrong because a Retention label policy is used to retain or delete data based on compliance requirements, not to block the transmission of sensitive content in emails. Option C is wrong because a Microsoft Purview Information Protection sensitivity label applies classification and protection (e.g., encryption) to content, but it does not natively block outbound emails containing credit card numbers or display policy tips in Outlook. Option D is wrong because Compliance Manager is a risk assessment and compliance management tool that provides recommendations and tracks compliance posture, not a policy that enforces real-time blocking of sensitive data in email.

11
MCQeasy

A compliance officer needs to ensure that all emails sent to a specific distribution group are automatically retained for 3 years and then deleted. Which Microsoft Purview feature should be used?

A.A: Data Lifecycle Management (retention policy)
B.B: Information Protection (sensitivity labels)
C.C: Data Loss Prevention (DLP policy)
D.D: eDiscovery (content search)
AnswerA

Retention policies can target Exchange Online mailboxes and apply a retention period followed by deletion.

Why this answer

Option A is correct because Data Lifecycle Management (retention policies) in Microsoft Purview is specifically designed to enforce retention and deletion rules for content across Exchange Online, SharePoint, OneDrive, and Teams. For emails sent to a distribution group, you can create a retention policy that applies to all messages in the group's mailbox, retaining them for exactly 3 years and then permanently deleting them, using the 'Retain for 3 years, then delete' action.

Exam trap

The trap here is that candidates often confuse retention policies (Data Lifecycle Management) with DLP policies, thinking DLP can enforce retention, but DLP only prevents data loss, not schedules deletion.

How to eliminate wrong answers

Option B is wrong because Information Protection (sensitivity labels) classify and protect data based on sensitivity (e.g., encryption, markings), not enforce time-based retention or deletion of emails. Option C is wrong because Data Loss Prevention (DLP policy) monitors and prevents unauthorized sharing of sensitive data (e.g., credit card numbers) but does not manage retention schedules or automatic deletion. Option D is wrong because eDiscovery (content search) is used to search and export content for legal or investigative purposes, not to automatically retain or delete emails on a fixed schedule.

12
MCQhard

Your organization, Contoso, uses Microsoft Purview Data Lifecycle Management to manage data retention. You have a retention policy that deletes emails in Exchange Online after 3 years. The legal department has started a litigation hold for a specific user, requiring that all the user's emails be preserved indefinitely. You need to ensure that the litigation hold takes precedence over the retention policy, and that no emails are deleted. What should you do?

A.Place the user's mailbox on litigation hold in the Exchange admin center.
B.Apply a retention label to all emails in the user's mailbox that prevents deletion.
C.Apply a preservation hold to the user's mailbox using Microsoft Purview Data Lifecycle Management.
D.Modify the retention policy to exclude the user's mailbox from the deletion action.
AnswerA

Litigation hold preserves all mailbox content, overriding deletion policies.

Why this answer

Option A is correct because placing a user on litigation hold in Exchange Online preserves all mailbox content, including items subject to deletion policies; retention policies do not delete items under hold. Option B is wrong because preservation lock is for SharePoint/OneDrive, not for litigation hold. Option C is wrong because changing the retention policy would affect all users.

Option D is wrong because a retention label does not override litigation hold; the hold already preserves.

13
MCQmedium

A compliance officer needs to prevent users from sharing documents that have been labeled 'Highly Confidential' with external users. When a user attempts to share such a document externally, the action should be blocked and the user should see a policy tip. Which Microsoft Purview solution should the officer configure?

A.Data Loss Prevention (DLP) policy
B.Sensitivity label encryption
C.Retention policy
D.Records management
AnswerA

DLP policies can use sensitivity labels as conditions to block sharing and show policy tips.

Why this answer

A Data Loss Prevention (DLP) policy is the correct solution because it can inspect content and context (including sensitivity labels) to enforce rules that block external sharing of documents labeled 'Highly Confidential' and display a policy tip to the user. DLP policies in Microsoft Purview are specifically designed to prevent accidental or intentional data leakage by monitoring and controlling sharing actions in real time.

Exam trap

The trap here is that candidates often confuse sensitivity label encryption (which protects the file) with DLP (which controls the sharing action), leading them to choose encryption when the requirement explicitly involves blocking the share and showing a policy tip.

How to eliminate wrong answers

Option B is wrong because sensitivity label encryption protects the document at rest and in transit by encrypting it, but it does not block the sharing action itself or show a policy tip; it only controls access after the file is shared. Option C is wrong because a retention policy is used to preserve or delete content after a specified period, not to block real-time sharing actions or display policy tips. Option D is wrong because records management marks content as a record to prevent deletion or modification, but it does not block external sharing or provide policy tips during sharing attempts.

14
Multi-Selectmedium

A compliance officer needs to automatically apply a sensitivity label that encrypts documents in SharePoint Online when they contain credit card numbers. The solution must not require manual user action. Which two Microsoft Purview components must be configured? (Select the option that correctly identifies both required components.)

Select 2 answers
A.Sensitivity labels and auto-labeling policies
B.Data loss prevention (DLP) policies and retention labels
C.Sensitivity labels and retention policies
D.Auto-labeling policies and communication compliance policies
AnswersA, B

Correct. Sensitivity labels define the protection (encryption), and auto-labeling policies automatically apply them when sensitive info types are detected.

Why this answer

Option A is correct because sensitivity labels define the encryption and protection settings for content, while auto-labeling policies automatically apply those labels to documents in SharePoint Online when they match sensitive information types like credit card numbers, without requiring manual user action. Together, they enable automated, policy-based classification and protection based on content inspection.

Exam trap

The trap here is that candidates confuse DLP policies with auto-labeling, assuming DLP can both detect and protect, but DLP does not apply sensitivity labels or encryption—it only blocks or alerts on policy violations.

15
MCQhard

A compliance officer needs to automatically encrypt and apply a 'Do Not Forward' restriction to all outgoing emails sent by the finance department that contain credit card numbers. The solution must work without requiring users to manually apply labels. Which configuration is required?

A.Create a Data Loss Prevention (DLP) policy with the action 'Encrypt email messages'
B.Create an auto-labeling policy for Microsoft Purview Sensitivity Labels that applies a label with encryption and 'Do Not Forward' configured, scoped to the finance department
C.Create a mail flow rule in Exchange Online to apply Rights Management template 'Do Not Forward'
D.Create a retention label that encrypts the email
AnswerB

Auto-labeling policies can scan emails and automatically apply a sensitivity label that includes encryption and 'Do Not Forward' settings, meeting the requirement without user intervention.

Why this answer

Option B is correct because Microsoft Purview auto-labeling policies can automatically apply a sensitivity label that includes encryption and a 'Do Not Forward' restriction based on conditions such as sensitive information types (e.g., credit card numbers) and user scope (e.g., finance department). This meets the requirement of automatic enforcement without user intervention, as the label is applied at the time of sending via client-side auto-labeling.

Exam trap

The trap here is that candidates often confuse DLP encryption actions with sensitivity label encryption, not realizing that 'Do Not Forward' is a permission setting exclusive to sensitivity labels and cannot be applied by DLP policies or mail flow rules alone.

How to eliminate wrong answers

Option A is wrong because a DLP policy with the 'Encrypt email messages' action applies encryption via Azure Information Protection but does not enforce the 'Do Not Forward' restriction, which is a separate Rights Management permission. Option C is wrong because a mail flow rule in Exchange Online can apply a Rights Management template, but the 'Do Not Forward' template is not a built-in RMS template; it is a custom permission set that must be defined via a sensitivity label, and mail flow rules cannot natively apply the 'Do Not Forward' restriction without a label. Option D is wrong because retention labels are designed for data lifecycle management (retention and deletion), not for applying encryption or 'Do Not Forward' restrictions to emails.

16
MCQhard

A company uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They recently deployed Microsoft Copilot for Microsoft 365. Users can now ask Copilot to summarize documents that contain sensitive information. How should the company extend DLP protection to Copilot interactions?

A.Apply a sensitivity label that restricts Copilot access.
B.Implement Information Barriers for Copilot.
C.Enable DLP for Copilot in the DLP policy settings.
D.Configure a Communication Compliance policy to monitor Copilot.
AnswerC

DLP policies can be extended to cover Copilot interactions.

Why this answer

Microsoft Purview DLP can now cover Microsoft Copilot for Microsoft 365 interactions. This is done by enabling DLP for Copilot in the DLP policy settings. Option B is incorrect because sensitivity labels alone don't block Copilot.

Option C is incorrect because Communication Compliance monitors internal communications, not Copilot. Option D is incorrect because Information Barriers are for restricting communication between groups.

17
MCQeasy

A compliance officer needs to block users from sharing emails that contain credit card numbers with external recipients. When a user attempts to send such an email, it should be blocked immediately, and a policy tip should notify the user. Which Microsoft Purview solution should the officer configure?

A.Data Loss Prevention (DLP) policy.
B.Sensitivity label with encryption.
C.Microsoft Defender for Office 365 Safe Attachments policy.
D.Communication compliance policy.
AnswerA

DLP policies can detect credit card numbers in Exchange Online emails and block them with user notifications via policy tips.

Why this answer

A Data Loss Prevention (DLP) policy is the correct solution because it is specifically designed to detect sensitive information types (e.g., credit card numbers via predefined rule patterns matching the Luhn algorithm) in transit and enforce actions such as blocking the email and displaying a policy tip to the sender. This meets the compliance officer's requirement to block external sharing of credit card data immediately with user notification.

Exam trap

The trap here is that candidates often confuse the real-time blocking and notification capability of DLP with sensitivity labels (which only apply protection after classification) or communication compliance (which is a review-based solution, not a real-time enforcement mechanism).

How to eliminate wrong answers

Option B is wrong because a sensitivity label with encryption can protect content by restricting access or applying encryption, but it does not actively scan outbound email content for credit card numbers or block messages in transit with a policy tip. Option C is wrong because Microsoft Defender for Office 365 Safe Attachments policy focuses on scanning email attachments for malware and malicious content, not on detecting sensitive data patterns like credit card numbers. Option D is wrong because a communication compliance policy is designed to monitor and review internal/external communications for policy violations (e.g., harassment, insider trading) and typically requires manual review, not real-time blocking with a policy tip based on sensitive data patterns.

18
Multi-Selectmedium

A compliance officer needs to automatically classify documents in SharePoint Online that contain credit card numbers. The classification should apply a label that restricts access and adds a header. Which two Microsoft Purview features must be configured? (Choose two.)

Select 2 answers
A.Sensitivity labels
B.Retention labels
C.Data Loss Prevention (DLP) policies
D.Auto-labeling policies
AnswersA, D

Sensitivity labels define the actual protection settings, such as encryption, access restrictions, and header/footer markings.

Why this answer

Sensitivity labels are correct because they are the Microsoft Purview feature that applies classification markings (such as headers and footers) and encryption or access restrictions to documents. For this scenario, a sensitivity label must be configured to enforce the required header and access restrictions on content containing credit card numbers.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling, but DLP policies do not apply labels or headers—they only enforce actions like blocking or notification, whereas auto-labeling policies are required to automatically assign the sensitivity label.

19
MCQmedium

A compliance officer needs to discover and review documents in SharePoint Online that contain driver's license numbers, but the officer does not want to apply any protection actions automatically. Which Microsoft Purview solution should be used?

A.Data Lifecycle Management
B.Records Management
C.Data Classification
D.Information Protection
AnswerC

Data Classification includes Content Explorer, which enables browsing and reviewing items containing sensitive info without applying protection.

Why this answer

Data Classification in Microsoft Purview allows you to identify and label sensitive content, such as driver's license numbers, across SharePoint Online without automatically applying protection actions like encryption or access restrictions. This solution is ideal for discovery and review scenarios where the compliance officer needs to locate sensitive data but does not want to enforce automated policies.

Exam trap

Microsoft often tests the distinction between discovery-only solutions (Data Classification) and enforcement solutions (Information Protection), so the trap here is assuming that any sensitive data solution must automatically apply protection, leading candidates to choose Information Protection instead of Data Classification.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management focuses on retaining or deleting content based on age or compliance requirements, not on discovering or reviewing specific sensitive data types. Option B is wrong because Records Management is designed to mark content as records for legal or regulatory retention, not for scanning or classifying content for sensitive information like driver's license numbers. Option D is wrong because Information Protection applies automatic protection actions (e.g., encryption, access restrictions) via sensitivity labels, which the compliance officer explicitly does not want to apply.

20
MCQhard

You are reviewing a Conditional Access policy JSON for your Microsoft Entra ID tenant. The first policy blocks access from high-risk IP addresses. The second policy requires MFA for all users from trusted locations. You notice that users from high-risk IP addresses are still prompted for MFA instead of being blocked. What is the most likely cause?

A.The block policy does not specify MFA, so it is ignored.
B.The block policy is set to report-only mode, so it is not enforced.
C.The block policy has a lower priority than the grant policy.
D.The grant policy requires MFA for all users, overriding the block.
AnswerB

If report-only, the policy logs but doesn't block, so the grant policy applies.

Why this answer

Option B is correct because Conditional Access policies are evaluated in priority order; if the block policy has a lower priority than the grant policy, the grant policy could apply first. However, in this exhibit, the block policy has priority 1 and the grant policy has priority 2, so the block should apply first. But the issue is that the grant policy's condition includes locations 'AllTrusted', and the block policy's condition includes 'HighRiskIP'.

If a user is from a high-risk IP that is also considered 'trusted'? That is unlikely. Another possibility: the block policy action is 'BlockAccess' but if the user is not meeting the conditions? Actually, the exhibit shows that the block policy has priority 1, which is lower number (higher priority). So the block should apply.

But the user is getting MFA prompt instead of block. This could happen if the block policy is in report-only mode, but the JSON doesn't show a state. In real exam, they might expect that the block policy has a higher priority (lower number) but the grant policy might be evaluated first due to scope? Actually, Conditional Access evaluates all policies that apply.

If both apply, block takes precedence. However, if the block policy's condition does not match (e.g., the location is not recognized as HighRiskIP), then only the grant policy applies. So the most likely cause is that the location condition in the block policy is not correctly matching the user's IP.

But option B says the block policy is set to report-only mode, which is a common reason for not enforcing. Since the JSON does not include a state, it could be report-only. Option A (priority) is wrong because priority 1 is higher than 2.

Option C (MFA required) is not the cause. Option D (block policy missing MFA) is irrelevant. So B is plausible.

However, in real scenario, if the block policy is in report-only, it won't block. So I'll go with B.

21
MCQmedium

Your organization uses Microsoft Purview Information Protection. You need to ensure that when users manually apply a 'Confidential' label to a document in Word, the document is automatically marked with a footer 'CONFIDENTIAL' and encrypted. What must you configure?

A.Modify the sensitivity label policy to include the footer.
B.Create a DLP rule that applies the footer and encryption.
C.Set up auto-labeling to apply the footer and encryption.
D.Configure the sensitivity label's settings to include the footer and encryption.
AnswerD

Sensitivity labels can define markings and encryption.

Why this answer

Sensitivity labels include settings for marking (footer) and encryption. These are configured in the label itself. Option A is incorrect because DLP policies do not apply markings.

Option C is incorrect because auto-labeling is for automatic application, not manual. Option D is incorrect because the sensitivity label policy publishes labels but doesn't define their actions.

22
MCQhard

A compliance officer needs to ensure that all emails containing sensitive information (e.g., passport numbers) are automatically encrypted when sent to external recipients. The encryption should be enforced without requiring users to manually select an option. Which Microsoft Purview feature should they configure?

A.Data Loss Prevention (DLP) policy with encryption action
B.Sensitivity labels with auto-labeling
C.Message Encryption (OME) policies
D.Communication Compliance
AnswerA

DLP policies can be configured to automatically encrypt emails that contain sensitive data by using Rights Management.

Why this answer

A Data Loss Prevention (DLP) policy with encryption action is correct because it automatically detects sensitive information (e.g., passport numbers) using sensitive info types and enforces encryption via Microsoft Purview Message Encryption (OME) as a rule action. This ensures that when an email containing such data is sent to an external recipient, the email is automatically encrypted without requiring user intervention, meeting the compliance officer's requirement.

Exam trap

The trap here is that candidates often confuse sensitivity labels with auto-labeling as the solution for automatic encryption, but auto-labeling only applies labels based on conditions and does not enforce encryption unless the label itself is configured for encryption and the DLP policy triggers the action.

How to eliminate wrong answers

Option B is wrong because sensitivity labels with auto-labeling can classify and protect content but do not directly enforce encryption on outbound emails based on content detection; they require a DLP policy to trigger the encryption action. Option C is wrong because Message Encryption (OME) policies define encryption rules but are typically configured within DLP policies or mail flow rules; standalone OME policies do not automatically detect sensitive data and enforce encryption without additional conditions. Option D is wrong because Communication Compliance is designed to detect and investigate policy violations (e.g., harassment, insider trading) and does not provide automatic encryption of emails based on sensitive content.

23
MCQhard

Refer to the exhibit. You run a Content Search in Microsoft Purview eDiscovery (Standard) for emails containing a specific keyword. The result shows one item in the DeletedItems folder. What is the most likely reason this email appears?

A.The email was permanently deleted but retained by a retention policy.
B.The email is in the Recoverable Items folder.
C.The search includes deleted items by default.
D.The email is under an in-place hold.
AnswerB

Deleted items are moved to Recoverable Items.

Why this answer

Content Search searches all mailboxes, including the Recoverable Items folder (which contains soft-deleted items). The DeletedItems folder is searched by default. Option A is incorrect because the item is in DeletedItems, not in-place hold.

Option B is incorrect because retention policies preserve items but the item is still in DeletedItems. Option D is incorrect because the search includes DeletedItems by default.

24
Multi-Selecthard

A compliance officer needs to ensure that all emails containing payment card information (PCI) are automatically encrypted when sent to external recipients. The encryption should occur without user intervention. Which two features should be configured together? (Choose two.)

Select 2 answers
A.Data Loss Prevention (DLP) policy with encryption action
B.Sensitivity label with encryption
C.Microsoft Purview Message Encryption
D.Transport rule with encryption
AnswersA, B

Correct. A DLP policy can be set to automatically apply a sensitivity label that enforces encryption when PCI is detected.

Why this answer

Option A is correct because a Data Loss Prevention (DLP) policy in Microsoft Purview can be configured with an encryption action that automatically encrypts emails containing sensitive information, such as payment card information (PCI), when sent to external recipients. This encryption occurs without user intervention, meeting the compliance officer's requirement. The DLP policy uses built-in sensitive information types (e.g., Credit Card Number) to detect PCI and applies rights management protection via Azure Information Protection.

Exam trap

The trap here is that candidates often confuse sensitivity labels with automatic encryption enforcement, not realizing that a sensitivity label alone cannot automatically encrypt outbound emails based on content detection without a DLP policy or auto-labeling policy to trigger it.

25
MCQmedium

A compliance officer needs to prevent users from sharing protected health information (PHI) with external users in Microsoft Teams chat messages. When a user attempts to send a message containing a known PHI data type (e.g., medical record numbers), the message should be blocked and the sender should see a policy tip. Which Microsoft Purview solution should the officer configure?

A.Communication compliance policy
B.Data Loss Prevention (DLP) policy for Teams
C.Sensitivity labels applied to Teams
D.Information barriers
AnswerB

DLP policies can be applied to Teams chat and channels, detecting sensitive info and blocking the message with a policy tip.

Why this answer

Option B is correct because a Data Loss Prevention (DLP) policy for Microsoft Teams can be configured to detect and block sensitive information types, such as medical record numbers (a PHI data type), in chat messages. When a match occurs, the policy can block the message and display a policy tip to the sender, meeting the compliance officer's requirement.

Exam trap

The trap here is that candidates often confuse Communication compliance (which reviews sent messages) with DLP (which blocks messages in transit), leading them to select Option A despite the requirement for real-time blocking and policy tips.

How to eliminate wrong answers

Option A is wrong because Communication compliance policies are designed to detect and review inappropriate or policy-violating communications (e.g., harassment, insider trading) after they are sent, not to block messages in real-time or enforce data loss prevention rules. Option C is wrong because sensitivity labels applied to Teams control access and protection (e.g., encryption, visual markings) at the container or file level, not the content of individual chat messages. Option D is wrong because Information barriers are used to prevent specific groups of users from communicating with each other (e.g., to avoid conflicts of interest), not to scan message content for sensitive data types like PHI.

26
Multi-Selectmedium

You are the Microsoft 365 administrator for Contoso Ltd. The compliance team needs to implement data lifecycle management and records management using Microsoft Purview. Which three of the following actions should you take to meet these requirements? (Choose three.)

Select 3 answers
.Create retention labels that automatically apply a retention policy to documents containing personally identifiable information (PII).
.Configure a file plan for records management to define retention schedules and disposal reviews.
.Publish retention labels so that users can manually apply them to items in SharePoint and OneDrive.
.Use data loss prevention (DLP) policies to automatically delete emails containing credit card numbers after 30 days.
.Deploy Microsoft Purview Compliance Manager to automate the deletion of stale data in Exchange Online.
.Enable audit logging to automatically enforce retention periods for all Microsoft 365 workloads.

Why this answer

Retention labels that automatically apply a retention policy based on sensitive information types (like PII) allow you to implement data lifecycle management by automatically classifying and retaining or deleting content without user intervention. This meets the compliance team's requirement for automated lifecycle management.

Exam trap

The trap here is confusing the purpose of DLP policies (data loss prevention) with retention policies (data lifecycle management), leading candidates to incorrectly select DLP for deletion tasks.

27
MCQhard

Refer to the exhibit. You have a DLP policy in test mode as shown. A user reports that they received a notification that sharing credit card numbers is blocked, but they were still able to share them. What is the most likely reason?

A.The rule action 'BlockAccess' is not included in the policy.
B.The policy is in test mode, which does not enforce actions.
C.The condition 'SensitiveInformation' is not configured correctly.
D.The notification is not enabled in the policy.
AnswerB

Test mode allows you to see what would be blocked without actually blocking.

Why this answer

Option B is correct because when a DLP policy is in test mode, it notifies users but does not actually block the action. Option A is wrong because the rule includes the action BlockAccess, but test mode overrides it. Option C is wrong because the condition is valid.

Option D is wrong because the notification is enabled in the rule and policy.

28
Multi-Selectmedium

A compliance officer needs to automatically apply a 'Highly Confidential' sensitivity label to any email in Exchange Online that contains social security numbers. The labeling must happen automatically without user interaction. Which two Microsoft Purview components must be configured? (Select the option that correctly identifies both required components.)

Select 2 answers
A.sensitivity label with auto-labeling rule and a Data Loss Prevention policy
B.retention label and a Communication Compliance policy
C.sensitivity label with auto-labeling rule and an auto-labeling policy
D.unified labeling client and a custom sensitive info type
AnswersA, C

DLP policies can detect and protect data but do not apply sensitivity labels automatically.

Why this answer

Option C is correct because automatically applying a sensitivity label to emails containing social security numbers requires both a sensitivity label configured with an auto-labeling rule (to define the label and conditions) and an auto-labeling policy (to scope the rule to Exchange Online and enable automatic enforcement without user interaction). The auto-labeling policy triggers the label based on sensitive info types, meeting the compliance officer's requirement for fully automated labeling.

Exam trap

The trap here is that candidates confuse a DLP policy (which can detect and block but not label) with an auto-labeling policy (which is specifically designed for automatic label application), or they mistakenly think a client-side component like the unified labeling client can achieve server-side automatic labeling in Exchange Online.

29
MCQmedium

Your organization uses Microsoft Purview Records Management. You need to ensure that records are marked as regulatory records and cannot be deleted or modified by any user, including administrators. The records must be retained for 10 years. What should you do?

A.Use a retention label marked as a regulatory record.
B.Create a retention policy with a preservation lock.
C.Use a retention label marked as a record.
D.Apply a default retention label to the SharePoint library.
AnswerA

Regulatory records are tamper-proof and cannot be modified or deleted.

Why this answer

Regulatory records provide the highest level of restriction, making content tamper-proof. Option D is correct. Option A is wrong because preservation lock applies to retention policies, not individual records.

Option B is wrong because default labels can be changed. Option C is wrong because manual labels are not as restrictive.

30
Multi-Selecteasy

A compliance officer wants to automatically apply a 'Confidential' sensitivity label to documents in SharePoint Online that contain credit card numbers. Which two Microsoft Purview features must be configured together? (Choose two.)

Select 2 answers
A.Data Loss Prevention (DLP) policy
B.Sensitivity label with auto-labeling
C.Retention label policy
D.Microsoft Purview Information Protection scanner
AnswersA, B

Correct. A DLP policy can be configured to automatically apply a sensitivity label when sensitive information is detected in SharePoint Online.

Why this answer

To automatically apply a 'Confidential' sensitivity label to documents containing credit card numbers in SharePoint Online, you must configure a sensitivity label with auto-labeling (client-side or service-side) to detect the sensitive content, and a Data Loss Prevention (DLP) policy to enforce the labeling action. The DLP policy can be set to automatically apply the sensitivity label when credit card patterns are matched, using the same sensitive info types as auto-labeling. Together, they ensure that content is both classified and protected at rest.

Exam trap

The trap here is that candidates often confuse the on-premises Information Protection scanner (Option D) with the cloud-based auto-labeling feature, or they mistakenly think a retention label policy (Option C) can apply sensitivity labels, when in fact retention labels and sensitivity labels serve entirely different purposes.

31
MCQeasy

A compliance officer needs to automatically detect documents in SharePoint Online that contain a custom pattern (e.g., employee ID in the format EMP-12345). The pattern will be used to apply a sensitivity label. Which Microsoft Purview feature should the officer use to define the pattern?

A.Sensitive information types
B.Data Loss Prevention (DLP) policies
C.Content search
D.Data classification reports
AnswerA

Custom sensitive information types can be created to define patterns like employee IDs, which can then be used for automatic labeling or DLP.

Why this answer

Sensitive information types (SITs) in Microsoft Purview are specifically designed to define custom patterns, such as regular expressions for employee IDs like EMP-12345. Once defined, these SITs can be used in sensitivity labels to automatically classify and protect documents in SharePoint Online. This is the correct feature because it directly supports pattern-based detection for labeling.

Exam trap

The trap here is that candidates often confuse DLP policies with pattern definition, but DLP policies only consume pre-defined sensitive information types and cannot create them.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies enforce rules to prevent data exfiltration but do not define the pattern itself; they use existing sensitive information types. Option C is wrong because Content Search is a query tool for finding content based on keywords or metadata, not for defining reusable patterns for automatic labeling. Option D is wrong because Data classification reports provide visibility into classified data but do not allow creation of custom patterns.

32
Multi-Selectmedium

A compliance officer wants to automatically apply a retention label to documents that contain SWIFT codes (financial identifiers) when uploaded to SharePoint Online. Which two Microsoft Purview features are required for this configuration? (Choose two.)

Select 2 answers
A.Sensitivity label
B.Trainable classifier
C.Auto-apply retention label policy
D.Data Loss Prevention (DLP) policy
AnswersB, C

A trainable classifier can be trained to detect SWIFT codes in documents.

Why this answer

Option B is correct because a trainable classifier is required to identify content containing SWIFT codes based on pattern recognition and machine learning. Option C is correct because an auto-apply retention label policy is the mechanism that automatically assigns the retention label to documents when the classifier detects SWIFT codes in SharePoint Online.

Exam trap

The trap here is that candidates often confuse sensitivity labels with retention labels, or mistakenly think a DLP policy can directly apply retention labels, when in fact DLP policies only trigger alerts or block actions, not label assignment.

33
MCQmedium

A compliance officer needs to retain all documents in a SharePoint Online site associated with the Finance department for 10 years, after which the documents must be automatically deleted. During the retention period, users must be allowed to edit the documents but not delete them. Which Microsoft Purview solution should the officer configure?

A.retention policy with a retention period of 10 years and an action to delete at the end of the period
B.retention label auto-applied to all documents in the site
C.Litigation hold on the site
D.Data Loss Prevention (DLP) policy with a retention action
AnswerA

A retention policy applied to the SharePoint site will preserve documents for 10 years, allow editing, block deletion, and automatically delete after the period.

Why this answer

A retention policy can be applied to a SharePoint site to enforce a 10-year retention period with a deletion action at the end, while allowing users to edit documents during that period. This meets the compliance requirement because retention policies preserve content from deletion by users, but still permit editing. The 'delete at end of retention period' action ensures automatic removal after 10 years.

Exam trap

The trap here is that candidates often confuse retention labels with retention policies, thinking labels are required for site-wide retention, but policies are the correct tool for applying uniform retention and deletion to an entire site without manual labeling.

How to eliminate wrong answers

Option B is wrong because a retention label auto-applied to all documents would also work for retention and deletion, but the question asks for a 'solution' that is simpler and more appropriate for a site-wide requirement; retention labels are typically used for granular, item-level classification rather than blanket site-wide retention. Option C is wrong because Litigation hold preserves content indefinitely (no automatic deletion) and prevents editing in some configurations, which does not meet the 10-year deletion requirement. Option D is wrong because Data Loss Prevention (DLP) policies are designed to prevent data leakage and enforce security rules, not to manage retention or deletion of documents.

34
MCQmedium

A compliance administrator needs to ensure that all documents in a SharePoint library are retained for exactly 7 years and then allow users to manually dispose of them sooner after a review. What should they configure in Microsoft Purview?

A.Create a retention label with a retention period of 7 years and enable disposition review
B.Create a retention label with a retention period of 7 years and no additional action
C.Create a sensitivity label that restricts access
D.Create a record label
AnswerA

Disposition review provides a manual review step before deletion, allowing users to dispose items early if approved.

Why this answer

Option A is correct because the requirement specifies a fixed 7-year retention period followed by user-initiated disposal after a review. A retention label with a retention period of 7 years and disposition review enabled allows content to be retained for exactly 7 years, after which a disposition review triggers a manual approval process for disposal. This matches the need for both mandatory retention and manual disposal after review.

Exam trap

The trap here is that candidates often confuse retention labels with record labels, assuming that any label with a retention period automatically supports manual disposal, but only retention labels with disposition review enabled provide the specific workflow for user-initiated disposal after review.

How to eliminate wrong answers

Option B is wrong because a retention label with no additional action will automatically delete the content after 7 years without any user review or manual disposal option, which violates the requirement to allow users to manually dispose of items sooner after a review. Option C is wrong because a sensitivity label is designed to classify and protect data through encryption or access restrictions, not to enforce retention or disposition workflows; it does not provide any retention period or disposal review capability. Option D is wrong because a record label marks content as a record (immutable) and typically prevents deletion or modification, which contradicts the requirement to allow manual disposal after review; records require a disposition review but are not designed for flexible user-initiated disposal.

35
MCQmedium

Your organization uses Microsoft Purview to enforce data loss prevention (DLP) policies. Users report that a DLP policy blocks legitimate sharing of a document containing sensitive financial data. You need to allow the sharing while still protecting the data. What should you do?

A.Disable the DLP policy and create a new one with broader conditions.
B.Add the user to the DLP policy's super user group.
C.Modify the DLP policy to exclude the specific document type.
D.Configure a policy tip to allow override with a business justification.
AnswerD

Allows controlled override with audit.

Why this answer

Option B is correct because creating a policy override with a business justification allows users to bypass the policy with a reason, which is audited. Option A is wrong because disabling the policy would remove protection. Option C is wrong because adding the user to a super user group would completely bypass DLP.

Option D is wrong because modifying the condition would change the policy for all users.

36
MCQmedium

An organization has a legal requirement to preserve certain contracts as immutable records. Once a contract is declared as a record, it must not be editable or deletable by users, including administrators. Which Microsoft Purview solution should be configured?

A.Data Loss Prevention
B.eDiscovery (Premium)
C.Communication Compliance
D.Records Management
AnswerD

Records Management enables the declaration of records, making them immutable.

Why this answer

Records Management in Microsoft Purview is designed to declare items as immutable records, locking them against editing or deletion by any user, including administrators. This satisfies the legal requirement for preserving contracts as unchangeable records by applying retention labels that enforce strict regulatory compliance.

Exam trap

The trap here is that candidates confuse Records Management with eDiscovery holds, thinking a legal hold provides immutability, but eDiscovery holds only prevent deletion during litigation and do not prevent editing or permanent record locking.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) policies prevent unauthorized sharing or leakage of sensitive data but do not enforce immutability or prevent editing/deletion of records. Option B is wrong because eDiscovery (Premium) is used for legal hold, search, and export of content for litigation, not for making records permanently immutable. Option C is wrong because Communication Compliance monitors and analyzes communications for policy violations (e.g., harassment, insider trading) and does not provide record locking or immutability features.

37
Multi-Selectmedium

You are the Microsoft 365 Administrator for a multinational organization that must comply with various regulatory requirements, including GDPR, SOX, and internal data retention policies. You are deploying Microsoft Purview compliance solutions. Which four of the following actions are valid steps when managing compliance using Microsoft Purview? (Choose all that apply. There are four correct answers.)

Select 4 answers
.Create a DLP policy that prevents users from sharing credit card numbers via email with external recipients.
.Use a retention label to automatically delete documents containing trade secrets after 7 years.
.Configure a sensitivity label with sublabels that apply different markings (e.g., 'Confidential' and 'Highly Confidential') to the same document.
.Enable auditing in the Microsoft 365 compliance portal to track user activities such as file downloads and mailbox access.
.Assign a retention policy to a user's mailbox that deletes all emails immediately after they are sent.
.Apply a sensitivity label to a SharePoint site that blocks all external sharing of documents stored in that site.

Why this answer

Creating a DLP policy that prevents sharing credit card numbers via email with external recipients is a valid step because Microsoft Purview Data Loss Prevention (DLP) policies can detect sensitive information types (e.g., credit card numbers) and enforce actions such as blocking external sharing. This directly supports compliance with regulations like GDPR and SOX by preventing unauthorized data exfiltration.

Exam trap

Microsoft often tests the misconception that sensitivity labels can directly control external sharing of documents within a site, when in reality they control site-level settings (e.g., privacy) while external sharing is governed by SharePoint sharing policies.

38
MCQmedium

A compliance officer needs to retain all documents in a SharePoint Online site associated with the Finance department for 7 years, and after that automatically delete them. During the retention period, users must not be able to edit or delete the documents. Which solution should they use?

A.Create a retention policy scoped to the site with 'Retain as records' action
B.Create a retention label with 'Retain as regulatory records' and publish it to the site, then use auto-apply based on site location
C.Create a sensitivity label with 'Retain as records' and apply it manually
D.Create a litigation hold for the site
AnswerB

A regulatory records label prevents editing and deletion, and auto-apply policies can apply the label to all documents in the site automatically.

Why this answer

Option B is correct because a retention label with 'Retain as regulatory records' locks the document against editing or deletion during the retention period, and auto-applying the label based on site location ensures all documents in the Finance site inherit the 7-year retention and automatic deletion. This meets the compliance officer's requirement for immutable retention and automatic disposal without manual user intervention.

Exam trap

The trap here is confusing 'Retain as records' (which only prevents deletion after the retention period) with 'Retain as regulatory records' (which prevents editing and deletion during the entire retention period), leading candidates to incorrectly choose Option A.

How to eliminate wrong answers

Option A is wrong because a retention policy with 'Retain as records' action does not prevent users from editing or deleting documents during the retention period; it only prevents deletion after the retention period ends. Option C is wrong because a sensitivity label with 'Retain as records' is not a valid construct; sensitivity labels manage sensitivity and protection, not retention, and manual application does not guarantee all documents are covered. Option D is wrong because a litigation hold preserves documents indefinitely (until the hold is released) and does not enforce a specific 7-year retention period or automatic deletion; it also does not prevent editing, only deletion.

39
MCQmedium

Your organization uses Microsoft Purview to manage compliance. You need to ensure that all documents containing 'Project X' are automatically retained for 5 years. Which solution should you use?

A.Microsoft Purview sensitivity labels
B.Microsoft Purview Audit
C.Microsoft Purview Data Loss Prevention
D.Microsoft Purview retention policies with adaptive scopes
AnswerD

Retention policies can retain content based on conditions.

Why this answer

Option B is correct because retention policies can automatically retain content based on conditions like sensitive info types. Option A is wrong because DLP prevents data loss, not retention. Option C is wrong because sensitivity labels can trigger retention but the direct tool is retention policy.

Option D is wrong because audit logs track events, not enforce retention.

40
MCQeasy

Your company is implementing Microsoft Purview Records Management. You need to ensure that invoices are retained for seven years after they are paid, and then automatically deleted. Which type of label should you create?

A.Disposition review label assigned to invoices
B.Retention policy applied to all documents in SharePoint
C.Retention label with disposition review after the trigger event
D.Sensitivity label with auto-labeling
AnswerC

Retention labels can start retention from a trigger event and then dispose.

Why this answer

Option C is correct because a retention label that triggers disposition review after seven years meets the requirement. Option A is incorrect because sensitivity labels do not manage retention. Option B is incorrect because a retention policy cannot be scoped to individual items based on metadata like payment date.

Option D is incorrect because a disposition review label is not a standard label type; disposition is a action within a retention label.

41
MCQmedium

A compliance officer needs to ensure that all documents in a SharePoint Online site are retained for 5 years and then automatically deleted. During the retention period, users must be allowed to edit the documents but not delete them. Which Microsoft Purview solution should the officer configure?

A.Create a retention policy with a retention rule for 5 years, configured to retain then delete, and enable the preservation hold setting.
B.Create a retention label with the action to retain for 5 years then delete, and apply it to the site via auto-labeling.
C.Create a sensitivity label with encryption and set an expiration date for 5 years.
D.Place the site on an eDiscovery hold with a custom retention period.
AnswerA

A site-level retention policy with preservation hold blocks deletion while allowing edits, and automatically deletes after 5 years.

Why this answer

Option A is correct because a retention policy with a 'retain then delete' action meets both requirements: it retains documents for 5 years and then automatically deletes them, while the preservation hold setting prevents users from deleting documents during the retention period. This policy applies at the site level, ensuring all content is covered without requiring manual labeling.

Exam trap

The trap here is that candidates often confuse retention labels with retention policies, assuming labels can block user deletion, but only a retention policy with preservation hold provides the deletion prevention required by the scenario.

How to eliminate wrong answers

Option B is wrong because a retention label applied via auto-labeling does not prevent users from deleting documents during the retention period; labels only enforce retention and deletion actions but do not block deletion by users. Option C is wrong because a sensitivity label with encryption and expiration controls data access and encryption, not retention or deletion prevention; it does not ensure documents are retained for 5 years and then deleted. Option D is wrong because an eDiscovery hold preserves content indefinitely for legal purposes and does not automatically delete documents after a set period; it also does not allow editing while blocking deletion in the same way as a retention policy with preservation hold.

42
MCQeasy

A user in your organization receives a 'Message blocked' notification when trying to send an email with a credit card number. The DLP policy is configured to block such emails. The user claims the credit card number is a valid test number used for training. What should you do to allow the email while maintaining security?

A.Configure a policy tip to allow override with a business justification.
B.Exclude the user from the DLP policy.
C.Disable the DLP policy temporarily.
D.Add the user to the DLP policy's super user group.
AnswerA

Allows controlled override with audit.

Why this answer

Option C is correct because configuring a policy tip with override allows the user to justify the override, which is audited. Option A is wrong because adding to a group bypasses all DLP. Option B is wrong because excluding the user removes protection.

Option D is wrong because disabling the policy removes protection for all.

43
MCQeasy

Your organization needs to prevent users from sharing documents containing personally identifiable information (PII) with external users. You have Microsoft Purview Data Loss Prevention (DLP) deployed. What should you configure?

A.Apply a sensitivity label that blocks external sharing.
B.Create a DLP policy that detects PII and restricts sharing to external users.
C.Configure a conditional access policy in Microsoft Entra ID to block external sharing.
D.Enable auditing for all document sharing activities.
AnswerB

DLP policies can block sharing based on content inspection.

Why this answer

Option A is correct because a DLP policy can be configured to detect PII and block external sharing. Option B is incorrect because sensitivity labels do not block sharing; they classify data. Option C is incorrect because conditional access blocks access based on conditions, not content.

Option D is incorrect because auditing only logs activity, it does not prevent sharing.

44
Multi-Selectmedium

A compliance officer needs to automatically apply a sensitivity label that encrypts documents in SharePoint Online when the documents contain a custom regex pattern (e.g., employee ID). The labeling must occur automatically without requiring user interaction. Which two Microsoft Purview components must be configured? (Select the option that correctly identifies both components.)

Select 2 answers
A.An auto-labeling policy and a sensitivity label with encryption configured
B.Data Loss Prevention (DLP) policy and a sensitivity label
C.retention label and an auto-labeling policy
D.sensitive info type and a sensitivity label
AnswersA, D

Auto-labeling policies automatically apply sensitivity labels based on conditions; the label must have encryption to meet the requirement.

Why this answer

Option A is correct because an auto-labeling policy in Microsoft Purview can automatically apply sensitivity labels to documents in SharePoint Online based on conditions such as the presence of a custom regex pattern. The sensitivity label must have encryption configured to enforce protection, and the auto-labeling policy triggers the labeling without user interaction.

Exam trap

The trap here is that candidates often confuse auto-labeling policies with DLP policies, thinking DLP can apply labels, but DLP only detects and blocks—it does not automatically apply sensitivity labels with encryption.

45
MCQmedium

A compliance officer needs to monitor employee communications across Microsoft Teams and Outlook for potential insider trading, using predefined policies. The solution must detect keywords like 'insider tip' and 'stock' and allow designated reviewers to take action. Which Microsoft Purview solution should the officer use?

A.Communication Compliance
B.Data Loss Prevention
C.eDiscovery (Premium)
D.Records Management
AnswerA

Communication Compliance is designed to detect and manage potential policy violations in communications, including insider trading.

Why this answer

Communication Compliance is the correct Microsoft Purview solution because it is specifically designed to detect sensitive keywords (e.g., 'insider tip' and 'stock') in Microsoft Teams chats, channel messages, and Outlook emails using predefined or customizable policies. It enables designated reviewers to investigate and take remediation actions such as removing messages or escalating for legal review, directly addressing the insider trading monitoring requirement.

Exam trap

The trap here is that candidates confuse Communication Compliance with Data Loss Prevention because both involve policy-based detection, but DLP is about preventing data exfiltration, not monitoring for insider trading keywords with reviewer workflows.

How to eliminate wrong answers

Option B (Data Loss Prevention) is wrong because DLP focuses on preventing unauthorized sharing of sensitive data (e.g., credit card numbers or PII) by blocking or alerting on outbound content, not on monitoring communications for insider trading keywords or enabling reviewer actions. Option C (eDiscovery Premium) is wrong because eDiscovery is used for legal hold, search, and export of content as evidence in litigation or investigations, not for real-time policy-based monitoring and remediation of communications. Option D (Records Management) is wrong because Records Management deals with classifying, retaining, and disposing of records based on regulatory requirements, not with detecting specific keywords in live communications or enabling reviewer workflows.

46
MCQmedium

You are the compliance administrator for Contoso Ltd., a multinational corporation with 10,000 users. The company uses Microsoft 365 E5 licenses and has deployed Microsoft Purview Compliance Manager. The legal department requires that all contracts be retained for 10 years after the contract ends, and then be permanently deleted. Contracts are stored in a SharePoint Online site named 'Contracts'. The site already has a retention policy that retains all documents for 5 years. You need to configure additional retention settings to meet the legal requirement without disrupting existing retention. What should you do?

A.Create a retention label with a retention period of 10 years after contract end, and automatically apply it to contract documents using a sensitive info type or a custom condition.
B.Create a file plan in Microsoft Purview Records Management and attach it to the Contracts site.
C.Modify the existing retention policy to retain content for 10 years instead of 5.
D.Apply a preservation hold to the Contracts site to prevent deletion until 10 years.
AnswerA

The label will override the policy's 5-year retention and retain for 10 years, then delete.

Why this answer

Option A is correct because a retention label can be applied automatically or manually to contracts, and it can have a longer retention period than the policy; the policy still applies for 5 years, but the label's retention takes precedence and extends to 10 years. Option B is wrong because creating a new policy would conflict and might cause unintended retention. Option C is wrong because a file plan is used for records management, not for extending retention.

Option D is wrong because preservation lock prevents deletion but does not set retention period.

47
Multi-Selecteasy

Which TWO types of content can be reviewed using Microsoft Purview Communication Compliance? (Choose two.)

Select 2 answers
A.Exchange Online emails
B.Microsoft Teams chat messages
C.Files stored in SharePoint Online
D.Yammer private messages
E.Viva Engage conversations
AnswersA, B

Email is a supported communication channel.

Why this answer

Options B and E are correct because Communication Compliance can review Microsoft Teams messages and email messages. Option A is incorrect because SharePoint files are not directly reviewed by Communication Compliance; they are covered by DLP. Option C is incorrect because Yammer is not currently supported.

Option D is incorrect because Viva Engage messages may be reviewed if they are part of Teams or email, but not as a standalone source.

48
Multi-Selectmedium

A global administrator at Fabrikam Inc. plans to implement Microsoft Purview to manage compliance for sensitive information. The solution must include the ability to discover, classify, and protect sensitive data across Microsoft 365 services. Which three of the following should the administrator configure? (Choose three.)

Select 3 answers
.Create a sensitive information type to detect custom data patterns, such as employee IDs.
.Enable auto-labeling policies in Microsoft Purview to automatically apply sensitivity labels to documents containing trade secrets.
.Configure a trainable classifier to identify and label content that matches specific organizational patterns, such as legal contracts.
.Set up a data loss prevention (DLP) policy to block external sharing of files labeled as 'Highly Confidential'.
.Deploy Microsoft Purview eDiscovery to automatically classify all content in Microsoft Teams chats.
.Enable Microsoft Purview Insider Risk Management to scan and label all historical email data.

Why this answer

Creating a sensitive information type is correct because it allows the administrator to define custom patterns (e.g., employee IDs) that Microsoft Purview can use to discover and classify sensitive data across Microsoft 365 services. This is a foundational step for building compliance policies tailored to the organization's specific data.

Exam trap

The trap here is that candidates often confuse the roles of DLP, eDiscovery, and Insider Risk Management as classification tools, when in fact they are enforcement, search, and risk detection tools respectively, not designed for automatic discovery and labeling of sensitive data.

49
MCQmedium

Your organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. You have a DLP policy that blocks sharing of documents containing personally identifiable information (PII) with external users. However, the HR department needs to share PII with a third-party benefits administrator for open enrollment. They request an exception that allows sharing only with the specific external domain 'benefits.contoso.com'. You need to implement the exception without weakening the overall policy. The solution must be centrally managed and auditable. What should you do?

A.Create a separate DLP policy with a lower priority that allows sharing with the external domain.
B.Remove the HR department from the scope of the DLP policy.
C.Modify the sensitivity label used by HR to remove the encryption requirement.
D.Configure the existing DLP policy to allow override for the specific external domain by using an allow list.
AnswerD

DLP policies support allow lists for specific domains.

Why this answer

Option B is correct because you can create a DLP policy override that allows sharing with the specific domain by configuring an allow list. Option A is incorrect because creating a separate policy with lower priority does not create an exception; all policies apply. Option C is incorrect because modifying the sensitivity label does not affect DLP.

Option D is incorrect because excluding HR from the policy would remove protection for all HR data, not just for the specific scenario.

50
MCQhard

Contoso Ltd. uses Microsoft Purview to manage compliance for sensitive data across Microsoft 365 and Azure. They need to ensure that all documents containing personally identifiable information (PII) are automatically labeled with a 'Highly Confidential' sensitivity label. The solution must also require users to justify access to these labeled documents. Which two actions should you configure?

A.Configure a retention label to mark documents as 'Highly Confidential'.
B.Create a Microsoft Purview auto-labeling policy for sensitivity labels.
C.Create a DLP policy that blocks sharing of unlabeled documents.
D.Enable Microsoft Purview Audit (Standard) to log access to sensitive documents.
E.Configure the sensitivity label to have rights management protection with 'Justify access' option.
AnswerB, E

Auto-labeling can automatically apply labels based on sensitive info types.

Why this answer

Option A is correct because auto-labeling policies can apply sensitivity labels automatically. Option D is correct because Microsoft Purview Information Protection supports rights management protection that can enforce justification on access. Option B is wrong because DLP policies block actions, not enforce justification.

Option C is wrong because retention labels are for retention, not access justification. Option E is wrong because audit logs track events but don't enforce justification.

51
MCQhard

A compliance officer needs to preserve all communications (email and Teams messages) for employees in the legal department for a minimum of 7 years. Additionally, any deletion (by users or system) must be blocked, and after the retention period, the items must be disposed of automatically. The solution must also ensure that the communications are marked as 'records' to prevent tampering. Which Microsoft Purview solution should the officer configure?

A.Litigation hold on the legal department's mailboxes and Teams
B.retention label configured with 'Mark items as a record' and a retention period of 7 years, then delete automatically
C.Preservation hold library in SharePoint Online
D.Data Loss Prevention (DLP) policy with retention action
AnswerB

Retention labels with record marking make content immutable and block deletion. The retention period can be set to 7 years with automatic disposal after that.

Why this answer

Option B is correct because a retention label with 'Mark items as a record' enforces immutability (prevents tampering) and, when configured with a 7-year retention period followed by automatic deletion, meets the compliance officer's requirements for preservation, blocking deletion, and automatic disposal. This label can be applied to both Exchange Online mailboxes (email) and Teams messages via auto-labeling policies, covering all communications for the legal department.

Exam trap

The trap here is that candidates often confuse Litigation Hold (which preserves indefinitely without automatic deletion) with a retention label that includes both a fixed retention period and record marking, failing to recognize that Litigation Hold does not meet the 'dispose automatically after 7 years' requirement.

How to eliminate wrong answers

Option A is wrong because a Litigation Hold preserves content indefinitely (or until manually removed) but does not enforce automatic deletion after a specific period, nor does it mark items as 'records' to prevent tampering. Option C is wrong because the Preservation Hold Library is a SharePoint Online feature that applies to document libraries, not to Exchange Online mailboxes or Teams messages, and it does not provide record marking or automatic deletion scheduling. Option D is wrong because a Data Loss Prevention (DLP) policy is designed to detect and prevent sensitive data leakage, not to enforce retention, record marking, or automatic disposal; it lacks the ability to block deletion or mark items as records.

52
MCQmedium

Your organization uses Microsoft Purview Audit (Standard) for auditing user activity. You receive an alert that a user accessed sensitive files in SharePoint Online. You need to investigate the exact actions performed by the user. Which action should you take?

A.Run the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell.
B.Navigate to the Microsoft Purview portal and use the Audit Log Search tab.
C.Enable Audit (Premium) licensing for the user and then search the audit log.
D.Access Microsoft Purview Compliance Manager and review the user's activity.
AnswerC

Audit (Premium) provides detailed file-level audit records.

Why this answer

Option C is correct because Audit (Standard) only retains audit logs for 90 days and does not include detailed file-level operations like item access. You would need to upgrade to Audit (Premium) to get those details. Option A is incorrect because the Search-UnifiedAuditLog cmdlet works with both editions but may not show item-level details in Standard.

Option B is incorrect because the Compliance Manager does not store audit logs. Option D is incorrect because there is no 'Audit Log Search' tab in Purview; the correct tool is the Audit solution.

53
MCQhard

A compliance officer needs to ensure that no user can permanently delete a document from a specific SharePoint Online site. The document must be kept for at least 5 years. Which Microsoft Purview solution should the officer configure?

A.A: Sensitivity label with a retention period of 5 years.
B.B: Retention policy for the site with retention period of 5 years and action set to 'Retain'.
C.C: DLP policy to prevent deletion of documents.
D.D: eDiscovery hold on the site.
AnswerB

A retention policy applied at the site level prevents permanent deletion of content during the retention period, meeting the requirement.

Why this answer

A retention policy with the 'Retain' action ensures that documents in the SharePoint site are preserved for the specified period and cannot be permanently deleted by users or system processes. This meets the compliance requirement of a 5-year minimum retention and prevents permanent deletion, as retained items are moved to the Preservation Hold library.

Exam trap

The trap here is that candidates often confuse retention policies with sensitivity labels or eDiscovery holds, assuming that any retention setting or legal hold prevents deletion, but only a retention policy with the 'Retain' action provides the specific immutable retention and deletion prevention required for a fixed period like 5 years.

How to eliminate wrong answers

Option A is wrong because a sensitivity label with a retention period of 5 years applies retention settings at the item level based on classification, but it does not prevent permanent deletion by users; sensitivity labels primarily enforce protection and classification, not immutable retention. Option C is wrong because a DLP policy prevents data loss by blocking sharing or exfiltration of sensitive data, not by preventing deletion of documents; DLP policies do not enforce retention or deletion prevention. Option D is wrong because an eDiscovery hold preserves content for legal or investigative purposes but is designed for temporary holds, not for a fixed 5-year retention period, and it does not prevent permanent deletion by users in the same way as a retention policy with 'Retain' action.

54
MCQmedium

Your organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. Users report that they are unable to share files containing credit card numbers via email. You need to allow sharing with specific business partners while maintaining protection for all other recipients. What should you configure?

A.Configure the DLP policy to allow users to override the action with a business justification.
B.Create a separate DLP policy with lower priority that allows sharing with the partners.
C.Assign a custom sensitivity label to emails sent to the partners.
D.Configure a file policy in Microsoft Purview Information Protection to exempt the partners.
AnswerA

DLP policies can be configured to allow override with justification.

Why this answer

Option B is correct because DLP policies support overriding with business justification when the policy is configured to allow it. Option A is incorrect because file policies focus on file properties, not content inspection for credit cards. Option C is incorrect because sensitivity labels do not override DLP actions.

Option D is incorrect because the DLP policy itself must enable the override, not a separate policy.

55
Multi-Selectmedium

A compliance officer needs to implement a policy that automatically marks emails containing a specific custom sensitive information type as a regulatory record upon sending. The regulatory record must be retained for 10 years and cannot be deleted by users. Which two components must be configured to achieve this?

Select 2 answers
A.Create a custom sensitive information type and configure an auto-apply retention label policy that applies a regulatory record label
B.Create a default retention label for emails and assign it to all mailboxes via a retention policy
C.Create a retention label with record marking and publish it to all users, then train users to apply it manually
D.Create a Data Loss Prevention (DLP) policy that detects the custom pattern and blocks the email until it is labeled
AnswersA, B

Correct. The custom SIT detects the pattern, and the auto-labeling policy applies the label that marks the item as a regulatory record with the 10-year retention.

Why this answer

To automatically mark emails containing a specific custom sensitive information type as a regulatory record upon sending, you need both a custom sensitive information type (to define the data pattern) and an auto-apply retention label policy (to automatically apply a regulatory record label based on that pattern). The regulatory record label enforces the 10-year retention and prohibits user deletion, meeting the compliance officer's requirements without manual user action.

Exam trap

The trap here is that candidates often confuse auto-apply retention label policies with DLP policies, thinking DLP can both detect and label, but DLP only detects and blocks—it cannot apply retention labels or enforce retention periods.

56
MCQhard

Your company uses Microsoft Purview to manage compliance. You need to set up a process that allows users to request permission to access a document labeled 'Confidential' and automatically grants access if the user's manager approves. Which feature should you use?

A.Microsoft Purview Privileged Access Management
B.Microsoft Purview Data Loss Prevention with a custom policy
C.Microsoft Entra ID Access Reviews with a connected organization
D.Microsoft Purview sensitivity label with a custom permission
AnswerC

Access Reviews can set up recurring reviews or ad-hoc requests with manager approval.

Why this answer

Option C is correct because Microsoft Entra ID Access Reviews can be integrated with Microsoft Purview to manage access requests with approval workflows. Option A is wrong because DLP doesn't handle access requests. Option B is wrong because labels don't include approval workflows.

Option D is wrong because Privileged Access Management is for elevated admin roles, not document access.

57
MCQhard

Your organization, Fabrikam Inc., uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data in Microsoft Teams. You have a DLP policy that blocks sharing of credit card numbers in Teams messages. Recently, users have reported that they cannot share legitimate credit card numbers for business purposes, even with customers. You need to allow users to override the block for legitimate sharing, but require them to provide a business justification. What should you configure?

A.Create a second DLP policy with a lower priority that allows credit card sharing, and assign it to a security group containing authorized users.
B.Add the users to an exempt group in the DLP policy so they are not blocked.
C.Configure the DLP policy to show a policy tip that allows users to override the block with a business justification, and enable audit logging for overrides.
D.Configure the DLP policy to allow overrides without justification, and monitor usage.
AnswerC

This allows legitimate sharing while maintaining oversight.

Why this answer

Option B is correct because policy tips with override options allow users to override the block and provide justification, and the admin can review the override in audit logs. Option A is wrong because allowing all overrides without justification defeats the purpose. Option C is wrong because a separate policy for exceptions would be complex and not user-friendly.

Option D is wrong because exempting specific users does not allow per-message override.

58
MCQeasy

Your organization is required to retain all financial records for seven years. Which Microsoft Purview solution should you use to enforce this requirement?

A.Microsoft Purview Data Loss Prevention
B.Microsoft Purview Records Management
C.Microsoft Purview retention policies
D.Microsoft Purview Audit
AnswerC

Retention policies can keep data for a specified duration.

Why this answer

Option B is correct because retention policies in Microsoft Purview ensure data is kept for a specified period. Option A is wrong because DLP is for preventing data loss, not retention. Option C is wrong because records management is a broader capability but retention policies are the specific tool.

Option D is wrong because audit logs track events, not enforce retention.

59
MCQmedium

A compliance officer needs to prevent users from sending emails that contain social security numbers to external recipients. When a user attempts to send such an email from Outlook, the email should be blocked and a policy tip should be displayed explaining why the email was blocked. Which Microsoft Purview solution should the officer configure?

A.Data Loss Prevention (DLP) policy
B.Sensitivity labels
C.Communication compliance
D.eDiscovery
AnswerA

Correct. DLP policies in Exchange Online can block emails containing sensitive data and show policy tips in Outlook.

Why this answer

A Data Loss Prevention (DLP) policy in Microsoft Purview is designed to detect sensitive information, such as social security numbers, in emails and enforce actions like blocking the message and displaying a policy tip. This meets the compliance officer's requirement to prevent external sending of sensitive data while providing user notification.

Exam trap

Microsoft often tests the distinction between DLP (which can block and notify in real-time) and sensitivity labels (which apply protection but do not block sending based on content detection), leading candidates to confuse classification with enforcement.

How to eliminate wrong answers

Option B is wrong because sensitivity labels classify and protect data through encryption and visual markings but do not natively block outbound emails based on content detection or display policy tips. Option C is wrong because communication compliance focuses on monitoring and reviewing internal/external communications for policy violations (e.g., harassment or insider trading) rather than real-time blocking of specific sensitive data patterns. Option D is wrong because eDiscovery is used for searching and exporting content for legal or investigative purposes, not for preventing data exfiltration or enforcing real-time email restrictions.

60
MCQmedium

A compliance officer needs to ensure that all outbound emails containing credit card numbers sent to external recipients are automatically encrypted without requiring user intervention. Which Microsoft Purview feature should be configured?

A.Data Loss Prevention (DLP) policy with a rule that encrypts the message when credit card numbers are detected.
B.Sensitivity label with auto-labeling based on credit card numbers.
C.Retention policy for Exchange Online.
D.eDiscovery case for content search.
AnswerA

DLP can detect sensitive info and enforce encryption using Rights Management, all without user action.

Why this answer

Option A is correct because a Data Loss Prevention (DLP) policy in Microsoft Purview can be configured with a rule that automatically detects credit card numbers (using a built-in sensitive info type) and applies encryption via Transport Layer Security (TLS) or Information Rights Management (IRM) to outbound emails sent to external recipients. This meets the compliance officer's requirement for automatic encryption without user intervention, as the DLP rule triggers encryption at the transport level in Exchange Online.

Exam trap

The trap here is that candidates often confuse auto-labeling with sensitivity labels (Option B) as a direct encryption mechanism, but auto-labeling does not automatically encrypt outbound emails at the transport layer—it only applies labels, and encryption requires additional configuration (e.g., via a DLP policy or a label's protection settings) that may not trigger without user action or client-side processing.

How to eliminate wrong answers

Option B is wrong because sensitivity labels with auto-labeling can classify and protect content based on credit card numbers, but they do not automatically encrypt outbound emails at the transport level; they apply protection at the item level (e.g., file or email) and require user interaction or client-side auto-labeling, which may not encrypt messages in transit to external recipients without manual steps. Option C is wrong because a retention policy for Exchange Online is used to retain or delete emails based on age or criteria, not to encrypt outbound messages; it does not provide real-time encryption triggered by content detection. Option D is wrong because an eDiscovery case for content search is used to search, hold, and export content for legal or investigative purposes, not to enforce encryption on outbound emails; it is a discovery tool, not a protection mechanism.

61
MCQeasy

You are a compliance administrator. You need to search for emails that contain trade secrets sent by a specific user in the last month. The search must include all mailboxes. What should you use?

A.eDiscovery (Premium) case.
B.Data Loss Prevention reports.
C.Audit log search.
D.Content search in Microsoft Purview.
AnswerD

Content search can search mailboxes for keywords and date ranges.

Why this answer

Content search in Microsoft Purview allows searching across mailboxes for specific keywords and date ranges. Option A is correct. Option B is wrong because eDiscovery (Premium) is for advanced workflows, not basic search.

Option C is wrong because audit log search tracks activities, not content. Option D is wrong because DLP reports show policy matches, not content search.

62
MCQeasy

A compliance officer needs to identify documents in SharePoint Online that contain confidential business information by using a machine learning model. Which Microsoft Purview solution should be configured?

A.A: Data Lifecycle Management
B.B: Information Protection (trainable classifiers)
C.C: eDiscovery
D.D: Communication Compliance
AnswerB

Trainable classifiers are machine learning models that identify content patterns and can trigger sensitivity labels or other actions.

Why this answer

Option B is correct because trainable classifiers in Microsoft Purview Information Protection use machine learning models to identify documents containing sensitive or confidential business information based on content patterns and context. Unlike simple keyword matching, trainable classifiers learn from sample documents to accurately detect specific types of confidential data, such as intellectual property or financial reports, in SharePoint Online.

Exam trap

The trap here is that candidates often confuse trainable classifiers with simple keyword-based sensitivity labels or DLP policies, but the question specifically requires a machine learning model, which only trainable classifiers provide.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management focuses on retention and deletion policies for data governance, not on identifying confidential content via machine learning. Option C is wrong because eDiscovery is designed for legal discovery and search of content for litigation or investigation, not for proactive classification using ML models. Option D is wrong because Communication Compliance monitors communications (e.g., email, Teams) for policy violations like harassment or insider trading, not for identifying confidential business documents in SharePoint.

63
MCQmedium

A compliance officer needs to automatically apply a sensitivity label named 'Confidential' to documents stored in SharePoint Online whenever the documents contain social security numbers. Users must be prevented from removing the label. Which configuration should the officer implement?

A.Create a retention label with auto-labeling based on sensitive info types
B.Create a sensitivity label with auto-labeling and set 'Mark content as mandatory'
C.Use Microsoft Information Protection (MIP) unified labeling client to apply labels
D.Configure Data Loss Prevention (DLP) policy to apply the label
AnswerB

This combination automatically labels content and prevents users from removing the label.

Why this answer

Option B is correct because sensitivity labels support auto-labeling based on sensitive info types (e.g., social security numbers) and the 'Mark content as mandatory' setting prevents users from removing the label. This ensures automatic classification and enforced protection, meeting the compliance officer's requirements.

Exam trap

The trap here is confusing retention labels (which handle lifecycle) with sensitivity labels (which handle classification and protection), leading candidates to pick Option A when they see 'auto-labeling' without understanding the label type's purpose.

How to eliminate wrong answers

Option A is wrong because retention labels are designed for data retention and deletion policies, not for classification or protection; they cannot apply sensitivity labels or prevent removal. Option C is wrong because the MIP unified labeling client is a legacy tool for on-premises or hybrid scenarios, not for cloud-native auto-labeling in SharePoint Online; it also does not enforce mandatory labeling. Option D is wrong because DLP policies can detect sensitive data and trigger actions like blocking or notification, but they cannot directly apply sensitivity labels; they rely on labels already being present.

64
MCQhard

Your company uses Microsoft Purview to manage compliance. You need to ensure that only users who have passed a training course can access documents labeled 'Confidential'. The solution must enforce this dynamically without manual intervention. What should you configure?

A.Microsoft Purview Privileged Access Management to require approval for access.
B.A Microsoft Purview DLP policy that blocks access for untrained users.
C.A Microsoft Purview sensitivity label with a custom permission that only allows trained users.
D.Microsoft Entra ID Conditional Access policy with a terms of use requiring training acknowledgment.
AnswerD

Conditional Access can require acceptance of terms of use, which can be linked to training completion.

Why this answer

Option D is correct because Microsoft Entra ID Conditional Access can require terms of use acceptance (which can include training acknowledgment) before accessing labeled content. Option A is wrong because DLP doesn't enforce user training. Option B is wrong because labels don't enforce training.

Option C is wrong because privileged access management is for administrative roles, not document access.

65
MCQmedium

Refer to the exhibit. You run the Get-RetentionCompliancePolicy cmdlet and see the output. Your organization wants to retain all ProjectX documents for 10 years and then allow users to delete them. However, users complain that documents are being deleted automatically. What is the issue?

A.The retention action is set to Delete instead of NoAction.
B.The policy is disabled, so it should not be enforcing.
C.The mode is set to Enable, which means the policy is in test mode.
D.The retention trigger is set to DateCreated, which is incorrect.
AnswerA

Delete automatically removes content; NoAction would allow manual deletion.

Why this answer

Option C is correct because the RetentionAction is set to 'Delete', which means after 3650 days, the content is deleted automatically. The requirement is to allow manual deletion after retention. Option A is wrong because the policy is disabled (Enabled: False) so it is not enforcing, but the RetentionAction still shows Delete.

Option B is wrong because Mode is Enable, which means the policy is active. Option D is wrong because the trigger is DateCreated, which is appropriate.

66
MCQeasy

Your organization needs to implement a Microsoft Purview data classification solution that scans data in Microsoft 365, Azure SQL Database, and Amazon S3. Which Microsoft Purview feature should you use?

A.Microsoft Purview Data Loss Prevention
B.Microsoft Purview Information Protection sensitivity labels
C.Microsoft Purview eDiscovery
D.Microsoft Purview Data Map
AnswerD

Data Map can scan and classify data across various sources including AWS S3 and Azure SQL.

Why this answer

Option C is correct because Microsoft Purview Data Map supports scanning on-premises and multi-cloud data sources. Option A is wrong because DLP policies are for data loss prevention, not scanning all data sources. Option B is wrong because sensitivity labels apply labels, but the scanning is done by Data Map.

Option D is wrong because eDiscovery is for legal discovery, not automated scanning.

67
Multi-Selectmedium

Your company is implementing Microsoft Purview Information Protection to classify and protect sensitive documents. You need to ensure that all documents containing personally identifiable information (PII) are automatically labeled. Which TWO actions should you take? (Select TWO.)

Select 2 answers
A.Define a custom sensitive info type in Microsoft Purview that matches your organization's PII patterns.
B.Train users to manually apply a sensitivity label to documents containing PII.
C.Configure a sensitivity label to encrypt documents containing PII.
D.Create a retention label for documents containing PII.
E.Create an auto-labeling policy in Microsoft Purview that applies a sensitivity label to documents containing PII.
AnswersA, E

Custom sensitive info types can detect specific PII patterns for automatic labeling.

Why this answer

Option A is correct because automatic labeling policies can apply sensitivity labels based on sensitive info types. Option D is correct because creating a sensitive info type for PII (e.g., using custom patterns) ensures the policy can detect the data. Option B is wrong because encryption is a protection action, not a labeling requirement.

Option C is wrong because manual labeling does not meet the requirement for automatic labeling. Option E is wrong because retention labels are for retention, not classification.

68
MCQmedium

A compliance administrator needs to preserve all documents in a SharePoint Online site that were created before a specific date for a legal hold. The hold should prevent any modification or deletion of those documents. What should the administrator configure?

A.Retention label applied automatically
B.eDiscovery hold
C.Data loss prevention policy
D.Sensitivity label with encryption
AnswerB

An eDiscovery hold preserves content in its current state and prevents edits or deletions until the hold is removed.

Why this answer

An eDiscovery hold (also known as a litigation hold) preserves all content in a SharePoint Online site by preventing modification or deletion of documents that match the hold criteria, including those created before a specific date. This hold applies at the site level and ensures that even if users edit or delete documents, the original versions are retained in the Preservation Hold library. It is the correct mechanism for legal holds that require immutable preservation of existing documents.

Exam trap

The trap here is that candidates often confuse retention labels or policies with eDiscovery holds, not realizing that retention labels only ensure content is kept after deletion but do not prevent modification, whereas an eDiscovery hold actively blocks modification and deletion by preserving the original content in a hidden library.

How to eliminate wrong answers

Option A is wrong because a retention label applied automatically can retain documents for a specified period but does not prevent users from modifying or deleting them; it only ensures the content is kept after deletion or modification, not that it remains unaltered. Option C is wrong because a Data Loss Prevention (DLP) policy is designed to detect and prevent the sharing of sensitive information, not to preserve documents from modification or deletion for legal hold purposes. Option D is wrong because a sensitivity label with encryption protects content by restricting access and usage, but it does not prevent modification or deletion by authorized users and is not designed for legal hold preservation.

69
MCQmedium

A compliance officer needs to automatically retain documents in a SharePoint Online document library for 7 years and then automatically delete them. The retention must be applied based on when the document is created. Which Microsoft Purview feature should be configured?

A.Data Lifecycle Management
B.Records Management
C.eDiscovery
D.Communication Compliance
AnswerA

Correct. Data Lifecycle Management includes retention labels and policies to retain and then delete content based on age.

Why this answer

Data Lifecycle Management (DLM) in Microsoft Purview allows you to create retention labels that automatically retain content for a specified period (e.g., 7 years) based on the date the document was created, and then trigger a disposal action such as deletion. This feature is designed specifically for managing the lifecycle of data in SharePoint Online, including automatic retention and deletion based on metadata like creation date.

Exam trap

The trap here is that candidates often confuse Records Management with Data Lifecycle Management, assuming that any retention policy must involve records, when in fact DLM handles automated retention and deletion without requiring the content to be declared a record.

How to eliminate wrong answers

Option B (Records Management) is wrong because Records Management is focused on declaring content as records (immutable, auditable) and applying retention that prevents deletion or modification, not on automatically deleting content after a set period. Option C (eDiscovery) is wrong because eDiscovery is used for searching, holding, and exporting content for legal or investigative purposes, not for automated retention and deletion policies. Option D (Communication Compliance) is wrong because Communication Compliance is designed to detect and remediate inappropriate communications (e.g., harassment, sensitive info) in Microsoft Teams, Exchange, and Yammer, not for managing document lifecycle retention or deletion.

70
MCQeasy

Refer to the exhibit. You are configuring auto-labeling for sensitivity labels. The JSON snippet is part of the policy configuration. When a document containing a credit card number is detected, what will happen?

A.The document will be automatically encrypted.
B.The document will be retained for a default period.
C.The document will be marked as a record.
D.The document will be blocked from sharing.
AnswerA

The action field specifies encrypt.

Why this answer

The rule specifies an action to encrypt when a credit card number is detected. Option B is correct because the action is 'encrypt'. Option A is wrong because the action includes encrypt.

Option C is wrong because no retention action is specified. Option D is wrong because it does not block sharing.

71
MCQmedium

Your organization receives a data subject request (DSR) to export personal data of a user. Which Microsoft Purview solution should you use to search for and export the data?

A.Microsoft Purview retention policies
B.Microsoft Purview Audit
C.Microsoft Purview eDiscovery
D.Microsoft Purview Data Loss Prevention
AnswerC

eDiscovery can search and export content for DSRs.

Why this answer

Option A is correct because Microsoft Purview eDiscovery can search for content across Microsoft 365 and export it. Option B is wrong because audit logs only track activities, not content search. Option C is wrong because DLP is for preventing data loss, not exporting.

Option D is wrong because retention policies do not export data.

72
MCQhard

Refer to the exhibit. You are configuring an auto-labeling policy in Microsoft Purview. The policy is set to apply the 'Confidential' label to documents that contain a specific sensitive info type. However, when a document is auto-labeled, users report that the footer and header are not applied. The label 'Confidential' itself does not have marking configurations. What is the most likely reason?

A.The label is not published to users.
B.The Microsoft 365 Apps client is not configured to apply markings.
C.The marking defaults are defined in the policy but the label does not have markings configured.
D.The policy settings override the label settings, causing markings to be ignored.
AnswerC

Markings must be on the label itself for auto-labeling to apply them.

Why this answer

Option A is correct because the MarkingDefaults in the policy settings apply to all labels if the label itself does not have markings. However, the exhibit shows MarkingDefaults are defined, but they are part of the policy settings, not the label. The auto-labeling policy applies the label, but the markings are not applied because the label does not have them.

Option B is wrong because the marking defaults are for the policy, but they might not be applied during auto-labeling. Option C is wrong because client settings are not relevant for auto-labeling. Option D is wrong because the label is published.

73
Multi-Selecthard

A compliance officer needs to ensure that all documents containing a custom sensitive info type (Employee ID with pattern EMP-####) are automatically labeled with a retention label that retains the documents for 3 years. Which two Microsoft Purview components must be configured? (Choose two.)

Select 2 answers
A.sensitivity label
B.retention label
C.data loss prevention (DLP) policy
D.An auto-labeling policy for retention labels
AnswersB, D

Retention labels define the retention and deletion rules for content.

Why this answer

A retention label is required to specify the retention period (3 years) for the documents. An auto-labeling policy for retention labels is needed to automatically apply that retention label based on the detection of the custom sensitive info type (Employee ID pattern EMP-####). Together, these two components enable automatic classification and retention without manual user intervention.

Exam trap

The trap here is that candidates often confuse sensitivity labels with retention labels, or think a DLP policy can apply retention labels, but Microsoft Purview separates these functions: DLP controls data movement, while auto-labeling policies for retention labels handle automatic retention label assignment.

74
MCQmedium

The legal department is investigating a potential data breach involving a specific user. The compliance officer needs to place a hold on all content in the user's Exchange Online mailbox and OneDrive for Business to prevent deletion until the investigation is complete. Which Microsoft Purview solution should the officer use?

A.Content Search
B.eDiscovery (Standard)
C.eDiscovery (Premium)
D.Audit log
AnswerB

eDiscovery (Standard) allows creating cases and placing legal holds on user mailboxes and OneDrive accounts to preserve content.

Why this answer

eDiscovery (Standard) allows you to place a hold on Exchange Online mailboxes and OneDrive for Business sites to preserve content from deletion during an investigation. This hold prevents users and automated processes from permanently deleting items, ensuring data integrity for legal or compliance reviews.

Exam trap

The trap here is that candidates often confuse the search-only capability of Content Search with the preservation functionality of eDiscovery (Standard), or mistakenly think eDiscovery (Premium) is required for holds, when in fact holds are a standard feature of eDiscovery (Standard).

How to eliminate wrong answers

Option A is wrong because Content Search is used to search for content across Microsoft 365 but cannot place a hold to preserve data; it only returns search results. Option C is wrong because eDiscovery (Premium) extends eDiscovery (Standard) with advanced analytics and review sets, but placing a hold is a core feature of eDiscovery (Standard) and does not require Premium. Option D is wrong because Audit log records user and admin activities for forensic analysis but does not prevent deletion of content; it only logs what happened.

75
Multi-Selectmedium

Your organization uses Microsoft Purview Compliance Manager to manage compliance activities. Which TWO actions can be performed directly from Compliance Manager?

Select 2 answers
A.Assign an improvement action to a user.
B.Upload evidence for an improvement action.
C.View and manage DLP alerts.
D.Create a retention policy for Exchange Online.
E.Create a sensitivity label.
AnswersA, B

Assignment is done within Compliance Manager.

Why this answer

Compliance Manager is a solution within Microsoft Purview that provides a centralized dashboard for managing compliance activities. It allows you to assign improvement actions to specific users to track responsibility and progress, and to upload evidence files directly to an improvement action to demonstrate compliance with a control. These are core, direct functions of the Compliance Manager interface.

Exam trap

The trap here is that candidates confuse the Microsoft Purview compliance portal's overall capabilities with the specific, limited set of actions that can be performed directly within the Compliance Manager solution, leading them to select actions that are available elsewhere in the portal but not inside Compliance Manager.

Page 1 of 3 · 166 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Purview Compliance questions.