Describe the capabilities of Microsoft compliance solutions

A healthcare organization uses Microsoft Purview to protect patient health information (PHI). They need to identify sensitive data stored in Microsoft SharePoint Online and prevent unauthorized sharing. Which two Purview solutions should they implement? (Select all that apply.)

A multinational corporation must comply with the General Data Protection Regulation (GDPR). They use Microsoft Purview Compliance Manager to manage compliance activities. The compliance manager wants to automatically assign each control to the appropriate team member for remediation. What should they configure?

A company is subject to a legal hold for an ongoing investigation. The IT administrator must prevent the deletion of any documents related to this case across SharePoint Online and OneDrive, overriding any existing deletion policies. Which Microsoft Purview capability should the administrator use?

A company wants to automatically apply a 'Confidential' sensitivity label to any document that contains a credit card number, and also encrypt the document as part of the label. Which two components must be configured to achieve this? (Choose two.)

A company must retain all customer contracts for 10 years to comply with industry regulations. After 10 years, the contracts must be permanently deleted. Which Microsoft Purview solution should be used to automate this process?

A healthcare organization uses Microsoft 365 and wants to prevent users from sending emails that contain patient health information (PHI) to external recipients. Which Microsoft Purview solution should they implement?

A multinational corporation must retain all financial records for 7 years and then permanently delete them. The compliance officer wants to ensure that even a global administrator cannot modify or delete the retention policy. Which Microsoft Purview solution and configuration should they use?

A company is subject to a legal investigation and must preserve all email communications related to the case for an indefinite period, even if users try to delete them. The compliance officer needs a solution that can place a hold on specific user mailboxes and prevent any permanent deletion of relevant content. Which Microsoft Purview feature should be used?

A financial services organization needs to prevent communication between its research analysts and investment bankers to comply with regulatory requirements. Which Microsoft Purview solution should the compliance team implement?

A financial institution uses Microsoft 365 and must ensure that Microsoft support engineers cannot access the institution's content (e.g., Exchange Online mailboxes, SharePoint sites) without explicit approval from the institution's compliance officer. The compliance officer needs to review and approve or reject each access request. Which Microsoft Purview feature should be configured?

A financial services organization must prevent employees in the Research department from communicating via email or Microsoft Teams with employees in the Investment Banking department to avoid conflicts of interest. Additionally, they need to prevent any credit card numbers from being shared in emails sent to external recipients. Which combination of Microsoft Purview solutions should they implement?

A company's security team needs to detect and investigate potential data theft by employees who have legitimate access to sensitive data. They want a solution that uses heuristics and behavioral analytics to identify risky user actions such as data exfiltration to personal cloud storage. Which Microsoft Purview solution should they use?

A company must retain all vendor contracts for 10 years to meet regulatory requirements. After 10 years, the contracts must be permanently destroyed with no possibility of recovery. The compliance team wants to automate this lifecycle and ensure that during the retention period, the contracts cannot be edited or deleted by users. Which Microsoft Purview solution should they use?

A compliance officer needs to evaluate their organization's security and compliance posture against multiple regulatory frameworks such as HIPAA, GDPR, and ISO 27001. The solution must provide a continuous assessment score, actionable improvement actions, and the ability to track implementation progress. Which Microsoft Purview solution should they use?

A multinational corporation must comply with several regulatory frameworks, including GDPR, SOX, and HIPAA. The compliance officer wants to continuously assess the organization's compliance posture against these regulations, receive prioritized improvement actions, and track the implementation progress of those actions. Which Microsoft Purview solution should the compliance officer use?

A financial services company must comply with a regulation that requires all audit-related documents to be retained for 7 years and then permanently deleted. The compliance officer wants to ensure that even if a user modifies or deletes a file, the original content is preserved for the full 7 years, and at the end of the period the files are automatically destroyed without any manual approval. The company uses Microsoft 365 and stores these documents in SharePoint Online and Microsoft Teams. Which Microsoft Purview solution should the compliance officer configure?

A company receives a subject rights request (SRR) from a customer under GDPR, asking for the deletion of all personal data held about them. The compliance team needs a tool to orchestrate the discovery of this data across Microsoft 365 and other systems, and to track the response and fulfillment of the request. Which Microsoft Purview solution should they use?

A law firm uses Microsoft 365 and has two legal teams working on opposing sides of the same lawsuit. The compliance officer needs to prevent any communication (email, Teams chat, file sharing) between the two teams. Additionally, the firm must block emails containing the case name from being sent outside the organization. Which two Microsoft Purview solutions should be configured to meet these requirements? (Choose two.)

A legal team is involved in a lawsuit and needs to ensure that all emails and documents related to the case are preserved in their original state, even if users edit or delete them. They also need the ability to search for these items and export them for legal review. Which Microsoft Purview solution should the compliance team configure to meet these requirements?

A multinational organization uses Microsoft 365 and must demonstrate compliance with both GDPR and ISO 27001. The compliance team needs a centralized tool to assess their current compliance posture against these frameworks, receive prioritized improvement actions, and track the implementation of those actions over time. Which Microsoft Purview solution should they use?

A company has a policy that prohibits employees from sharing confidential customer data with unauthorized parties. The compliance team needs to detect patterns of unusual user activity that may indicate insider data theft, such as downloading large volumes of data to a personal device or emailing sensitive files to external recipients. They also want to investigate the activity and take remediation actions like generating a case for litigation or notifying the user's manager. Which Microsoft Purview solution should they use?

A financial services firm is required by regulatory bodies to monitor employee communications (email, Teams chats) for potential insider trading or market manipulation. They need a solution that allows them to define policies to detect messages containing specific keywords or phrases (e.g., 'confidential', 'insider info'), and then assign flagged messages to designated reviewers for investigation. Which Microsoft Purview solution should they use?

A company stores financial reports in SharePoint Online that contain credit card numbers. The compliance team needs to automatically apply a sensitivity label that encrypts the documents when they detect credit card data. Which Microsoft Purview solution should they configure?

A financial services company uses Microsoft 365 and must prevent employees from emailing credit card numbers in plain text. The compliance team wants to automatically detect credit card numbers in outgoing emails and block them before delivery. They also want to allow users to override the block with a business justification. Which Microsoft Purview solution should they configure?

A legal team is preparing for a lawsuit and needs to perform a detailed investigation of user activities across Microsoft 365 services. They need to view the 'before' and 'after' values whenever a critical item in SharePoint or Exchange is updated or deleted. The investigation requires high-volume export performance and the ability to search by specific activities like 'MailboxFolderAccess' and 'Send'. Which Microsoft Purview solution should be enabled and configured to meet these advanced auditing requirements?

A company stores HR documents in SharePoint Online. The compliance team wants to automatically apply a sensitivity label that encrypts the document whenever it contains a passport number. They do not want users to be able to override this classification. Which Microsoft Purview solution should they configure?

A legal team is preparing for litigation and needs to collect relevant data from Microsoft Teams chats, email, and SharePoint documents. They need to place a hold on the data to prevent deletion, review it, and then use advanced analytics such as relevance ranking and email threading to reduce the review set. Which Microsoft Purview solution should they use to perform these tasks?

A company stores sensitive financial data on on-premises Windows Server file shares. The compliance team needs to automatically discover files containing credit card numbers, classify them by applying a sensitivity label, and optionally enforce protection actions like encryption. They want this solution to run on the on-premises file servers without needing to manually scan. Which Microsoft Purview solution should the compliance team deploy?

A financial services organization must comply with a regulation that requires all communications related to trades (including emails and Teams messages) to be retained for a period of 7 years. During retention, no user may edit or delete these records. After the 7 years, the records must be disposed of with an irreversible deletion that is verified by a compliance officer. Which Microsoft Purview solution should the organization use to enforce both retention and regulatory disposition?

A financial services company is subject to regulations that require monitoring of employee communications for potential market manipulation. The compliance team needs to create policies that automatically detect messages containing phrases like 'insider info' or 'confidential trade' in Microsoft Teams chats and Exchange Online emails. Detected messages should be routed to designated reviewers for investigation, and the company wants a built-in Microsoft Purview solution to handle this process. Which Microsoft Purview solution should they use?

A government agency has extremely sensitive classified data that must be protected even from Microsoft. They require a solution where the encryption keys are stored and managed on-premises within their own hardware security module (HSM), ensuring that Microsoft cannot decrypt their data. Which Microsoft Purview solution should they implement?

A company uses Microsoft 365. The compliance team needs to create a policy that automatically blocks outgoing emails that contain personally identifiable information (PII) such as social security numbers. However, they want to allow users to override the block with a business justification if necessary. Which Microsoft Purview solution should they configure?

A healthcare organization must comply with HIPAA regulations. They store patient health information (PHI) in SharePoint Online documents. The compliance team needs to automatically detect PHI (e.g., medical record numbers) in documents, apply a sensitivity label that encrypts the document, and prevent users from removing that label. Which Microsoft Purview solution should they configure?

A large enterprise is concerned about insider threats. The compliance team needs to detect and investigate potential data theft scenarios, such as when employees nearing their resignation date suddenly copy large amounts of sensitive data to USB drives or email confidential files to personal accounts. They require a solution that uses machine learning to identify risky activities and create alerts for investigation. Which Microsoft Purview solution should they deploy?

A financial services firm has a strict compliance requirement to prevent insider trading. The firm must ensure that employees in the Investment Banking division cannot communicate or share documents via Microsoft Teams and SharePoint Online with employees in the Equity Research division. The solution must automatically block all communication and collaboration between the two groups, and any attempts to share must be denied. Which Microsoft Purview solution should they implement?

A company operates in multiple countries and must comply with GDPR (EU) and CCPA (California). The compliance officer needs a single tool to assess the company's compliance posture against both regulations, get a consolidated compliance score, and receive prioritized improvement actions that can be assigned to responsible teams. The tool should also track progress over time. Which Microsoft Purview solution should the compliance officer use?

A compliance officer needs to investigate a potential data exfiltration incident. They must search the unified audit log for all activities where users accessed a specific sensitive SharePoint site in the last 7 days. Additionally, they need to create a custom alert that triggers when more than 10 file downloads occur from that site within an hour. Which Microsoft Purview solution should they use?

A legal department is preparing for litigation. They need to preserve all potentially relevant content in Exchange Online, SharePoint Online, and Teams to prevent deletion or modification. Additionally, they must search across these locations for specific keywords and export the results for external review. Which Microsoft Purview solution should they use?

A company uses Microsoft Purview. A compliance officer applies a retention label to a set of legal documents and configures the label to mark the items as records. After the label is applied, a user attempts to delete one of these documents from SharePoint Online. What will be the outcome?

A multinational corporation stores highly sensitive intellectual property in SharePoint Online. To meet regulatory requirements, they need an additional layer of encryption beyond Microsoft's baseline encryption. The company wants to manage their own encryption keys using Azure Key Vault, so that if they remove the key from the service, the data becomes unreadable. Which Microsoft Purview solution should they implement?

A company wants to monitor employee communications in Microsoft Teams and Exchange Online for potential policy violations such as harassment or inappropriate sharing of confidential information. They need a solution that allows them to define policies, review flagged messages, and manage investigations. Which Microsoft Purview solution should they use?

A multinational corporation has data stored across multiple clouds (Azure, AWS) and on-premises. The data governance team needs to create a single inventory of all data assets, automatically classify sensitive data (e.g., credit card numbers) across these sources, and track how data moves and transforms (lineage). Which Microsoft Purview solution should they use?

A company uses Microsoft Purview to manage data lifecycle. They configure a retention label that marks content as a regulatory record and apply it to sensitive documents. A user with edit permissions attempts to modify a document that has this label applied. What will be the outcome?

A financial services company is required by regulation to prevent sensitive customer financial information from being shared externally via email. The compliance team wants to automatically scan all outgoing emails for patterns that match credit card numbers or account numbers. If a match is found, the email should be blocked and the sender should receive a policy tip. Which Microsoft Purview solution should be configured?

A healthcare organization must comply with HIPAA regulations. They need to automatically detect and classify sensitive health information such as medical record numbers stored in SharePoint Online and OneDrive. When detected, the solution should apply encryption and restrict access to only authorized personnel. Which Microsoft Purview solution should they configure?

A healthcare organization subject to HIPAA regulations stores patient health information (PHI) in SharePoint Online and OneDrive. The compliance team needs to automatically detect and classify medical record numbers and other PHI when documents are uploaded. Detected sensitive content must be protected by encryption and restricted to authorized users only. Additionally, the team wants to prevent users from sharing such documents externally. Which TWO Microsoft Purview solutions should they combine to achieve these requirements? (Choose two.)

A compliance officer is tasked with continuously assessing the organization's compliance posture against GDPR and ISO 27001. The solution should generate a compliance score based on implemented controls, provide recommended improvement actions, and track remediation progress over time. Which Microsoft Purview solution should they use?

An organization's security team needs to investigate a security incident that occurred two months ago. They need to search the unified audit log for specific activities performed by a user, such as file access, email actions, and sign-in events, to understand the scope of the compromise. Which Microsoft Purview solution provides these audit log search capabilities?

A company is involved in litigation. The legal team needs to preserve all relevant electronic documents that reside in Exchange Online, SharePoint Online, and OneDrive for Business. They must prevent users from deleting or modifying these documents while the lawsuit is active. Additionally, they need to search across these locations for specific keywords and export the results for review. Which Microsoft Purview solution should they use?

A data analyst is planning to leave the company in two weeks and has access to a large volume of sensitive customer data. The compliance team wants to detect if the analyst starts downloading large amounts of files to a personal USB drive or sending sensitive content to an external email address. They need to set up a policy that alerts on such anomalous data exfiltration activities without blocking operations until a thorough investigation is completed. Which Microsoft Purview solution should they configure?

A legal team is preparing for an internal investigation related to a potential policy violation. They need to identify all relevant documents stored in Exchange Online and SharePoint Online, but there are millions of items across the organization. The team wants to use a machine learning model that learns from a set of manually reviewed relevant and non-relevant documents to predict relevance and prioritize review. Which Microsoft Purview solution provides this capability?

An organization needs to detect and address potential policy violations in Microsoft Teams chat messages and channel conversations. They want to configure a policy that automatically scans for keywords related to confidential information and for sensitive data patterns like credit card numbers. When a violation is found, the policy should notify the user and their manager, and optionally escalate to a designated reviewer. Which Microsoft Purview solution should they configure?

A legal team is managing a large litigation case involving over two million documents in SharePoint Online and Exchange Online. They want to reduce the time required for manual review by using a machine learning model that learns from a seed set of relevant and non-relevant documents and then predicts the relevance of the remaining documents. Which Microsoft Purview solution provides this advanced analytical capability?

A legal team needs to preserve all electronic documents related to an ongoing lawsuit. These documents reside in Exchange Online mailboxes, SharePoint Online sites, and OneDrive for Business accounts. The team also needs the ability to search across these locations for specific keywords and export the results for review. Which Microsoft Purview solution should they use?

A financial services company is required by the Payment Card Industry Data Security Standard (PCI-DSS) to retain all documents containing credit card numbers for at least seven years. The compliance team has created a custom sensitive information type (SIT) to detect credit card numbers in Microsoft 365. They want to automatically apply a retention label (e.g., "7-Year Retention") to any document in SharePoint or OneDrive that matches this SIT. Which Microsoft Purview solution should they configure to apply the label automatically based on content?

A company wants to monitor Microsoft Teams messages and corporate emails for policy violations related to potential harassment and inappropriate behavior. They need a solution that allows them to define policies with conditions (e.g., keywords, patterns), automatically flag suspicious conversations, and optionally send notifications to the sender or escalate to a reviewer. Additionally, they need the ability to train employees when a minor violation is detected. Which Microsoft Purview solution should they use?

A multinational corporation wants to detect scenarios where employees in the finance department are accessing and downloading customer credit card data from a CRM system and then emailing that data to personal accounts. The security team needs to define policies that identify this pattern of activity, analyze user behavior over time (e.g., building a user's baseline), and automatically escalate high-risk incidents for investigation. Which Microsoft Purview solution should they deploy?

A company stores customer data in Microsoft 365 and needs to identify which data is subject to GDPR. Which Microsoft Purview solution should be used?

An organization wants to automatically retain emails for 7 years and then delete them. They also need to place a legal hold on specific users' mailboxes to preserve all emails during litigation. Which combination of Microsoft Purview features should they use?

A multinational corporation must comply with regulations that require them to keep financial records for 7 years and then permanently delete them. However, they are currently involved in litigation that requires preservation of all documents related to a specific project. They use Microsoft Purview. Which combination of features should they use to meet both requirements?

A company wants to monitor internal communications for inappropriate content such as harassment or threats, and also prevent employees from accidentally sharing credit card numbers via email. Which combination of Microsoft Purview solutions should they use?

A financial organization is required by regulation to keep all customer transaction records for 10 years. After 10 years, the records must be permanently deleted. In addition, during the retention period, records must not be modifiable or deletable by any user, including administrators. Which Microsoft Purview solution should they use to meet these requirements?

A company uses Microsoft 365 and needs to comply with a regulatory requirement to retain all customer contracts for 5 years after the contract's end date, after which they must be automatically deleted. Additionally, the legal department needs the ability to preserve all documents related to an ongoing lawsuit, overriding any deletion timelines. Which Microsoft Purview solution should the company use?

A healthcare organization must demonstrate compliance with HIPAA by assessing their current posture against regulatory controls, tracking improvement actions, and generating reports for auditors. Which Microsoft Purview solution should they use?

A company is involved in litigation and needs to search for specific emails and documents across Exchange Online, SharePoint Online, and Teams. They also need to place a hold on relevant content to prevent deletion. Which Microsoft Purview solution should they use?

A company uses Microsoft Purview Compliance Manager to improve their compliance posture. They are preparing for a SOC 2 audit and need to score compliance with SOC 2 controls, track improvement actions, and assign tasks to responsible teams. Which component of Compliance Manager should they use to assign and track specific actions to improve their compliance score?

A financial institution uses Microsoft 365 and needs to prevent employees from accidentally sharing sensitive financial data (e.g., account numbers) via email. They also need to inform the sender with a policy tip if they attempt to send such data and block the email if it's shared externally. Which Microsoft Purview solution should they use?

A company uses Microsoft 365 and needs to identify and protect sensitive data, such as credit card numbers, stored in SharePoint Online and OneDrive for Business. They also want to prevent users from sharing this data externally. Which Microsoft Purview solution should they use?

A financial services company uses Microsoft Purview and must comply with a regulation that requires communication surveillance for market abuse. They need to capture all electronic communications (email, Teams chats) of traders and scan for specific keywords and trading patterns. Which Microsoft Purview solution is specifically designed for this?

A security team is investigating a data exfiltration incident. They need to see detailed events such as when a user accessed a file, the exact action (read, write, delete), and the file name. They also need to perform custom searches across all users. Which Microsoft Purview audit solution should they use to meet these requirements?

A compliance officer needs to retain customer records for 7 years and then automatically delete them. However, during an ongoing legal case, the legal team must preserve specific documents indefinitely without affecting the retention policy for other documents. Which combination of Microsoft Purview solutions should the company use?

A financial services organization needs to automatically classify and protect sensitive documents containing credit card information in SharePoint Online and OneDrive for Business. They want a purple-colored label to be applied automatically when the document is saved, and the document should be encrypted with a predefined template that restricts editing to internal users only. Which Microsoft Purview solution should they configure?

A company is involved in litigation and needs to preserve all Exchange Online mailboxes and SharePoint sites related to the case. The legal team also requires the ability to search, review, and export relevant content. Which Microsoft Purview solution should they use?

A company uses Microsoft 365. The compliance department requires that all financial documents be retained for 10 years and then automatically deleted, while marketing documents must be retained for 3 years and then deleted. Additionally, they want to apply a default retention policy to all SharePoint Online sites. Which Microsoft Purview solution should the company use?

A company uses Microsoft 365 and needs to classify and protect sensitive documents by applying encryption and visual markings (headers/footers) based on the content's sensitivity. They also want to automatically revoke access to documents that leave the organization. Which Microsoft Purview solution should they configure?

A company wants to detect potentially malicious insider activities, such as employees copying large volumes of files to external drives or sending sensitive emails to personal accounts. The security team needs to investigate these activities with visual timelines and assign cases for review. Which Microsoft Purview solution should they use?

A compliance officer wants a central dashboard to assess the organization's compliance posture against regulatory standards such as GDPR and ISO 27001. They need actionable recommendations to improve their compliance score and track progress over time. Which Microsoft Purview solution should they use?

A healthcare organization must comply with HIPAA. They need to automatically detect protected health information (PHI) such as medical record numbers in outgoing email, prevent users from sharing these emails with unauthorized external recipients, and apply a retention label that retains PHI emails for six years. Which Microsoft Purview solution should they use?

A company uses Microsoft 365 and needs to automatically apply a retention label to documents that contain personally identifiable information (PII) in SharePoint Online. The label should retain the documents for 5 years and then delete them. Which Microsoft Purview solution should they use?

A compliance officer needs to identify and monitor potentially risky user activities, such as users copying large amounts of data to external devices or sharing sensitive files with unauthorized recipients. They want to create a policy that detects these activities and automatically escalates them for investigation. Which Microsoft Purview solution should they use?

A healthcare organization must comply with HIPAA. They need to automatically detect protected health information (PHI) in emails sent from Exchange Online, prevent users from sharing these emails with unauthorized external recipients, and apply a retention label that retains PHI emails for six years. Which Microsoft Purview solution should they configure?

A financial organization needs to automatically detect documents containing credit card numbers in SharePoint Online and apply a sensitivity label that encrypts the document and restricts editing to internal users. The label must also be automatically assigned when the sensitive content is detected. Which Microsoft Purview solution should they configure?

A security team needs to investigate a potential data leak where an employee may have emailed sensitive customer information to a competitor. They want to search the unified audit log for specific email activities, such as 'Send' or 'Forward', and generate a detailed report. Which Microsoft Purview solution should they use?

A company needs to ensure that employees cannot share sensitive financial reports with external parties via email. They want to automatically detect and block emails that contain the phrase 'Confidential-Financial' in the subject line or body, regardless of the recipient's domain. Which Microsoft Purview solution should they configure?

A financial services firm must monitor employee communications (email and Microsoft Teams) for potential insider trading. The compliance team wants to automatically detect messages containing specific financial keywords (e.g., 'non-public material information') and flag them for review. They also need to be able to remove violating messages from recipients' inboxes. Which Microsoft Purview solution should they configure?

A company needs to automatically detect and protect sensitive information such as credit card numbers in emails sent from Exchange Online and documents stored in SharePoint Online. They want to create policies that can block emails if such data is detected, and also automatically encrypt documents with specific labels. Which Microsoft Purview solution should they use?

A security team needs to investigate a potential data breach that may involve unauthorized access to sensitive files in SharePoint Online and OneDrive for Business. They want to search the unified audit log for file access events, including accesses from mobile devices and third-party applications. Additionally, they need to create custom alert policies that trigger when specific high-privilege users download large volumes of files in a short period. Which Microsoft Purview solution should they use?

A compliance officer needs to automatically detect documents containing passport numbers in SharePoint Online and apply a retention label that retains the documents for 10 years before deleting them. They also want to prevent users from permanently deleting these documents before the retention period ends. Which Microsoft Purview solution should they use to achieve this?

A legal team is handling a lawsuit and needs to gather all electronically stored information (ESI) related to a specific case from across Microsoft 365, including emails, Teams messages, and SharePoint documents. They need to place a hold on the custodians' data to prevent deletion or modification, and then collect, review, and export the data. Which Microsoft Purview solution should they use?

A financial organization needs to automatically detect emails containing the phrase 'Non-Public Material Information' and apply a retention policy that retains those emails for 7 years. They also need to train senders with a policy tip before sending, and if they still send the email, it should be encrypted and blocked from being forwarded outside the organization. Which Microsoft Purview solution should they use?

An organization is subject to regulatory requirements that mandate retention of employee records for 5 years after termination. After the retention period, the records must be permanently deleted. The compliance team wants to automatically enforce this process across all Microsoft 365 locations (Exchange, SharePoint, Teams). Which Microsoft Purview solution should they configure?

A healthcare organization must automatically detect documents containing patient health information (PHI) in SharePoint Online and apply a retention label that retains the documents for 10 years. Additionally, they want to prevent users from permanently deleting these documents during the retention period. Which Microsoft Purview solution should they use to achieve this?

A financial company needs to prevent any communication between their mergers and acquisitions (M&A) team and the trading desk across all Microsoft 365 channels, including email, Microsoft Teams, and SharePoint. They must ensure that no user in one group can send emails to or chat with users in the other group. Which Microsoft Purview solution should they implement?

A company must retain all customer service emails in Exchange Online for 7 years for regulatory purposes. After 7 years, the emails must be automatically deleted. Additionally, employees must not be able to permanently delete these emails before the retention period ends. Which Microsoft Purview solution should they configure?

A company must comply with the General Data Protection Regulation (GDPR). They need a unified solution that provides a compliance score, actionable recommendations to improve their security posture, and the ability to track their progress over time. Additionally, they want to assign improvement actions to specific teams and automate the collection of evidence for controls. Which two Microsoft Purview solutions should the administrator use? (Select two.)

A financial services company needs to monitor employee communications in Microsoft Teams and Exchange Online for potential policy violations, such as sharing insider trading tips. They want to automatically detect specific keywords and phrases, and then allow designated reviewers to flag and escalate the messages. Which Microsoft Purview solution should they use?

A company wants to automatically detect emails in Exchange Online that contain credit card numbers and apply encryption to those emails before they are sent. Which Microsoft Purview solution should the administrator configure?

A security team needs to investigate a potential data breach in Microsoft 365. They require detailed forensic logs showing every instance of mailbox access, mailbox search performed by administrators, and changes to email forwarding rules in Exchange Online. The logs must be retained for 1 year. Which Microsoft Purview solution should they use?

A law firm uses Microsoft 365. They must retain all client communication records for 10 years due to regulatory requirements. After 10 years, the records must be permanently deleted. Additionally, they need to ensure that users cannot permanently delete these records before the retention period ends. Which Microsoft Purview solution should they configure?

A company uses Microsoft 365 and needs to automatically detect documents in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. When such documents are detected, they want to apply a sensitivity label that encrypts the document and restricts access to only the compliance team. Which Microsoft Purview solution should they use?

A company must retain all HR documents stored in SharePoint Online for exactly 7 years. After 7 years, the documents must be automatically deleted. Additionally, employees must not be able to permanently delete these documents before the retention period ends. Which Microsoft Purview solution should they configure?

A multinational corporation must comply with several regulations including GDPR, ISO 27001, and NIST. They need a single solution that provides a compliance score, tracks their progress, and recommends specific improvement actions that can be assigned to different departments. Which Microsoft Purview solution meets these requirements?

A company uses Microsoft 365 and needs to prevent employees in the Mergers & Acquisitions (M&A) department from communicating with employees in the Trading department via Microsoft Teams chat, email, and SharePoint sharing. They must ensure that these restrictions are automatically enforced by Microsoft 365. Which Microsoft Purview solution should the administrator configure?

A company is involved in a legal dispute and must preserve all emails and documents related to the case. The legal team needs to identify specific custodians (employees) and place a hold on their Exchange Online mailboxes and SharePoint sites to prevent any deletion or alteration of relevant content. Additionally, they need to collect the preserved data for review and analysis. Which Microsoft Purview solution should they use?

A company wants to create a sensitivity label called 'Highly Confidential' in Microsoft 365. When applied to a document, the label should automatically encrypt the document and restrict access to employees in the finance department only. Which Microsoft Purview solution should the administrator use to configure this label?

A company uses Microsoft 365 and wants to automatically detect when employees attempt to share credit card numbers in emails or Microsoft Teams messages. The company also wants to block the message if it contains such sensitive data, and notify the sender with a policy tip. Which Microsoft Purview solution should the administrator configure?

A company has a SharePoint Online site that stores project documents. Due to legal requirements, all documents in this site must be retained for exactly 5 years from the date they were created, and then automatically deleted. No user should be able to permanently delete a document before the retention period ends. Which Microsoft Purview solution should the administrator configure?

A financial services firm must comply with regulatory requirements that mandate supervisory review of communications between advisors and clients. They need to automatically capture emails and Microsoft Teams messages from a specific group of advisors, assign them to a supervisor for review, and flag messages containing potential code words for insider trading. Which Microsoft Purview solution should they use?

A company needs to retain all customer emails for 7 years for regulatory compliance. After 7 years, they must be permanently deleted. They also need a legal hold for an ongoing investigation. Which Microsoft Purview solution should they use for the retention and deletion requirement?

A company has a SharePoint Online library containing legal contracts. They must satisfy a regulatory requirement that contracts cannot be modified or deleted after they are signed. Additionally, they need to retain the contracts for 10 years after the contract end date, after which they can be disposed of manually. Which Microsoft Purview solution should they implement?

A consulting firm is involved in a legal investigation. They need to preserve all emails and documents from two specific employees (custodians) related to a contract dispute. The data must be collected and stored in a secure location for legal review without modifying the original data. Which Microsoft Purview solution should they use?

A multinational company uses Microsoft 365 and has a retention policy that automatically applies a 7-year retention label to any document containing a credit card number. The retention label must be automatically applied at the time the document is created or modified. Which Microsoft Purview solution should the administrator use to configure this automatic labeling rule?

A company uses Microsoft 365 and wants to automatically apply a 3-year retention label to any document that contains a patent number in the format PAT-XXXXXX. The label should be applied at the time the document is created or modified. Which Microsoft Purview solution should the administrator configure?

A company is required by a compliance regulation to retain all user and admin activity audit logs for 2 years. They also need the ability to perform faster, historical searches on this audit data. Which Microsoft Purview solution should they use?

A company wants to proactively detect and investigate potential insider security risks, such as a departing employee copying large amounts of data to a personal USB drive or sharing confidential files with unauthorized individuals. Which Microsoft Purview solution should they use?

A healthcare organization uses Microsoft 365 and must comply with HIPAA regulations. They need to assess their current compliance posture, identify gaps, and implement improvement actions. They want a tool that provides a compliance score based on best practices and regulatory frameworks, and offers recommended actions to improve the score. Which Microsoft Purview solution should they use?

A company uses Microsoft 365 and must comply with a regulation that requires all business records, including emails and documents, to be retained for exactly 5 years. They need to automatically apply a retention label to any item that contains the keyword 'Contract' when the item is created or modified. Which Microsoft Purview solution should they use to configure this automatic labeling?

A financial services company uses Microsoft 365 and must comply with PCI DSS. They want to automatically prevent users from sending emails that contain credit card numbers to external recipients. If a user tries to send such an email, the system should block the message and notify the user with a policy tip. Which Microsoft Purview solution should they configure?

A healthcare organization uses Microsoft 365. They need to prevent employees from sharing emails or documents that contain patient medical record numbers (MRNs) with external recipients. If an attempt is made, the message should be blocked and the sender should receive a policy tip notification. Which Microsoft Purview solution should they configure?

A company is involved in a lawsuit. The legal team needs to preserve all emails, documents, and Teams messages from five key employees (custodians) that are related to a specific project. The data must be collected securely and provided for legal review without modifying the original data. Which Microsoft Purview solution should they use?

A company is involved in a legal case and must preserve all emails and documents sent by a specific employee (custodian) that are related to a particular matter. The legal team needs to collect this data into a tamper-proof container for review, ensuring that no original items are modified or deleted. Which Microsoft Purview solution should they use?

An organization uses Microsoft 365. They need to prevent users from sharing credit card numbers in emails and Microsoft Teams messages. When a user attempts to share such sensitive information externally, the message should be blocked and the user should receive a policy tip notification. Which Microsoft Purview solution should they configure?

A company must retain all financial records for exactly 7 years and then automatically delete them. They need to automatically apply a retention label to any document that contains the words 'Invoice' or 'Statement'. Which Microsoft Purview solution should they use?