CCNA Describe Security Compliance Privacy And Trust In Microsoft 365 Questions

75 of 269 questions · Page 2/4 · Describe Security Compliance Privacy And Trust In Microsoft 365 topic · Answers revealed

76
MCQhard

A legal team needs to preserve all data belonging to a former employee who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, Teams messages, and OneDrive files. Which Microsoft Purview solution should they use to enforce the preservation?

A.eDiscovery (Standard) case hold
B.Data Lifecycle Management retention policy
C.Sensitivity label with retention marking
D.Audit log search
AnswerA

eDiscovery (Standard) enables creating a case and placing a hold on custodians' mailboxes, SharePoint sites, OneDrive, and Teams, preserving all data for legal purposes.

Why this answer

eDiscovery (Standard) case hold is the correct solution because it allows legal teams to place a legal hold on all data sources associated with a specific user, including Exchange Online mailboxes, SharePoint sites, OneDrive accounts, and Teams messages. This preserves the data in its current state, preventing modification or deletion, which is essential for litigation. Unlike other options, eDiscovery holds are designed specifically for legal preservation scenarios and can target multiple workloads simultaneously.

Exam trap

The trap here is that candidates often confuse a retention policy (which is automated and rule-based) with a legal hold (which is manual, case-specific, and preserves data for litigation), leading them to choose Data Lifecycle Management instead of eDiscovery.

How to eliminate wrong answers

Option B is wrong because Data Lifecycle Management retention policies are designed for automated data retention and deletion based on regulatory or business rules, not for ad-hoc legal holds triggered by litigation. Option C is wrong because sensitivity labels with retention markings are used to classify and optionally retain data based on sensitivity, but they cannot enforce a comprehensive legal hold across all user data sources like eDiscovery can. Option D is wrong because Audit log search is a tool for reviewing historical activity logs, not for preserving data; it does not prevent data modification or deletion.

77
MCQhard

An organization uses Microsoft 365 Copilot for Microsoft 365. The security team wants to ensure that Copilot responses are based only on data that users already have permission to access. Which principle does this enforce?

A.Least privilege
B.Defense in depth
C.Privileged Identity Management
D.Zero Trust
AnswerA

Copilot respects existing permissions, enforcing least privilege.

Why this answer

The principle of least privilege ensures users only access data they need. In Copilot, responses are grounded in the user's existing permissions. Option C is correct.

Option A (Zero Trust) is broader, Option B (Defense in depth) is layered security, and Option D (Privileged Access) is for elevated roles.

78
MCQeasy

A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?

A.Retention policy
B.Litigation hold
C.eDiscovery
D.Data Loss Prevention (DLP)
AnswerB

Litigation hold preserves all data indefinitely (or until the hold is removed) even if users delete items. It is the correct feature for legal preservation requirements.

Why this answer

Litigation hold is the correct feature because it preserves all mailbox and document content in its original state indefinitely until the hold is explicitly released. Unlike a retention policy, which can delete content after a specified period, Litigation hold ensures that even permanently deleted items are retained in the Recoverable Items folder, meeting the legal preservation requirement.

Exam trap

The trap here is that candidates often confuse a retention policy (which can preserve content but also delete it after a period) with Litigation hold, which is the only option that guarantees indefinite preservation regardless of user actions or time limits.

How to eliminate wrong answers

Option A is wrong because a retention policy can be configured to delete content after a set period, which conflicts with the requirement to keep content indefinitely; it also does not guarantee preservation against user deletion. Option C is wrong because eDiscovery is a search and export tool used to find content already preserved under holds or policies, not a mechanism to enforce preservation itself. Option D is wrong because Data Loss Prevention (DLP) is designed to prevent sensitive information from being shared or leaked, not to preserve content for legal purposes.

79
Multi-Selecthard

Your company is adopting Microsoft 365 Copilot and wants to ensure that data security and compliance requirements are met. Which THREE considerations should be addressed? (Choose three.)

Select 3 answers
A.Configure policies in the Microsoft 365 admin center to manage Copilot features.
B.Disable Copilot for all users if any compliance requirement cannot be met.
C.Use sensitivity labels to control what data Copilot can access.
D.Verify that data processed by Copilot is stored in the same geographic region as the tenant.
E.Ensure that Microsoft 365 Copilot inherits the compliance settings from the underlying Microsoft 365 services.
AnswersA, C, E

Admins can enable/disable Copilot features for specific users or groups.

Why this answer

Options A, C, and D are correct. Copilot inherits compliance settings, respects sensitivity labels, and can be managed via policies. Reviewing data residency (B) is important for data storage, but Copilot processing follows existing data residency.

Disabling Copilot for compliance (E) is not a consideration but an extreme measure.

80
Multi-Selecthard

Your organization is required to retain all customer emails for 7 years due to industry regulations. The legal team also needs to be able to search and hold relevant emails during active litigation. Which two Microsoft Purview features should you implement? (Choose two.)

Select 2 answers
A.Data Loss Prevention policy
B.Retention policy
C.Litigation hold
D.eDiscovery (Standard)
E.Sensitivity labels
AnswersB, C

Retention policies retain data for a specified period.

Why this answer

Retention policies (A) enforce the 7-year retention. Litigation hold (C) preserves emails for legal cases. Option B (eDiscovery) is for search and export, not hold.

Option D (DLP) prevents data leaks. Option E (MIP labels) classify data.

81
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to allow browser access to SharePoint from unmanaged devices but restrict downloads. Microsoft security, identity, or compliance capability should it use?

A.Conditional Access access/session controls
B.Microsoft Forms
C.Microsoft Stream
D.Microsoft Planner
AnswerA

Conditional Access can apply access or session controls based on device state.

Why this answer

Conditional Access access/session controls allow administrators to enforce granular restrictions on browser access to SharePoint from unmanaged devices, such as blocking download of sensitive content while still permitting view-only access. This is achieved through session policies that integrate with Microsoft Defender for Cloud Apps (formerly Cloud App Security) to apply real-time controls at the protocol level, without requiring device enrollment or compliance.

Exam trap

The trap here is that candidates often confuse Conditional Access with device compliance policies or Intune, but session controls are specifically designed for unmanaged devices where you cannot enforce device-level restrictions, and they operate at the application layer rather than requiring device enrollment.

How to eliminate wrong answers

Option B (Microsoft Forms) is wrong because it is a survey and data collection tool, not a security or access control mechanism for SharePoint. Option C (Microsoft Stream) is wrong because it is a video hosting and sharing service, unrelated to managing device access or download restrictions for SharePoint. Option D (Microsoft Planner) is wrong because it is a task management and planning tool, lacking any capability to enforce conditional access or session-level policies.

82
Multi-Selectmedium

An organization wants to retain mailbox content for legal investigation. Which two statements are accurate about the Microsoft 365 capability involved?

Select 2 answers
A.It requires every document to be made public
B.eDiscovery and retention capabilities in Microsoft Purview
C.The policy should be tested with a limited group before broad rollout
D.It replaces the need for identity and access management
AnswersB, C

Purview eDiscovery and retention help preserve and search content for investigations.

Why this answer

Security and compliance controls should be selected by risk scenario and tested before tenant-wide enforcement.

83
MCQeasy

Your organization has a Microsoft 365 E5 subscription and wants to use Microsoft Purview to identify and protect sensitive data. Which feature should you use to automatically discover sensitive data across Exchange Online, SharePoint Online, and OneDrive?

A.Content explorer
B.Data Loss Prevention (DLP) policies
C.Sensitivity labels
D.Activity explorer
AnswerA

Content explorer displays sensitive data locations across workloads.

Why this answer

Option B is correct: Content explorer shows where sensitive data is stored. Option A is incorrect because Activity explorer shows user activity. Option C is incorrect because Data Loss Prevention policies prevent sharing.

Option D is incorrect because Sensitivity labels classify data.

84
MCQmedium

An organization uses Microsoft Defender XDR and wants to investigate a potential ransomware attack. Which portal should the security team use to see the full attack timeline?

A.Microsoft Purview compliance portal
B.Microsoft Sentinel
C.Azure portal
D.Microsoft 365 Defender portal
AnswerD

The Defender portal aggregates alerts and incidents from across Microsoft 365.

Why this answer

Option A is correct. The Microsoft 365 Defender portal provides a unified incident view with the full attack timeline. Option B is wrong because Microsoft Sentinel is a SIEM, not the primary portal for Microsoft 365 Defender.

Option C is wrong because the Microsoft Purview portal is for compliance. Option D is wrong because the Azure portal is for Azure resources.

85
MCQmedium

An administrator is reviewing a request from users who need to analyze attachments in a protected environment before delivery. Microsoft security, identity, or compliance capability should it use?

A.Safe Attachments
B.Microsoft Forms
C.Microsoft Stream
D.Microsoft Planner
AnswerA

Safe Attachments analyzes email attachments for malicious content.

Why this answer

Safe Attachments is the correct Microsoft 365 Defender capability that detonates email attachments in a virtual, protected environment before delivery. It uses behavioral analysis and machine learning to detect malicious content, ensuring that only safe attachments reach the user's inbox. This directly addresses the requirement to analyze attachments in a protected environment.

Exam trap

The trap here is that candidates may confuse Safe Attachments with other Microsoft 365 security features like Safe Links or anti-malware policies, but the question specifically requires a capability that analyzes attachments in a protected environment before delivery, which is uniquely provided by Safe Attachments.

How to eliminate wrong answers

Option B (Microsoft Forms) is wrong because it is a survey and data collection tool, not a security feature for analyzing attachments. Option C (Microsoft Stream) is wrong because it is a video sharing and management platform, unrelated to email attachment security. Option D (Microsoft Planner) is wrong because it is a task management and planning tool, with no capability to scan or detonate attachments.

86
MCQmedium

Refer to the exhibit. A Microsoft 365 administrator runs the PowerShell script against Microsoft Entra ID. The script outputs several enabled Conditional Access policies. However, users report they are not prompted for MFA even though there is an enabled policy that should require MFA for all users. What is the most likely reason?

A.The policy is set to 'report-only' mode.
B.The script is not executed with administrative privileges.
C.The script does not run against all policies.
D.The script disables the MFA policy inadvertently.
AnswerA

A policy in report-only mode does not enforce MFA.

Why this answer

Option D is correct because the script checks if the policy state is enabled, but does not check if the policy is in 'report-only' mode. A policy can be enabled but set to report-only, which does not enforce MFA. Option A is wrong because the script checks all enabled policies.

Option B is wrong because the script is used for policy listing, not enforcement. Option C is wrong because the script does not modify policies.

87
Multi-Selectmedium

Which TWO actions should you take to protect against ransomware attacks in Microsoft 365?

Select 2 answers
A.Enable anti-malware policies in Microsoft Defender for Office 365.
B.Deploy attack simulation training to educate users.
C.Apply sensitivity labels with auto-labeling.
D.Configure Data Loss Prevention (DLP) policies.
E.Use SharePoint and OneDrive restricted access and permissions.
AnswersA, E

Anti-malware blocks malicious attachments that could deliver ransomware.

Why this answer

Options B and D are correct: Anti-malware policies block known malware, and restricted permissions in SharePoint prevent unauthorized encryption. Option A is incorrect because attack simulation is for training, not prevention. Option C is incorrect because DLP policies prevent data loss, not ransomware.

Option E is incorrect because auto-labeling is for classification, not protection.

88
MCQhard

A compliance team needs to implement a Data Loss Prevention (DLP) policy to protect credit card information. What is the correct order of steps for a successful implementation?

A.Create policy, Identify locations, Deploy in production, Monitor alerts and refine
B.Identify locations, Create policy, Deploy in production, Monitor alerts and refine
C.Deploy in production, Monitor alerts and refine, Identify locations, Create policy
D.Identify locations, Deploy in production, Create policy, Monitor alerts and refine
AnswerB

This order follows industry best practices: first understand where sensitive data lives, then build the policy, deploy it, and finally monitor and refine.

Why this answer

Best practice for DLP implementation: first identify where sensitive data resides (locations), then create the DLP policy with conditions and actions, test the policy in simulation mode before deploying to production, and finally monitor alerts and refine the policy. The option starting with 'Identify locations' followed by 'Create policy', 'Deploy in production', and 'Monitor' matches this sequence.

89
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to make sign-in decisions based on risk, location, and device compliance. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Forms
B.Microsoft Planner
C.Conditional Access policy
D.Microsoft Stream
AnswerC

Conditional Access evaluates identity signals and enforces access controls.

Why this answer

Conditional Access policy is the correct answer because it is the Microsoft Entra ID (formerly Azure AD) feature that enforces sign-in decisions based on risk, location, and device compliance. It allows administrators to create policies that require multi-factor authentication, block access from untrusted locations, or require compliant devices before granting access to Microsoft 365 resources.

Exam trap

The trap here is that candidates may confuse Microsoft 365 productivity tools (Forms, Planner, Stream) with security or identity services, failing to recognize that Conditional Access is the only option that directly controls sign-in decisions based on risk, location, and device compliance.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a survey and data collection tool, not an identity or security policy engine; it cannot evaluate sign-in risk, location, or device compliance. Option B is wrong because Microsoft Planner is a task management and project tracking tool within Microsoft 365; it has no capability to enforce conditional access or evaluate authentication context. Option D is wrong because Microsoft Stream is a video hosting and sharing platform; it does not provide any identity-based access control logic beyond what is inherited from the underlying tenant policies.

90
Multi-Selecthard

Which TWO of the following are capabilities of Microsoft Priva? (Choose two.)

Select 2 answers
A.Automate subject rights requests
B.Configure retention labels
C.Assess privacy risks in data transfers
D.Monitor network traffic
E.Detect malware in email attachments
AnswersA, C

Priva helps manage DSRs.

Why this answer

Microsoft Priva helps organizations manage privacy risks by assessing data transfer risks and automating subject rights requests. Options A and C are correct.

91
MCQhard

An organization uses Microsoft 365 Copilot and wants to ensure that AI-generated content is automatically labeled with a sensitivity label. What should they configure?

A.Microsoft Defender for Cloud Apps session policies
B.Microsoft Intune app protection policies
C.Conditional Access policies in Microsoft Entra ID
D.Microsoft Purview auto-labeling policies
AnswerD

Auto-labeling policies can automatically apply sensitivity labels to content based on criteria.

Why this answer

Auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels based on conditions, including Copilot-generated content. Options A, C, and D are incorrect because they do not handle automatic labeling of Copilot output.

92
MCQmedium

A compliance administrator needs to automatically protect sensitive data by applying a 'Confidential' label that encrypts documents and restricts access to a specific user group. The label must be applied when a document containing a credit card number is saved in SharePoint. Which Microsoft Purview feature should be configured?

A.Retention labels
B.Sensitivity labels with auto-labeling
C.Data Loss Prevention (DLP) policies
D.Data classification service
AnswerB

Sensitivity labels can be configured with auto-labeling policies to automatically apply encryption and access controls when sensitive data like credit card numbers is detected in SharePoint documents.

Why this answer

Sensitivity labels with auto-labeling are the correct choice because they allow you to automatically apply a 'Confidential' label that encrypts documents and restricts access based on sensitive content (e.g., credit card numbers) when documents are saved in SharePoint. This feature uses conditions like sensitive information types to trigger label application, ensuring data protection at rest and in use.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling, but DLP policies only block or alert on data sharing, not apply labels or encryption, which is the core requirement for protecting data at rest.

How to eliminate wrong answers

Option A is wrong because retention labels are designed to manage data lifecycle (retention and deletion) and do not provide encryption or access restrictions. Option C is wrong because Data Loss Prevention (DLP) policies detect and prevent sharing of sensitive data but do not apply labels or encrypt documents; they enforce rules on data in motion. Option D is wrong because the data classification service identifies and classifies data but does not automatically apply labels or enforce protection actions like encryption.

93
MCQmedium

A business stakeholder asks how Microsoft 365 can help them manage laptops and mobile devices with compliance policies and app protection. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Stream
B.Microsoft Planner
C.Microsoft Forms
D.Microsoft Intune
AnswerD

Intune manages devices and apps, including compliance and app protection policies.

Why this answer

Microsoft Intune is the correct answer because it is a cloud-based endpoint management solution that provides mobile device management (MDM) and mobile application management (MAM) capabilities. It allows administrators to enforce compliance policies (e.g., require PIN, encrypt device) and app protection policies (e.g., restrict copy/paste, prevent data leakage) on laptops and mobile devices, directly addressing the stakeholder's request.

Exam trap

The trap here is that candidates may confuse productivity tools (Stream, Planner, Forms) with security and management services, but Microsoft 365 separates collaboration features from endpoint management, which is exclusively handled by Intune in this context.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video-sharing and management service, not an endpoint management or compliance tool. Option B is wrong because Microsoft Planner is a task management and collaboration tool for organizing work, not for managing device compliance or app protection. Option C is wrong because Microsoft Forms is a survey and data collection tool, with no capabilities for device management or policy enforcement.

94
MCQmedium

A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.

A.OneDrive sync client
B.Sensitivity labels
C.Microsoft Bookings
D.Microsoft Teams live events
AnswerB

Sensitivity labels classify and protect content, including encryption and access restrictions.

Why this answer

Sensitivity labels are the correct choice because they allow the compliance administrator to apply encryption and usage restrictions (such as 'Do Not Forward' or 'View Only') directly to confidential documents without writing any custom scripts. This capability is built into Microsoft 365 and integrates with Azure Information Protection to enforce protection policies at the file level, meeting the requirement for a no-code solution.

Exam trap

The trap here is that candidates may confuse the OneDrive sync client with a security tool, mistakenly thinking it can enforce encryption or restrictions, when in fact it only synchronizes files without applying any protection policies.

How to eliminate wrong answers

Option A is wrong because the OneDrive sync client is a file synchronization tool that syncs files between local devices and the cloud; it does not natively apply encryption or usage restrictions to documents. Option C is wrong because Microsoft Bookings is a scheduling and appointment management application, not a data protection or compliance tool. Option D is wrong because Microsoft Teams live events is a broadcast feature for streaming video to large audiences; it lacks the ability to apply encryption or usage restrictions to individual documents.

95
Multi-Selecteasy

Which TWO are true about Microsoft's data residency commitments in the Microsoft 365 Trust Center?

Select 2 answers
A.Customers can choose where their data is stored at rest
B.Data never leaves the selected geographic region
C.All customer data is encrypted in transit only
D.Customer data is always stored in the customer's country only
E.Microsoft provides data residency options for customer data
AnswersA, E

Customers can select the region for data storage.

Why this answer

Options B and D are correct. Microsoft offers data residency options, and customers can choose the region. Option A is wrong because data is stored at rest in the chosen region, not all regions.

Option C is wrong because data may move for disaster recovery. Option E is wrong because data can be stored at rest in the selected region.

96
MCQhard

Refer to the exhibit. A Microsoft Purview sensitivity label policy is defined as shown. A user applies this label to a document in Microsoft 365. Which action will occur automatically?

A.The document will be encrypted.
B.The document will be automatically deleted after 30 days.
C.A watermark will be added.
D.The document will be blocked from external sharing.
AnswerA

The label has encryption enabled, so the document is encrypted.

Why this answer

Option A is correct because the settings show encryptionenabled: true, so the document will be encrypted. Option B is incorrect because the markinginfo includes header and footer, not a watermark. Option C is incorrect because there is no DLP policy referenced.

Option D is incorrect because there is no retention setting in the label.

97
MCQmedium

An administrator is reviewing a request from users who need to discover cloud apps being used by employees and assess their risk. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Planner
B.Microsoft Defender for Cloud Apps
C.Microsoft Stream
D.Microsoft Forms
AnswerB

Defender for Cloud Apps provides cloud app discovery and risk assessment.

Why this answer

Microsoft Defender for Cloud Apps is the correct choice because it is a Cloud Access Security Broker (CASB) that provides visibility into cloud app usage, shadow IT discovery, and risk assessment. It integrates with Microsoft 365 to monitor user activities and apply data loss prevention (DLP) policies across sanctioned and unsanctioned cloud apps.

Exam trap

The trap here is that candidates may confuse productivity tools like Planner or Forms with security capabilities, or assume Stream has monitoring features due to its 'cloud' nature, but only Defender for Cloud Apps provides dedicated cloud app discovery and risk assessment.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management and collaboration tool, not a security or compliance capability for discovering cloud apps or assessing risk. Option C is wrong because Microsoft Stream is a video hosting and sharing service within Microsoft 365, with no functionality for cloud app discovery or risk assessment. Option D is wrong because Microsoft Forms is a survey and quiz creation tool, lacking any security, identity, or compliance features for monitoring cloud app usage.

98
MCQmedium

Wide World Importers is a financial services company that must comply with GDPR. They use Microsoft 365 E5 and have enabled audit logging. The Data Protection Officer (DPO) needs to be able to search and export all audit records related to a specific user's activities for the past 90 days. The DPO is not a global admin and should only have permissions to view and export audit logs. You need to provide the DPO with the appropriate access. What should you do?

A.Add the DPO to the 'Audit Logs' role in the Microsoft Purview compliance portal.
B.Add the DPO to the Global Administrator role.
C.Assign the Security Reader role in Microsoft Entra ID.
D.Assign the Compliance Administrator role in Microsoft Entra ID.
AnswerA

This role provides read and export permissions for audit logs only.

Why this answer

Option B is correct. The 'Audit Logs' role in the Microsoft Purview compliance portal allows read and export access to audit logs. Option A (global admin) gives too many permissions.

Option C (Security Reader) in Microsoft Entra ID does not include Purview audit log access. Option D (Compliance Administrator) is a broader role that includes many other permissions.

99
Matchingmedium

Match each Microsoft 365 compliance term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Policy to prevent accidental sharing of sensitive information

Process to search and export content for legal cases

Rule to keep or delete content for a specified time

Tags to classify and protect data based on sensitivity

Why these pairings

These features help organizations manage data compliance and security.

100
MCQeasy

An organization needs to ensure that all Microsoft 365 data is encrypted at rest and in transit. Which of the following is a built-in encryption mechanism in Microsoft 365?

A.BitLocker Drive Encryption
B.Customer-managed keys (CMK) using Azure Key Vault
C.Office 365 Message Encryption
D.Azure Information Protection
AnswerA

Microsoft uses BitLocker to encrypt drives in datacenters.

Why this answer

Option D is correct because Microsoft 365 uses BitLocker Drive Encryption for data at rest in datacenters. Option A is wrong because third-party key management is not built-in. Option B is wrong because Azure Information Protection is a separate solution.

Option C is wrong because Office 365 Message Encryption is for email, not all data.

101
MCQhard

A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?

A.Sensitivity labels and Microsoft Purview Information Protection (Microsoft Purview Information Protection)
B.Data Loss Prevention (DLP) policies
C.Microsoft Purview Compliance Manager
D.Exchange Online Protection (EOP) and Microsoft Defender for Microsoft 365
AnswerB

DLP policies detect sensitive data and block sharing actions automatically across services.

Why this answer

Data Loss Prevention (DLP) policies in Microsoft Purview are specifically designed to detect and block the sharing of sensitive information, such as credit card numbers, across email (Exchange Online) and SharePoint. By scanning content for predefined sensitive info types (e.g., credit card numbers using regex patterns from the DLP engine), DLP can automatically block or warn users before external sharing occurs, meeting the company's requirement.

Exam trap

The trap here is that candidates often confuse sensitivity labels (which classify and protect data at rest) with DLP (which monitors and blocks data in motion), leading them to choose Option A, even though DLP is the correct solution for preventing accidental external sharing of sensitive content like credit card numbers.

How to eliminate wrong answers

Option A is wrong because sensitivity labels and Microsoft Purview Information Protection focus on classifying and protecting data through encryption and access controls, but they do not natively scan content in transit or block sharing based on sensitive data patterns like credit card numbers; DLP is required for that detection and enforcement. Option C is wrong because Microsoft Purview Compliance Manager is a risk assessment and compliance management tool that provides a score and recommendations for regulatory frameworks (e.g., GDPR, HIPAA), but it does not actively scan or block data sharing. Option D is wrong because Exchange Online Protection (EOP) provides anti-spam and anti-malware protection for email, and Microsoft Defender for Office 365 adds advanced threat protection (e.g., phishing, safe attachments), but neither includes the content-based sensitive data detection and blocking capabilities of DLP.

102
MCQmedium

A compliance team needs to ensure that any email sent from the Finance department that contains a bank account number is automatically encrypted. External recipients must be able to reply securely without needing to sign up for any service. Which Microsoft Purview solution should they configure?

A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Message Encryption
C.Microsoft Purview Information Protection (sensitivity labels)
D.Microsoft Defender for Office 365
AnswerB

Message Encryption allows sending encrypted emails to any recipient and supports secure reply without separate sign-up. It can be triggered automatically by a DLP policy when sensitive data is detected.

Why this answer

Microsoft Purview Message Encryption (B) is the correct solution because it allows the organization to automatically encrypt emails based on conditions (e.g., emails from Finance containing bank account numbers) and enables external recipients to reply securely using the encrypted reply portal without requiring any sign-up or additional software. This is achieved through Azure Rights Management (Azure RMS) and the Office 365 Message Encryption (OME) portal, which provides a seamless, browser-based experience for external users.

Exam trap

The trap here is that candidates often confuse the automatic encryption trigger in DLP policies with the actual encryption mechanism, forgetting that DLP alone cannot encrypt emails or provide the secure reply portal—those capabilities require Message Encryption (OME) to be configured as the action.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Loss Prevention (DLP) can detect sensitive data like bank account numbers and trigger actions such as blocking or warning, but it does not natively provide automatic encryption of emails with a secure reply mechanism for external recipients; DLP policies can integrate with Message Encryption, but the encryption itself is not a DLP feature. Option C is wrong because Microsoft Purview Information Protection (sensitivity labels) can apply encryption to emails and documents, but they require the recipient to have a Microsoft 365 account or use the Azure RMS client, and they do not offer the built-in, no-sign-up secure reply portal that Message Encryption provides for external users. Option D is wrong because Microsoft Defender for Office 365 focuses on threat protection (anti-phishing, anti-malware, safe attachments/links) and does not include native email encryption or secure reply capabilities for external recipients.

103
Multi-Selectmedium

Which TWO components are part of Microsoft's Service Trust Portal?

Select 2 answers
A.Audit reports and compliance guides
B.Azure portal
C.Compliance Manager
D.Microsoft Purview compliance portal
E.Microsoft 365 Defender portal
AnswersA, C

The Service Trust Portal hosts audit reports and compliance guides.

Why this answer

Options A and C are correct. The Service Trust Portal provides compliance reports, audit reports, and trust documents. Options B, D, and E are not part of the Service Trust Portal; they are separate portals.

104
Multi-Selectmedium

A security team wants Microsoft 365 access to be allowed only when a user's device is marked compliant by management policy. Which two capabilities are normally combined? (Choose two.)

Select 2 answers
A.Microsoft Stream
B.Microsoft Intune compliance policies
C.Microsoft Forms
D.Conditional Access
AnswersB, D

Intune evaluates whether devices meet compliance requirements.

Why this answer

Microsoft Intune compliance policies define the rules that a device must meet (e.g., encryption, OS version, threat level) to be considered compliant. Conditional Access enforces access decisions based on signals like device compliance status, blocking or granting access to Microsoft 365 services. Together, they ensure only compliant devices can access corporate resources.

Exam trap

The trap here is that candidates often confuse Microsoft Intune compliance policies with device management enrollment, forgetting that Conditional Access is the enforcement engine that actually gates access based on the compliance signal.

105
MCQmedium

Your company uses Microsoft 365 and wants to ensure that when employees access Microsoft 365 from unmanaged devices, they can only view data but not download or print it. Which technology should you use?

A.Microsoft Intune compliance policies
B.Microsoft Entra Conditional Access with session controls
C.Sensitivity labels with encryption
D.Microsoft Purview Data Loss Prevention (DLP) policies
AnswerB

Session controls can restrict download, print, and copy from the browser.

Why this answer

Option C is correct: Conditional Access with session controls can block download/print. Option A is incorrect because DLP policies block sharing but not download from browser. Option B is incorrect because Intune compliance policies require device enrollment.

Option D is incorrect because Sensitivity labels with encryption do not block printing.

106
MCQmedium

During a Microsoft 365 planning workshop, let users reset forgotten passwords without calling the help desk. Microsoft security, identity, or compliance capability should it use?

A.Self-service password reset (SSPR)
B.Microsoft Planner
C.Microsoft Stream
D.Microsoft Forms
AnswerA

SSPR lets users verify their identity and reset passwords without administrator intervention.

Why this answer

Self-service password reset (SSPR) is the correct Microsoft 365 capability because it allows users to reset their own forgotten passwords without requiring help desk intervention. SSPR is part of Microsoft Entra ID (formerly Azure Active Directory) and enforces security through multi-factor authentication verification before allowing a password change. This directly addresses the requirement to reduce help desk calls while maintaining identity security.

Exam trap

The trap here is that candidates confuse productivity tools (Planner, Stream, Forms) with security capabilities, assuming any Microsoft 365 service can handle identity tasks, when only Entra ID-based features like SSPR are designed for password management.

How to eliminate wrong answers

Option B (Microsoft Planner) is wrong because it is a task management and project planning tool, not an identity or security feature; it cannot reset passwords. Option C (Microsoft Stream) is wrong because it is a video sharing and management platform, unrelated to authentication or password operations. Option D (Microsoft Forms) is wrong because it is a survey and data collection tool, with no capability to modify user passwords or manage identity.

107
MCQhard

A multinational corporation uses Microsoft 365 and must comply with the General Data Protection Regulation (GDPR). They need to respond to a data subject access request (DSAR) within the mandated timeframe. Which Microsoft Purview tool should they use to search for personal data across Exchange Online, SharePoint Online, and OneDrive for Business?

A.eDiscovery (Standard)
B.Content Search
C.Audit log search
D.Data Lifecycle Management
AnswerB

Content Search can find personal data across workloads.

Why this answer

Option C is correct because Content Search in the Microsoft Purview compliance portal allows searching across Exchange, SharePoint, and OneDrive for personal data to fulfill DSARs. Option A is incorrect because eDiscovery (Standard) is for legal discovery, not specifically DSAR. Option B is incorrect because Audit log search is for searching audit records, not content.

Option D is incorrect because Data Lifecycle Management focuses on retention and deletion, not search.

108
Multi-Selecteasy

Which TWO are features of Microsoft Entra ID? (Choose two.)

Select 2 answers
A.Mobile device management
B.Identity and access management
C.Data Loss Prevention policies
E.Sensitivity labels
AnswersB, D

Core feature of Entra ID.

Why this answer

Option A is correct because Microsoft Entra ID provides identity and access management. Option B is correct because it supports Multi-Factor Authentication. Option C is incorrect because DLP is a Purview feature.

Option D is incorrect because device management is Intune. Option E is incorrect because sensitivity labels are Purview.

109
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to give external partners controlled access to Teams and SharePoint resources. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Entra External ID / B2B collaboration
B.Microsoft Stream
C.Microsoft Forms
D.Microsoft Planner
AnswerA

External collaboration allows controlled guest or external identity access.

Why this answer

Microsoft Entra External ID (formerly Azure AD B2B collaboration) is the correct capability because it enables organizations to securely share Teams and SharePoint resources with external partners by inviting them as guest users. This feature uses identity federation to allow partners to authenticate with their own credentials, while enforcing conditional access policies and compliance controls. It directly addresses the requirement for controlled, compliant external access without exposing internal directories or requiring additional licenses for partners.

Exam trap

The trap here is that candidates may confuse collaboration tools (Stream, Forms, Planner) with identity and access management capabilities, failing to recognize that only Microsoft Entra External ID (B2B collaboration) provides the necessary security and compliance controls for external partner access.

How to eliminate wrong answers

Option B (Microsoft Stream) is wrong because it is a video management and sharing service, not an identity or access management tool; it cannot control external partner access to Teams or SharePoint. Option C (Microsoft Forms) is wrong because it is a survey and data collection tool, lacking any capability to manage external identities or access permissions. Option D (Microsoft Planner) is wrong because it is a task management and planning application, with no functionality for identity federation, guest user management, or access control to external partners.

110
MCQhard

A security administrator needs to audit all activities related to a specific user in Exchange Online, SharePoint Online, and Microsoft Entra ID for the past 90 days. They also need to export the audit log as a CSV file. Which Microsoft Purview solution provides this capability without additional licensing beyond Microsoft 365 E3?

A.Microsoft Purview Audit (Standard)
B.Microsoft Purview Audit (Premium)
C.Microsoft Purview eDiscovery (Standard)
D.Microsoft Purview Content Search
AnswerA

Correct. Audit (Standard) is included with E3, retains logs for 90 days, covers the required services, and allows export to CSV.

Why this answer

Microsoft Purview Audit (Standard) is included with Microsoft 365 E3 and provides the ability to search and export audit logs for user activities across Exchange Online, SharePoint Online, and Microsoft Entra ID for up to 90 days. This meets the administrator's requirement without needing additional licensing.

Exam trap

The trap here is that candidates confuse 'auditing user activities' with 'searching for content' and pick Content Search or eDiscovery, not realizing that audit logs track actions (like 'User logged in' or 'Deleted file') while Content Search finds the actual data files.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Audit (Premium) offers extended retention (up to 1 year) and intelligent insights, but it requires an E5 or add-on license, not E3. Option C is wrong because Microsoft Purview eDiscovery (Standard) is designed for legal holds and case-based content searches, not for exporting a raw audit log of user activities as a CSV. Option D is wrong because Microsoft Purview Content Search is used to find and export content (emails, documents) from mailboxes and sites, not to audit administrative or user actions in the audit log.

111
MCQhard

Your company uses Microsoft 365 E5 and has enabled Microsoft Purview Audit (Premium). The security team needs to investigate a potential data breach by searching for all activities related to a specific user in the last 90 days. Which tool should they use?

A.Microsoft Purview Compliance Manager
B.Microsoft Purview Content Search
C.Microsoft Purview Audit (Premium) log search
D.Microsoft Purview eDiscovery (Premium)
AnswerD

eDiscovery Premium can search across mailboxes, SharePoint, etc., for a user.

Why this answer

Option B is correct because Microsoft Purview eDiscovery (Premium) allows searching across content locations for specific users and time frames. Option A is wrong because Audit (Premium) provides audit logs but not a consolidated search across all data. Option C is wrong because Content Search is a more basic tool.

Option D is wrong because Compliance Manager is for assessing compliance posture.

112
Multi-Selectmedium

Which TWO Microsoft 365 tools can help an organization detect and respond to insider data theft?

Select 2 answers
A.Microsoft Intune
B.Microsoft Entra ID Identity Protection
C.Microsoft Sentinel
D.Microsoft Defender for Cloud Apps
E.Microsoft Purview Insider Risk Management
AnswersD, E

Can detect unusual data downloads or sharing.

Why this answer

Insider Risk Management in Microsoft Purview detects insider threats, and Microsoft Defender for Cloud Apps can detect anomalous data exfiltration. The other options are less relevant.

113
Multi-Selecthard

A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)

Select 2 answers
A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview eDiscovery
C.Microsoft Purview Message Encryption
D.Microsoft Purview Audit (Standard)
AnswersA, C

DLP policies can scan emails and documents for sensitive data (e.g., medical record numbers) and automatically block sharing or show policy tips. This is the correct solution for blocking external sharing of PHI.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is correct because it can automatically detect sensitive data, such as medical record numbers (PHI), in emails and apply policy actions like blocking external transmission. This directly addresses the requirement to prevent accidental sharing of PHI via email.

Exam trap

The trap here is that candidates often confuse eDiscovery or Audit with real-time enforcement capabilities, forgetting that DLP is the only option that can actively block or encrypt outbound emails based on content inspection.

114
MCQmedium

A company uses Microsoft Purview to monitor for potential data security incidents. They want to automatically detect and remediate activities like downloading large amounts of data to a personal device. Which solution should they configure?

A.Data Loss Prevention (DLP)
B.Insider Risk Management
C.Audit
D.eDiscovery
AnswerB

Insider Risk Management uses risk indicators to identify and automatically respond to risky user actions such as unusual data downloads.

Why this answer

Insider Risk Management is the correct solution because it is specifically designed to detect and remediate risky user activities that could lead to data security incidents, such as downloading large amounts of data to a personal device. It uses machine learning and behavioral analytics to identify anomalous patterns and can trigger automated remediation actions like blocking the activity or notifying the user.

Exam trap

The trap here is that candidates often confuse Data Loss Prevention (DLP) with Insider Risk Management, assuming DLP handles all data security incidents, but DLP focuses on content-based policies (e.g., credit card numbers) rather than behavioral detection of risky user actions like bulk downloads to personal devices.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) is focused on preventing data exfiltration by enforcing policies on data in use, in transit, or at rest, but it does not natively detect or remediate behavioral patterns like downloading large volumes to a personal device; it typically blocks or alerts on policy violations based on content inspection. Option C is wrong because Audit (Microsoft Purview Audit) is a logging and investigation tool that records user and admin activities for compliance and forensic analysis, but it does not automatically detect or remediate risky behaviors in real time. Option D is wrong because eDiscovery is used for legal and regulatory discovery of electronic content, such as searching and exporting data for litigation or investigations, and has no capability to automatically detect or remediate data security incidents.

115
MCQmedium

An administrator is reviewing a request from users who need to protect users from phishing, unsafe links, and malicious attachments. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Defender for Office 365
B.Microsoft Stream
C.Microsoft Forms
D.Microsoft Planner
AnswerA

Defender for Office 365 provides advanced protection for email and collaboration threats.

Why this answer

Microsoft Defender for Office 365 is the correct choice because it provides advanced threat protection specifically designed to safeguard users against phishing, unsafe links, and malicious attachments. It includes features like Safe Links, Safe Attachments, and anti-phishing policies that scan and detonate URLs and attachments in real-time, leveraging threat intelligence from the Microsoft Intelligent Security Graph.

Exam trap

The trap here is that candidates may confuse general Microsoft 365 productivity apps (Stream, Forms, Planner) with security services, assuming any Microsoft tool can provide protection, but only Defender for Office 365 is purpose-built for phishing and malware defense.

How to eliminate wrong answers

Option B is wrong because Microsoft Stream is a video hosting and sharing service, not a security tool; it cannot protect against phishing, unsafe links, or malicious attachments. Option C is wrong because Microsoft Forms is a survey and quiz creation tool that lacks any built-in threat protection capabilities for email or links. Option D is wrong because Microsoft Planner is a task management and project planning application, with no security features to defend against phishing or malicious content.

116
MCQhard

You are configuring a Communication Compliance policy to detect workplace harassment. The policy currently includes conditions for sensitive information types (credit card numbers, SSN) and keywords. After deployment, the policy generates many irrelevant alerts for routine HR communications that contain the keywords but no harassment. What should you modify to improve detection accuracy?

A.Expand the keyword list to include more terms
B.Add more sensitive information types
C.Enable audit logging for all communications
D.Use a trainable classifier for 'harassment' instead of keyword matching
AnswerD

Trainable classifiers use machine learning to detect harassment more accurately.

Why this answer

The policy should use a trainable classifier specifically for harassment (Option B) instead of broad sensitive info types and keywords. Sensitive info types (A) do not detect harassment. Option C (audit log is not relevant).

Option D (expanding keywords would increase false positives).

117
MCQeasy

A company is deploying Microsoft 365 and wants to ensure that customer financial data remains within the European Union. Which Microsoft 365 feature should the administrator configure?

A.Apply sensitivity labels using Microsoft Purview.
B.Configure Data Location settings in the Microsoft 365 admin center.
C.Set up Conditional Access policies in Microsoft Entra ID.
D.Implement Data Loss Prevention (DLP) policies.
AnswerB

Data Location controls data residency at rest.

Why this answer

Option A is correct because Data Location (or data residency) is a Microsoft 365 feature that allows organizations to specify where their data is stored at rest, ensuring compliance with regional regulations like GDPR. Option B is incorrect because DLP prevents data loss but does not control storage location. Option C is incorrect because Conditional Access controls access, not storage.

Option D is incorrect because sensitivity labels classify data but do not enforce storage location.

118
MCQeasy

A company wants to prevent employees from forwarding sensitive emails outside the organization. Which Microsoft Purview feature should they use?

A.Microsoft Intune Mobile Application Management
B.Microsoft Entra ID Conditional Access
C.Microsoft Defender for Office 365 Anti-Phishing
D.Microsoft Purview Message Encryption
AnswerD

Message Encryption can enforce policies like 'Do Not Forward'.

Why this answer

Microsoft Purview Message Encryption allows encryption and rights protection, including preventing forwarding. Option A is correct. The other options do not specifically prevent forwarding.

119
MCQmedium

A compliance administrator needs to assess compliance posture against standards and improvement actions. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.

A.OneDrive sync client
B.Microsoft Teams live events
C.Microsoft Purview Compliance Manager
D.Microsoft Bookings
AnswerC

Compliance Manager provides assessments, improvement actions, and compliance scoring.

Why this answer

Microsoft Purview Compliance Manager is the correct choice because it provides a built-in, no-code solution for assessing compliance posture against standards (e.g., ISO 27001, NIST) and generates actionable improvement actions. It eliminates the need for custom operational scripts by offering pre-configured assessments and automated tracking of controls.

Exam trap

The trap here is that candidates may confuse Microsoft Purview Compliance Manager with broader security tools like Microsoft Secure Score or Defender for Cloud, but the question specifically requires a compliance posture assessment tool that avoids custom scripts, which Compliance Manager uniquely fulfills.

How to eliminate wrong answers

Option A is wrong because the OneDrive sync client is a file synchronization tool for local and cloud storage, not a compliance assessment or improvement action tool. Option B is wrong because Microsoft Teams live events is a broadcasting feature for real-time virtual events, with no capability to evaluate compliance posture or generate improvement actions. Option D is wrong because Microsoft Bookings is a scheduling and appointment management app, entirely unrelated to compliance assessments or standards-based posture analysis.

120
Multi-Selecthard

Which THREE of the following are capabilities of Microsoft Entra ID that support identity security? (Choose three.)

Select 3 answers
A.Microsoft Defender XDR
B.Microsoft Intune
C.Privileged Identity Management (PIM)
D.Conditional Access
E.Identity Protection
AnswersC, D, E

PIM is part of Entra ID for managing privileged access.

Why this answer

Option A is correct: Conditional Access enforces access policies. Option C is correct: Identity Protection detects risks. Option D is correct: Privileged Identity Management (PIM) manages privileged roles.

Option B is wrong because Microsoft Defender XDR is a separate security product. Option E is wrong because Microsoft Intune is for device management.

121
MCQhard

A multinational company uses Microsoft 365 and wants to ensure that data stored in SharePoint Online is only accessible from specific geographic regions. The company has offices in the US, EU, and Asia. You need to implement a solution that restricts access based on the user's physical location. Which feature should you configure?

A.Data Residency in Microsoft Purview
B.Conditional Access policies in Microsoft Entra ID
C.Geofencing in Microsoft Intune
D.Location-Based Policies in SharePoint Admin Center
AnswerB

Conditional Access policies can block or allow access based on location via IP ranges.

Why this answer

Option C is correct because Conditional Access policies can enforce location-based controls using IP addresses. Location-Based Policies (A) are not a built-in feature. Data Residency (B) is about data storage location, not access control.

Geofencing (D) is a general concept but not a specific Microsoft 365 feature.

122
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to block emails containing credit card numbers from being sent externally. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Planner
B.Data Loss Prevention (DLP)
C.Microsoft Stream
D.Microsoft Forms
AnswerB

DLP detects sensitive information and can block or warn on sharing actions.

Why this answer

Data Loss Prevention (DLP) in Microsoft 365 is the correct capability because it is specifically designed to detect and protect sensitive information, such as credit card numbers, by scanning email content and attachments. DLP policies can be configured to block external transmission of emails containing sensitive data, using built-in sensitive information types like the Credit Card Number rule that matches patterns based on Luhn checksum validation. This directly addresses the service owner's requirement to prevent credit card numbers from being sent externally.

Exam trap

The trap here is that candidates may confuse Microsoft 365 compliance tools with unrelated productivity apps, assuming any 'Microsoft' tool can handle security tasks, but only DLP is purpose-built for content-based email restrictions.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management and project planning tool, not a security or compliance feature; it cannot inspect or block email content. Option C is wrong because Microsoft Stream is a video hosting and sharing platform, with no capability to scan or enforce policies on email transmissions. Option D is wrong because Microsoft Forms is a survey and data collection tool, lacking any data loss prevention or email filtering functionality.

123
MCQhard

An organization needs to prevent users from sharing documents that contain credit card numbers via email and Microsoft Teams. When a user attempts to share such a document, they should see a policy tip explaining the restriction. Which Microsoft Purview solution should the compliance team configure?

A.Microsoft Purview Information Barriers
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Retention Policies
D.Microsoft Purview Sensitivity Labels
AnswerB

DLP policies can detect credit card numbers and other sensitive data in Exchange, SharePoint, OneDrive, and Teams. They can block the action and display a policy tip to inform the user.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect sensitive information types—such as credit card numbers—in documents and communications. DLP policies can be configured to block or warn users via policy tips when they attempt to share such content through email or Microsoft Teams, enforcing compliance without disrupting legitimate work.

Exam trap

The trap here is that candidates often confuse Sensitivity Labels (which classify data) with DLP (which enforces actions based on that classification or on sensitive data patterns), leading them to choose D when the question specifically asks for a solution that scans for credit card numbers and shows policy tips.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Information Barriers restrict communication and collaboration between specific user groups (e.g., to prevent conflicts of interest), but they do not inspect content for sensitive data like credit card numbers or provide policy tips. Option C is wrong because Microsoft Purview Retention Policies manage how long content is kept or deleted for legal or regulatory purposes, not to prevent sharing of sensitive data in real time. Option D is wrong because Microsoft Purview Sensitivity Labels classify and protect content based on sensitivity (e.g., 'Confidential'), but they do not natively scan for specific data patterns like credit card numbers or trigger policy tips on their own; they require integration with DLP for such enforcement.

124
Multi-Selecthard

Which THREE conditions must be met for a Microsoft 365 tenant to use Customer Lockbox?

Select 3 answers
A.An authorized admin must submit a support request to Microsoft.
B.The tenant must be on a Microsoft 365 E3 plan.
C.Microsoft engineers must require access to customer data for troubleshooting.
D.Internal administrators must request access to user mailboxes.
E.The organization must have a Microsoft 365 E5 or G5 license.
AnswersA, C, E

The admin initiates the lockbox request through support.

Why this answer

Options A, C, and E are correct: Customer Lockbox requires an E5 license, the admin must initiate a support request, and it applies only when Microsoft engineers need access. Option B is incorrect because Customer Lockbox is not available in E3. Option D is incorrect because it is for Microsoft engineer access, not internal admin access.

125
MCQhard

A healthcare provider must ensure that patient health information (PHI) is not accidentally shared outside the organization. They want to automatically detect if an email contains PHI (such as diagnosis codes) and block it from being sent externally. Additionally, the sender should receive a notification explaining the block. Which Microsoft Purview solution should be configured?

A.Microsoft Purview Information Protection
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Insider Risk Management
D.Microsoft Purview Audit
AnswerB

Correct. DLP policies can identify sensitive information types (e.g., health records) and enforce actions like blocking the email and sending a policy tip to the sender.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect sensitive information—such as patient health information (PHI) with diagnosis codes—in emails and automatically block external transmission while sending a notification to the sender. DLP policies can be configured with sensitive information types (e.g., HIPAA-defined PHI patterns) and rules to enforce actions like blocking and policy tips.

Exam trap

The trap here is that candidates often confuse Information Protection (labeling) with DLP (enforcement), assuming that applying a sensitivity label alone will block external sharing, when in fact DLP is required to enforce the block and notification action.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Information Protection focuses on classifying and labeling sensitive data (e.g., applying sensitivity labels) but does not inherently enforce real-time blocking of email transmission or send sender notifications; it requires integration with DLP for such actions. Option C is wrong because Microsoft Purview Insider Risk Management is designed to detect and investigate risky user activities (e.g., data exfiltration by insiders) using analytics and alerts, not to automatically block outbound emails containing specific content. Option D is wrong because Microsoft Purview Audit provides logging and investigation of past activities (e.g., who accessed what), but it cannot proactively block emails or notify senders in real time.

126
MCQeasy

A company needs to meet GDPR compliance requirements for data subject requests. Which Microsoft Purview tool should they use to manage these requests?

A.eDiscovery (Premium)
B.Compliance Manager
C.Audit (Premium)
D.Data Lifecycle Management
AnswerB

Compliance Manager helps assess and manage compliance posture, including GDPR.

Why this answer

Option C is correct. Microsoft Purview Compliance Manager helps manage compliance activities, including GDPR requests. Option A is wrong because Data Lifecycle Management focuses on retention.

Option B is wrong because Audit logs record activities. Option D is wrong because eDiscovery is for legal discovery.

127
Multi-Selectmedium

Which three of the following are core components of Microsoft’s Zero Trust security model as implemented in Microsoft 365? (Choose three.)

Select 3 answers
.Verify explicitly
.Use least privileged access
.Assume breach
.Encrypt all data at rest only
.Deploy a single firewall for all traffic
.Require on-premises identity provider

Why this answer

The Zero Trust security model is built on three foundational principles: verify explicitly, use least privileged access, and assume breach. In Microsoft 365, 'verify explicitly' means authenticating and authorizing every access request based on all available data points (user identity, device health, location, etc.). 'Use least privileged access' limits user permissions to only what is necessary, enforced through tools like Privileged Identity Management (PIM) and Conditional Access. 'Assume breach' designs the environment to minimize blast radius and segment access, assuming an attacker is already present, which drives practices like micro-segmentation and continuous monitoring.

Exam trap

The trap here is that candidates often confuse security best practices (like encryption or firewalls) with the core Zero Trust principles, or mistakenly think Zero Trust requires on-premises identity, when in fact it is designed to work with cloud-native identity providers like Azure AD.

128
MCQmedium

A department head asks which Microsoft 365 option should be used to review file access, sharing changes, and administrator actions during an investigation. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Forms
B.Microsoft Planner
C.Microsoft Purview Audit
D.Microsoft Stream
AnswerC

Purview Audit provides searchable audit records of user and admin activities.

Why this answer

Microsoft Purview Audit (formerly Office 365 Audit Log) is the correct choice because it provides a unified audit log that captures file access, sharing changes, and administrator actions across Microsoft 365 services. This capability is essential for security investigations, as it allows administrators to search and export detailed records of user and admin activities, meeting the department head's requirement for reviewing historical actions.

Exam trap

The trap here is that candidates may confuse Microsoft Purview Audit with other Microsoft 365 tools that have 'audit' in their name (e.g., Azure AD audit logs) or mistakenly think that a general productivity tool like Planner or Forms can provide security investigation capabilities, when only Purview Audit is designed for this purpose.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a survey and quiz creation tool, not a security or compliance capability; it does not log file access, sharing changes, or admin actions. Option B is wrong because Microsoft Planner is a task management and project planning application, lacking any audit logging or security investigation features. Option D is wrong because Microsoft Stream is a video hosting and sharing service, which does not provide audit logs for file access, sharing changes, or administrator actions.

129
MCQmedium

Northwind Traders is a legal firm that uses Microsoft 365 E5. They have strict regulatory requirements to retain all email communications for 7 years. Additionally, they need to ensure that employees cannot permanently delete emails before the retention period ends. The IT team has implemented a retention policy in Microsoft Purview to retain all Exchange Online mailboxes for 7 years after creation. However, users are still able to delete emails and permanently delete them from the Recoverable Items folder. You need to ensure that emails are preserved even if users try to delete them. What should you do?

A.Enable Litigation Hold for all mailboxes.
B.Place an In-Place Hold on all mailboxes.
C.Configure an eDiscovery hold for all mailboxes.
D.Create a new retention tag in the default MRM policy to prevent deletion.
AnswerA

Litigation Hold preserves all mailbox content, including deleted items, preventing permanent deletion.

Why this answer

Option A is correct. Litigation Hold preserves all mailbox content indefinitely, preventing any permanent deletion. Retention policies alone do not prevent deletion; they only retain deleted items for the specified period.

Option B (MRM policy) is for managing mailbox storage, not preservation. Option C (in-place hold) is similar but requires targeting specific mailboxes. Option D (eDiscovery hold) is for legal cases, not broad retention.

130
Multi-Selectmedium

A company is expanding globally and needs to meet data residency and compliance requirements in multiple regions. Which three Microsoft 365 compliance and privacy features should they consider? (Choose three.)

Select 3 answers
.Data Loss Prevention (DLP) policies
.Compliance Manager
.Customer Lockbox
.Azure Active Directory (Azure AD) Connect
.Microsoft 365 Copilot
.Exchange Online archival mailboxes

Why this answer

Data Loss Prevention (DLP) policies help organizations identify, monitor, and protect sensitive data across Microsoft 365 services, ensuring compliance with regional data residency requirements by preventing unauthorized sharing or leakage. Compliance Manager provides a centralized dashboard to assess compliance posture against regulations like GDPR, ISO 27001, and local data residency laws, offering actionable recommendations. Customer Lockbox ensures that Microsoft support engineers cannot access customer data without explicit approval, addressing privacy and data sovereignty concerns in multi-region deployments.

Exam trap

The trap here is that candidates confuse Azure AD Connect as a compliance feature because it involves identity management, but it is purely an identity synchronization tool with no direct role in data residency or privacy compliance.

131
MCQeasy

A company wants to ensure that employees can access corporate email on personal mobile devices without the company being able to wipe the entire device. What should you use?

A.Microsoft Intune Mobile Device Management (MDM)
B.Conditional Access policies in Microsoft Entra ID
C.Microsoft Intune Mobile Application Management (MAM)
D.Microsoft Intune App Protection Policies (APP)
AnswerD

APP protects app data and allows selective wipe of corporate data.

Why this answer

Intune App Protection Policies (APP) (B) protect data at the app level and allow selective wipe. Option A (MDM) can wipe the whole device. Option C (CA) controls access.

Option D (MAM) is essentially APP.

132
MCQmedium

A compliance officer needs to automatically classify and protect documents stored in SharePoint Online that contain personal data such as passport numbers. The classification should happen without user intervention and must apply encryption and access restrictions. Which Microsoft Purview solution should be configured?

A.Data Loss Prevention (DLP) policy
B.Sensitivity labels with auto-labeling
C.eDiscovery (Standard)
D.Communication Compliance
AnswerB

Auto-labeling policies can scan documents for sensitive data types and automatically apply a sensitivity label that enforces encryption and access restrictions.

Why this answer

Sensitivity labels with auto-labeling (Option B) are the correct solution because they can automatically classify documents based on patterns like passport numbers using trainable classifiers or exact data match (EDM), and then apply encryption and access restrictions via the label's protection settings—all without user intervention. This meets the compliance officer's requirement for automatic classification and protection of personal data in SharePoint Online.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling, but DLP only monitors and blocks sharing actions, while auto-labeling applies persistent protection (encryption and access restrictions) directly to the document content.

How to eliminate wrong answers

Option A is wrong because a Data Loss Prevention (DLP) policy detects and blocks sharing of sensitive data but does not automatically classify or apply persistent encryption and access restrictions to documents; it only triggers alerts or blocks actions. Option C is wrong because eDiscovery (Standard) is used for searching and exporting content for legal or investigative purposes, not for automatic classification or protection of documents. Option D is wrong because Communication Compliance is designed to monitor and detect policy violations in communications like email and Teams, not to classify or protect documents stored in SharePoint Online.

133
MCQhard

A multinational corporation needs to restrict access to Microsoft 365 services based on user location and device state. They have offices in countries with strict data sovereignty laws. Which combination of Microsoft Entra ID features should they use to enforce these policies?

A.Microsoft Entra ID Governance
B.Conditional Access with location policies and device compliance
C.Identity Protection and Privileged Identity Management
D.Conditional Access with device compliance policies only
E.Conditional Access with location policies only
AnswerB

Combining location and device compliance in Conditional Access meets both requirements.

Why this answer

Conditional Access policies can be configured to block or allow access based on location and device state. Option D is correct because it combines both location and device compliance. Option A misses device state, Option B misses location, Option C is not a specific feature, and Option E is for identity protection, not control.

134
MCQmedium

A company wants to ensure that sensitive documents classified as 'Confidential' are automatically encrypted and have restricted access permissions applied when they are shared via email. The protection must persist even if the email is forwarded to external parties. Which Microsoft Purview solution should be used?

A.Microsoft Purview Information Protection
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Message Encryption
D.Microsoft Purview Compliance Manager
AnswerA

Correct. Sensitivity labels can enforce encryption and permissions that remain with the document even when forwarded externally.

Why this answer

Microsoft Purview Information Protection (A) is correct because it enables classification and labeling of documents (e.g., 'Confidential'), with built-in encryption and rights management that persists regardless of where the document is shared or forwarded. This is achieved through Azure Rights Management (Azure RMS), which enforces access restrictions even when the email is forwarded to external parties, ensuring the protection travels with the content.

Exam trap

The trap here is that candidates confuse Microsoft Purview Message Encryption (which encrypts the email transport) with Information Protection (which applies persistent rights management to the content itself), leading them to choose C when the question explicitly requires protection that persists after forwarding.

How to eliminate wrong answers

Option B (Microsoft Purview Data Loss Prevention) is wrong because DLP policies detect and prevent accidental sharing of sensitive data but do not apply persistent encryption or access restrictions that survive forwarding; they block or warn at the point of transmission. Option C (Microsoft Purview Message Encryption) is wrong because it encrypts the email message itself (using OME) but does not apply persistent rights management to attachments or documents; once decrypted, the content loses protection. Option D (Microsoft Purview Compliance Manager) is wrong because it is a risk assessment and compliance management tool that tracks regulatory posture, not a solution for applying encryption or access controls to content.

135
MCQeasy

A company is adopting Microsoft 365 and wants to ensure they can investigate security incidents across email, endpoints, and identities in a unified console. Which Microsoft 365 workload should they use?

A.Microsoft Intune
B.Microsoft Sentinel
C.Microsoft Purview Compliance Portal
D.Microsoft Defender XDR
AnswerD

Defender XDR integrates signals across email, endpoints, and identities.

Why this answer

Option B is correct because Microsoft Defender XDR (formerly Microsoft 365 Defender) provides a unified incident investigation experience across domains. Option A is incorrect because Microsoft Sentinel is a SIEM that aggregates logs but is not the unified console in Microsoft 365. Option C is incorrect because Microsoft Purview is for compliance and governance, not security investigation.

Option D is incorrect because Microsoft Intune is for device management.

136
MCQmedium

A healthcare organization uses Microsoft 365 and needs to prevent sensitive patient data from being emailed externally. They have enabled Microsoft Purview Data Loss Prevention (DLP). What additional step should they take to ensure that end users are educated when they attempt to send such data?

A.Enable auditing in Microsoft Purview Compliance Portal.
B.Deploy Microsoft Defender for Cloud Apps.
C.Apply a sensitivity label that blocks external sharing.
D.Configure a policy tip in the DLP policy.
AnswerD

Policy tips educate users when they violate a DLP rule.

Why this answer

Option B is correct because configuring a policy tip in DLP policies shows a notification to users when they attempt to send sensitive data, educating them about the policy. Option A is incorrect because sensitivity labels classify data but do not provide real-time user education. Option C is incorrect because auditing only logs events, it does not educate users.

Option D is incorrect because Microsoft Defender for Cloud Apps is for cloud access security, not inline user education.

137
MCQeasy

Tailwind Traders uses Microsoft 365 Business Premium. They have 200 users and want to ensure that company data on mobile devices is protected. They have implemented Microsoft Intune for mobile device management (MDM). Now they need to ensure that if a device is lost or stolen, the company data on the device can be removed without affecting personal data. The devices are personally owned (BYOD). What should you configure?

A.Configure an App Protection Policy to wipe managed apps when the device is reported lost.
B.Create a device compliance policy that requires a PIN to access the device.
C.Configure a selective wipe in Intune to remove corporate data.
D.Configure a full wipe in Intune for the device.
AnswerC

Selective wipe removes only managed corporate data and apps, preserving personal data.

Why this answer

Option B is correct. A selective wipe in Intune removes only corporate data from a device, leaving personal data intact. Option A (full wipe) removes all data, which is not desired.

Option C (device compliance policy) enforces compliance but does not wipe data. Option D (App Protection Policy) is for app-level data protection but does not provide a remote wipe for the whole device.

138
MCQmedium

A compliance officer needs to identify users who are at risk of leaking sensitive data based on their activities such as copying files to USB drives or emailing content outside the organization. The solution must also allow reviewing the activities in a case-based workflow. Which Microsoft Purview solution should they use?

A.Microsoft Purview Data Loss Prevention
B.Microsoft Purview Insider Risk Management
C.Microsoft Purview Audit (Premium)
D.Microsoft Purview Communication Compliance
AnswerB

This solution identifies, triages, and investigates risky user activities, offering a case-based workflow to review potential data leaks.

Why this answer

Microsoft Purview Insider Risk Management is specifically designed to detect, investigate, and act on risky user activities that could lead to data leaks, such as copying files to USB drives or emailing sensitive content externally. It provides a case-based workflow for reviewing and managing these activities, aligning directly with the compliance officer's requirements.

Exam trap

The trap here is that candidates often confuse Data Loss Prevention (DLP) with Insider Risk Management, but DLP is a preventive control that blocks actions in real-time, whereas Insider Risk Management is a detective control that identifies risky users and provides a case workflow for post-event review.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Loss Prevention (DLP) focuses on preventing data leaks through policies that block or warn users in real-time, but it does not provide a case-based workflow for reviewing activities after they occur. Option C is wrong because Microsoft Purview Audit (Premium) logs user and admin activities for forensic investigation but lacks the risk analysis, user risk scoring, and case management workflow needed to identify at-risk users proactively. Option D is wrong because Microsoft Purview Communication Compliance is designed to detect policy violations in communications (e.g., harassment, insider trading) and does not cover activities like copying files to USB drives or emailing content outside the organization.

139
MCQmedium

An administrator needs to monitor and investigate potential data breaches by reviewing detailed records of file access and sharing activities across Microsoft 365. They require a centralized report showing who accessed what, from where, and any unusual patterns. Which tool should they use?

A.Microsoft 365 Defender
B.Microsoft Purview Audit (Standard)
C.Microsoft Purview eDiscovery
D.Microsoft Secure Score
AnswerB

Audit logs capture detailed records of user and admin activities, including file access and sharing, which can be searched and analyzed for potential breaches.

Why this answer

Microsoft Purview Audit (Standard) is the correct tool because it provides a centralized, searchable log of all file access and sharing activities across Microsoft 365 services, including who accessed what, from which IP address, and when. This allows administrators to detect and investigate unusual patterns indicative of data breaches by reviewing detailed audit records.

Exam trap

The trap here is that candidates often confuse Microsoft 365 Defender (a threat protection tool) with audit logging, but the question specifically asks for a centralized report of historical file access and sharing activities, which only Purview Audit provides.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Defender is a security incident response and threat protection platform that focuses on detecting and responding to active threats (like malware or phishing), not on providing detailed historical audit logs of file access and sharing activities. Option C is wrong because Microsoft Purview eDiscovery is designed for legal discovery and compliance searches to find and export content (e.g., emails, documents) for litigation, not for monitoring real-time or historical access patterns. Option D is wrong because Microsoft Secure Score is a security posture assessment tool that measures an organization's security configuration against best practices, not a logging or monitoring tool for file access activities.

140
Multi-Selectmedium

Which three options describe key capabilities of Microsoft Purview that help organizations manage compliance and data governance in Microsoft 365? (Choose three.)

Select 3 answers
.Automatically classify and label sensitive data across Microsoft 365 services
.Apply retention policies and labels to preserve or delete content based on legal requirements
.Conduct eDiscovery searches and hold content for legal cases
.Manage user passwords and enforce multi-factor authentication
.Monitor network traffic to prevent DDoS attacks
.Provide anti-malware and phishing protection in email

Why this answer

Microsoft Purview provides integrated data governance and compliance capabilities across Microsoft 365. It automatically classifies and labels sensitive data using trainable classifiers and exact data match, applies retention policies and labels to meet legal and regulatory requirements, and enables eDiscovery searches with legal hold to preserve content for litigation. These three capabilities directly address data classification, lifecycle management, and legal discovery.

Exam trap

The trap here is that candidates confuse Microsoft Purview with other Microsoft 365 security services like Microsoft Entra ID (identity) or Microsoft Defender (threat protection), leading them to select options that are valid security features but not part of Purview's compliance and data governance scope.

141
MCQmedium

An organization uses Microsoft 365 Copilot and wants to ensure that Copilot responses are based only on data the user has permission to access. Which principle does this enforce?

A.Defense in depth
B.Segregation of duties
C.Zero Trust
D.Least privilege
AnswerD

Least privilege ensures users only access data they have permissions for.

Why this answer

The principle of least privilege ensures users only access data they need. Copilot respects existing permissions. Option B is correct.

Options A, C, and D are incorrect.

142
MCQeasy

A company wants to ensure that all Microsoft 365 users authenticate using multi-factor authentication (MFA). Which Microsoft 365 security feature should they configure?

A.Microsoft Intune compliance policies
B.Microsoft Purview Data Loss Prevention
C.Microsoft Defender XDR
D.Microsoft Entra ID Conditional Access
AnswerD

Conditional Access policies can require MFA for all users.

Why this answer

Option B is correct because Microsoft Entra ID Conditional Access policies can enforce MFA for all users. Option A is wrong because Microsoft Defender XDR is for threat detection and response. Option C is wrong because Microsoft Intune is for device management.

Option D is wrong because Microsoft Purview is for compliance and information protection.

143
MCQhard

Fabrikam Inc. is a technology company that uses Microsoft 365 E5. They have implemented Microsoft Defender XDR to monitor for threats. The security team wants to receive alerts when a user is compromised, such as when a user's credentials are used from an unusual location. They also want to automatically block the user from signing in until the risk is mitigated. You need to configure a solution that automatically detects and responds to such identity risks. What should you configure?

A.Enable Microsoft Defender for Cloud Apps to monitor user activities.
B.Configure Identity Protection in Microsoft Entra ID to detect risky sign-ins and enable the 'User risk policy' to automatically block high-risk users.
C.Deploy Microsoft Sentinel and create analytics rules to detect and respond to identity threats.
D.Create a Conditional Access policy that requires MFA for all sign-ins.
AnswerB

Identity Protection can detect and automatically block high-risk sign-ins.

Why this answer

Option C is correct. Identity Protection in Microsoft Entra ID can detect risky sign-ins and users, and can be configured to automatically block sign-ins or require MFA. Option A (Conditional Access) can enforce policies based on risk, but the automatic blocking is handled by Identity Protection.

Option B (Defender for Cloud Apps) is for app-level protection. Option D (Microsoft Sentinel) is for SIEM, not automatic response.

144
Multi-Selecthard

Which THREE Microsoft Purview features are part of the eDiscovery workflow for legal investigations?

Select 3 answers
A.Communication
B.Content Search
C.Export
D.Analytics
E.eDiscovery Hold
AnswersB, C, E

Used to search for relevant content.

Why this answer

eDiscovery workflow includes Content Search (identify data), Hold (preserve data), and Export (export data for review). Communication is part of eDiscovery Premium but not always required; Analytics is not a standard eDiscovery feature.

145
MCQhard

You run the above PowerShell cmdlets against Microsoft Entra ID. What is the output?

A.List of Microsoft 365 group names the user is a member of
B.List of roles assigned to the user
C.List of devices enrolled by the user
D.List of licenses assigned to the user
AnswerA

Get-MgUserMemberOf returns group memberships; filter for groups and select DisplayName.

Why this answer

The cmdlets retrieve the user's group memberships and filter for groups, outputting display names. Option C is correct. It does not show roles, licenses, or devices.

146
MCQmedium

Refer to the exhibit. The exhibit shows an anti-phishing policy in Microsoft Defender for Office 365. Which users receive the highest level of protection?

A.All users in the organization.
B.Only users in the quarantine list.
C.The CEO and CFO specifically.
D.Users with phishing threshold level 2.
AnswerC

Targeted users receive advanced protection.

Why this answer

Option B is correct: Targeted user protection explicitly lists the CEO and CFO, who get additional protection. Option A is incorrect because all users get the policy but targeted users get extra protection. Option C is incorrect because the policy is enabled for all users.

Option D is incorrect because the policy applies to all users, not just targeted.

147
MCQhard

A global financial services firm needs to protect highly confidential documents containing trade secrets. The protection must restrict access to a specific group of employees, prevent editing and printing, and remain enforced even if the document is downloaded and saved to an external device. Which Microsoft Purview solution should be used?

A.Sensitivity labels (Azure Information Protection)
B.Data Loss Prevention (DLP) policy
C.Information Barriers
D.Advanced Audit
AnswerA

Correct. Sensitivity labels apply encryption and usage restrictions (view, edit, print) that follow the document even when stored externally.

Why this answer

Sensitivity labels from Azure Information Protection (AIP) allow you to classify and protect documents with persistent protection that travels with the file, even when it is downloaded to an external device. By configuring a sensitivity label with encryption, you can restrict access to a specific group of employees, disable editing and printing, and enforce these restrictions regardless of where the file is stored. This meets all the requirements of the scenario, including persistent protection after download.

Exam trap

The trap here is that candidates often confuse DLP policies with sensitivity labels, thinking DLP can protect files after download, but DLP only monitors and blocks at the point of sharing, not persistently encrypting the file.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies are designed to detect and prevent the sharing of sensitive information via email, Teams, or cloud apps, but they do not apply persistent protection (encryption, rights management) to files after they are downloaded to an external device. Option C is wrong because Information Barriers are used to prevent communication and collaboration between specific groups (e.g., to avoid conflicts of interest), not to protect documents with encryption or restrict editing/printing. Option D is wrong because Advanced Audit provides detailed logging and investigation of user and admin activities, but it does not enforce access controls or persistent protection on documents.

148
MCQmedium

A compliance officer needs to automatically classify documents stored in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. The classification must apply a sensitivity label that encrypts the document and restricts access to only employees in the Legal department. The process should run without any user interaction. Which Microsoft Purview solution should be configured?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Information Protection with auto-labeling
D.Microsoft Purview Insider Risk Management
AnswerC

Auto-labeling policies in Purview Information Protection can automatically classify and protect documents based on content, applying the appropriate sensitivity label (including encryption and access restrictions) without user intervention.

Why this answer

Option C is correct because Microsoft Purview Information Protection with auto-labeling can automatically detect PII (e.g., social security numbers) in documents stored in SharePoint Online and apply a sensitivity label that encrypts the content and restricts access to the Legal department. This process runs without user interaction, meeting the compliance officer's requirement for automatic classification and protection.

Exam trap

The trap here is that candidates often confuse DLP policies (which block sharing) with auto-labeling policies (which apply sensitivity labels and encryption), but DLP does not automatically encrypt or restrict access via sensitivity labels.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Lifecycle Management focuses on retaining or deleting data based on policies (e.g., retention labels), not on automatically classifying or encrypting documents with sensitivity labels. Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to prevent unauthorized sharing or exfiltration of sensitive data (e.g., blocking emails or file transfers), not to apply sensitivity labels that encrypt and restrict access. Option D is wrong because Microsoft Purview Insider Risk Management detects risky user activities (e.g., data theft by insiders) through analytics and alerts, but does not automatically classify or encrypt documents with sensitivity labels.

149
MCQmedium

Your organization is deploying Microsoft 365 Copilot. The compliance team is concerned that Copilot might expose sensitive data in its responses. What should you configure to prevent Copilot from using sensitive content?

A.Retention policies
B.Sensitivity labels with 'Copilot' condition
C.Data Loss Prevention policies
D.Unified audit log
AnswerB

Sensitivity labels can mark content that Copilot should not use.

Why this answer

Sensitivity labels (C) can restrict Copilot from accessing labeled content. Option A (DLP) blocks sharing, not Copilot. Option B (retention) is for preservation.

Option D (audit) logs usage.

150
MCQeasy

A company wants to ensure that only managed and compliant devices can access corporate email in Microsoft 365. Which Microsoft Entra ID capability should they configure?

A.Conditional Access
B.Microsoft Authenticator
C.Privileged Identity Management
D.Identity Protection
AnswerA

Conditional Access can enforce device compliance requirements.

Why this answer

Option B is correct because Conditional Access policies in Microsoft Entra ID can require devices to be compliant (e.g., via Intune) before granting access. Option A is incorrect because Identity Protection is for risk detection, not device compliance. Option C is incorrect because Privileged Identity Management is for managing admin roles.

Option D is incorrect because Microsoft Authenticator is an app for MFA, not device compliance.

← PreviousPage 2 of 4 · 269 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Describe Security Compliance Privacy And Trust In Microsoft 365 questions.