Describe security, compliance, privacy, and trust in Microsoft 365

An organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?

A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?

A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?

A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)

A healthcare organization stores patient records in SharePoint Online. They need to ensure that the data is encrypted at rest and in transit. Which statement is true regarding Microsoft 365 encryption?

A company uses Microsoft Purview to monitor for potential data security incidents. They want to automatically detect and remediate activities like downloading large amounts of data to a personal device. Which solution should they configure?

A company wants to ensure that only IT administrators can install browser extensions in Microsoft Edge. Which Microsoft 365 security feature should be used?

An administrator needs to monitor and investigate potential data breaches by reviewing detailed records of file access and sharing activities across Microsoft 365. They require a centralized report showing who accessed what, from where, and any unusual patterns. Which tool should they use?

A compliance officer wants to ensure that all data in Microsoft 365 is encrypted using a key that the organization manages and stores in their own Azure Key Vault. Microsoft will not have access to the key. Which solution should they implement?

A security administrator needs to ensure that all users accessing Microsoft 365 resources from unmanaged devices are prompted to sign in using multi-factor authentication (MFA) and are blocked from downloading sensitive files. Which conditional access policy should be configured?

A security administrator needs to ensure that all guest users who access Microsoft Teams are required to accept a terms of use agreement before accessing any company resources. Which Microsoft 365 identity protection feature should they configure?

A company wants to ensure that all administrative actions in Microsoft 365 are logged and that any changes to roles and permissions are reviewed on a monthly basis. Which Microsoft Purview solution should the compliance team use?

A security administrator needs to audit all activities related to a specific user in Exchange Online, SharePoint Online, and Microsoft Entra ID for the past 90 days. They also need to export the audit log as a CSV file. Which Microsoft Purview solution provides this capability without additional licensing beyond Microsoft 365 E3?

A multinational corporation must ensure that all Microsoft 365 admin actions—such as adding a new user or changing a role—are recorded and searchable for at least 90 days. They also need to create custom alert rules to notify the security team when critical events occur, like disabling multi-factor authentication. Which Microsoft Purview solution should they use to meet both requirements?

A company uses Microsoft 365 (a SaaS offering). A security incident occurs where an employee's account is compromised because the employee reused their corporate password on a personal website. According to the shared responsibility model, who is primarily responsible for this security failure?

A security analyst receives an alert about a user who downloaded a large number of files from a SharePoint document library in a short period. The analyst needs to investigate the user's activities across Exchange, SharePoint, and Teams to determine if data exfiltration is occurring. Which Microsoft Purview solution should the analyst use to review detailed activity logs?

A security team needs to ensure that all Microsoft 365 administrative actions—such as creating user accounts or resetting passwords—are logged and searchable for at least 90 days. They also need to create custom alert rules for suspicious admin activity. Which Microsoft Purview solution should they use?

A security administrator needs to review all sign-in attempts and identify suspicious login patterns for the past 30 days. Which Microsoft 365 portal should they use to access this information?

A security team needs to monitor all administrative activities in Microsoft 365, including creating users, resetting passwords, and modifying policies. They require that logs be retained for at least 90 days and want to create custom alerts for suspicious admin actions (e.g., multiple password resets in a short time). Which Microsoft Purview solution should they use?

A legal firm needs to send a confidential document to a client via email. The firm requires that the client cannot forward or print the email and that the email expires after seven days. Which Microsoft Purview solution should they use?

A help desk lead is documenting the correct Microsoft 365 approach to require users to approve sign-ins with a mobile app after entering a password. Microsoft security, identity, or compliance capability should it use?

A compliance-aware administrator is selecting the right Microsoft 365 capability to require MFA only for sign-ins from outside trusted locations. Microsoft security, identity, or compliance capability should it use?

A department head asks which Microsoft 365 option should be used to provide a cloud identity platform for Microsoft 365 and approved SaaS applications. Microsoft security, identity, or compliance capability should it use?

An administrator is reviewing a request from users who need to detect risky users and suspicious sign-ins. Microsoft security, identity, or compliance capability should it use?

During a Microsoft 365 planning workshop, let users reset forgotten passwords without calling the help desk. Microsoft security, identity, or compliance capability should it use?

A tenant administrator is advising a department that wants to grant temporary, approved privileged administrator access. Microsoft security, identity, or compliance capability should it use?

A business stakeholder asks how Microsoft 365 can help them manage laptops and mobile devices with compliance policies and app protection. Microsoft security, identity, or compliance capability should it use?

While preparing a Microsoft 365 adoption plan, a consultant is asked to protect corporate data inside mobile apps without enrolling the whole personal device. Microsoft security, identity, or compliance capability should it use?

A service owner is comparing Microsoft 365 capabilities and needs to block emails containing credit card numbers from being sent externally. Microsoft security, identity, or compliance capability should it use?

During requirements gathering, an IT manager says the organization must classify files as Confidential and apply encryption to the most sensitive content. Microsoft security, identity, or compliance capability should it use?

A healthcare organization must encrypt outbound email automatically when a message contains passport numbers. Which two Microsoft Purview capabilities are commonly combined? (Choose two.)

A compliance-aware administrator is selecting the right Microsoft 365 capability to delete content automatically after a defined retention period. Microsoft security, identity, or compliance capability should it use?

A department head asks which Microsoft 365 option should be used to review file access, sharing changes, and administrator actions during an investigation. Microsoft security, identity, or compliance capability should it use?

An administrator is reviewing a request from users who need to protect users from phishing, unsafe links, and malicious attachments. Microsoft security, identity, or compliance capability should it use?

During a Microsoft 365 planning workshop, provide baseline anti-spam and anti-malware filtering for Exchange Online. Microsoft security, identity, or compliance capability should it use?

A tenant administrator is advising a department that wants to investigate incidents across identities, email, endpoints, and cloud apps in one experience. Microsoft security, identity, or compliance capability should it use?

A business stakeholder asks how Microsoft 365 can help them protect Windows endpoints with endpoint detection and response capabilities. Microsoft security, identity, or compliance capability should it use?

While preparing a Microsoft 365 adoption plan, a consultant is asked to identify risky user behaviour such as unusual downloads or policy violations. Microsoft security, identity, or compliance capability should it use?

A service owner is comparing Microsoft 365 capabilities and needs to prevent communication and collaboration between two business groups. Microsoft security, identity, or compliance capability should it use?

During requirements gathering, an IT manager says the organization must review employee messages for harassment or regulatory policy violations. Microsoft security, identity, or compliance capability should it use?

A help desk lead is documenting the correct Microsoft 365 approach to track compliance assessments and improvement actions. Microsoft security, identity, or compliance capability should it use?

A compliance-aware administrator is selecting the right Microsoft 365 capability to encrypt email messages sent to internal or external recipients. Microsoft security, identity, or compliance capability should it use?

A security team wants Microsoft 365 access to be allowed only when a user's device is marked compliant by management policy. Which two capabilities are normally combined? (Choose two.)

An administrator is reviewing a request from users who need to analyze attachments in a protected environment before delivery. Microsoft security, identity, or compliance capability should it use?

During a Microsoft 365 planning workshop, allow access to Exchange Online only from compliant devices. Microsoft security, identity, or compliance capability should it use?

A tenant administrator is advising a department that wants to let users sign in once and access connected Microsoft 365 and SaaS apps. Microsoft security, identity, or compliance capability should it use?

A business stakeholder asks how Microsoft 365 can help them periodically review group memberships and application access. Microsoft security, identity, or compliance capability should it use?

While preparing a Microsoft 365 adoption plan, a consultant is asked to give external partners controlled access to Teams and SharePoint resources. Microsoft security, identity, or compliance capability should it use?

A service owner is comparing Microsoft 365 capabilities and needs to detect exact customer records rather than only generic data patterns. Microsoft security, identity, or compliance capability should it use?

During requirements gathering, an IT manager says the organization must discover where sensitive information is stored across Microsoft 365. Microsoft security, identity, or compliance capability should it use?

A help desk lead is documenting the correct Microsoft 365 approach to allow browser access to SharePoint from unmanaged devices but restrict downloads. Microsoft security, identity, or compliance capability should it use?

A compliance-aware administrator is selecting the right Microsoft 365 capability to manage formal records that must be retained and disposed of according to policy. Microsoft security, identity, or compliance capability should it use?

A department head asks which Microsoft 365 option should be used to search, review, and export content for a legal investigation. Microsoft security, identity, or compliance capability should it use?

An administrator is reviewing a request from users who need to discover cloud apps being used by employees and assess their risk. Microsoft security, identity, or compliance capability should it use?

During a Microsoft 365 planning workshop, show security recommendations and a score for Microsoft 365 posture. Microsoft security, identity, or compliance capability should it use?

A tenant administrator is advising a department that wants to automatically apply a label when sensitive customer identifiers are detected. Microsoft security, identity, or compliance capability should it use?

A business stakeholder asks how Microsoft 365 can help them allow sign-in using biometrics or FIDO2 security keys. Microsoft security, identity, or compliance capability should it use?

While preparing a Microsoft 365 adoption plan, a consultant is asked to let users report suspicious phishing messages from Outlook for investigation. Microsoft security, identity, or compliance capability should it use?

A service owner is comparing Microsoft 365 capabilities and needs to make sign-in decisions based on risk, location, and device compliance. Microsoft security, identity, or compliance capability should it use?

During requirements gathering, an IT manager says the organization must make document protection persist after a file is downloaded or emailed. Microsoft security, identity, or compliance capability should it use?

A help desk lead is documenting the correct Microsoft 365 approach to preserve relevant mailboxes and SharePoint content during a legal case. Microsoft security, identity, or compliance capability should it use?

A compliance officer wants to proactively prevent users from sending emails that contain sensitive personal data (e.g., credit card numbers) to external recipients. When a user attempts to send such an email, they should see a policy tip explaining the restriction and be blocked from sending. Which Microsoft Purview feature should be configured?

A legal team needs to ensure that all documents related to an ongoing case are retained for exactly 7 years and then automatically deleted. During the retention period, no user should be able to permanently delete these documents. Which two Microsoft Purview features should be used together to meet this requirement? (Choose two.)

A company wants to ensure that sensitive documents stored in SharePoint Online are automatically classified and protected if they contain credit card numbers or social security numbers. Which Microsoft Purview feature should they implement?

A compliance officer needs to ensure that all user activities related to sensitive data in Microsoft 365 are recorded and available for forensic investigation. They require detailed logs of who accessed specific files in SharePoint Online, including attempts to access files that were blocked by DLP policies. Which solution should they enable?

An organization needs to automatically delete Microsoft Teams chat messages after 90 days to comply with a data minimization policy. Which Microsoft Purview feature should they use?

A company must comply with a regulation that requires all data stored in Microsoft 365 to remain within the European Union. Which Microsoft 365 feature should an administrator configure to enforce this geographic restriction?

A compliance officer wants to automatically encrypt outgoing emails containing credit card numbers and also prevent recipients from forwarding or copying the content. Which Microsoft Purview solution should be applied?

An organization wants to prevent employees from sharing sensitive files with external users via SharePoint Online, but they need to allow sharing with a specific external partner for a single project. What is the most efficient configuration?

A compliance officer needs to set up a policy that automatically monitors and detects activities related to accessing sensitive data from outside the corporate network. When a user from a foreign country accesses a confidential file, the policy should trigger an alert and require additional authentication. Which combination of Microsoft 365 solutions achieves this?

A company wants to ensure that all outgoing emails containing sensitive financial data are encrypted automatically. The encryption should require the recipient to authenticate to read the message. Which Microsoft 365 solution should the administrator configure?

A compliance officer needs to automatically detect when employees share customers' personal data (e.g., social security numbers) via email and block such sharing. Which Microsoft Purview solution should they configure?

A security administrator needs to automatically restrict access to documents labeled as 'Highly Confidential' when accessed from devices that are not joined to the domain. The restriction should block editing and printing, and apply encryption. Which combination of Microsoft 365 solutions should the administrator use?

A legal team is involved in a court case and needs to identify all emails and documents related to a specific project across the entire organization. They need to place these items on hold to prevent deletion or modification. Which Microsoft Purview solution should they use?

A compliance administrator needs to ensure that any document containing a patient's health information (e.g., medical record number) is automatically encrypted and restricted to authorized users. The encryption should be enforced regardless of where the document is saved (SharePoint, OneDrive, or email). Which Microsoft Purview feature should they configure?

A compliance administrator needs to automatically detect when employees share documents containing a customer's credit card number via email and block such sharing before the email is sent. Which Microsoft Purview solution should they configure?

A security administrator needs to automatically restrict access to documents that contain 'PII' (personally identifiable information) so that only employees in the 'Data Privacy' security group can view them. Additionally, editing and printing of these documents must be disabled. Which combination of Microsoft Purview features should be used?

A legal team is preparing for litigation. They need to place a hold on all content (emails, documents, Teams messages) related to a specific project across the entire organization. The hold must prevent any deletion or modification of the content. Which Microsoft Purview solution should they use?

A compliance officer needs to automatically label and encrypt documents that contain personally identifiable information (PII) when they are saved in SharePoint. The labeling should happen without manual user intervention. Which Microsoft Purview feature should they configure?

A compliance officer needs to automatically detect when an employee attempts to send an email containing a social security number (SSN) to an external recipient. The solution should block the email from being sent and notify the employee with a policy tip. Which Microsoft Purview solution should be configured?

A compliance officer needs to ensure that any document containing passport numbers automatically gets a 'Highly Confidential' label and is encrypted when saved in SharePoint. The labeling should occur without any user interaction. Which Microsoft Purview feature should they configure?

A compliance officer needs to automatically encrypt any outgoing email that contains a customer's credit card number. The solution should work without requiring the sender to take any manual action. Which Microsoft Purview feature should be configured?

A global financial services firm needs to protect highly confidential documents containing trade secrets. The protection must restrict access to a specific group of employees, prevent editing and printing, and remain enforced even if the document is downloaded and saved to an external device. Which Microsoft Purview solution should be used?

A compliance administrator needs to automatically protect sensitive data by applying a 'Confidential' label that encrypts documents and restricts access to a specific user group. The label must be applied when a document containing a credit card number is saved in SharePoint. Which Microsoft Purview feature should be configured?

A multinational corporation needs to ensure that all emails containing a customer's passport number are automatically blocked from being sent externally. Additionally, the sending user should receive a policy tip explaining the block. Which Microsoft Purview solution should be configured?

A compliance officer needs to automatically retain all SharePoint documents that contain a specific project code for exactly 5 years. The retention must be applied automatically when the document is uploaded, without any user interaction. Which Microsoft Purview feature should they configure?

A compliance officer needs to ensure that all outgoing emails containing a customer's credit card number are automatically encrypted before delivery. External recipients must be able to reply with the same level of encryption without a separate signing-up process. Which Microsoft Purview solution should be configured?

A global company needs to ensure that only employees in the 'HR' security group can access a specific set of HR documents stored in SharePoint. If a user outside the group attempts to view or copy the content, it must be blocked. The protection must persist even if someone downloads the files and shares them externally, or if the files are saved to a personal device. Which Microsoft Purview solution should be used?

A legal firm needs to automatically encrypt and apply access restrictions to all documents that contain case numbers considered highly confidential. The protection must remain enforced even if the document is emailed to external parties or saved to a personal device. Which Microsoft Purview solution should be configured?

A global company has a strict policy that any Microsoft 365 administrator who needs to access a user's mailbox for troubleshooting must first obtain explicit approval from the user. The company wants to implement a process that requires approval for such access and logs the activity. Which Microsoft Purview feature should they use?

A compliance team needs to ensure that any email sent from the Finance department that contains a bank account number is automatically encrypted. External recipients must be able to reply securely without needing to sign up for any service. Which Microsoft Purview solution should they configure?

A legal firm must ensure that all documents containing a specific project code are automatically retained for 7 years after the project ends. After the 7-year period, the documents should be permanently deleted. The firm already uses sensitivity labels to classify documents. Which Microsoft Purview solution should they configure?

A compliance officer needs to identify users who are at risk of leaking sensitive data based on their activities such as copying files to USB drives or emailing content outside the organization. The solution must also allow reviewing the activities in a case-based workflow. Which Microsoft Purview solution should they use?

A healthcare provider must ensure that patient health information (PHI) is not accidentally shared outside the organization. They want to automatically detect if an email contains PHI (such as diagnosis codes) and block it from being sent externally. Additionally, the sender should receive a notification explaining the block. Which Microsoft Purview solution should be configured?

A company wants to ensure that sensitive documents classified as 'Confidential' are automatically encrypted and have restricted access permissions applied when they are shared via email. The protection must persist even if the email is forwarded to external parties. Which Microsoft Purview solution should be used?

A company wants to ensure that all Microsoft 365 admin actions are recorded and searchable for at least 180 days. They also need to create custom alert rules to notify the security team when critical events occur, such as a user being added to the Global Admin role. Which Microsoft Purview solution should they use?

A legal department requires that when an employee deletes any email message in Exchange Online that is related to active litigation, the message must be automatically retained for an additional 5 years after deletion. The retention must be applied based on keywords found in the email content. Which Microsoft Purview solution should be configured?

A healthcare organization needs to automatically apply a sensitivity label to any document stored in a SharePoint document library that contains patient diagnosis codes. The label should prevent the document from being shared externally. The classification must happen after the document is saved, not during creation. Which Microsoft Purview solution should be configured?

A company is preparing for a merger and wants to prevent communication between the Human Resources and Research departments regarding sensitive salary data during the due diligence period. They need a Microsoft Purview solution that can block all email and chat between users in these two groups, as well as prevent file sharing in Teams and SharePoint. Which solution should they configure?

A compliance officer needs to automatically detect documents stored in SharePoint Online that contain sensitive data types (e.g., credit card numbers) and apply a sensitivity label that restricts access to only certain users. The classification should occur without user intervention and the label must be applied to the document. Which Microsoft Purview solution should be configured?

A healthcare organization must ensure that all outgoing emails containing protected health information (PHI) are automatically encrypted. External recipients must be able to read the encrypted messages without installing any software or signing up for a service. Which Microsoft Purview solution should be configured?

A legal team needs to place a hold on all data belonging to a specific user who is involved in a lawsuit. The hold must preserve Exchange Online email, SharePoint sites, and Teams chat messages. Which Microsoft Purview solution should they use?

A compliance officer needs to automatically classify and protect documents stored in SharePoint Online that contain personal data such as passport numbers. The classification should happen without user intervention and must apply encryption and access restrictions. Which Microsoft Purview solution should be configured?

A legal team needs to preserve all data belonging to a former employee who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, Teams messages, and OneDrive files. Which Microsoft Purview solution should they use to enforce the preservation?

A legal team at a company needs to preserve all data belonging to a user who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, OneDrive for Business files, and Teams chat messages. They also need to be able to search the preserved content and export it. Which Microsoft Purview solution should they use?

An organization needs to prevent users from sharing documents that contain credit card numbers via email and Microsoft Teams. When a user attempts to share such a document, they should see a policy tip explaining the restriction. Which Microsoft Purview solution should the compliance team configure?

A compliance officer needs to automatically classify documents stored in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. The classification must apply a sensitivity label that encrypts the document and restricts access to only employees in the Legal department. The process should run without any user interaction. Which Microsoft Purview solution should be configured?

A compliance officer needs to ensure that all emails and documents in Exchange Online and SharePoint are automatically retained for five years. After five years, the data should be automatically deleted. Which Microsoft Purview solution should they configure?

A security team wants to ensure that only devices that are compliant with company security policies (e.g., antivirus enabled, disk encrypted) can access Exchange Online and SharePoint Online. Which feature should they configure in Microsoft 365?

An organization wants to automatically detect when a user attempts to share a document containing a customer's credit card number via email. The system should block the sharing and display a warning to the user. Which Microsoft Purview solution should they configure?

A multinational corporation must comply with GDPR. They need to ensure that personal data of EU residents is retained for a specific period and then securely deleted. Additionally, they must be able to respond to data subject access requests (DSARs) within 30 days by finding and exporting relevant data. Which two Microsoft Purview solutions should they use together? (Choose two.)

A legal team needs to preserve all data related to a specific user involved in litigation, including Exchange emails, SharePoint documents, OneDrive files, and Teams chats. They require a hold that cannot be removed by the user and must allow for later searching and export. Which Microsoft Purview solution should they use?

A compliance officer needs to automatically retain all emails in Exchange Online for exactly 7 years, and then permanently delete them. Which Microsoft Purview solution should they configure?

A company wants to prevent users from sharing documents that contain credit card numbers via email. When a user attempts to share such a document, they should see a policy tip explaining the restriction and the share should be blocked. Which Microsoft Purview solution should the compliance team configure?

A compliance team needs to implement a Data Loss Prevention (DLP) policy to protect credit card information. What is the correct order of steps for a successful implementation?

A compliance team needs to prevent employees from copying sensitive data (such as financial records or customer PII) to USB drives and other removable media from their Windows 10/11 devices. When a user attempts to copy data to an unapproved USB device, the action should be blocked and an alert should be generated. Which Microsoft Purview solution should they configure?

An organisation wants to identify documents containing credit card numbers and prevent users from sharing them externally from SharePoint Online and Exchange Online. Which two Microsoft Purview capabilities are most relevant? (Choose 2.)

A compliance manager wants a dashboard that maps Microsoft 365 controls to regulatory standards and gives recommended improvement actions. Which portal capability should they use?

An organization wants to block sharing of documents containing credit card numbers. Which two statements are accurate about the Microsoft 365 capability involved?

A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit?

A compliance administrator needs to investigate emails that may be part of a phishing campaign. Which Microsoft 365 capability is the best fit?

A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit?

An organization wants to retain mailbox content for legal investigation. Which two statements are accurate about the Microsoft 365 capability involved?

A compliance administrator needs to manage user sign-in risk and require MFA for risky sign-ins. Which Microsoft 365 capability is the best fit?

A compliance administrator needs to block sharing of documents containing credit card numbers. Which Microsoft 365 capability is the best fit?

A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.

An organization wants to investigate emails that may be part of a phishing campaign. Which two statements are accurate about the Microsoft 365 capability involved?

A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.

A compliance administrator needs to retain mailbox content for legal investigation. Which Microsoft 365 capability is the best fit?