CCNA Purview Compliance Questions

75 of 166 questions · Page 2/3 · Purview Compliance topic · Answers revealed

76
MCQeasy

Your company is implementing Microsoft Purview Audit (Standard). You need to search for activities performed by a specific user in Exchange Online. Which log should you query?

A.Unified audit log.
B.DLP incident reports.
C.Azure AD audit logs.
D.Mailbox audit logs only.
AnswerA

The unified audit log contains all service activities.

Why this answer

Audit (Standard) records all user and admin activities in Exchange Online. The unified audit log is the correct source. Option A is incorrect because Azure AD audit logs are for identity activities.

Option C is incorrect because DLP reports are for DLP matches. Option D is incorrect because Mailbox audit logs are a subset but unified audit log is the comprehensive source.

77
MCQhard

Refer to the exhibit. You are reviewing a Microsoft Purview Data Lifecycle Management policy. A document labeled 'Personal Data' also contains EU_Deceased_Data. What is the retention outcome for this document?

A.The document is retained for 365 days, then deleted.
B.The document is deleted after 90 days.
C.The document is retained indefinitely because of conflicting rules.
D.The document is deleted immediately because it contains sensitive data.
AnswerA

Retention rules take precedence over deletion rules.

Why this answer

The policy has two rules. The first rule retains for 365 days if the sensitivity label is 'Personal Data'. The second rule deletes after 90 days if content contains EU_Deceased_Data.

When both conditions are met, Microsoft Purview applies the longer retention period (retain 365 days) because retention takes precedence over deletion. Option A is incorrect because the retain rule applies. Option B is incorrect because the retain rule overrides.

Option C is incorrect because the rules are not exclusive; both conditions are evaluated.

78
MCQmedium

Refer to the exhibit. You run the PowerShell command shown. The output shows no results. The user confirms they downloaded files from SharePoint last week. What is the most likely cause?

A.The UserIds parameter is misspelled.
B.The RecordType parameter is incorrect.
C.Audit logging is not enabled for the user.
D.The Operations parameter is incorrect.
AnswerC

Audit logging must be enabled for the user to capture events.

Why this answer

Audit log search requires audit logging to be enabled and the user must be licensed. Option A is correct because if audit logging is not enabled for the user, no events are recorded. Option B is wrong because Operation is correct.

Option C is wrong because RecordType is correct. Option D is wrong because FileDownloaded is a valid operation.

79
MCQmedium

Your organization uses Microsoft Purview Records Management and has a file plan that categorizes records by department. You need to ensure that HR records are retained for seven years after employee termination, while finance records are retained for ten years after the end of the fiscal year. What is the most efficient way to implement this?

A.Create a single retention label with a trigger event and adjust the retention period using PowerShell.
B.Create two retention labels: one for HR with termination trigger and seven-year retention, and one for Finance with end-of-fiscal-year trigger and ten-year retention.
C.Define the retention settings in the file plan and apply them to both departments.
D.Create two retention policies, one for HR and one for Finance, each with the appropriate retention period.
AnswerB

Retention labels can have different trigger events and periods.

Why this answer

Option C is correct because you can create separate retention labels for each department with different trigger events and retention periods. Option A is incorrect because a single label cannot have multiple retention periods. Option B is incorrect because retention policies apply broadly and cannot easily distinguish between departments for different retention periods.

Option D is incorrect because file plan is used for managing labels, not for setting retention periods directly.

80
MCQeasy

Your organization needs to ensure that all emails containing credit card numbers are automatically encrypted before being sent to external recipients. Which Microsoft Purview solution should you configure?

A.Configure a DLP policy that uses the 'Encrypt email messages' action.
B.Create a sensitivity label that applies encryption and auto-labeling.
C.Set up a retention policy with encryption.
D.Implement a Communication Compliance policy.
AnswerA

This automatically encrypts emails matching sensitive info types.

Why this answer

The requirement is to automatically encrypt emails based on content (credit card numbers). Microsoft Purview Message Encryption can be triggered by a DLP policy that detects sensitive information types. Option B is incorrect because sensitivity labels are manually applied.

Option C is incorrect because Data Lifecycle Management handles retention and deletion. Option D is incorrect because Communication Compliance monitors for policy violations, not encryption.

81
MCQmedium

A company must ensure that all outgoing emails containing credit card numbers are blocked from being sent to external recipients. When a user attempts to send such an email, it should be blocked immediately, and the user should see a policy tip explaining the rule. Which Microsoft Purview solution should the administrator configure?

A.Data Loss Prevention (DLP) policy
B.Sensitivity labels
C.Retention labels
D.Communication compliance
AnswerA

DLP policies can block emails containing sensitive info and display policy tips to users.

Why this answer

A Data Loss Prevention (DLP) policy is the correct solution because it is specifically designed to detect sensitive information, such as credit card numbers, in transit (email) and enforce real-time actions like blocking the message and displaying a policy tip to the user. DLP policies in Microsoft Purview can be configured with conditions that match credit card number patterns using built-in sensitive info types, and the action 'Block messages' with a policy tip notification is available for Exchange Online mail flow. This ensures immediate blocking and user notification without requiring any manual labeling or classification.

Exam trap

The trap here is that candidates often confuse sensitivity labels with DLP because both involve 'protection,' but sensitivity labels require manual or automatic classification and do not perform real-time content inspection or blocking of outbound emails based on sensitive data patterns.

How to eliminate wrong answers

Option B is wrong because sensitivity labels are used to classify and protect data at rest (e.g., documents and emails) by applying encryption or visual markings, but they do not natively detect credit card numbers in real-time during email transmission or enforce blocking with policy tips. Option C is wrong because retention labels are designed to manage data lifecycle and retention policies (e.g., how long to keep or delete data), not to inspect email content for sensitive information or block outbound messages. Option D is wrong because communication compliance is focused on monitoring and reviewing internal and external communications for policy violations (e.g., harassment or insider trading), but it does not provide real-time blocking of emails based on sensitive data patterns or display policy tips to users.

82
MCQmedium

A compliance officer needs to prevent users from sharing confidential documents with external users outside the organization. The policy should block sharing via email attachments or sharing links from SharePoint Online. Which Microsoft Purview solution should be configured?

A.Sensitivity labels
B.Data Loss Prevention (DLP)
C.Retention policies
D.Information barriers
AnswerB

DLP policies can detect sensitive content and automatically block sharing via email or SharePoint links. They can also display policy tips to educate users.

Why this answer

Data Loss Prevention (DLP) in Microsoft Purview is designed to identify, monitor, and automatically protect sensitive information across Exchange Online, SharePoint Online, and OneDrive for Business. By creating a DLP policy with a rule that blocks sharing of confidential documents via email attachments or sharing links to external users, the compliance officer can enforce the required restriction. DLP policies can inspect content for sensitive data types (e.g., credit card numbers, custom confidential labels) and apply actions such as blocking the sharing action or sending a notification.

Exam trap

The trap here is that candidates often confuse sensitivity labels (which apply protection) with DLP policies (which enforce actions like blocking), leading them to choose Option A, but labels alone cannot block sharing; they require a DLP policy to enforce the block action.

How to eliminate wrong answers

Option A is wrong because sensitivity labels are used to classify and protect data by applying encryption, markings, or access restrictions, but they do not natively block sharing actions based on external user detection; DLP policies are required to enforce such blocking rules. Option C is wrong because retention policies are designed to preserve or delete content after a specified period, not to prevent real-time sharing of documents with external users. Option D is wrong because information barriers restrict communication and collaboration between specific internal groups or users (e.g., to avoid conflicts of interest), but they do not block sharing with external users outside the organization.

83
MCQeasy

Your organization needs to automatically detect and classify documents containing passport numbers in SharePoint Online. Which Microsoft Purview feature should you use?

A.eDiscovery (Premium).
B.Auto-labeling with sensitivity labels.
C.Data Lifecycle Management (DLM) policy.
D.Data Loss Prevention (DLP) policy.
AnswerB

Auto-labeling scans and classifies content automatically.

Why this answer

Auto-labeling in Microsoft Purview can automatically apply sensitivity labels to documents that contain sensitive information types like passport numbers. Option B is incorrect because DLP policies detect and protect but don't classify. Option C is incorrect because Data Lifecycle Management is for retention.

Option D is incorrect because eDiscovery is for search and export.

84
Multi-Selectmedium

A compliance officer needs to automatically apply a 'Highly Confidential' sensitivity label that encrypts documents in SharePoint Online when they contain credit card numbers. The labeling must happen automatically without user interaction. Which two Microsoft Purview components must be configured? (Select the option that correctly identifies both required components.)

Select 2 answers
A.Sensitivity label and auto-labeling policy
B.DLP policy and retention label
C.Sensitivity label and DLP policy
D.Auto-labeling policy and retention label
AnswersA, C

The sensitivity label defines encryption; the auto-labeling policy scans content and applies the label automatically.

Why this answer

To automatically apply a 'Highly Confidential' sensitivity label that encrypts documents in SharePoint Online when credit card numbers are detected, you must configure both a sensitivity label (which defines the encryption and protection settings) and an auto-labeling policy (which specifies the conditions, such as sensitive info types like credit card numbers, and triggers automatic labeling without user interaction). The auto-labeling policy applies the sensitivity label to documents that match the defined rules, enabling automated enforcement.

Exam trap

The trap here is that candidates often confuse DLP policies (which only detect and act on data in motion or at rest without applying labels) with auto-labeling policies, or they forget that a sensitivity label must be configured first to define the encryption, leading them to select option C incorrectly.

85
MCQhard

Your organization uses Microsoft Purview Compliance Manager. You need to assign a control to a specific user for implementation. What should you do?

A.Assign the user the Compliance Manager role.
B.Edit the control and assign a new owner.
C.Create a DLP policy to enforce the control.
D.Modify the assessment to include the user.
AnswerB

Controls have an owner field for assignment.

Why this answer

In Compliance Manager, controls can be assigned to users for implementation and testing. This is done by editing the control details and assigning an owner. Option A is incorrect because DLP policies are not used for assignment.

Option B is incorrect because assessments are for scoring, not assignment. Option C is incorrect because roles are not assigned to controls directly.

86
MCQmedium

An organization is involved in litigation and needs to search for all communications containing a specific keyword across Exchange Online, SharePoint Online, and OneDrive for Business. The results must be preserved as evidence without allowing deletion. Which Microsoft Purview solution should the compliance officer use?

A.Data Loss Prevention
B.eDiscovery (Premium)
C.Communication Compliance
D.Retention Labels
AnswerB

eDiscovery (Premium) enables search and legal hold across multiple Microsoft 365 workloads.

Why this answer

eDiscovery (Premium) is the correct solution because it provides end-to-end workflow for identifying, preserving, collecting, reviewing, and exporting content across Exchange Online, SharePoint Online, and OneDrive for Business. It supports legal hold to preserve data in-place, preventing deletion or alteration, and can search all communications for specific keywords using advanced query capabilities.

Exam trap

The trap here is that candidates often confuse eDiscovery (Premium) with Retention Labels or Communication Compliance because all three involve content management, but only eDiscovery (Premium) provides the legal hold and cross-workload search capabilities required for litigation evidence preservation.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) is designed to prevent accidental sharing of sensitive data through policies and alerts, not to search, preserve, or hold content for litigation. Option C is wrong because Communication Compliance focuses on monitoring and detecting policy violations (e.g., harassment, insider trading) in communications, not on preserving evidence or placing legal holds. Option D is wrong because Retention Labels are used to classify and apply retention or deletion rules to content, but they do not provide the search, hold, or export capabilities required for litigation discovery.

87
MCQmedium

Your organization uses Microsoft Purview Data Loss Prevention (DLP) policies to protect sensitive data. A user reports that they can still send credit card numbers via email despite the DLP policy being enabled. You verify that the policy is applied to the correct users and the rule includes the 'Credit Card Number' sensitive info type. What should you check next?

A.Check the priority of the DLP policy to ensure it is not overridden by a lower-priority policy that allows the action.
B.Disable and re-enable the DLP policy to refresh its rules.
C.Add the 'Credit Card Number' sensitive info type to the policy rule again.
D.Configure end-user notifications for the DLP policy.
AnswerA

Correct. Priority determines which policy is applied; if a lower-priority policy blocks the action, a higher-priority policy might allow it.

Why this answer

Option A is correct because DLP policies often fail due to incorrect priority order; the policy with the highest priority (lowest number) is applied first. Option B is wrong because the condition is already present. Option C is wrong because the policy is already enabled.

Option D is wrong because end-user notifications are for policy tips, not enforcement.

88
MCQhard

A compliance officer needs to automatically detect and apply a sensitivity label to documents in SharePoint Online that contain a custom sensitive information type (e.g., employee ID pattern). The label must be applied automatically, and users must be prompted to provide a justification when attempting to remove the label. Which combination of configurations should the officer implement?

A.Create a sensitivity label with an auto-labeling policy that uses a custom sensitive info type, and configure the label's protection settings to require user justification to remove the label.
B.Create a retention label and publish it to the site via auto-labeling policy.
C.Use a Data Loss Prevention (DLP) policy to apply the label and configure the policy to block removal.
D.Deploy the Azure Information Protection scanner to scan SharePoint Online documents.
AnswerA

This allows automatic detection and application of the label, and the justification requirement prevents easy removal.

Why this answer

Option A is correct because Microsoft Purview sensitivity labels support auto-labeling policies that can automatically apply a label based on custom sensitive information types (e.g., employee ID patterns). Additionally, the label's protection settings include an option to require user justification when removing the label, which meets the compliance officer's requirement for both automatic detection and removal justification.

Exam trap

The trap here is that candidates confuse retention labels (which handle lifecycle) with sensitivity labels (which handle classification and protection), or they mistakenly think DLP policies can enforce label removal justification, which is a sensitivity label property, not a DLP rule action.

How to eliminate wrong answers

Option B is wrong because retention labels are designed for data lifecycle management (retention and deletion), not for sensitivity classification or protection settings like requiring justification for removal. Option C is wrong because DLP policies can apply sensitivity labels via auto-labeling, but they cannot enforce a 'block removal' of a label; removal justification is a property of the sensitivity label itself, not a DLP action. Option D is wrong because the Azure Information Protection (AIP) scanner is used for on-premises file shares and on-premises SharePoint, not for SharePoint Online; SharePoint Online uses built-in auto-labeling policies in Purview.

89
Multi-Selecthard

A compliance officer needs to automatically apply a sensitivity label to all documents in SharePoint Online that contain a credit card number. The label must mark the document as 'Confidential' and encrypt it. Which two Microsoft Purview components must be configured to achieve automatic labeling based on sensitive content? (Choose two.)

Select 2 answers
A.Sensitivity label
B.Auto-labeling policy
C.Data Loss Prevention (DLP) policy
D.Retention label policy
AnswersA, B

The sensitivity label must be created with the desired protection settings (e.g., 'Confidential' and encryption).

Why this answer

Sensitivity labels define the classification and protection settings (e.g., 'Confidential' marking and encryption). Auto-labeling policies automatically apply those labels to documents containing sensitive information types, such as credit card numbers, without requiring user intervention. Together, they enable automatic labeling based on sensitive content in SharePoint Online.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling policies, but DLP policies only monitor and block data movement, while auto-labeling policies are the correct mechanism to automatically apply sensitivity labels based on content detection.

90
Multi-Selectmedium

Which TWO Microsoft Purview solutions can be used to detect and prevent the unauthorized sharing of sensitive information in Microsoft Teams messages?

Select 2 answers
A.Communication Compliance
B.eDiscovery (Premium)
C.Sensitivity labels
D.Information Barriers
E.Data Loss Prevention (DLP)
AnswersA, E

Communication Compliance monitors for policy violations.

Why this answer

DLP policies can scan Teams messages for sensitive content and block sharing. Communication Compliance can monitor messages for policy violations and take action. Sensitivity labels are for classification, not detection.

Information Barriers restrict communication between groups. eDiscovery is for investigation after the fact.

91
MCQeasy

A compliance officer needs to mark documents in a SharePoint Online library as regulatory records. These records must be immutable (cannot be modified or deleted) for 3 years. After 3 years, a disposition review must be initiated to decide if the records can be deleted. Which Microsoft Purview solution should the officer configure?

A.Retention label configured to mark items as records with a retention period of 3 years and disposition review
B.Data Lifecycle Management retention policy with disposition review
C.Sensitivity label with encryption
D.eDiscovery case with hold
AnswerA

Retention labels can classify items as records, making them immutable, and include a retention period with disposition review for deletion.

Why this answer

Option A is correct because a retention label configured to mark items as regulatory records enforces immutability (no modification or deletion) for the specified retention period of 3 years. After the retention period expires, the disposition review triggers a workflow where a reviewer must approve or reject deletion, meeting the compliance officer's requirement exactly.

Exam trap

The trap here is that candidates often confuse retention policies (which apply broadly to containers) with retention labels (which apply granularly to items and support regulatory records and disposition reviews), leading them to choose Option B incorrectly.

How to eliminate wrong answers

Option B is wrong because Data Lifecycle Management retention policies apply at the container level (site or library) and cannot mark individual items as regulatory records; they also do not support disposition review after the retention period. Option C is wrong because sensitivity labels with encryption protect content via access controls and encryption, but they do not enforce immutability or a retention period with disposition review. Option D is wrong because an eDiscovery case with hold preserves content for legal purposes but does not enforce a fixed retention period or trigger a disposition review; it is designed for litigation holds, not regulatory record management.

92
MCQmedium

A compliance administrator needs to automatically apply a retention label to all documents in a SharePoint Online site that contain Social Security numbers. The label should retain the documents for 5 years and then automatically delete them. Which feature should they configure?

A.Data Loss Prevention (DLP) policy
B.sensitivity label with auto-labeling
C.retention label with auto-labeling
D.An information barrier policy
AnswerC

Retention labels, when combined with auto-labeling policies, can automatically apply based on sensitive info types and enforce retention and deletion actions.

Why this answer

Option C is correct because retention labels with auto-labeling are designed to automatically apply retention settings based on sensitive information types, such as Social Security numbers, and can enforce a retention period (5 years) followed by automatic deletion. This feature is part of Microsoft Purview's records management and uses trainable classifiers or sensitive info types to trigger the label assignment on SharePoint Online documents.

Exam trap

The trap here is that candidates confuse DLP policies (which detect and protect) with retention labels (which manage lifecycle), leading them to choose Option A because both involve sensitive data detection, but only retention labels can enforce deletion after a set period.

How to eliminate wrong answers

Option A is wrong because a Data Loss Prevention (DLP) policy detects and protects sensitive data but does not apply retention labels or manage lifecycle actions like retention and deletion; DLP policies block or warn, not retain. Option B is wrong because sensitivity labels with auto-labeling focus on classification and protection (encryption, markings) rather than retention and deletion schedules; they do not enforce a 5-year retention followed by automatic deletion. Option D is wrong because an information barrier policy restricts communication and collaboration between groups, not document lifecycle management or retention labeling.

93
MCQmedium

Your organization has a Microsoft Purview auto-labeling policy that applies a 'Highly Confidential' label to emails containing 'Social Security Number'. The policy is configured to label emails when they are sent. However, some emails are still being sent without the label. What should you verify first?

A.That the auto-labeling policy is enabled.
B.That the auto-labeling policy is configured to apply the label at the time of sending.
C.That the 'Social Security Number' sensitive info type is correctly defined.
D.That the auto-labeling policy has the highest priority.
AnswerB

Auto-labeling for email can be configured to apply on send or on receipt; if it is set to apply on receipt, it won't label outgoing emails.

Why this answer

Option C is correct because auto-labeling for emails occurs at send time; if the policy is not set to apply at send, it won't label. Option A is wrong because the policy is enabled. Option B is wrong because the SSN type is likely correct.

Option D is wrong because priority affects which policy wins, but if the policy is not set to apply at send, it won't label regardless.

94
MCQhard

Your company uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data in Microsoft Teams. Users are sharing credit card numbers in Teams chat messages. You have a DLP policy that detects credit card numbers and blocks the message. However, users report that they can still send messages containing credit card numbers without any block. What is the most likely reason?

A.The DLP policy for Teams is only applied when external users are part of the chat.
B.The DLP policy does not apply to transient messages like chat.
C.The DLP policy is not configured to include the users' group.
D.The DLP policy only applies to channel messages, not private chats.
AnswerA

DLP for Teams chat only applies to chats with external participants.

Why this answer

Option A is correct because DLP for Teams chat messages only scans messages that include at least one user from outside the organization (external users). If both sender and recipient are internal, the policy does not apply. Option B is incorrect because DLP policies can be scoped to specific users.

Option C is incorrect because Teams DLP policies cover both chat and channel messages. Option D is incorrect because DLP policies apply to both persistent and transient messages.

95
MCQeasy

A compliance officer needs to identify documents in SharePoint Online that contain credit card numbers. The officer wants a solution that can automatically detect and mark these documents for further review without applying any protection actions. Which Microsoft Purview solution should the officer use?

A.Microsoft Purview Data Loss Prevention (DLP) policy
B.Microsoft Purview Information Protection sensitivity label auto-labeling
C.Microsoft Purview eDiscovery content search
D.Microsoft Purview Records Management retention label
AnswerA

DLP policies can detect sensitive info types in SharePoint and generate alerts or log events. By configuring the action to 'Audit only', the officer can identify content without applying protective actions.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies can be configured to detect sensitive information types, such as credit card numbers, in SharePoint Online documents. When a match is found, the policy can be set to send an alert or trigger a review action without automatically applying protection (e.g., blocking access or encrypting). This meets the compliance officer's requirement for automatic detection and marking for further review.

Exam trap

Microsoft often tests the distinction between detection-only actions (DLP with alert/review) and protection actions (block/encrypt), leading candidates to incorrectly choose auto-labeling or eDiscovery when the requirement is automatic detection without protection.

How to eliminate wrong answers

Option B is wrong because sensitivity label auto-labeling applies classification labels (e.g., 'Confidential') based on sensitive content, but it does not inherently provide a detection-only workflow for marking documents for review without applying protection actions. Option C is wrong because eDiscovery content search is a manual, query-based tool for finding content, not an automatic detection and marking solution. Option D is wrong because Records Management retention labels are designed for retention and deletion policies, not for detecting sensitive data like credit card numbers.

96
MCQhard

Your company uses Microsoft Purview Data Lifecycle Management. You have a policy that retains items for 3 years and then deletes them. A user places an eDiscovery hold on a folder that contains items subject to this policy. What happens to those items after 3 years?

A.They are retained for an additional 3 years.
B.They are deleted after 3 years.
C.They are preserved until the hold is removed.
D.They are moved to a separate location.
AnswerC

eDiscovery hold preserves items.

Why this answer

eDiscovery hold takes precedence over deletion. Items under hold are preserved indefinitely until the hold is released. Option A is incorrect because the hold overrides the policy.

Option C is incorrect because the hold preserves items. Option D is incorrect because items are not transferred.

97
MCQhard

Refer to the exhibit. You are reviewing a Microsoft Purview auto-labeling policy configuration. The SensitivityTypes GUID corresponds to a sensitive info type that detects credit card numbers. The LabelId is for a 'Confidential' label. Users report that documents containing credit card numbers are not being automatically labeled. What is the most likely reason?

A.The 'Confidential' label is not published to users.
B.The sensitive info type GUID is incorrect.
C.Users do not have the appropriate license for auto-labeling.
D.The auto-labeling policy is not scoped to the correct locations (e.g., SharePoint, Exchange).
AnswerD

The policy must specify locations; missing locations means no labeling occurs.

Why this answer

Option D is correct because the exhibit shows the condition is set to 'AllUsers', which means all users are targeted, but the label assignment method is 'Automatic' with a condition. However, the policy might not have been configured to apply to locations like SharePoint or Exchange. Option A is wrong because the sensitive info type is correct.

Option B is wrong because automatic labeling does not require a user license for the label. Option C is wrong because the label is published if it's in the policy.

98
MCQmedium

A user has a document in SharePoint Online that is subject to a retention policy with a retention period of 5 years. The user attempts to delete the document but receives an error. What is the most likely reason?

A.A DLP policy blocks deletion of the document.
B.The document has a sensitivity label that prohibits deletion.
C.The document is under an eDiscovery hold.
D.The document is under a retention policy that preserves it.
AnswerD

Retention policies prevent permanent deletion.

Why this answer

Retention policies prevent users from permanently deleting documents during the retention period. Users can delete, but the document is retained in a preservation hold library. Option A is incorrect because sensitivity labels don't prevent deletion.

Option B is incorrect because DLP policies block sharing, not deletion. Option C is incorrect because eDiscovery holds are legal holds, not retention policies.

99
MCQhard

A compliance officer needs to prevent external users from printing or copying content from documents stored in a SharePoint Online site. Which Microsoft Purview feature should be configured to enforce this restriction?

A.Sensitivity labels with encryption and usage rights
B.Data Loss Prevention (DLP) policy
C.Information Barriers
D.Microsoft Purview Information Protection without encryption
AnswerA

Sensitivity labels can include protection settings that restrict actions like print, copy, and edit using Azure Rights Management.

Why this answer

Sensitivity labels with encryption and usage rights allow administrators to apply Azure Rights Management (Azure RMS) protection to documents, which can restrict actions such as printing and copying. By configuring a sensitivity label with specific usage rights (e.g., 'View Only' or disabling 'Extract' and 'Print'), external users are prevented from printing or copying content even after the document is downloaded or accessed in SharePoint Online. This is the only Purview feature that directly enforces persistent content-level restrictions on external users.

Exam trap

The trap here is that candidates often confuse DLP policies with content protection, assuming DLP can restrict printing or copying after access, when in fact DLP only controls data in transit or at rest and does not enforce persistent usage rights on the document itself.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies detect and block sensitive information from being shared or exfiltrated, but they do not enforce persistent usage restrictions like preventing printing or copying after access is granted. Option C is wrong because Information Barriers are designed to prevent communication and collaboration between specific groups or users (e.g., to avoid conflicts of interest), not to control document-level actions like printing or copying. Option D is wrong because Microsoft Purview Information Protection without encryption applies labels for classification and auditing but does not enforce any technical restrictions on content usage; encryption is required to enforce usage rights.

100
Multi-Selectmedium

A compliance officer needs to automatically apply a retention label to documents in a SharePoint Online document library that contain the exact phrase 'Project Alpha'. The label must retain the documents for 5 years and then delete them. Which two Microsoft Purview components must be configured to achieve this? (Choose two.)

Select 2 answers
A.retention label configured with a retention action
B.An auto-apply retention label policy configured with a KQL query
C.sensitivity label configured with a retention marking
D.Data Loss Prevention (DLP) policy with a condition matching 'Project Alpha'
AnswersA, B

The retention label defines the retention period and action. It must be created first and then referenced in the auto-apply policy.

Why this answer

Option A is correct because a retention label configured with a retention action (retain for 5 years, then delete) defines the specific retention and disposition behavior required by the compliance officer. This label is the policy object that enforces the lifecycle rule on documents in SharePoint Online.

Exam trap

The trap here is that candidates confuse sensitivity labels (used for classification and protection) with retention labels (used for lifecycle management), or mistakenly think a DLP policy can apply retention actions when it only detects and blocks data sharing.

101
MCQeasy

A compliance officer needs to preserve all mailbox data for a user who is under a legal investigation. The data must be preserved indefinitely, and no deletion (by the user or system) should be possible. Which Microsoft Purview feature should the officer use?

A.Litigation Hold
B.Retention Policy
C.Data Loss Prevention (DLP)
D.Sensitivity labels
AnswerA

Litigation Hold preserves all mailbox content indefinitely and prevents purging by users or automatic processes.

Why this answer

Litigation Hold is the correct feature because it preserves all mailbox content indefinitely, preventing any deletion by the user or automated processes like the Managed Folder Assistant. It ensures that data is immutable for eDiscovery purposes, meeting the compliance officer's requirement for indefinite preservation under legal investigation.

Exam trap

The trap here is that candidates often confuse Retention Policies with Litigation Hold, thinking a retention policy can indefinitely preserve data, but retention policies have configurable expiration periods and can allow deletion, whereas Litigation Hold provides an immutable, indefinite hold specifically for legal scenarios.

How to eliminate wrong answers

Option B (Retention Policy) is wrong because retention policies can allow deletion after a specified period or apply actions like 'Delete' or 'Retain and Delete,' which does not guarantee indefinite preservation and can be overridden by user actions. Option C (Data Loss Prevention (DLP)) is wrong because DLP policies are designed to detect and prevent accidental sharing of sensitive data, not to preserve or hold mailbox data for legal purposes. Option D (Sensitivity labels) is wrong because sensitivity labels classify and protect data based on sensitivity (e.g., encryption or marking), but they do not prevent deletion or provide indefinite hold capabilities for mailbox items.

102
MCQmedium

Your company, Wingtip Toys, uses Microsoft Purview Audit (Standard) to track user activity. The compliance officer needs to investigate a potential data leak involving a user who may have accessed sensitive files in SharePoint Online. You need to search the audit log for file access events for that specific user over the past 30 days. The audit log contains millions of records. What is the most efficient way to retrieve the required audit records?

A.Use the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell with the -UserIds and -StartDate/-EndDate parameters.
B.Use the Microsoft Purview compliance portal audit log search page to filter by user and date range.
C.Export the entire audit log to a CSV file using the New-UnifiedAuditLog cmdlet, then filter in Excel.
D.Use the Security & Compliance Center PowerShell module with the Search-MailboxAuditLog cmdlet.
AnswerA

This cmdlet allows targeted filtering and is efficient for large audit logs.

Why this answer

Option A is correct because using Search-UnifiedAuditLog with the UserIds and StartDate/EndDate parameters efficiently filters for the specific user and time range. Option B is wrong because exporting all records is inefficient. Option C is wrong because the Purview compliance portal's audit log search allows filtering but is less efficient than PowerShell for large volumes.

Option D is wrong because Security & Compliance Center PowerShell is deprecated in favor of Exchange Online PowerShell.

103
MCQhard

Your organization uses Microsoft Purview Data Lifecycle Management. You need to ensure that after an employee leaves, their OneDrive content is retained for 7 years and then automatically deleted. The retention label must be applied automatically when the employee is marked as inactive in Microsoft Entra ID. What should you configure?

A.Instruct users to manually apply a retention label to their OneDrive.
B.Create an auto-apply retention label with adaptive scope for inactive users.
C.Configure a default retention label on the OneDrive library.
D.Create a retention policy for OneDrive with a 7-year retention period.
AnswerB

Auto-apply with adaptive scope can target inactive users based on accountEnabled attribute.

Why this answer

A retention label auto-applied based on a Microsoft Entra ID attribute can target inactive users. Option D is correct because you can create an adaptive scope for inactive users and apply a retention label. Option A is wrong because retention policies apply to all content, not selectively.

Option B is wrong because default labels apply to new content, not existing. Option C is wrong because manual labels require user action.

104
MCQhard

Your organization uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive email. You have a DLP policy that blocks emails containing credit card numbers. However, users report that some legitimate emails with credit card numbers are being blocked, while others with similar content are allowed. You need to investigate the discrepancy and ensure consistent enforcement. What should you do first?

A.Use the Exchange admin center message trace to see if the emails were blocked by DLP.
B.Check the audit log for DLP rule matches to identify the specific emails blocked.
C.Review the DLP reports in the Microsoft Purview compliance portal to analyze the blocked emails.
D.Enable policy tips in test mode for the DLP policy and instruct users to report false positives.
AnswerD

This allows you to identify false positives without blocking, then refine the policy.

Why this answer

Option A is correct because DLP policy tips in test mode allow you to see what would be blocked without actually blocking, helping identify false positives. Option B (DLP reports in Purview compliance portal) shows aggregate data but not per-user false positives. Option C (Message trace) does not show DLP policy matches.

Option D (Audit log) records DLP actions but is not the most efficient first step for troubleshooting false positives.

105
MCQhard

A company uses Microsoft Purview Data Lifecycle Management. They have a retention policy that retains all documents in a specific SharePoint Online site for 5 years and then automatically deletes them. Some documents in that site have a retention label that retains them for 7 years and then deletes them. What is the effective retention period for those labeled documents?

A.5 years
B.7 years
C.The documents are retained indefinitely due to conflict
D.The documents are retained for 5 years and then archived
AnswerB

The longer retention period (7 years) applies because both policy and label are in effect.

Why this answer

When a retention label is applied to a document, it takes precedence over a retention policy at the item level. The label's retention setting (7 years) overrides the site-level policy (5 years), so the effective retention period for the labeled documents is 7 years, after which they are automatically deleted.

Exam trap

The trap here is that candidates often assume the longest retention period wins or that a conflict causes indefinite retention, but Microsoft Purview's rule is that item-level labels override container-level policies, regardless of which period is longer.

How to eliminate wrong answers

Option A is wrong because it assumes the shorter retention policy overrides the label, but in Microsoft Purview, item-level retention labels always take precedence over broader policies. Option C is wrong because there is no conflict that causes indefinite retention; the label's explicit retention period is applied. Option D is wrong because the label specifies deletion, not archiving, and the retention period is 7 years, not 5.

106
Drag & Dropmedium

Drag and drop the steps to configure Microsoft 365 audit log search in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Audit log search is performed in Defender with date range, activities, and optional filters, then results can be exported.

107
MCQhard

Your organization uses Microsoft 365 E5 licenses. You need to configure retention labels to automatically retain emails related to ongoing litigation for 5 years and then delete them. The labels must be applied based on specific keywords in the email subject. What should you use?

A.Configure a default retention label on the mailbox.
B.Deploy a sensitivity label with auto-labeling for Exchange.
C.Create a retention policy applied to Exchange email.
D.Use an auto-apply retention label with a trainable classifier.
AnswerD

Auto-apply labels can use trainable classifiers to match keywords.

Why this answer

Auto-apply retention labels with a trainable classifier can apply labels based on keywords. Option C is correct because trainable classifiers can be configured to match subject keywords. Option A is wrong because retention policies apply to all content in a location, not based on keywords.

Option B is wrong because default labels apply to all items in a library or folder. Option D is wrong because sensitivity labels focus on protection, not retention.

108
MCQeasy

A compliance officer needs to automatically apply a retention label to all documents in a SharePoint Online site that have not been modified for more than 3 years. The label should retain the documents for an additional 5 years, then trigger a disposition review. Which action should the officer configure in the auto-apply retention label policy?

A.Configure a condition that detects 'Last Modified Date' is older than 3 years
B.Configure a condition that detects 'Created Date' is older than 3 years
C.Select the retention label and manually publish to the site, then use a Power Automate flow to apply the label
D.Create a data lifecycle management policy using a query for documents created before a certain date
AnswerA

Correct. The auto-apply rule can use the 'Last Modified Date' property to identify documents not modified in 3 years.

Why this answer

Option A is correct because the auto-apply retention label policy in Microsoft Purview can use a KQL-based condition to detect documents where the 'Last Modified Date' is older than 3 years. This triggers the label to retain the documents for 5 additional years and then initiate a disposition review, meeting the compliance officer's requirement exactly.

Exam trap

The trap here is that candidates confuse 'Created Date' with 'Last Modified Date' or think a manual publishing approach (Option C) is equivalent to an auto-apply policy, but the exam tests the precise condition needed for inactivity-based labeling.

How to eliminate wrong answers

Option B is wrong because using 'Created Date' would apply the label to documents that were created more than 3 years ago, even if they were recently modified, which does not match the requirement to target documents not modified for over 3 years. Option C is wrong because manually publishing a label and using Power Automate is not an auto-apply policy; it requires manual or flow-based application, which is not automatic and does not use the built-in auto-labeling engine. Option D is wrong because a data lifecycle management policy (e.g., Microsoft 365 retention policy) applies retention at the container level (site or library) and cannot apply a specific retention label with a disposition review trigger; it also uses a query for created date, not last modified date.

109
MCQmedium

Your organization uses Microsoft Purview Records Management. You need to ensure that when a document is declared a record, it cannot be edited or deleted by users. Which type of record should you use?

A.Regular record
B.Standard record
C.Retention label with record setting
D.Regulatory record
AnswerD

Regulatory records are immutable.

Why this answer

Regulatory records are locked and cannot be edited or deleted, even by admins. Standard records can be edited by admins or users with certain permissions. Option A is incorrect because standard records can be edited.

Option C is incorrect because retention labels don't make records. Option D is incorrect because there is no distinction between regular and regulatory in that way.

110
MCQmedium

A compliance officer needs to retain all documents in a SharePoint Online site for 7 years and then automatically delete them. During the retention period, users must be able to edit the documents but not delete them. Which Microsoft Purview solution should the officer configure?

A.retention policy configured with a retention period of 7 years and an action to delete items automatically
B.retention label configured with a retention period and an action to delete after 7 years
C.data lifecycle management policy
D.An eDiscovery hold
AnswerA

Retention policies apply to entire sites or mailboxes, retain content for the specified period, prevent deletion during retention, and can automatically delete after the period.

Why this answer

A retention policy in Microsoft Purview can be applied at the site level to enforce a 7-year retention period with automatic deletion, while allowing users to edit documents during that time. The policy prevents deletion by users because the retention lock overrides user permissions, ensuring compliance with the requirement to block deletion but permit edits.

Exam trap

The trap here is that candidates confuse retention labels with retention policies, assuming labels can enforce site-wide deletion and edit permissions, but labels are item-level and require manual application or auto-labeling, whereas policies apply broadly and include the necessary deletion prevention.

How to eliminate wrong answers

Option B is wrong because a retention label requires manual or auto-classification and is typically applied to individual items, not an entire site, and it does not inherently prevent user deletion during the retention period unless combined with a retention policy. Option C is wrong because a data lifecycle management policy focuses on managing data across its lifecycle (e.g., archiving or moving to cold storage) but does not enforce a retention period with deletion prevention and automatic deletion in the same way as a retention policy. Option D is wrong because an eDiscovery hold preserves content for legal or investigative purposes but does not automatically delete items after a set period; it is designed for indefinite holds until released, not scheduled deletion.

111
MCQmedium

Your organization uses Microsoft Purview Communication Compliance to detect inappropriate messages in Microsoft Teams. You need to define policies that automatically detect and review messages containing profanity or harassment. Which built-in classifier should you use?

A.Harassment classifier
B.Sensitive info types classifier
C.Profanity classifier
D.Threat classifier
AnswerA

Harassment classifier detects threatening or abusive language.

Why this answer

Option B is correct because the 'Harassment' classifier is specifically designed to detect harassing or threatening language. Option A is incorrect because the 'Profanity' classifier only detects swear words, not harassment. Option C is incorrect because the 'Sensitive info types' classifier detects sensitive data like credit cards, not harassment.

Option D is incorrect because the 'Threat' classifier detects threats, which is narrower than harassment.

112
MCQmedium

A compliance officer needs to prevent users from copying sensitive data (e.g., credit card numbers) from a finance application into personal email or documents. The solution must inspect the content in real-time and block the action if sensitive data is detected. Which Microsoft Purview feature should the officer configure?

A.Data Loss Prevention (DLP) policies
B.Sensitivity labels
C.Retention labels
D.eDiscovery
AnswerA

DLP policies are designed to detect sensitive information and can block actions like copying to unauthorized locations.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies are designed to inspect content in real-time as users attempt to copy, paste, or share sensitive data (e.g., credit card numbers) from applications like finance apps into personal email or documents. DLP uses deep content analysis via sensitive information types and policy tips to block the action before the data leaves the controlled environment, meeting the compliance officer's requirement for real-time blocking.

Exam trap

The trap here is that candidates often confuse sensitivity labels (which protect data at rest) with DLP policies (which enforce real-time action blocking), leading them to select sensitivity labels because they think labeling alone prevents copying, but labels do not block user actions in real-time.

How to eliminate wrong answers

Option B is wrong because sensitivity labels classify and protect data at rest (e.g., encryption or visual markings) but do not perform real-time content inspection or block copy/paste actions; they require user or automated labeling after data is created. Option C is wrong because retention labels manage data lifecycle (retention and deletion) based on policies, not real-time content inspection or blocking of data exfiltration. Option D is wrong because eDiscovery is used for searching, preserving, and exporting data for legal or investigative purposes, not for preventing data loss in real-time.

113
MCQeasy

A compliance officer needs to automatically apply a retention label to all documents in SharePoint Online that contain the exact phrase 'Contract'. The label must retain the documents for 10 years. Which Microsoft Purview feature should the officer configure?

A.retention policy applied to the entire site
B.Data Loss Prevention (DLP) policy
C.An auto-apply retention label using a trainable classifier
D.An auto-apply retention label using a content query (KQL)
AnswerD

Auto-apply retention labels can be configured with a Keyword Query Language (KQL) condition to match documents containing the exact phrase 'Contract'. This meets the requirement precisely and automatically applies the retention label.

Why this answer

Option D is correct because an auto-apply retention label using a content query (KQL) allows you to define a specific keyword or phrase (e.g., 'Contract') to automatically label documents in SharePoint Online that contain that exact text. This meets the requirement to retain documents for 10 years by applying the label based on content matching, without needing a pre-trained classifier.

Exam trap

The trap here is that candidates often confuse auto-apply labels with trainable classifiers, thinking a machine learning model is needed for any content-based labeling, when in fact a simple KQL query is sufficient for exact phrase matching.

How to eliminate wrong answers

Option A is wrong because a retention policy applied to the entire site retains all content in the site, not just documents containing the exact phrase 'Contract', and it does not use a label—it applies retention settings directly without the granularity of label-based auto-application. Option B is wrong because a Data Loss Prevention (DLP) policy is designed to prevent data exfiltration or leakage by blocking or alerting on sensitive content, not to automatically apply retention labels for compliance purposes. Option C is wrong because a trainable classifier uses machine learning to identify patterns or categories (e.g., contracts in general), not an exact phrase match, and requires training and tuning, making it unsuitable for a simple keyword-based requirement.

114
Multi-Selectmedium

Your organization is deploying Microsoft Purview Data Lifecycle Management to manage data retention and deletion. You need to design a retention policy for SharePoint Online sites that automatically deletes documents after 7 years, but allows users to manually delete documents earlier if needed. Which THREE actions should you take? (Select THREE.)

Select 3 answers
A.Create a retention policy with a retention rule that retains content for 7 years and then deletes it.
B.Set a default retention label for the SharePoint document library.
C.Use preservation lock to prevent users from modifying the retention policy.
D.Create a file plan in Microsoft Purview Records Management for the documents.
E.Configure a retention label that allows manual deletion and publish it to SharePoint.
AnswersA, C, E

This policy meets the 7-year requirement.

Why this answer

Option A is correct because a retention policy with a retention rule set to 7 years and then delete meets the requirement. Option C is correct because using preservation lock prevents changes to the policy. Option D is correct because enabling a retention label for manual application allows users to override the policy by applying a label that allows deletion.

Option B is wrong because a file plan is used for records management, not for this scenario. Option E is wrong because a default label would apply automatically, conflicting with the manual override requirement.

115
MCQhard

Your organization is implementing Microsoft Purview Communication Compliance to detect potential insider trading. You need to scan internal emails for specific patterns and assign reviewers from the legal team. What is the minimum number of policies required?

A.One policy with multiple conditions.
B.Three policies: one for patterns, one for reviewers, and one for storage.
C.Zero, as Communication Compliance does not support custom policies.
D.Two policies: one for each pattern.
AnswerA

A single policy can include multiple patterns and reviewers.

Why this answer

Option B is correct because a single Communication Compliance policy can contain multiple conditions (e.g., multiple keywords) and assign reviewers. Option A is wrong because one policy can handle multiple patterns. Option C is wrong because multiple policies are not needed.

Option D is wrong because one policy is sufficient.

116
MCQmedium

Your company has a Microsoft 365 E5 subscription. You need to prevent users from sharing files containing credit card numbers with external users. What should you configure?

A.A retention policy for SharePoint sites.
B.An information barrier policy.
C.A sensitivity label with encryption.
D.A DLP policy that blocks sharing of content with sensitive info type.
AnswerD

DLP policies can block sharing based on sensitive info types.

Why this answer

Data Loss Prevention (DLP) policies can detect sensitive information like credit card numbers and block sharing. Option B is correct. Option A is wrong because retention policies manage lifecycle, not prevent sharing.

Option C is wrong because sensitivity labels require manual or automatic classification but do not block sharing directly. Option D is wrong because information barriers restrict communication between groups, not data sharing.

117
Multi-Selectmedium

A compliance officer needs to automatically detect and apply a sensitivity label to documents in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. The label should be applied automatically, and users must be able to override the label with a justification. Which two Microsoft Purview components must be configured to achieve this?

Select 2 answers
A.sensitive info type (SIT) and an auto-labeling policy
B.sensitivity label with auto-labeling for SharePoint and a policy tip
C.data loss prevention (DLP) policy and a retention label
D.default sensitivity label and a compliance tag
AnswersA, B

SIT detects the PII pattern; auto-labeling policy applies the sensitivity label automatically without user intervention.

Why this answer

Option A is correct because auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels to documents in SharePoint Online based on sensitive info types (SITs), such as social security numbers. The auto-labeling policy supports user override with justification when configured with the 'Mandatory labeling with justification' setting, meeting the compliance officer's requirements.

Exam trap

The trap here is that candidates confuse the label's auto-labeling configuration (which only applies to Office apps) with the auto-labeling policy (which scans SharePoint and OneDrive), and they overlook that policy tips are a DLP feature, not a sensitivity label override mechanism.

118
Multi-Selecthard

Which THREE components are required to implement auto-labeling for sensitivity labels in Microsoft 365?

Select 3 answers
A.A sensitivity label configured for auto-labeling.
B.A DLP policy for the same sensitive info type.
C.A sensitive info type or trainable classifier.
D.An auto-labeling policy that specifies the label and locations.
E.An information barrier policy.
AnswersA, C, D

The label must exist and be enabled for auto-labeling.

Why this answer

Auto-labeling requires a sensitivity label configured for auto-labeling, a policy that specifies the label and locations, and a sensitive info type or trainable classifier to trigger labeling. Option A is correct because the label must be created first. Option C is correct because the auto-labeling policy defines when and where to apply.

Option E is correct because the policy uses sensitive info types or trainable classifiers to detect content. Option B is wrong because DLP policies are separate. Option D is wrong because information barriers are not required.

119
MCQmedium

Your organization uses Microsoft Purview Data Lifecycle Management. You need to review the disposition of content that has reached the end of its retention period. What should you configure?

A.Create a DLP policy to notify administrators.
B.Place the content on an eDiscovery hold.
C.Enable disposition review in the retention policy or label.
D.Create a retention label with a retention period.
AnswerC

Disposition review provides a review workflow.

Why this answer

Option C is correct because a disposition review allows managers to review content before permanent deletion. Option A is wrong because retention labels do not require a review unless disposition review is configured. Option B is wrong because eDiscovery holds preserve content.

Option D is wrong because DLP policies do not manage disposition.

120
MCQhard

You are the compliance administrator for Contoso Ltd., a multinational corporation with 10,000 users. The company uses Microsoft 365 E5 licenses and has deployed Microsoft Purview. The legal department requires that all email communications related to ongoing litigation be preserved for the duration of the case. You have identified the custodians and relevant keywords. You need to ensure that all relevant emails are preserved, regardless of whether users delete them. Additionally, you need to allow authorized reviewers to search and export the preserved emails without affecting the original data. Finally, you must ensure that the preservation is lifted automatically when the case is closed. What should you do?

A.Create an eDiscovery (Premium) case, add custodians, place them on hold, and use the case to search and export. Close the case to release the hold.
B.Configure a DLP policy to protect sensitive data and preserve the emails.
C.Create a retention label with a preservation action and publish it to the entire organization.
D.Place an in-place hold on all mailboxes using the Exchange admin center.
AnswerA

eDiscovery (Premium) supports case-based holds and exports.

Why this answer

Option A is correct because eDiscovery (Premium) provides case-based preservation (legal hold) that can be lifted when the case is closed. Option B is incorrect because retention labels require manual application or auto-labeling, which may not capture all relevant emails. Option C is incorrect because DLP does not preserve data.

Option D is incorrect because litigation hold in Exchange is per-mailbox and not case-based.

121
MCQeasy

Refer to the exhibit. You search the unified audit log and find an entry where the SecureScore changed from 75 to 80. Which Microsoft Purview feature is most likely responsible for this change?

A.A sensitivity label was applied to a document.
B.A retention policy was modified.
C.A DLP policy was created.
D.An improvement action was implemented in Compliance Manager.
AnswerD

Compliance Manager actions update the secure score.

Why this answer

Option B is correct because Compliance Manager calculates and updates the secure score based on improvement actions. Option A is wrong because the secure score is not directly updated by applying sensitivity labels. Option C is wrong because DLP policies do not directly change the secure score.

Option D is wrong because retention policies affect compliance but not the secure score directly.

122
MCQhard

Refer to the exhibit. You are a compliance administrator. You need to ensure that documents in the Project X site are retained for 365 days after the last modification and then deleted. The current configuration is shown. What is the outcome?

A.The label is applied only to new items, not existing.
B.The label is not applied automatically; users must apply it manually.
C.The label is applied automatically to all items in the site, retaining them for 365 days from last modification.
D.The label is applied, but the retention period starts from the creation date.
AnswerC

The policy auto-applies the label.

Why this answer

The retention label is configured with RetentionType set to 'ModificationAgeInDays', which means the retention period starts from the item's last modification date. However, the policy applies the label to the site via an adaptive scope. The label will automatically apply to all items in the site and retain them for 365 days from the last modification, then delete.

Option B is correct because the label applies automatically via the policy. Option A is wrong because the policy applies the label. Option C is wrong because the retention is based on modification age, not creation.

Option D is wrong because the label is applied automatically.

123
Multi-Selecthard

Your organization uses Microsoft Purview Data Lifecycle Management to manage data retention. You need to retain all documents in a SharePoint site for 5 years and then allow users to delete them manually. Which THREE settings must be configured?

Select 3 answers
A.Specify the SharePoint site as the location.
B.Set the retention period to 5 years and then start a retention period (no action).
C.Apply a default retention label to the document library.
D.Enable the option 'If you want to allow users to delete content within the retention period, select No for the item'.
E.Set the retention period to 5 years and then delete automatically.
AnswersA, B, D

Location is required to target the policy.

Why this answer

Options A, C, and D are correct because the policy must cover the site, retain for 5 years, and then allow manual deletion. Option B is wrong because auto-delete would delete automatically, not allow manual deletion. Option E is wrong because a label is not required for a site-level policy.

124
MCQmedium

A compliance officer needs to ensure that all documents in a SharePoint Online site library are declared as permanent records, preventing any edits or deletions. Which Microsoft Purview solution should be used?

A.Retention label with 'Regulatory record'
B.Retention policy
C.Sensitivity label
D.eDiscovery hold
AnswerA

A retention label with 'Regulatory record' option permanently marks content as a record, blocking changes and deletion.

Why this answer

A retention label with the 'Regulatory record' option is the correct solution because it locks the record as a permanent record, preventing any edits or deletions by any user, including administrators. This is the only Purview feature that enforces immutable, unmodifiable records in SharePoint Online, meeting the compliance officer's requirement for permanent records.

Exam trap

The trap here is that candidates often confuse retention policies (which only control deletion) with retention labels that have the 'Regulatory record' option, mistakenly thinking a simple retention policy can prevent edits, but only the regulatory record label enforces full immutability.

How to eliminate wrong answers

Option B is wrong because a retention policy can prevent deletion but does not prevent edits to documents; it only enforces retention and deletion rules, not immutability. Option C is wrong because sensitivity labels control access and encryption (e.g., classification and protection), not the ability to edit or delete documents as permanent records. Option D is wrong because an eDiscovery hold preserves content for legal purposes but does not prevent edits; it only prevents deletion and allows modifications, which does not satisfy the requirement for permanent records.

125
Multi-Selectmedium

Which TWO actions can you perform using Microsoft Purview Data Loss Prevention (DLP) policies?

Select 2 answers
A.Set retention periods for documents containing credit card numbers.
B.Show a policy tip to users when they attempt to share sensitive data.
C.Block users from sharing sensitive information via email.
D.Add a watermark to sensitive documents.
E.Automatically encrypt sensitive files when shared.
AnswersB, C

Policy tips are a DLP feature.

Why this answer

DLP policies can block sharing of sensitive information and notify users with policy tips. Option B is correct because DLP can block sharing. Option D is correct because policy tips can educate users.

Option A is wrong because DLP does not apply encryption. Option C is wrong because DLP does not manage retention. Option E is wrong because DLP does not add watermarks.

126
Matchingmedium

Match each Microsoft 365 role to its administrative scope.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Full access to all admin features

Resets passwords for non-admins

Manages Exchange Online

Manages users and groups

Manages security policies

Why these pairings

These roles are part of Azure AD role-based access control.

127
Multi-Selectmedium

Which TWO actions can you perform using Microsoft Purview eDiscovery (Premium)? (Choose two.)

Select 2 answers
A.Place a legal hold on custodians' mailboxes and sites.
B.Export search results to a local computer for review.
C.Create and apply retention labels to documents.
D.Automatically delete emails older than a specified date.
E.Configure sensitivity labels to encrypt documents.
AnswersA, B

eDiscovery (Premium) supports legal hold.

Why this answer

Options A and D are correct because eDiscovery (Premium) allows you to hold content in place (legal hold) and export search results for review. Option B is incorrect because eDiscovery does not automatically delete content; that is retention. Option C is incorrect because eDiscovery does not create retention labels.

Option E is incorrect because eDiscovery does not manage sensitivity labels.

128
MCQeasy

Your organization uses Microsoft Purview Communication Compliance to detect inappropriate messages in Microsoft Teams. You need to configure a policy that monitors for potential harassment based on a built-in classifier. The policy should alert designated reviewers when a match is found. What is the minimum configuration required?

A.Create a communication compliance policy, select the built-in harassment classifier, specify the users to monitor, and assign reviewers.
B.Create a retention policy for Teams messages, then create a communication compliance policy with the harassment classifier.
C.Create a DLP policy that blocks harassment, then configure communication compliance to review DLP alerts.
D.Apply a sensitivity label to all Teams messages, then create a communication compliance policy that scans for the label.
AnswerA

This is the minimum configuration needed.

Why this answer

Option B is correct because a communication compliance policy requires selecting a classifier (e.g., built-in harassment classifier), choosing the scanning direction (inbound/outbound/internal), and selecting users to monitor and reviewers. Option A is wrong because a retention policy is not required; communication compliance works independently. Option C is wrong because a sensitivity label is not required for monitoring.

Option D is wrong because a DLP policy is separate.

129
MCQmedium

Your organization uses Microsoft Purview eDiscovery (Premium) for a legal investigation. You need to collect data from Microsoft Teams chat messages and channel conversations. The case manager wants to search for specific keywords and exclude irrelevant content. What should you do?

A.Use Content Search (Standard) with keyword queries.
B.Create a DLP policy to capture matching content.
C.Use Communication Compliance to review messages.
D.Create a collection in eDiscovery (Premium) with a KQL query to search Teams data.
AnswerD

eDiscovery Premium supports Teams data and advanced queries.

Why this answer

Option A is correct because eDiscovery (Premium) allows searching Teams chats and channels with keyword queries and conditions. Option B is wrong because DLP is for preventing data loss, not discovery. Option C is wrong because Content Search (Standard) is less powerful and may not support advanced filtering.

Option D is wrong because Communication Compliance is for monitoring, not discovery.

130
MCQmedium

An organization is involved in a legal case and needs to preserve all emails in a user's mailbox, including future emails, without deleting or modifying them. The user must continue to work normally. Which Microsoft Purview feature should be applied to the user's mailbox?

A.Litigation Hold
B.Retention policy
C.Sensitivity label
D.Data Loss Prevention (DLP)
AnswerA

Correct. Litigation Hold preserves all mailbox content for legal purposes without interrupting user productivity.

Why this answer

Litigation Hold (option A) is the correct feature because it preserves all mailbox content, including future emails, in its original state without allowing deletion or modification by users or automated processes. Unlike a retention policy, Litigation Hold places the entire mailbox on indefinite hold, ensuring that any item changed or deleted by the user is retained in the Recoverable Items folder, while the user continues to work normally. This meets the legal preservation requirement without disrupting daily operations.

Exam trap

Microsoft often tests the distinction between Litigation Hold and Retention Policy, where candidates mistakenly choose Retention Policy because they think it 'retains' data, but they miss that Retention Policy can delete data after a period, whereas Litigation Hold preserves everything indefinitely without deletion.

How to eliminate wrong answers

Option B (Retention policy) is wrong because retention policies are designed to manage data lifecycle by deleting or retaining items based on age or rules, not to preserve all content indefinitely for legal hold; they can delete items after a specified period, which violates the preservation requirement. Option C (Sensitivity label) is wrong because sensitivity labels classify and protect data based on sensitivity (e.g., encryption or marking), but they do not prevent deletion or modification of emails, nor do they preserve mailbox content for legal purposes. Option D (Data Loss Prevention (DLP)) is wrong because DLP policies detect and prevent accidental sharing of sensitive information (e.g., credit card numbers) but do not impose holds or preserve mailbox items; they focus on data exfiltration prevention, not legal preservation.

131
Multi-Selecthard

Which THREE actions can be taken by a Microsoft Purview Data Loss Prevention (DLP) policy in Exchange Online?

Select 3 answers
A.Block the email from being sent
B.Allow the sender to override the block
C.Block all emails from the sender
D.Notify the sender with a policy tip
E.Encrypt the email message
AnswersA, D, E

DLP can block the email.

Why this answer

DLP policies in Exchange Online can block sending, encrypt the message, and notify the sender with a policy tip. Justifying override is not an action; it's a user response. Blocking all emails is not granular; DLP actions are rule-based.

132
MCQmedium

A compliance officer needs to prevent users from accidentally sharing documents containing credit card numbers with external users via email. The block should occur at the time the user attempts to send the email. Which Microsoft Purview feature should be configured?

A.Communication compliance
B.Data Loss Prevention (DLP)
C.Records management
D.Insider risk management
AnswerB

DLP policies can be configured to detect sensitive info types in email and block the message from being sent, with options to allow override.

Why this answer

Data Loss Prevention (DLP) is the correct feature because it is specifically designed to inspect email content in transit for sensitive data patterns, such as credit card numbers, and enforce policy actions like blocking the message at the transport layer. In Microsoft Purview, DLP policies can be configured to scan Exchange Online messages in real time using sensitive information types (e.g., Credit Card Number) and apply a block action with an optional policy tip to the user before the email leaves the outbound queue.

Exam trap

The trap here is that candidates often confuse Communication compliance (which also monitors email) with DLP, but Communication compliance is a reactive auditing tool for policy violations, not a proactive, inline blocking mechanism for sensitive data.

How to eliminate wrong answers

Option A is wrong because Communication compliance is designed to detect and remediate inappropriate or policy-violating communications (e.g., harassment, insider trading) after they are sent, not to block outbound emails containing sensitive data in real time. Option C is wrong because Records management focuses on classifying, retaining, and disposing of records based on regulatory requirements, not on inspecting or blocking email content during transmission. Option D is wrong because Insider risk management uses analytics to identify risky user activities (e.g., data exfiltration patterns) over time, but it does not provide inline blocking of email messages at the moment of sending.

133
MCQmedium

A compliance officer needs to prevent users from sharing documents labeled 'Confidential' via email with external recipients. If a user attempts to send such an email, the action should be blocked and a policy tip displayed. Which Microsoft Purview feature should be configured?

A.Retention labels
B.Data Loss Prevention (DLP) policy
C.Sensitivity labels
D.Information barriers
AnswerB

DLP policies can include rules to detect sensitivity labels and block or warn on email sharing with external users.

Why this answer

A Data Loss Prevention (DLP) policy is the correct Microsoft Purview feature because it is specifically designed to inspect email content and attachments for sensitive information, such as documents labeled 'Confidential', and enforce actions like blocking the email and displaying a policy tip to the user. DLP policies can be configured with conditions that detect sensitivity labels and apply protective actions, including blocking external sharing and notifying users via policy tips.

Exam trap

Microsoft often tests the misconception that sensitivity labels alone can enforce blocking actions, but in reality, sensitivity labels only apply classification and protection (e.g., encryption) and must be combined with a DLP policy to inspect and block outbound email based on those labels.

How to eliminate wrong answers

Option A is wrong because retention labels are used to manage data lifecycle (retain or delete content) and do not have the capability to block email transmission or display policy tips. Option C is wrong because sensitivity labels classify and protect data (e.g., encryption, marking) but do not directly enforce real-time blocking of email sharing with external recipients; DLP policies are required to inspect and block outbound email based on those labels. Option D is wrong because information barriers restrict communication and collaboration between specific groups of users within an organization, not between internal and external recipients, and cannot block email based on document labels or display policy tips.

134
Multi-Selectmedium

A compliance officer needs to ensure that all documents uploaded to SharePoint Online that contain passport numbers are automatically labeled with a 'Highly Confidential' sensitivity label. Which two Microsoft Purview features must be configured together to achieve this? (Choose two.)

Select 2 answers
A.Auto-labeling policy for SharePoint Online
B.Data Loss Prevention (DLP) policy
C.Retention label policy
D.Sensitive info type (passport number)
AnswersA, D

Auto-labeling policies automatically apply sensitivity labels to content matching conditions like sensitive info types.

Why this answer

Option A is correct because an auto-labeling policy in Microsoft Purview can automatically apply a sensitivity label to documents containing sensitive information, such as passport numbers, when they are uploaded to SharePoint Online. This policy uses conditions based on sensitive info types to trigger the labeling action without user intervention.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling policies, but DLP does not apply sensitivity labels—it only monitors and blocks data sharing, while auto-labeling is the correct feature for automatic label assignment.

135
MCQhard

Your organization uses Microsoft Purview Information Protection with sensitivity labels. Users complain that when they apply the 'Confidential' label to a document, the footer and header are not applied automatically. The label is configured to have a footer reading 'Confidential' and a header reading 'Sensitive'. What is the most likely cause?

A.The label is configured with encryption, which prevents markings.
B.The label is not published to the users.
C.The sensitivity bar is disabled in the applications.
D.The Microsoft 365 Apps for enterprise client is not configured to apply markings.
AnswerD

Client settings control whether markings are applied.

Why this answer

Option C is correct because automatic marking requires the client to be configured to apply headers and footers. Option A is wrong because the label configuration itself does not need client configuration. Option B is wrong because encryption does not affect markings.

Option D is wrong because the sensitivity bar is for selecting labels, not for applying markings.

136
Multi-Selectmedium

A compliance administrator needs to automatically apply a retention label to documents in a SharePoint Online site that contain the keyword 'Project Alpha'. The label should retain the documents for 5 years and then delete them. Which two Microsoft Purview features must be configured to achieve this? (Choose two.)

Select 2 answers
A.Trainable classifiers
B.Auto-labeling policy for SharePoint Online
C.Document Fingerprinting
D.Sensitive info type with a keyword dictionary (e.g., 'Project Alpha')
AnswersB, D

Auto-labeling policies can apply retention labels based on conditions, including sensitive info types.

Why this answer

An auto-labeling policy for SharePoint Online (option B) is required because it can automatically apply a retention label to documents based on conditions such as the presence of specific keywords. The sensitive info type with a keyword dictionary (option D) defines the condition by creating a custom sensitive information type that matches the exact phrase 'Project Alpha', which the auto-labeling policy then uses to trigger the label application.

Exam trap

The trap here is that candidates often confuse trainable classifiers with keyword-based sensitive info types, assuming machine learning is needed for any content detection, when in fact a simple keyword dictionary is sufficient and more appropriate for fixed terms.

137
MCQhard

Refer to the exhibit. You are a Microsoft Purview administrator. The exhibit shows the configuration of a sensitivity label. Users report that when they create a document containing a credit card number, the label is automatically applied, but the document is not encrypted. What is the most likely cause?

A.Auto-labeling does not apply encryption; encryption is only applied when the label is applied manually or via a client-side policy.
B.Auto-labeling is not enabled for the label.
C.The Rights Management template ID is missing or invalid.
D.The encryption setting is not enabled in the label configuration.
AnswerA

Auto-labeling in the cloud does not encrypt; encryption requires manual or client-side application.

Why this answer

Option C is correct because auto-labeling does not automatically encrypt documents; encryption is applied only when the user manually selects the label or when the label is applied via a client-side auto-labeling policy that supports encryption. Option A is incorrect because the encryption setting is enabled in the label configuration. Option B is incorrect because the Rights Management template ID is specified.

Option D is incorrect because auto-labeling is enabled.

138
MCQhard

Refer to the exhibit. You are configuring Microsoft Purview Records Management. You have a document that is classified under 'Finance' department and 'Invoices' category. Which retention label will be applied if both labels are auto-applied based on the same condition?

A.Both labels will be applied, causing a conflict.
B.HR Retention
C.Finance Retention
D.No label will be applied because of the conflict.
AnswerC

The label with the longest retention period is applied when multiple match.

Why this answer

Option B is correct because when multiple retention labels could be applied, the system applies the one with the longest retention period. 'Finance Retention' retains for 7 years, while 'HR Retention' retains for 5 years. Option A is wrong because both labels are auto-applied. Option C is wrong because there is no conflict; the longest retention wins.

Option D is wrong because the system does not apply both; it chooses one.

139
Multi-Selectmedium

Your organization uses Microsoft Purview Records Management. You need to declare a document as a regulatory record. Which TWO conditions must be met?

Select 2 answers
A.The document must have a retention label that is configured to mark items as a regulatory record.
B.The document must be placed on an eDiscovery hold.
C.The document must be stored in a location that supports regulatory records (e.g., SharePoint Online).
D.The retention period must be set to indefinite.
E.The document must be encrypted with Microsoft Purview Message Encryption.
AnswersA, C

Regulatory record marking is a label property.

Why this answer

Options A and D are correct because regulatory records require a retention label with regulatory record marking and the location must be in SharePoint or OneDrive with appropriate configuration. Option B is wrong because regulatory records do not require encryption. Option C is wrong because the retention period must be locked, but that is part of the label configuration.

Option E is wrong because eDiscovery hold is separate.

140
MCQhard

A company uses Microsoft Purview Information Protection to classify and protect sensitive data. They have configured auto-labeling policies for Microsoft 365 apps. However, users report that some documents containing credit card numbers are not being labeled automatically. You verify that the sensitive info type for credit cards is correctly defined. What is the most likely cause?

A.The auto-labeling policy only applies to Word, Excel, and PowerPoint files.
B.The documents are stored in on-premises file shares, not in SharePoint or OneDrive.
C.The sensitivity label used for auto-labeling is not published to users.
D.The DLP policy for credit cards is blocking the auto-labeling process.
AnswerB

Auto-labeling policies only apply to content in Microsoft 365 cloud locations.

Why this answer

Option B is correct because auto-labeling policies can only label documents that are stored in Microsoft 365 (SharePoint Online, OneDrive for Business) or Exchange Online, not on-premises file shares. Option A is incorrect because auto-labeling is not limited to Word, Excel, PowerPoint; it also works for other formats. Option C is incorrect because sensitivity labels can be configured for auto-labeling.

Option D is incorrect because the DLP policy does not affect auto-labeling.

141
MCQeasy

A compliance officer needs to ensure that any email sent from the organization that contains personally identifiable information (PII) such as social security numbers is automatically encrypted when the recipient is outside the organization. Which Microsoft Purview solution should the officer configure?

A.Sensitivity labels with auto-labeling
B.Data Loss Prevention (DLP) policy with encryption action
C.Office 365 Message Encryption (OME) configuration
D.Retention policy and labels
AnswerB

DLP policies can monitor email for sensitive data and, when detected, automatically apply encryption via Office 365 Message Encryption and notify the user.

Why this answer

Option B is correct because a Data Loss Prevention (DLP) policy in Microsoft Purview can be configured with an 'Encrypt email messages' action that automatically applies Office 365 Message Encryption (OME) to emails containing sensitive information types (e.g., Social Security Number) when sent to external recipients. This meets the compliance requirement for automatic encryption based on content detection, without requiring user intervention or manual label application.

Exam trap

The trap here is that candidates confuse the underlying encryption technology (OME) with the policy that triggers it, leading them to select OME configuration (Option C) instead of the DLP policy that actually detects PII and enforces the encryption action.

How to eliminate wrong answers

Option A is wrong because sensitivity labels with auto-labeling can apply classification and protection, but they are designed for persistent labeling across documents and emails, not specifically to trigger encryption based on PII detection at the point of sending; auto-labeling for emails requires Exchange mail flow rules or DLP policies to enforce encryption. Option C is wrong because Office 365 Message Encryption (OME) is the underlying encryption technology, not a policy or configuration that automatically detects PII and triggers encryption; OME must be invoked by a DLP policy or mail flow rule. Option D is wrong because retention policies and labels manage data lifecycle and deletion, not real-time content inspection or encryption of outbound emails.

142
Multi-Selecteasy

Your company is implementing Microsoft Purview Data Loss Prevention (DLP) to protect credit card numbers in emails. Which THREE actions can a DLP policy take when a match is found?

Select 3 answers
A.Delete the email from the recipient's inbox.
B.Encrypt the email automatically.
C.Allow the user to override the block with a business justification.
D.Send a notification to the user with a policy tip.
E.Block the email from being sent.
AnswersC, D, E

Override with justification is configurable.

Why this answer

Options A, B, and C are correct because DLP can block sending, send notification, and allow override. Option D is wrong because encrypting email with rights management is an action, but not listed as a standard DLP action (it is an exception). Option E is wrong because DLP does not delete emails automatically.

143
MCQmedium

A legal department needs to preserve all communications related to an ongoing lawsuit. They identify specific users and require that their mailbox items and OneDrive files are not altered or deleted. Which Microsoft Purview feature should be used?

A.Litigation Hold
B.Retention Policy
C.Data Loss Prevention (DLP)
D.eDiscovery
AnswerA

Litigation Hold preserves mailbox and OneDrive content in-place, preventing deletion or changes.

Why this answer

Litigation Hold is the correct feature because it preserves all mailbox items and OneDrive files for specific users in their current state, preventing any alteration or deletion by users or automated processes. This is essential for legal holds where data must be immutable for eDiscovery purposes, and it applies at the user level rather than broadly across the organization.

Exam trap

The trap here is that candidates often confuse retention policies with litigation holds, thinking retention policies can preserve data indefinitely, but retention policies allow deletion after the retention period and do not block user-initiated edits or deletions during the policy's active duration.

How to eliminate wrong answers

Option B (Retention Policy) is wrong because retention policies are designed for managing data lifecycle and can delete or archive items after a specified period, but they do not prevent users from modifying or deleting content while the policy is active; litigation hold explicitly locks content. Option C (Data Loss Prevention) is wrong because DLP focuses on preventing sensitive data from being shared or leaked through rules and policies, not on preserving data from alteration or deletion. Option D (eDiscovery) is wrong because eDiscovery is a tool for searching, holding, and exporting data as part of legal investigations, but it is not a hold feature itself; litigation hold is the underlying mechanism that eDiscovery uses to preserve content.

144
MCQmedium

A compliance officer needs to retain all email messages in a user's Exchange Online mailbox for 7 years after the message is sent or received, and then automatically delete them. The retention must be enforced regardless of user actions. Which Microsoft Purview solution should be used?

A.Litigation hold
B.Retention policy with Exchange location
C.Classification policy
D.In-place eDiscovery hold
AnswerB

A retention policy can retain and then delete content after a specified period.

Why this answer

A retention policy with the Exchange location in Microsoft Purview allows you to define a retention period (e.g., 7 years) and then automatically delete messages after that period. It enforces the retention regardless of user actions because it operates at the service level, not relying on user cooperation. This meets the compliance officer's requirement for mandatory, time-based retention and deletion.

Exam trap

The trap here is that candidates often confuse Litigation hold (which preserves indefinitely) with a retention policy (which can both preserve and delete after a set time), leading them to select Litigation hold for time-based deletion scenarios.

How to eliminate wrong answers

Option A is wrong because Litigation hold preserves all mailbox content indefinitely until the hold is removed, but it does not automatically delete messages after a specific period; it is designed for legal preservation, not time-based retention with deletion. Option C is wrong because Classification policy (e.g., sensitivity labels) applies metadata and protection actions but does not enforce time-based retention or automatic deletion of email messages. Option D is wrong because In-place eDiscovery hold is a deprecated feature that preserves content for eDiscovery purposes without automatic deletion; it also does not support time-based retention policies.

145
Matchingmedium

Match each Microsoft 365 migration tool to its use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Migrate mailboxes from on-premises to Exchange Online

Migrate files from on-premises to SharePoint and OneDrive

Sync on-premises identities to Azure AD

Orchestrate large-scale migrations

Migrate data from Google Workspace

Why these pairings

These tools are used to migrate data and identities to Microsoft 365.

146
MCQmedium

A compliance officer wants to automatically apply a 'Confidential' sensitivity label to documents in SharePoint Online that contain credit card numbers. The label should be applied when the documents are created or modified. Which Microsoft Purview feature should be configured?

A.Create an auto-labeling policy for sensitivity labels
B.Create a retention label policy
C.Create a Data Loss Prevention (DLP) policy
D.Configure a default sensitivity label
AnswerA

Auto-labeling policies scan content for sensitive data and automatically apply sensitivity labels, meeting the requirement.

Why this answer

Auto-labeling policies for sensitivity labels in Microsoft Purview can automatically apply a sensitivity label to documents in SharePoint Online based on sensitive information types, such as credit card numbers. This policy scans documents when they are created or modified and applies the label without user intervention, meeting the compliance officer's requirement.

Exam trap

The trap here is that candidates often confuse a DLP policy's ability to detect sensitive data with the ability to automatically apply a sensitivity label, but DLP policies only trigger alerts or block actions, not label documents.

How to eliminate wrong answers

Option B is wrong because retention label policies are designed to manage data retention and deletion, not to apply sensitivity labels for classification or protection. Option C is wrong because a Data Loss Prevention (DLP) policy can detect and block sharing of sensitive data but cannot automatically apply a sensitivity label to documents. Option D is wrong because configuring a default sensitivity label applies the label to new documents automatically but does not scan for specific content like credit card numbers, nor does it trigger on modification.

147
MCQhard

Your organization uses Microsoft Purview Data Lifecycle Management and has a retention policy that retains all SharePoint documents for three years. However, for a specific research project, you need to retain documents for five years after the project ends. Some documents are already marked with a different retention label. What should you do?

A.Modify the existing retention policy to exclude the research project site.
B.Apply a retention label with a five-year retention period to the research documents.
C.Remove the existing retention labels from the research documents and rely on the policy.
D.Create a new retention policy that applies to the research project site and set the retention period to five years.
AnswerB

Item-level retention labels override policy-level retention.

Why this answer

Option D is correct because a retention label applied at the item level takes precedence over a broader retention policy. Option A is incorrect because a new policy would not override an existing label unless the label is removed. Option B is incorrect because you cannot exclude specific documents from a policy; you must use labels.

Option C is incorrect because labels have precedence over policies.

148
MCQeasy

A compliance officer wants to prevent users from sending emails that contain personally identifiable information (PII), such as social security numbers, to external recipients. If a user attempts to send such an email from Outlook, the email should be blocked and a policy tip explaining the block should be displayed. Which Microsoft Purview solution should the officer configure?

A.Microsoft Purview Data Loss Prevention (DLP) policy
B.Microsoft Purview Information Protection sensitivity label
C.Microsoft Purview Records Management retention label
D.Microsoft Purview eDiscovery case
AnswerA

DLP policies can identify sensitive info types (e.g., SSN) in email, block the message, and display a policy tip in Outlook. This matches the requirement perfectly.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies are specifically designed to detect and block sensitive information, such as PII (e.g., social security numbers), in transit. When a DLP rule matches, it can block the email and display a policy tip in Outlook, informing the user why the message was blocked. This meets the compliance officer's requirement to prevent external sending of PII with real-time user notification.

Exam trap

The trap here is that candidates confuse sensitivity labels (which apply protection at rest) with DLP policies (which enforce actions on data in motion), leading them to choose Option B because they associate labels with 'protecting' PII, but labels do not block outbound email or trigger policy tips.

How to eliminate wrong answers

Option B is wrong because sensitivity labels classify and protect data at rest (e.g., encryption, visual markings) but do not natively block outbound email based on content inspection or display policy tips in Outlook. Option C is wrong because retention labels manage data lifecycle (retention and deletion) and are not designed to inspect or block email content in transit. Option D is wrong because eDiscovery cases are used for legal hold, search, and export of content, not for real-time prevention of email sending or policy tip enforcement.

149
Drag & Dropmedium

Drag and drop the steps to configure Data Loss Prevention (DLP) policies in Microsoft Purview in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

DLP policies are created in Purview, conditions and actions defined, and then deployed after testing.

150
MCQmedium

A compliance officer needs to prevent users from sending emails that contain sensitive information, such as social security numbers, to external recipients. If a user attempts to send such an email, the action should be blocked and a policy tip should be displayed to the user. Which Microsoft Purview solution should the officer configure?

A.Data Loss Prevention (DLP) policy
B.sensitivity label with encryption
C.Information Rights Management (IRM)
D.retention label with deletion
AnswerA

DLP policies can be configured to identify sensitive data (e.g., social security numbers) in Exchange Online email, block the message, and display a policy tip to the sender, educating them about the policy.

Why this answer

A Data Loss Prevention (DLP) policy in Microsoft Purview is designed to inspect email content for sensitive information (e.g., social security numbers) and can block the message while displaying a policy tip to the user. This matches the requirement exactly, as DLP policies enforce actions on data in transit (email) with user notifications.

Exam trap

The trap here is that candidates confuse sensitivity labels (which protect data at rest) with DLP (which protects data in motion), leading them to choose Option B because they think encryption prevents sending, but encryption does not block the email or show a policy tip at the point of sending.

How to eliminate wrong answers

Option B (sensitivity label with encryption) is wrong because sensitivity labels primarily classify and protect data at rest (e.g., files in SharePoint) and can apply encryption, but they do not natively block outbound email in real-time or display policy tips during send. Option C (Information Rights Management) is wrong because IRM protects content after delivery by restricting actions like forwarding or printing, but it does not inspect or block emails before they are sent based on sensitive data patterns. Option D (retention label with deletion) is wrong because retention labels manage data lifecycle (e.g., how long to keep or when to delete) and have no capability to scan outbound email content or block transmission.

← PreviousPage 2 of 3 · 166 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Purview Compliance questions.