CCNA Describe the capabilities of Microsoft compliance solutions Questions

75 of 333 questions · Page 2/5 · Describe the capabilities of Microsoft compliance solutions · Answers revealed

76
Drag & Dropmedium

Arrange the steps to conduct a data classification scan using Microsoft Purview Information Protection.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Data classification involves creating labels, publishing them, setting auto-labeling rules, running scans, and reviewing results.

77
MCQmedium

A healthcare organization uses Microsoft 365. They need to prevent employees from sharing emails or documents that contain patient medical record numbers (MRNs) with external recipients. If an attempt is made, the message should be blocked and the sender should receive a policy tip notification. Which Microsoft Purview solution should they configure?

A.Data Lifecycle Management
B.Records Management
C.Data Loss Prevention (DLP)
D.Information Protection
AnswerC

DLP policies can detect sensitive data like MRNs and automatically block sharing with external recipients while showing a policy tip to the sender.

Why this answer

Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect and block the sharing of sensitive information, such as patient medical record numbers (MRNs), with external recipients. DLP policies can be configured to scan emails and documents for patterns (e.g., regex for MRNs), block the transmission, and display a policy tip notification to the sender, meeting all requirements.

Exam trap

The trap here is that candidates often confuse Information Protection (sensitivity labels) with DLP, but labels alone do not block sharing or provide policy tips—they require DLP policies for enforcement.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management focuses on retaining and deleting data based on age or compliance requirements, not on preventing real-time sharing of sensitive data. Option B is wrong because Records Management is used to declare records, apply retention labels, and manage disposition, not to block external sharing or provide policy tips. Option D is wrong because Information Protection (e.g., sensitivity labels) applies classification and encryption but does not inherently block external sharing or trigger policy tip notifications; it requires integration with DLP for enforcement.

78
MCQhard

A security team needs to investigate a potential data breach that may involve unauthorized access to sensitive files in SharePoint Online and OneDrive for Business. They want to search the unified audit log for file access events, including accesses from mobile devices and third-party applications. Additionally, they need to create custom alert policies that trigger when specific high-privilege users download large volumes of files in a short period. Which Microsoft Purview solution should they use?

A.Microsoft Purview Audit (Premium)
B.Microsoft Purview eDiscovery (Premium)
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Communication Compliance
AnswerA

Correct. Audit (Premium) offers custom alert policies, long retention, and detailed log access for activities across SharePoint, OneDrive, and third-party apps, enabling thorough incident investigations.

Why this answer

Microsoft Purview Audit (Premium) is the correct solution because it provides the deep, granular logging required to investigate data breaches, including file access events from mobile devices and third-party applications in SharePoint Online and OneDrive for Business. It also supports the creation of custom alert policies that can trigger on specific activities, such as high-privilege users downloading large volumes of files in a short period, by leveraging the unified audit log's rich schema and advanced detection capabilities.

Exam trap

The trap here is that candidates often confuse eDiscovery (Premium) with audit capabilities, but eDiscovery is for searching and preserving content for legal cases, not for real-time monitoring or alerting on access patterns.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview eDiscovery (Premium) is designed for legal discovery and holds, not for real-time monitoring or custom alert policies on file access patterns. Option C is wrong because Microsoft Purview Data Lifecycle Management focuses on retention, deletion, and classification of data, not on auditing or alerting for unauthorized access events. Option D is wrong because Microsoft Purview Communication Compliance is used to detect policy violations in communications (e.g., emails, Teams messages), not to audit file access or create alerts for download anomalies.

79
MCQmedium

Refer to the exhibit. A compliance administrator runs the PowerShell commands to create a DLP policy. Users complain that they are blocked from sending emails containing credit card numbers but cannot override the block. The administrator wants to allow override with a business justification. What should they do?

A.Change the SentInfo parameter to a different sensitive info type.
B.Remove the SharePoint location from the policy.
C.Enable the DLP policy by setting the Policy's Enabled parameter to $true.
D.Change the NotifyAllowOverride parameter to $true in the rule.
AnswerD

Setting NotifyAllowOverride to $true allows users to override the block with justification.

Why this answer

Option B is correct because the cmdlet sets NotifyAllowOverride $false, which prevents override. Changing it to $true allows override with justification. Option A is wrong because the policy applies to Exchange and SharePoint.

Option C is wrong because the policy is already enabled. Option D is wrong because the rule applies to credit card numbers.

80
MCQmedium

Your organization is required to retain all HR-related documents for 7 years after an employee leaves. After that period, the documents must be permanently deleted. Which two Microsoft Purview features should you use together?

A.eDiscovery and audit logs
B.DLP policies and sensitivity labels
C.Sensitivity labels and auto-labeling
D.Retention labels and retention policies
AnswerD

Retention labels apply retention settings to items, and retention policies enforce rules at the location level.

Why this answer

Option B is correct because retention labels can be applied to documents and trigger a retention period, and retention policies enforce the rules at the location level. Option A is wrong because sensitivity labels classify, not retain. Option C is wrong because DLP is for protection, not retention.

Option D is wrong because eDiscovery is for search, not retention.

81
MCQmedium

Your organization uses Microsoft Purview to manage insider risk. You need to create a policy that detects users who exfiltrate sensitive data by copying it to personal cloud storage services like Dropbox. Which solution should you use?

A.eDiscovery (Premium)
B.Audit (Premium)
C.Insider Risk Management
D.Communication Compliance
AnswerC

Insider Risk Management includes policies to detect data exfiltration to personal cloud services.

Why this answer

Option A is correct because Insider Risk Management policies can be configured to detect data theft by copying to personal cloud storage. Option B is wrong because Communication Compliance focuses on communications, not data exfiltration. Option C is wrong because eDiscovery searches content, does not detect risky behavior.

Option D is wrong because Audit logs record events but require manual analysis.

82
MCQeasy

Your organization needs to classify documents containing personally identifiable information (PII) like social security numbers. Which Microsoft Purview solution should you configure?

A.Information Protection
B.Records Management
C.Auditing
D.Communication Compliance
AnswerA

Information Protection classifies and protects sensitive data.

Why this answer

Option C is correct because Microsoft Purview Information Protection includes trainable classifiers and sensitive info types to automatically classify PII. Option A is wrong because Auditing tracks activities, not classification. Option B is wrong because Records Management is about retention and disposition.

Option D is wrong because Communication Compliance monitors communications for policy violations.

83
MCQmedium

A financial services company is required by regulation to prevent sensitive customer financial information from being shared externally via email. The compliance team wants to automatically scan all outgoing emails for patterns that match credit card numbers or account numbers. If a match is found, the email should be blocked and the sender should receive a policy tip. Which Microsoft Purview solution should be configured?

A.Microsoft Purview Audit
B.Microsoft Purview Data Lifecycle Management
C.Microsoft Purview Data Loss Prevention (DLP)
D.Microsoft Purview eDiscovery
AnswerC

DLP policies can detect sensitive information such as credit card numbers in emails and apply actions like blocking the message and showing a policy tip to the sender, fulfilling the compliance requirement.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect and block sensitive information—such as credit card numbers and account numbers—in outgoing emails. DLP policies can scan email content and attachments for predefined sensitive information types, and when a match is found, the email can be blocked and a policy tip sent to the sender, meeting the compliance requirement.

Exam trap

The trap here is that candidates may confuse DLP with eDiscovery or Audit because all three involve compliance, but only DLP provides proactive, real-time blocking and notification for outbound sensitive data.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Audit logs user and admin activities but does not scan or block email content for sensitive data. Option B is wrong because Microsoft Purview Data Lifecycle Management focuses on retention and deletion policies for data, not on real-time inspection or blocking of outbound communications. Option D is wrong because Microsoft Purview eDiscovery is used for searching and exporting content for legal or investigative purposes, not for preventing data exfiltration via email.

84
MCQhard

A financial services organization must comply with a regulation that requires all communications related to trades (including emails and Teams messages) to be retained for a period of 7 years. During retention, no user may edit or delete these records. After the 7 years, the records must be disposed of with an irreversible deletion that is verified by a compliance officer. Which Microsoft Purview solution should the organization use to enforce both retention and regulatory disposition?

A.Microsoft Purview Records Management (regulatory retention label)
B.Microsoft Purview Data Lifecycle Management (standard retention label)
C.Microsoft Purview Communication Compliance
D.Microsoft Purview Insider Risk Management
AnswerA

Records Management with a retention label marked as a regulatory record permanently locks the content, preventing any modification or deletion during the retention period. It also supports disposition workflows to require approval before permanent deletion.

Why this answer

Microsoft Purview Records Management with a regulatory retention label is the correct solution because it enforces immutable retention (no user edits or deletions) and mandates a disposition review by a compliance officer before irreversible deletion. Regulatory labels lock the retention policy at the highest level, preventing any user or administrator from shortening the retention period or bypassing the disposition workflow, which aligns with the 7-year retention and verified disposal requirement.

Exam trap

The trap here is that candidates confuse 'standard retention labels' (which allow edits and deletions by authorized users) with 'regulatory retention labels' (which enforce immutable retention and require disposition review), leading them to select Data Lifecycle Management instead of Records Management.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Data Lifecycle Management (standard retention label) allows users with sufficient permissions to modify or delete records during the retention period, and it does not enforce a compliance officer verification step for disposition. Option C is wrong because Microsoft Purview Communication Compliance is designed to detect and review policy violations (e.g., insider trading, harassment) in communications, not to enforce retention or regulatory disposition of records. Option D is wrong because Microsoft Purview Insider Risk Management focuses on identifying and investigating risky user activities (e.g., data exfiltration, policy violations), not on managing retention schedules or disposition workflows.

85
MCQeasy

Refer to the exhibit. The JSON snippet shows a sensitivity label configuration. What is the purpose of the 'SensitiveInfoTypes' property in this label?

A.It sets the retention period for content with this label.
B.It defines the user groups that can apply this label manually.
C.It specifies the sensitive information types that trigger automatic labeling.
D.It configures the encryption settings for the label.
AnswerC

The sensitive info types list the conditions for auto-labeling when detected in content.

Why this answer

Option B is correct because 'SensitiveInfoTypes' defines the conditions that automatically apply the label based on detected sensitive data. Option A is wrong because condition sets are separate. Option C is wrong because it does not block access.

Option D is wrong because it does not create a retention policy.

86
MCQhard

A financial institution uses Microsoft 365 and must ensure that Microsoft support engineers cannot access the institution's content (e.g., Exchange Online mailboxes, SharePoint sites) without explicit approval from the institution's compliance officer. The compliance officer needs to review and approve or reject each access request. Which Microsoft Purview feature should be configured?

A.Customer Lockbox
B.Communication Compliance
C.Insider Risk Management
D.Data Lifecycle Management
AnswerA

Customer Lockbox ensures that Microsoft support cannot access customer data without explicit, auditable approval from the customer. This matches the requirement for approval by the compliance officer.

Why this answer

Customer Lockbox is the correct feature because it provides a controlled access approval process for Microsoft support engineers to access customer content. When a support case requires access to Exchange Online mailboxes or SharePoint sites, Customer Lockbox ensures the request is sent to the institution's compliance officer for explicit approval or rejection before access is granted, meeting the requirement for explicit approval.

Exam trap

The trap here is that candidates often confuse Customer Lockbox with Insider Risk Management, mistakenly thinking that controlling internal user access is the same as controlling Microsoft support access, but Customer Lockbox is specifically designed for external support engineer access approval workflows.

How to eliminate wrong answers

Option B is wrong because Communication Compliance is designed to detect and remediate inappropriate communications (e.g., offensive language, insider trading) within an organization, not to control Microsoft support access to customer content. Option C is wrong because Insider Risk Management focuses on identifying and mitigating internal risks from users within the organization (e.g., data theft, policy violations), not on managing external support engineer access requests. Option D is wrong because Data Lifecycle Management governs the retention, deletion, and archiving of data based on policies (e.g., regulatory compliance), not the approval workflow for support access to content.

87
MCQmedium

Your organization uses Microsoft Purview eDiscovery to manage a legal case. You need to place a hold on emails for specific users, but you want to allow the system to apply the hold automatically. Which eDiscovery solution should you use?

A.Microsoft Purview eDiscovery (Standard)
B.Microsoft Purview Audit (Premium)
C.Microsoft Purview Communication Compliance
D.Microsoft Purview eDiscovery (Premium)
AnswerD

eDiscovery Premium supports automatic hold.

Why this answer

Option A is correct because eDiscovery (Premium) provides automatic hold capabilities. Option B is wrong because eDiscovery (Standard) requires manual hold. Option C is wrong because Audit does not provide holds.

Option D is wrong because Communication Compliance is for regulatory communications.

88
MCQeasy

A company wants to automatically apply a 'Confidential' sensitivity label to all documents containing credit card numbers. Which Microsoft Purview feature should be used to create the auto-labeling policy?

A.Microsoft Purview Data Loss Prevention
B.Microsoft Purview Communication Compliance
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Auto-labeling policies
AnswerD

Auto-labeling policies apply sensitivity labels automatically based on conditions.

Why this answer

Option D is correct because auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels based on sensitive info types. Option A is wrong because DLP policies protect data, not label. Option B is wrong because Data Lifecycle Management handles retention.

Option C is wrong because Communication Compliance monitors communications.

89
Multi-Selectmedium

Which THREE capabilities does Microsoft Purview provide to help meet regulatory compliance requirements?

Select 3 answers
A.Audit logging
B.Data classification
C.Retention policies
D.Insider risk management
E.Communication compliance
AnswersA, B, C

Track user and admin activities for compliance.

Why this answer

Microsoft Purview offers audit logging, retention policies, and data classification. Communication compliance and insider risk management are related to compliance but are not core capabilities for meeting regulatory requirements like audit, retention, and classification.

90
MCQmedium

Your organization uses Microsoft Purview Information Barriers to prevent certain user groups from communicating with each other. You need to test the configuration before fully enforcing it. What should you do?

A.Run the Information Barriers policy in test mode
B.Define user segments in the Microsoft Purview compliance portal
C.Enable audit logging and then run the policy application
D.Use the Compliance Manager assessment for Information Barriers
AnswerA

Test mode allows you to see which communications would be blocked without actually blocking them.

Why this answer

Option C is correct because Information Barriers can be run in test mode to evaluate policy matches without blocking. Option A is wrong because segmentation is the process of defining groups, not testing. Option B is wrong because the policy application must be run; enabling audit does not test the barrier.

Option D is wrong because there is a dedicated test mode for Information Barriers.

91
MCQeasy

Your organization wants to automatically retain all customer emails for 7 years and then delete them. Which Microsoft Purview feature should you configure?

A.Data Lifecycle Management retention policy
B.Information Protection sensitivity labels
C.Audit log retention
D.eDiscovery hold
AnswerA

Retention policies can specify retention and deletion periods for content.

Why this answer

Option A is correct because Data Lifecycle Management includes retention and deletion policies for Exchange Online. Option B is wrong because Information Protection is about classification. Option C is wrong because Audit is for logging.

Option D is wrong because eDiscovery is for search and hold.

92
Multi-Selecthard

Which TWO of the following are required to use Microsoft Purview Audit (Premium)?

Select 2 answers
A.Unified audit log enabled in the Microsoft 365 Defender portal
B.An E5 or A5 license for each user
C.An Azure subscription for log storage
D.Power BI Pro licenses for all users
E.Microsoft Sentinel enabled
AnswersA, B

Audit logging must be turned on for Audit (Premium).

Why this answer

A, D are correct. Audit (Premium) requires an appropriate license (e.g., E5) and enabling unified audit logging. B (Azure subscription) is not required.

C (Microsoft Sentinel) is optional. E (Power BI) is unrelated.

93
MCQmedium

A security team needs to investigate a potential data leak where an employee may have emailed sensitive customer information to a competitor. They want to search the unified audit log for specific email activities, such as 'Send' or 'Forward', and generate a detailed report. Which Microsoft Purview solution should they use?

A.Microsoft Purview Compliance Manager
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Audit (Standard or Premium)
D.Microsoft Purview eDiscovery (Premium)
AnswerC

Purview Audit enables searching the unified audit log for user and admin activities. Premium extends retention and provides additional APIs for investigation.

Why this answer

Microsoft Purview Audit (Standard or Premium) is the correct solution because it captures and logs specific email activities such as 'Send' and 'Forward' from Exchange Online. The security team can search the unified audit log for these operations and export a detailed report for investigation. Compliance Manager, DLP, and eDiscovery do not provide this direct audit log search capability for individual email actions.

Exam trap

The trap here is that candidates confuse Data Loss Prevention (DLP) with audit logging, assuming DLP can retrospectively search for past email actions, when in fact DLP only applies proactive policies and alerts, not historical audit log queries.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Compliance Manager is a risk-assessment and compliance-score tool, not an audit log search tool; it cannot retrieve specific email activities like 'Send' or 'Forward'. Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to prevent data leaks by applying policies to block or alert on sensitive content, but it does not provide a searchable audit log of past email actions for forensic investigation. Option D is wrong because Microsoft Purview eDiscovery (Premium) is used for legal hold, collection, and review of content for litigation, not for searching the unified audit log for email send/forward events.

94
MCQmedium

A company uses Microsoft 365 and must comply with a regulation that requires all business records, including emails and documents, to be retained for exactly 5 years. They need to automatically apply a retention label to any item that contains the keyword 'Contract' when the item is created or modified. Which Microsoft Purview solution should they use to configure this automatic labeling?

A.Data Lifecycle Management
B.Data Loss Prevention (DLP)
C.Audit
D.Compliance Manager
AnswerA

Data Lifecycle Management allows you to create retention labels and automatically apply them using label policies that include conditions like keywords. This meets the requirement for automatic labeling based on content.

Why this answer

Data Lifecycle Management (DLM) in Microsoft Purview enables automatic retention labeling based on sensitive content, such as keywords like 'Contract'. It uses auto-labeling policies to apply retention labels at the time of creation or modification, ensuring compliance with the 5-year retention requirement without manual intervention.

Exam trap

The trap here is that candidates often confuse Data Lifecycle Management with Data Loss Prevention (DLP), assuming DLP can apply retention labels, but DLP only enforces actions like blocking or warning, not retention labeling.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies are designed to prevent unauthorized sharing or leakage of sensitive data, not to apply retention labels for lifecycle management. Option C is wrong because Audit in Microsoft Purview records user and admin activities for forensic analysis, but it cannot automatically label items based on content. Option D is wrong because Compliance Manager provides risk assessments and recommendations for regulatory compliance, but it does not apply retention labels or enforce retention policies.

95
MCQmedium

A legal team is handling a lawsuit and needs to gather all electronically stored information (ESI) related to a specific case from across Microsoft 365, including emails, Teams messages, and SharePoint documents. They need to place a hold on the custodians' data to prevent deletion or modification, and then collect, review, and export the data. Which Microsoft Purview solution should they use?

A.Microsoft Purview eDiscovery (Premium)
B.Microsoft Purview eDiscovery (Standard)
C.Microsoft Purview Audit (Premium)
D.Microsoft Purview Data Lifecycle Management
AnswerA

eDiscovery (Premium) provides a complete workflow for legal cases, including identifying custodians, placing legal holds on their mailboxes, SharePoint sites, and Teams, and performing advanced collection and review.

Why this answer

Microsoft Purview eDiscovery (Premium) is the correct solution because it provides end-to-end workflow for legal cases, including the ability to place legal holds on custodians' data across Exchange, Teams, SharePoint, and OneDrive to preserve ESI, and then collect, review, and export that data. The Premium tier adds advanced features like custodian management, review sets, and predictive coding, which are essential for complex litigation scenarios.

Exam trap

The trap here is that candidates confuse eDiscovery (Standard) with eDiscovery (Premium), assuming the Standard tier can handle custodian holds and advanced review, but only Premium provides the full legal hold and collection workflow required for complex litigation.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview eDiscovery (Standard) lacks custodian-based holds, advanced review sets, and predictive coding; it is designed for basic search and export, not for managing complex legal holds and multi-source collection. Option C is wrong because Microsoft Purview Audit (Premium) focuses on logging and investigating user and admin activities, not on placing holds or collecting and exporting ESI for litigation. Option D is wrong because Microsoft Purview Data Lifecycle Management is used for retention and deletion policies (e.g., managing data expiration), not for legal hold, collection, or review of ESI in active litigation.

96
MCQhard

A legal team is preparing for a lawsuit and needs to perform a detailed investigation of user activities across Microsoft 365 services. They need to view the 'before' and 'after' values whenever a critical item in SharePoint or Exchange is updated or deleted. The investigation requires high-volume export performance and the ability to search by specific activities like 'MailboxFolderAccess' and 'Send'. Which Microsoft Purview solution should be enabled and configured to meet these advanced auditing requirements?

A.Microsoft Purview Audit (Premium)
B.Microsoft Purview Audit (Standard)
C.Microsoft Purview eDiscovery (Standard)
D.Microsoft Purview Data Lifecycle Management
AnswerA

Audit (Premium) offers extended retention, high-volume export, and detailed logging of before/after values, enabling deep forensic investigation of user activities.

Why this answer

Microsoft Purview Audit (Premium) is required because it captures detailed 'before' and 'after' values for critical updates and deletions in SharePoint and Exchange, supports high-volume export performance, and allows searching for specific activities like 'MailboxFolderAccess' and 'Send'. These capabilities go beyond the Standard audit log, which only records basic event metadata without the old/new values and lacks the advanced search and export throughput needed for litigation.

Exam trap

The trap here is that candidates confuse Audit (Standard) with Audit (Premium), assuming Standard logs all details, but Standard only records basic metadata without before/after values or high-volume export, which are exclusive to Premium.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Audit (Standard) only logs basic audit events (who, what, when) without capturing the 'before' and 'after' values for updates or deletions, and it does not support high-volume export performance or the specific activity search granularity required. Option C is wrong because Microsoft Purview eDiscovery (Standard) is designed for content search, hold, and export of data for legal cases, not for real-time or historical auditing of user activities with before/after values; it relies on Audit logs for activity data but does not itself provide the advanced auditing features. Option D is wrong because Microsoft Purview Data Lifecycle Management focuses on retention, deletion, and classification policies for data governance, not on auditing user activities or capturing detailed change values.

97
MCQhard

A company operates in multiple countries and must comply with GDPR (EU) and CCPA (California). The compliance officer needs a single tool to assess the company's compliance posture against both regulations, get a consolidated compliance score, and receive prioritized improvement actions that can be assigned to responsible teams. The tool should also track progress over time. Which Microsoft Purview solution should the compliance officer use?

A.Microsoft Purview Compliance Manager
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview eDiscovery (Standard)
D.Microsoft Purview Insider Risk Management
AnswerA

Compliance Manager provides an end-to-end compliance management solution, including scoring, improvement actions, and task assignment for multiple regulations like GDPR and CCPA.

Why this answer

Microsoft Purview Compliance Manager is the correct solution because it provides a unified dashboard to assess compliance posture against multiple regulations like GDPR and CCPA. It offers a consolidated compliance score, prioritized improvement actions that can be assigned to responsible teams, and tracks progress over time through continuous assessments and automated control mapping.

Exam trap

The trap here is that candidates may confuse Compliance Manager's scoring and action assignment features with DLP's data protection policies, but DLP lacks the regulatory assessment and progress tracking capabilities required for this scenario.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to prevent accidental or unauthorized sharing of sensitive data through policies and alerts, not to assess compliance posture or provide a consolidated compliance score across regulations. Option C is wrong because Microsoft Purview eDiscovery (Standard) is used for identifying, preserving, and exporting electronic content for legal investigations, not for ongoing compliance assessment or improvement action tracking. Option D is wrong because Microsoft Purview Insider Risk Management focuses on detecting and mitigating internal risks like data theft or policy violations through analytics, not on providing a compliance score or prioritized actions for regulatory frameworks.

98
MCQhard

Refer to the exhibit. A Microsoft Purview retention policy is configured as shown. An HR manager wants to ensure that employee records are kept for at least 1 year after last modification. The policy is applied to Exchange, SharePoint, and OneDrive. What is the outcome?

A.The policy will not retain content; it will delete matching content after 365 days, which may not be intended
B.Employee records in Exchange are retained for 365 days after last modification, then deleted
C.Employee records in SharePoint are deleted after 365 days from last modification if they have Department=HR
D.The policy retains content for 365 days and then automatically moves to archive
AnswerA

The policy deletes instead of keeping, and the query may not work as expected.

Why this answer

The policy deletes content 365 days after last modification, but the content query filters only items where Department equals 'HR'. However, SharePoint items do not have a Department property by default; the query may not match any items, so the policy may have no effect. Also, the policy deletes rather than retains; a retention policy should use 'Keep' or 'KeepAndDelete'.

The design is flawed.

99
MCQmedium

A company is subject to a legal hold for an ongoing investigation. The IT administrator must prevent the deletion of any documents related to this case across SharePoint Online and OneDrive, overriding any existing deletion policies. Which Microsoft Purview capability should the administrator use?

A.Data Lifecycle Management
B.eDiscovery (Premium)
C.Audit (Premium)
D.Communication Compliance
AnswerB

Correct. eDiscovery (Premium) allows administrators to place holds on content locations, preventing deletion for the duration of a legal case, overriding any existing deletion policies.

Why this answer

eDiscovery (Premium) is the correct choice because it provides legal hold capabilities that can preserve content in SharePoint Online and OneDrive for Business, overriding any deletion policies. When a legal hold is applied via eDiscovery, the system places a hold on the specified locations, preventing permanent deletion or modification of documents until the hold is released. This directly addresses the requirement to prevent deletion of case-related documents during an ongoing investigation.

Exam trap

The trap here is that candidates often confuse Data Lifecycle Management (which manages retention and deletion policies) with the legal hold capability, not realizing that only eDiscovery (Premium) can override existing policies to preserve content for an investigation.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management is used to define retention and deletion policies based on business or regulatory requirements, but it cannot override existing policies to enforce a legal hold for an investigation. Option C is wrong because Audit (Premium) provides detailed logging and investigation of user and admin activities, but it does not have the ability to place holds on content or prevent deletion. Option D is wrong because Communication Compliance is designed to detect and manage inappropriate communications (e.g., harassment, insider trading) by analyzing messages, not to preserve documents or enforce legal holds.

100
MCQmedium

A company is involved in litigation. The legal team needs to preserve all relevant electronic documents that reside in Exchange Online, SharePoint Online, and OneDrive for Business. They must prevent users from deleting or modifying these documents while the lawsuit is active. Additionally, they need to search across these locations for specific keywords and export the results for review. Which Microsoft Purview solution should they use?

A.Microsoft Purview eDiscovery (Standard or Premium)
B.Microsoft Purview Audit
C.Microsoft Purview Data Lifecycle Management (retention policies/labels)
D.Microsoft Purview Data Loss Prevention (DLP)
AnswerA

Correct: eDiscovery provides the ability to place legal holds, search across Microsoft 365 services, and export content for review, meeting all the requirements.

Why this answer

Microsoft Purview eDiscovery (Standard or Premium) is the correct solution because it provides end-to-end workflow for legal holds (preservation), content search across Exchange Online, SharePoint Online, and OneDrive for Business, and export of results. The legal hold feature prevents deletion or modification by locking the original content, while the search and export capabilities meet the keyword search and review requirements.

Exam trap

The trap here is that candidates often confuse retention policies (Data Lifecycle Management) with legal holds, but retention policies are for scheduled lifecycle management, not for ad-hoc litigation holds that require immediate preservation and search across multiple workloads.

How to eliminate wrong answers

Option B (Microsoft Purview Audit) is wrong because Audit focuses on logging and investigating user and admin activities, not on preserving documents or preventing modification/deletion. Option C (Microsoft Purview Data Lifecycle Management) is wrong because retention policies/labels are designed for automated retention and deletion schedules, not for ad-hoc legal holds with search and export capabilities. Option D (Microsoft Purview Data Loss Prevention) is wrong because DLP is used to prevent unauthorized sharing or leakage of sensitive data, not to preserve content for litigation or enable keyword search and export.

101
MCQhard

Refer to the exhibit. You run the PowerShell command shown to investigate a potential data exfiltration incident. The output is empty. Which is the most likely reason?

A.The user does not have a mailbox
B.The command syntax is incorrect
C.The user did not download or access any files in the past 7 days
D.Audit logging is not enabled for the tenant
AnswerD

Without audit logging enabled, no events are recorded.

Why this answer

Option B is correct because Audit logging must be enabled to capture events. If disabled, the search returns empty. Option A is wrong because the command runs against the unified audit log, not a specific mailbox.

Option C is wrong because the command uses correct syntax. Option D is wrong because it would return events if logging is on, regardless of whether the user actually downloaded files.

102
MCQmedium

A law firm, Wingtip Toys, uses Microsoft Purview to manage client data. They need to: (1) retain all documents related to client cases for 10 years after case closure; (2) automatically apply a 'Case' retention label to documents in specific SharePoint sites based on metadata; (3) allow case managers to manually label documents; (4) ensure that after 10 years, documents are deleted; (5) preserve data for legal hold purposes when litigation occurs. The firm has Microsoft 365 E5 licenses. The compliance team wants to minimize manual effort. What should they configure?

A.Create auto-apply retention labels for 'Case' documents with a retention period of 10 years and delete action, and enable litigation hold on relevant sites.
B.Create sensitivity labels with auto-labeling for case documents, and configure records management.
C.Create a default retention policy for all SharePoint sites with a 10-year retention period and delete action.
D.Create a Data Loss Prevention (DLP) policy to block sharing of case documents, and enable eDiscovery holds.
AnswerA

Auto-apply labels automate retention, and litigation hold preserves data during litigation.

Why this answer

Option A is correct because auto-apply retention labels based on metadata automate retention, and litigation hold preserves data during litigation. Option B is wrong because DLP policies do not manage retention. Option C is wrong because retention policies apply to all content in a location, not selectively.

Option D is wrong because sensitivity labels do not enforce retention.

103
MCQhard

As a compliance administrator for Contoso Ltd., you are responsible for implementing Microsoft Purview solutions to meet regulatory requirements. The organization operates in the healthcare sector and handles Protected Health Information (PHI). Your key objectives are: (1) Automatically detect PHI in documents stored in SharePoint Online and OneDrive for Business using built-in sensitive information types. (2) Apply a 'Highly Confidential - PHI' sensitivity label that encrypts the content and adds a custom header. (3) Ensure that the label is automatically applied when PHI is detected, with a policy that allows users to override the label with justification. (4) Audit all label application activities for compliance reporting. (5) Retain documents containing PHI for a minimum of 7 years. You have access to Microsoft Purview compliance portal. Which action should you take FIRST to achieve these objectives?

A.Create an auto-labeling policy in Microsoft Purview that applies the sensitivity label to documents containing PHI.
B.Enable auditing in Microsoft Purview by turning on Audit logging.
C.Create a sensitivity label named 'Highly Confidential - PHI' with encryption and header, and publish it to users and groups.
D.Create a retention label and policy to retain documents containing PHI for 7 years.
AnswerC

Correct: The label must be created and published before it can be applied automatically.

Why this answer

The first step is to create the sensitivity label with the required encryption and header settings and publish it so that it can be used in auto-labeling policies. Auto-labeling policies can then be configured to apply the label based on sensitive info types, with user override. Retention labels and policies are separate and can be configured later.

Audit is enabled by default but should be verified. Therefore, option C is the correct first action.

104
MCQeasy

Your organization is implementing a data loss prevention (DLP) policy to prevent sensitive data from being shared via email. Users in the finance department need to send financial reports to external auditors. What should you configure?

A.Add the auditors' domains to a DLP allow list
B.Configure a DLP policy with an override option allowing users to justify the sharing
C.Assign a sensitivity label that automatically encrypts the email
D.Configure a DLP policy with a block action for all external sharing
AnswerB

DLP policies can include user overrides with justification for specific scenarios.

Why this answer

Option C is correct because DLP policies can be configured with overrides that allow users to justify the action, which is appropriate for legitimate business needs. Option A is wrong because a block action would prevent all sharing. Option B is wrong because an allow list is not a standard DLP configuration.

Option D is wrong because sensitivity labels are used for classification, not DLP actions.

105
MCQhard

Refer to the exhibit. An administrator runs this KQL query in Microsoft Purview Audit. What is the purpose of this query?

A.To find the total number of file uploads by all users in the last 30 days
B.To find files larger than a certain size uploaded by a specific user
C.To list all files deleted by a specific user in the last 30 days
D.To identify file types that a specific user uploaded more than 10 times in the last 30 days
AnswerD

The query groups by file type and counts only those with count > 10.

Why this answer

Option B is correct because the query filters for file uploads by a specific user in the last 30 days, groups by file type, and counts files with more than 10 uploads per type. Option A is wrong because it's for a single user, not all users. Option C is wrong because it's for uploads, not deletions.

Option D is wrong because there is no file size filter.

106
Multi-Selecteasy

Which THREE of the following are retention actions in Microsoft Purview Data Lifecycle Management? (Select THREE.)

Select 3 answers
A.Delete the content after a specified period
B.Automatically archive the content
C.Apply a sensitivity label to the content
D.Retain the content for a period and then delete it
E.Retain the content for a specified period
AnswersA, D, E

Delete is a retention action.

Why this answer

Options A, B, and D are correct because retain, delete, and retain and then delete are standard retention actions. Option C is wrong because archive is not a retention action; it's a separate feature. Option E is wrong because label is a classification action.

107
MCQhard

A financial services organization must prevent employees in the Research department from communicating via email or Microsoft Teams with employees in the Investment Banking department to avoid conflicts of interest. Additionally, they need to prevent any credit card numbers from being shared in emails sent to external recipients. Which combination of Microsoft Purview solutions should they implement?

A.Information Barriers and Data Loss Prevention
B.Communication Compliance and Insider Risk Management
C.Information Barriers and Communication Compliance
D.Data Lifecycle Management and Data Loss Prevention
AnswerA

Correct. Information Barriers block communications between defined groups, and Data Loss Prevention (DLP) prevents sensitive data like credit card numbers from being shared externally.

Why this answer

Information Barriers are designed to prevent communication and collaboration between specific groups to avoid conflicts of interest (e.g., research vs. investment banking). Data Loss Prevention (DLP) policies detect and protect sensitive information such as credit card numbers from being shared externally. Communication Compliance focuses on monitoring communications for regulatory compliance but does not block communications, and Insider Risk Management analyzes risky user activities but does not enforce segmentation.

108
MCQeasy

A compliance officer needs to create a policy that prevents users from sharing files containing medical record numbers (MRN) via email. Which Microsoft Purview solution should they use?

A.Sensitivity labels
B.Data Loss Prevention (DLP)
C.eDiscovery
D.Insider risk management
AnswerB

DLP policies can block emails containing MRNs.

Why this answer

Data Loss Prevention (DLP) policies are designed to detect and block sharing of sensitive information like MRNs via email. Sensitivity labels classify content but do not enforce sharing restrictions. Insider risk management and eDiscovery are not for blocking sharing.

109
MCQmedium

Refer to the exhibit. You are reviewing a Communication Compliance policy. What does this policy do when a user sends an email containing EU GDPR PII to privacy@contoso.com?

A.It blocks the email from being sent.
B.It notifies the policy owner and generates a case for investigation.
C.It automatically deletes the email after 30 days.
D.It applies a sensitivity label to the email.
AnswerB

The actions include NotifyPolicyOwner and GenerateCase.

Why this answer

Option C is correct because the policy actions are to notify the policy owner and generate a case for investigation. Option A is wrong because it does not block the email. Option B is wrong because it does not automatically delete.

Option D is wrong because it does not apply a label.

110
MCQmedium

Your organization wants to automatically retain customer emails for 5 years after they are received, and then delete them. You need to configure the appropriate Microsoft Purview solution. What should you use?

A.eDiscovery case
B.Data loss prevention (DLP) policy
C.Sensitivity label
D.Retention label published automatically
AnswerD

Retention labels can be auto-applied and define retention and deletion.

Why this answer

Option B is correct because retention labels can be applied automatically based on conditions (like emails containing 'customer') and can specify both retention and deletion actions. Option A is wrong because data loss prevention policies prevent sharing but do not handle retention. Option C is wrong because sensitivity labels classify and protect content but do not manage retention.

Option D is wrong because eDiscovery is for searching and exporting content, not retention.

111
MCQmedium

A consulting firm is involved in a legal investigation. They need to preserve all emails and documents from two specific employees (custodians) related to a contract dispute. The data must be collected and stored in a secure location for legal review without modifying the original data. Which Microsoft Purview solution should they use?

A.Data Lifecycle Management
B.eDiscovery (Premium)
C.Audit (Premium)
D.Communication Compliance
AnswerB

Correct. eDiscovery (Premium) allows an organization to identify and preserve custodians, place holds, collect data from various sources, and place it in a review set for legal analysis without altering the original data.

Why this answer

eDiscovery (Premium) is the correct solution because it is specifically designed for legal investigations, allowing you to identify, preserve, collect, and analyze data from custodians (e.g., employees) without altering the original data. It places a legal hold on mailboxes and sites, ensuring that emails and documents related to the contract dispute are stored in a secure review location for legal review, meeting the requirement of non-modification.

Exam trap

The trap here is that candidates often confuse eDiscovery (Premium) with Audit (Premium) because both involve investigation, but Audit only logs events and does not preserve or collect the actual data for legal review.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management (DLM) focuses on automating retention and deletion policies based on data governance rules, not on preserving data for legal hold or custodian-based collection. Option C is wrong because Audit (Premium) provides detailed logging and investigation of user and admin activities, but it does not preserve or collect data for legal review; it only records events. Option D is wrong because Communication Compliance is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) using policies, not to preserve or collect data for a legal investigation involving specific custodians.

112
MCQhard

Your organization has a Microsoft Purview compliance portal. You need to audit who deleted a specific file from SharePoint Online last week. What should you do?

A.Use Content Search in eDiscovery
B.Search the unified audit log in Microsoft Purview
C.Configure a retention policy for SharePoint
D.Review the data classification dashboard
AnswerB

Audit log records user and admin activities.

Why this answer

Option C is correct because Microsoft Purview Audit (Premium) allows searching the unified audit log for events like file deletion. Option A is wrong because Content Search is for eDiscovery, not auditing. Option B is wrong because data classification is for labeling, not auditing.

Option D is wrong because retention policies preserve data but do not provide audit logs.

113
MCQeasy

Your organization is implementing Microsoft 365 and needs to prevent sensitive data from being copied to USB drives. Which Microsoft Purview solution should you configure?

A.Audit logs
B.Communication Compliance
C.Sensitivity labels
D.Endpoint data loss prevention (Endpoint DLP)
AnswerD

Endpoint DLP can block copying to USB drives.

Why this answer

Option C is correct because Endpoint DLP can monitor and restrict actions on endpoints like copying to USB drives. Option A is wrong because Sensitivity labels classify but do not block actions. Option B is wrong because Audit logs track but do not block.

Option D is wrong because Communication Compliance monitors communications, not endpoint activities.

114
MCQhard

An organization uses Microsoft Purview Compliance Manager to track compliance with regulations. The compliance officer needs to create a custom assessment for a new internal policy. What should they do?

A.Use the Microsoft 365 admin center to create a compliance assessment.
B.Create a new custom assessment in Compliance Manager and add custom controls.
C.Use the built-in 'Custom' template in Compliance Manager and modify it.
D.Import a new assessment template from the Microsoft Service Trust Portal.
AnswerB

Custom assessments enable tracking internal policies with custom controls.

Why this answer

Option A is correct because Compliance Manager allows creating custom assessments with custom controls and actions. Option B is wrong because assessment templates are not imported from external sources. Option C is wrong because the built-in templates are for standard regulations, not custom policies.

Option D is wrong because the Microsoft 365 admin center does not create compliance assessments.

115
Multi-Selecteasy

Which TWO of the following are Microsoft Purview compliance solutions?

Select 2 answers
A.Microsoft Entra ID
B.Data Loss Prevention (DLP)
C.eDiscovery
D.Microsoft Intune
E.Microsoft Defender for Cloud
AnswersB, C

DLP is part of Microsoft Purview.

Why this answer

A, C are correct. Data Loss Prevention (DLP) and eDiscovery are core Purview solutions. B (Microsoft Defender for Cloud) is a security solution.

D (Microsoft Entra ID) is identity. E (Microsoft Intune) is endpoint management.

116
MCQhard

Refer to the exhibit. A sensitivity label is configured as shown. Which statement about the label's behavior is accurate?

A.When applied, users can choose who can access the document and what permissions they have.
B.The label disables encryption and only adds a header and footer.
C.The label automatically encrypts the document with a predefined template.
D.The label does not apply any protection; it only adds visual markings.
AnswerA

UserDefined means users set permissions.

Why this answer

Option C is correct because 'ProtectionType' is 'UserDefined', meaning users can specify encryption permissions. Option A is wrong because encryption is enabled, not disabled. Option B is wrong because protection type is user-defined, not predefined.

Option D is wrong because the label applies both encryption and marking.

117
MCQhard

A company is involved in a lawsuit. The legal team needs to preserve all emails, documents, and Teams messages from five key employees (custodians) that are related to a specific project. The data must be collected securely and provided for legal review without modifying the original data. Which Microsoft Purview solution should they use?

A.Data Lifecycle Management
B.eDiscovery (Premium)
C.Records Management
D.Communication Compliance
AnswerB

eDiscovery Premium provides end-to-end workflow for custodial holds, data collection, and review without modifying the original data.

Why this answer

eDiscovery (Premium) is the correct solution because it is specifically designed for legal investigations, allowing organizations to identify, preserve, collect, and export relevant data (emails, documents, Teams messages) from custodians without altering the original data. It supports legal hold, advanced search, and secure export for legal review, meeting the lawsuit requirements.

Exam trap

The trap here is that candidates confuse Data Lifecycle Management or Records Management with eDiscovery, but those solutions manage retention and deletion policies rather than providing the custodial hold, search, and export capabilities required for legal preservation and review.

How to eliminate wrong answers

Option A (Data Lifecycle Management) is wrong because it focuses on automating retention and deletion policies for compliance and governance, not on preserving data for legal hold or collecting it for litigation. Option C (Records Management) is wrong because it is used to classify and manage records for regulatory compliance, often with immutable retention, but it does not provide the custodial search, hold, and export capabilities needed for eDiscovery. Option D (Communication Compliance) is wrong because it is designed to detect and mitigate policy violations (e.g., insider trading, harassment) in communications, not to preserve and collect data for legal proceedings.

118
MCQmedium

A compliance administrator configures the above retention policy. A document created on January 1, 2025, in SharePoint Online will be retained until when?

A.Indefinitely
B.January 1, 2026
C.December 31, 2025
D.January 1, 2025
AnswerC

365 days from creation date (Jan 1, 2025) ends on Dec 31, 2025.

Why this answer

Option D is correct because the policy retains for 365 days from creation date (WhenCreated). January 1, 2025 + 365 days = December 31, 2025. Option A is wrong because it ignores the retention trigger.

Option B is wrong because retention is not indefinite. Option C is wrong because the duration is 365 days, not 365 days from end of year.

119
MCQhard

A security team needs to investigate a potential data breach in Microsoft 365. They require detailed forensic logs showing every instance of mailbox access, mailbox search performed by administrators, and changes to email forwarding rules in Exchange Online. The logs must be retained for 1 year. Which Microsoft Purview solution should they use?

A.Audit (Standard)
B.Audit (Premium)
C.eDiscovery (Standard)
D.eDiscovery (Premium)
AnswerB

Audit (Premium) logs high-value events like mailbox access and forwarding rule changes, and supports up to 1-year retention, making it the correct choice.

Why this answer

Audit (Premium) is required because the question specifies detailed forensic logs for mailbox access, administrator mailbox searches, and changes to email forwarding rules—all of which are high-value, user-specific events that are only captured by Audit (Premium). Audit (Standard) logs basic events but lacks the granularity for these specific operations, and it retains logs for only 90 days by default, whereas Audit (Premium) supports up to 1 year of retention. eDiscovery solutions are for searching and exporting content, not for continuous logging of administrative actions.

Exam trap

The trap here is that candidates confuse eDiscovery (which is for searching and exporting content) with auditing (which is for logging events), and they underestimate the specific event types that require Audit (Premium) over Audit (Standard).

How to eliminate wrong answers

Option A is wrong because Audit (Standard) does not log detailed mailbox access events, administrator mailbox searches, or changes to email forwarding rules; it only captures basic CRUD operations and has a default retention of 90 days, not 1 year. Option C is wrong because eDiscovery (Standard) is a content search and export tool, not a logging or auditing solution; it cannot provide forensic logs of mailbox access or rule changes. Option D is wrong because eDiscovery (Premium) is an advanced content search, review, and analytics tool for legal cases, not a continuous audit log solution; it does not generate or retain logs of administrative actions.

120
MCQhard

A multinational corporation must comply with the General Data Protection Regulation (GDPR). They use Microsoft Purview Compliance Manager to manage compliance activities. The compliance manager wants to automatically assign each control to the appropriate team member for remediation. What should they configure?

A.Create new assessments for each regulation
B.Configure improvement actions with owners
C.Set up connectors to import external risk data
D.Use the Microsoft 365 admin center to delegate tasks
AnswerB

Improvement actions represent individual controls that can be assigned to an owner for remediation, enabling automatic assignment and tracking.

Why this answer

To automatically assign each control to the appropriate team member for remediation in Microsoft Purview Compliance Manager, you must configure improvement actions with owners. Each improvement action can be assigned to a specific user who is responsible for implementing the remediation steps, and this assignment triggers automatic notifications and tracking within the compliance score.

Exam trap

The trap here is that candidates often confuse creating assessments (which organize controls) with the actual assignment of remediation tasks, leading them to choose Option A instead of understanding that improvement actions with owners are the mechanism for automatic assignment.

How to eliminate wrong answers

Option A is wrong because creating new assessments for each regulation organizes compliance requirements but does not assign individual controls to team members for remediation. Option C is wrong because setting up connectors to import external risk data brings in third-party signals but does not handle task assignment or ownership of controls. Option D is wrong because the Microsoft 365 admin center is used for user and tenant administration, not for assigning remediation tasks within Compliance Manager; task delegation is done directly within the improvement action settings.

121
MCQmedium

Your organization has a Microsoft Purview Data Lifecycle Management policy that deletes emails after 3 years. A legal hold is placed on a user's mailbox. What happens to the emails?

A.Only emails created before the hold are deleted
B.Emails are preserved and not deleted despite the retention policy
C.Emails are deleted immediately to avoid conflicting policies
D.Emails are deleted after 3 years as per the retention policy
AnswerB

Legal hold preserves all content in the mailbox, overriding deletion policies.

Why this answer

Option A is correct because legal hold (litigation hold) preserves all mailbox content regardless of retention policies. Option B is wrong because retention policies do not override legal hold. Option C is wrong because the deletion is suspended.

Option D is wrong because the hold applies to the entire mailbox.

122
Matchingmedium

Match each compliance framework to its primary focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Data protection and privacy for EU citizens

Information security management system standard

Cybersecurity risk management framework

Healthcare data privacy and security in the US

Service organization controls for data security

Why these pairings

These are common compliance frameworks relevant to Microsoft services.

123
Multi-Selectmedium

Which THREE are benefits of using Microsoft Purview Compliance Manager?

Select 3 answers
A.Create Data Loss Prevention policies.
B.View a compliance score that indicates your overall compliance posture.
C.Assign compliance tasks to other users in your organization.
D.Receive recommendations for improvement actions to achieve compliance.
E.Automatically apply sensitivity labels to documents.
AnswersB, C, D

Compliance Manager calculates a score based on implemented controls.

Why this answer

Options A, C, and D are correct. Compliance Manager provides a compliance score (A), suggests improvement actions (C), and allows you to assign tasks to others (D). Option B is wrong because Compliance Manager does not automatically apply labels.

Option E is wrong because it does not create DLP policies.

124
MCQmedium

A legal team needs to preserve all electronic documents related to an ongoing lawsuit. These documents reside in Exchange Online mailboxes, SharePoint Online sites, and OneDrive for Business accounts. The team also needs the ability to search across these locations for specific keywords and export the results for review. Which Microsoft Purview solution should they use?

A.Microsoft Purview eDiscovery (Premium)
B.Microsoft Purview Data Lifecycle Management
C.Microsoft Purview Data Loss Prevention
D.Microsoft Purview Audit
AnswerA

eDiscovery (Premium) provides end-to-end workflow for legal investigations, including identifying and holding relevant data, searching for specific content using keywords and conditions, reviewing results with advanced analytics, and exporting data for external review. It is the appropriate solution for litigation holds and search.

Why this answer

Microsoft Purview eDiscovery (Premium) is the correct solution because it provides end-to-end workflow for preserving, searching, and exporting content from Exchange Online mailboxes, SharePoint Online sites, and OneDrive for Business accounts. It supports legal hold to preserve data, keyword search across these sources, and export of results for review, meeting all requirements of the legal team.

Exam trap

The trap here is that candidates confuse eDiscovery with Audit, thinking Audit can search and export content, but Audit only provides activity logs, not the ability to preserve or export the actual documents.

How to eliminate wrong answers

Option B (Microsoft Purview Data Lifecycle Management) is wrong because it focuses on retention and deletion policies for data governance, not on preserving data for legal cases or searching and exporting content. Option C (Microsoft Purview Data Loss Prevention) is wrong because it is designed to prevent unauthorized sharing or leakage of sensitive data, not to preserve or search documents for litigation. Option D (Microsoft Purview Audit) is wrong because it logs and tracks user activities and events, but does not provide the ability to place legal holds, search for keywords, or export content for review.

125
Multi-Selectmedium

Which TWO of the following are capabilities of Microsoft Purview Information Protection?

Select 2 answers
A.Searching for content in eDiscovery
B.Preventing data loss via policies
C.Setting retention periods for content
D.Applying sensitivity labels to documents and emails
E.Encrypting content with Azure Rights Management
AnswersD, E

Sensitivity labels classify and protect content.

Why this answer

Option A is correct because sensitivity labels are a core part of Information Protection. Option D is correct because encryption with Azure Rights Management is a protection action. Option B is wrong because retention is part of data lifecycle management.

Option C is wrong because DLP is a separate solution. Option E is wrong because eDiscovery is for search.

126
MCQhard

A company wants to monitor Microsoft Teams messages and corporate emails for policy violations related to potential harassment and inappropriate behavior. They need a solution that allows them to define policies with conditions (e.g., keywords, patterns), automatically flag suspicious conversations, and optionally send notifications to the sender or escalate to a reviewer. Additionally, they need the ability to train employees when a minor violation is detected. Which Microsoft Purview solution should they use?

A.Data Loss Prevention (DLP)
B.Communication Compliance
C.Information Protection
D.Audit
AnswerB

Correct. Communication Compliance provides policy-based monitoring of communications to detect regulatory and code-of-conduct violations, with flexible remediation including training messages.

Why this answer

Communication Compliance is the correct solution because it is specifically designed to detect policy violations in Microsoft Teams messages and corporate emails by scanning for keywords, patterns, and other conditions. It can automatically flag suspicious conversations, send notifications to the sender, escalate to a reviewer, and even train employees on minor violations through its built-in remediation workflows.

Exam trap

The trap here is that candidates often confuse Communication Compliance with Data Loss Prevention (DLP) because both involve policy-based scanning of communications, but DLP lacks the behavioral monitoring, notification, and training capabilities required for harassment and inappropriate behavior scenarios.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) focuses on preventing the unauthorized sharing of sensitive data (e.g., credit card numbers, PII) and does not provide the employee training or escalation workflows for behavioral policy violations like harassment. Option C is wrong because Information Protection (e.g., sensitivity labels, encryption) is used to classify and protect data based on sensitivity, not to monitor communications for inappropriate behavior or enforce training. Option D is wrong because Audit (e.g., Microsoft 365 Audit log) only records user and admin activities for forensic investigation and cannot define policies, flag conversations, or send notifications for policy violations.

127
MCQmedium

A healthcare organization must comply with HIPAA. They need to automatically detect protected health information (PHI) such as medical record numbers in outgoing email, prevent users from sharing these emails with unauthorized external recipients, and apply a retention label that retains PHI emails for six years. Which Microsoft Purview solution should they use?

A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Information Protection (sensitivity labels)
C.Microsoft Purview Data Lifecycle Management (retention policies)
D.Microsoft Purview Audit
AnswerA

DLP policies can be configured to scan Exchange Online emails for PHI, automatically block unauthorized sharing, and apply a retention label via an associated policy action. This meets all the stated requirements.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it can automatically detect sensitive data like PHI (e.g., medical record numbers) in outgoing emails using built-in or custom sensitive info types, block unauthorized external sharing, and trigger a retention label action via auto-labeling policies to retain the emails for six years. DLP policies integrate with Exchange Online to inspect email content in transit, apply access restrictions, and enforce retention labels through Power Automate or auto-labeling rules.

Exam trap

The trap here is that candidates confuse the detection and blocking capability of DLP with the classification-only capability of Information Protection (sensitivity labels), or they incorrectly think Data Lifecycle Management alone can enforce access controls, when in fact DLP is the only solution that combines content inspection, real-time blocking, and label application in a single policy.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Information Protection (sensitivity labels) can classify and protect data with encryption or markings, but it cannot automatically detect PHI in outgoing email and block sharing with unauthorized external recipients—that requires DLP policy actions. Option C is wrong because Microsoft Purview Data Lifecycle Management (retention policies) can retain emails for six years, but it cannot detect PHI or prevent sharing; it only manages retention and deletion. Option D is wrong because Microsoft Purview Audit logs user and admin activities for forensic investigation, but it cannot detect PHI in real-time, block email sharing, or apply retention labels.

128
Multi-Selectmedium

Which TWO of the following are capabilities of Microsoft Purview Communication Compliance? (Select TWO.)

Select 2 answers
A.Enforce company policies on communication channels
B.Detect offensive language in emails and Teams messages
C.Automatically apply sensitivity labels to documents
D.Prevent sharing of credit card numbers via email
E.Place legal holds on user mailboxes
AnswersA, B

Communication Compliance enforces communication policies.

Why this answer

Options A and D are correct because Communication Compliance can detect inappropriate content and enforce communication policies. Option B is wrong because auto-labeling is part of Information Protection. Option C is wrong because eDiscovery handles legal holds.

Option E is wrong because DLP prevents data loss.

129
MCQmedium

A multinational company uses Microsoft 365 and has a retention policy that automatically applies a 7-year retention label to any document containing a credit card number. The retention label must be automatically applied at the time the document is created or modified. Which Microsoft Purview solution should the administrator use to configure this automatic labeling rule?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview Retention Policy
C.Microsoft Purview Sensitivity Labels
D.Microsoft Purview eDiscovery
AnswerA

Data Lifecycle Management provides retention labels and auto-labeling policies that can automatically apply retention labels based on conditions such as sensitive information types, keywords, or trainable classifiers.

Why this answer

Microsoft Purview Data Lifecycle Management (formerly known as Microsoft 365 Records Management) is the correct solution because it provides the ability to create and apply retention labels automatically based on sensitive information types, such as credit card numbers, using auto-labeling policies. This ensures that the retention label is applied at the time of document creation or modification, meeting the requirement for automatic application without user intervention.

Exam trap

The trap here is that candidates confuse 'Retention Policy' (which applies at the container level) with 'Retention Labels' (which can be auto-applied at the item level), leading them to select Option B, but the question specifically requires automatic labeling based on content, which only Data Lifecycle Management supports.

How to eliminate wrong answers

Option B is wrong because a Microsoft Purview Retention Policy applies retention settings at the container level (e.g., entire site or mailbox) and cannot be configured to automatically apply a specific retention label based on content containing a credit card number; it lacks the granularity for content-based auto-labeling. Option C is wrong because Sensitivity Labels are designed for classification and protection (e.g., encryption, access restrictions) based on sensitivity, not for retention duration; while they can be auto-applied, they do not enforce a 7-year retention period by default. Option D is wrong because Microsoft Purview eDiscovery is used for searching, holding, and exporting content for legal or investigative purposes, not for configuring automatic retention label application based on content detection.

130
MCQhard

Refer to the exhibit. The JSON shows a Microsoft Purview retention policy configuration. After applying this policy, an administrator notices that emails in user mailboxes older than one year are being permanently deleted instead of being retained. Which setting should the administrator check first to resolve this issue?

A.The 'RetentionType' is set to 'KeepAndDelete', which deletes after retention period.
B.The 'Locations' array does not include all necessary workloads.
C.The 'RetentionDuration' is too short for email retention.
D.The 'RetentionTrigger' should be 'When items were last modified' instead of 'created'.
AnswerA

KeepAndDelete deletes items after retention period.

Why this answer

Option C is correct because the 'RetentionType' set to 'KeepAndDelete' means items are retained for the duration and then permanently deleted. Option A is wrong because the location list is correct. Option B is wrong because the trigger is valid.

Option D is wrong because the duration is correctly set to 365 days.

131
MCQhard

A government agency has extremely sensitive classified data that must be protected even from Microsoft. They require a solution where the encryption keys are stored and managed on-premises within their own hardware security module (HSM), ensuring that Microsoft cannot decrypt their data. Which Microsoft Purview solution should they implement?

A.Microsoft Purview Customer Key
B.Microsoft Purview Data Lifecycle Management
C.Microsoft Purview Information Protection
D.Microsoft Purview Communication Compliance
AnswerA

Correct. Customer Key allows the customer to hold their own encryption keys, ensuring Microsoft cannot decrypt the data.

Why this answer

Microsoft Purview Customer Key is the correct solution because it allows customers to provide and manage their own encryption keys using a hardware security module (HSM) on-premises. This ensures that Microsoft cannot access the encrypted data, as the keys are stored outside of Microsoft's control, meeting the requirement for protecting classified data even from Microsoft.

Exam trap

The trap here is that candidates often confuse Microsoft Purview Information Protection (which handles data classification and labeling) with encryption key management, but Information Protection does not provide customer-controlled keys stored on-premises to prevent Microsoft from decrypting data.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Data Lifecycle Management handles retention and deletion policies for data, not encryption key management or control over Microsoft's access. Option C is wrong because Microsoft Purview Information Protection focuses on classifying, labeling, and protecting data based on sensitivity, but it does not provide customer-managed encryption keys stored on-premises. Option D is wrong because Microsoft Purview Communication Compliance monitors communications for policy violations, such as insider trading or harassment, and has no role in encryption key management or preventing Microsoft from decrypting data.

132
MCQhard

A multinational corporation must comply with the EU General Data Protection Regulation (GDPR). They need to respond to a data subject access request (DSAR) by searching for personal data across Exchange Online, SharePoint Online, and OneDrive for Business. Which Microsoft Purview solution should they use?

A.Data Lifecycle Management
B.Audit (Premium)
C.eDiscovery (Premium)
D.Data Loss Prevention (DLP)
AnswerC

eDiscovery can search across mailboxes, sites, and OneDrive to find personal data for DSARs.

Why this answer

Option D is correct because eDiscovery (Premium) can search across multiple data sources including Exchange, SharePoint, and OneDrive for DSARs. Option A is wrong because Data Lifecycle Management does not search content. Option B is wrong because Audit logs do not provide content search.

Option C is wrong because Data Loss Prevention is for preventing data leaks, not searching.

133
MCQhard

Refer to the exhibit. You are reviewing a Microsoft Purview classification rule. The rule is enabled and set to apply a sensitivity label. However, you notice that documents containing EU personal data are not being labeled automatically. What is the most likely cause?

A.The label ID is invalid
B.The rule does not include a condition to detect sensitive data
C.The rule status is Disabled
D.The rule is not scoped to SharePoint Online
AnswerB

Without a condition, the rule cannot match content.

Why this answer

Option C is correct because a classification rule requires a condition (such as a sensitive information type) to detect content. The exhibit shows no condition, so the rule will not trigger. Option A is wrong because the rule status is Enabled, not Disabled.

Option B is wrong because the label ID is present. Option D is wrong because there is no indication of a scope issue.

134
MCQhard

A company uses Microsoft Purview. A compliance officer applies a retention label to a set of legal documents and configures the label to mark the items as records. After the label is applied, a user attempts to delete one of these documents from SharePoint Online. What will be the outcome?

A.The user is allowed to delete the document, but a copy is retained in a preservation hold.
B.The user receives an access denied error and cannot delete the document.
C.The document is deleted and immediately purged from the recycle bin.
D.The delete action is allowed but an audit event is generated and the document is still retained for the specified period.
AnswerB

Correct. A record label makes the item a formal record, preventing users from deleting or modifying it.

Why this answer

When a retention label is configured to mark items as records, the items become immutable and locked. In SharePoint Online, records cannot be deleted by users; any attempt to delete a record results in an 'access denied' error because the retention policy overrides standard user permissions to enforce compliance.

Exam trap

The trap here is that candidates often confuse 'records' with 'regulatory records' or assume that retention labels only trigger audit events without blocking actions, but marking as a record strictly prohibits deletion and editing.

How to eliminate wrong answers

Option A is wrong because marking an item as a record does not allow deletion with a copy retained in a preservation hold; instead, deletion is blocked entirely. Option C is wrong because the document is not deleted at all—records cannot be deleted or purged, even from the recycle bin. Option D is wrong because the delete action is not allowed; records are locked to prevent any modification or deletion, and audit events are secondary to the enforced block.

135
MCQeasy

Your organization, Fabrikam Inc., uses Microsoft 365 and has Microsoft Purview licensed. You need to implement a compliance solution to monitor and prevent the sharing of confidential financial data via email. Specifically, you want to: (1) Detect when users send emails containing financial account numbers (e.g., credit card numbers) to external recipients. (2) Automatically block such emails with a policy tip notifying the sender. (3) Allow the sender to override the block if they provide a business justification. (4) Create a report of all blocked emails for compliance review. Which Microsoft Purview feature should you configure?

A.Microsoft Purview Communication Compliance
B.Microsoft Purview Message Encryption
C.Microsoft Purview Data Loss Prevention (DLP)
D.Microsoft Purview Data Lifecycle Management
AnswerC

Correct: DLP policies can detect sensitive data, block emails, show policy tips, and allow override with justification.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies can detect sensitive information in emails and apply actions such as block with policy tip and allow override with justification. DLP also provides incident reports. Option A is for email encryption, not blocking.

Option B is for communication monitoring, not data protection. Option C is for retention, not real-time blocking.

136
MCQhard

A legal department is preparing for litigation. They need to preserve all potentially relevant content in Exchange Online, SharePoint Online, and Teams to prevent deletion or modification. Additionally, they must search across these locations for specific keywords and export the results for external review. Which Microsoft Purview solution should they use?

A.eDiscovery (Standard)
B.Audit (Standard)
C.Data Lifecycle Management
D.Communication Compliance
AnswerA

eDiscovery (Standard) allows legal hold, search, and export of content across Exchange, SharePoint, Teams, and more for legal cases.

Why this answer

eDiscovery (Standard) is the correct solution because it provides the capabilities to place Exchange Online, SharePoint Online, and Teams content on legal hold to preserve it from deletion or modification, and it includes built-in search and export functions for litigation. This solution directly addresses the requirements for preservation, keyword search across multiple workloads, and export for external review.

Exam trap

The trap here is that candidates often confuse Audit (Standard) with eDiscovery because both are in the Purview compliance portal, but Audit only records events while eDiscovery provides the legal hold, search, and export actions required for litigation.

How to eliminate wrong answers

Option B (Audit (Standard)) is wrong because it only logs user and admin activities for security and compliance investigations, but it does not provide legal hold, content search, or export capabilities needed for litigation. Option C (Data Lifecycle Management) is wrong because it focuses on retention and deletion policies based on data governance rules, not on preserving content for a specific legal case or enabling search and export. Option D (Communication Compliance) is wrong because it is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) using policy templates, not to preserve all content for litigation or perform keyword search and export across multiple locations.

137
Multi-Selecthard

Which THREE actions can be performed using Microsoft Purview compliance portal?

Select 3 answers
A.Manage user licenses
B.Conduct eDiscovery searches
C.Create retention policies
D.Configure conditional access policies
E.Manage sensitivity labels
AnswersB, C, E

Search and export content for legal investigations.

Why this answer

The compliance portal allows managing sensitivity labels, creating retention policies, and conducting eDiscovery searches. Managing user licenses is done in Microsoft 365 admin center; setting up conditional access is in Microsoft Entra ID.

138
MCQmedium

A compliance administrator creates a retention policy as shown in the exhibit. What is the overall effect of this policy on content in SharePoint Online?

A.Content is deleted immediately after 7 years from creation.
B.Content is automatically labeled after 7 years.
C.Content is retained indefinitely after 7 years.
D.Content is retained for 7 years and then automatically deleted.
AnswerD

The policy combines retention with a delete action at the end.

Why this answer

The policy retains content for 7 years from creation and then deletes it. 'RetentionAction' is 'Retain' and 'EndAction' is 'Delete'. Content is not permanently retained forever, nor is it deleted immediately. The policy applies to all locations specified.

139
MCQmedium

A company uses Microsoft Teams and wants to ensure that messages containing offensive language are flagged for review. Which Microsoft Purview solution should be used?

A.Microsoft Purview Information Barriers
B.Microsoft Purview Communication Compliance
C.Microsoft Purview Data Loss Prevention
D.Microsoft Purview Audit
AnswerB

Communication Compliance uses classifiers to detect offensive language.

Why this answer

Option C is correct because Communication Compliance in Microsoft Purview detects offensive language in communications. Option A is wrong because DLP protects data from loss, not language. Option B is wrong because Information Barriers restrict communication between segments.

Option D is wrong because Audit logs activities but does not flag content.

140
Multi-Selectmedium

Which TWO Microsoft Purview solutions can be used to protect sensitive data in Microsoft Teams?

Select 2 answers
A.Information barriers
B.Communication compliance
C.Data Loss Prevention (DLP)
D.Sensitivity labels
E.eDiscovery
AnswersC, D

DLP policies can block sharing of sensitive data in Teams.

Why this answer

Correct answers: A and B. DLP policies can prevent sharing of sensitive data in Teams messages. Sensitivity labels can classify and protect Teams files.

Option C is wrong because eDiscovery is for search and export, not protection. Option D is wrong because communication compliance monitors for policy violations but does not protect data. Option E is wrong because information barriers restrict communication between groups.

141
MCQmedium

A compliance officer needs to retain customer records for 7 years and then automatically delete them. However, during an ongoing legal case, the legal team must preserve specific documents indefinitely without affecting the retention policy for other documents. Which combination of Microsoft Purview solutions should the company use?

A.Data Lifecycle Management and eDiscovery
B.Records Management and Audit
C.Information Protection and Data Loss Prevention
D.Communication Compliance and Insider Risk Management
AnswerA

Data Lifecycle Management sets the retention and deletion policy. eDiscovery allows legal holds to preserve specific content for litigation without altering the retention policy.

Why this answer

Data Lifecycle Management (DLM) allows you to define retention policies (e.g., 7 years) and then automatically delete data at the end of that period. eDiscovery (specifically, eDiscovery holds) lets you place a legal hold on specific documents, preserving them indefinitely without altering the broader retention policy. Together, they meet both the automatic deletion requirement and the need to preserve documents during litigation.

Exam trap

The trap here is that candidates confuse Records Management (which can also apply retention and deletion) with Data Lifecycle Management, but Records Management lacks the legal hold capability that eDiscovery provides for preserving specific documents during litigation.

How to eliminate wrong answers

Option B (Records Management and Audit) is wrong because Records Management focuses on declaring records and applying retention labels, but it does not provide the ability to place a legal hold on specific documents during litigation; Audit only tracks activities and does not enforce retention or holds. Option C (Information Protection and Data Loss Prevention) is wrong because Information Protection deals with sensitivity labels and encryption, while Data Loss Prevention prevents unauthorized sharing—neither addresses retention, deletion, or legal holds. Option D (Communication Compliance and Insider Risk Management) is wrong because Communication Compliance monitors for policy violations in communications, and Insider Risk Management detects risky user activities; neither solution manages retention policies or legal holds.

142
MCQhard

A company is implementing Microsoft Purview Communication Compliance to detect inappropriate messages. They need to monitor Microsoft Teams channel messages and chat messages for potential policy violations. Which configuration is required?

A.Enable Microsoft Purview Data Loss Prevention (DLP) policies for Teams.
B.Set up an Exchange Online retention policy to retain Teams messages.
C.Deploy a third-party archiving solution for Teams messages.
D.Configure a Communication Compliance policy that includes Teams messages as the supervised communication channel.
AnswerD

Communication Compliance policies can supervise Teams messages by adding Teams as a channel.

Why this answer

Option A is correct because Communication Compliance policies must include a policy condition that selects Teams messages as the source. Option B is wrong because Communication Compliance supports Teams messages natively. Option C is wrong because enabling Teams-only mode is not required.

Option D is wrong because Exchange Online retention policies are not needed for Communication Compliance.

143
MCQmedium

A company uses Microsoft Purview Compliance Manager to improve their compliance posture. They are preparing for a SOC 2 audit and need to score compliance with SOC 2 controls, track improvement actions, and assign tasks to responsible teams. Which component of Compliance Manager should they use to assign and track specific actions to improve their compliance score?

A.Assessment
B.Control
C.Improvement action
D.Template
AnswerC

Improvement actions are detailed tasks that can be assigned to groups or individuals, tracked, and documented to demonstrate compliance progress.

Why this answer

Improvement actions in Compliance Manager are the specific, actionable tasks that directly impact your compliance score. They represent the steps you need to take (e.g., configuring a policy, enabling logging) to satisfy a control. By assigning these actions to responsible teams and tracking their completion status, you can systematically improve your score and demonstrate progress during a SOC 2 audit.

Exam trap

The trap here is that candidates confuse 'Control' (the requirement) with 'Improvement action' (the task to meet the requirement), leading them to select B, even though controls are not directly assignable or trackable as individual tasks.

How to eliminate wrong answers

Option A is wrong because an Assessment is a container that groups controls from a specific regulation (like SOC 2) and tracks your overall compliance score, but it does not provide the granular, assignable tasks needed to drive improvement. Option B is wrong because a Control is a specific requirement from the regulation (e.g., 'Access must be logged'), but it is not the actionable item you assign to a team; the control is satisfied by completing one or more improvement actions. Option D is wrong because a Template is a reusable blueprint that defines the controls and improvement actions for a regulation (e.g., SOC 2 template), but it is not the mechanism for assigning and tracking individual tasks.

144
Multi-Selecteasy

Which TWO of the following are capabilities of Microsoft Purview Data Loss Prevention?

Select 2 answers
A.Define retention periods for documents.
B.Search for content in Exchange Online mailboxes.
C.Block sharing of sensitive data via email.
D.Automatically apply sensitivity labels to content.
E.Provide policy tips to users when they attempt to share sensitive data.
AnswersC, E

DLP policies can block email sharing of sensitive info.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is designed to detect and prevent the accidental or intentional sharing of sensitive information. Option C is correct because DLP policies can block the sharing of sensitive data via email by inspecting content in transit and applying actions such as blocking the message. Option E is correct because DLP can display policy tips to users in real time, warning them before they share sensitive data and allowing them to override the block with justification.

Exam trap

The trap here is that candidates confuse DLP with other Microsoft Purview solutions: they may think DLP defines retention periods (Records Management), searches content (eDiscovery), or applies sensitivity labels (Information Protection), when in fact DLP focuses on preventing data loss through monitoring and blocking actions, not on lifecycle management or labeling.

145
MCQhard

Refer to the exhibit. You are reviewing a Microsoft Purview sensitivity label configuration. A user reports that a document containing a sensitive info type with confidence 80 was not automatically labeled. What is the most likely cause?

A.The user has overridden the label application.
B.The encryption is disabled.
C.The encryption template ID is missing.
D.The auto-labeling policy is not configured to apply this label.
AnswerD

The label definition alone does not apply labels; an auto-labeling policy must be created to use this label.

Why this answer

Option D is correct because the exhibit shows 'userOverrideEnabled': false, meaning users cannot override, but the auto-labeling minConfidence is 75, so a confidence of 80 should trigger labeling. However, the issue is that the user may have manually removed the label and auto-labeling does not reapply if userOverrideEnabled is false. Actually, re-reading: auto-labeling should apply if confidence >=75.

The exhibit does not show a problem. Wait, the question says 'not automatically labeled'. The exhibit shows auto-labeling configured with minConfidence 75.

Option A is wrong because the template ID is present. Option B is wrong because encryption is enabled. Option C is wrong because user override is false.

The correct answer is that auto-labeling requires a minimum confidence of 75, and 80 meets that. So the issue might be that the label is not published? However, the best answer is D: The auto-labeling policy may not be configured to apply this label. The exhibit only shows the label definition, not the auto-labeling policy that applies it.

So D is correct.

146
MCQmedium

A company uses Microsoft 365 and needs to classify and protect sensitive documents by applying encryption and visual markings (headers/footers) based on the content's sensitivity. They also want to automatically revoke access to documents that leave the organization. Which Microsoft Purview solution should they configure?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview Information Protection
C.Microsoft Purview Communication Compliance
D.Microsoft Purview Audit
AnswerB

Information Protection uses sensitivity labels to classify, encrypt, and apply visual markings to documents, and can enforce revocation of access for external users.

Why this answer

Microsoft Purview Information Protection (B) is the correct solution because it provides the capabilities to classify and protect sensitive documents using sensitivity labels. These labels can enforce encryption and apply visual markings like headers and footers based on content sensitivity. Additionally, Information Protection supports automatic revocation of access to documents that leave the organization through features like rights management and conditional access policies.

Exam trap

The trap here is that candidates may confuse Data Lifecycle Management (retention/deletion) with Information Protection (classification/encryption), or mistakenly think Communication Compliance or Audit can enforce document-level protection and revocation.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Lifecycle Management focuses on retaining and deleting data based on policies, not on classifying, encrypting, or applying visual markings to documents. Option C is wrong because Microsoft Purview Communication Compliance is designed to detect and manage inappropriate communications (e.g., harassment, insider trading) within emails and messages, not to classify or protect document content with encryption or markings. Option D is wrong because Microsoft Purview Audit provides logging and investigation of user and admin activities, not the ability to classify, encrypt, or revoke access to documents.

147
MCQmedium

Your company is implementing data loss prevention (DLP) policies in Microsoft Purview. You need to create a policy that prevents users from sharing credit card numbers via email to external recipients. The policy should only apply to users in the Finance department. Which action should you take?

A.Create a retention label and apply auto-labeling for Finance
B.Create a sensitivity label and publish it to Finance users
C.Copy the default DLP template for financial data and modify it
D.Create a DLP policy, select the Finance user location, and add the credit card number condition
AnswerD

DLP policies can be scoped to specific users and include sensitive info types like credit card numbers.

Why this answer

Option C is correct because DLP policies in Microsoft Purview can be scoped to specific user groups via location selection. Option A is wrong because sensitivity labels are for classification, not DLP enforcement. Option B is wrong because retention labels are for data retention, not DLP.

Option D is wrong because the policy should be created from scratch, not copied from a template that may not match the requirement.

148
MCQhard

You are a compliance administrator for Contoso, a multinational company that uses Microsoft 365. The company has the following requirements: 1. Automatically retain all documents containing personally identifiable information (PII) for 7 years. 2. Prevent users from sharing PII via email with external recipients unless they provide a business justification. 3. Monitor and alert when users access sensitive data outside of business hours. 4. Generate a compliance score for GDPR and ISO 27001. You need to configure the appropriate Microsoft Purview solutions. For each requirement, match the correct solution. Which combination of solutions should you use?

A.Information Protection for retention; DLP for sharing; Data Lifecycle Management for monitoring; Compliance Manager for scoring
B.Data Lifecycle Management for retention; Communication Compliance for sharing; Insider Risk Management for monitoring; Compliance Manager for scoring
C.Data Lifecycle Management for retention; DLP for sharing; Insider Risk Management for monitoring; Compliance Manager for scoring
D.Information Protection for retention; eDiscovery for sharing; Insider Risk Management for monitoring; Compliance Manager for scoring
AnswerC

All requirements are correctly mapped.

Why this answer

Option B is correct because: Requirement 1 is met by a retention policy in Data Lifecycle Management; Requirement 2 is met by a DLP policy with user overrides; Requirement 3 is met by Insider Risk Management (abnormal access); Requirement 4 is met by Compliance Manager. Option A is wrong because Information Protection labels are for classification, not retention. Option C is wrong because Communication Compliance is for communications, not access monitoring.

Option D is wrong because eDiscovery is for legal discovery, not access monitoring.

149
MCQmedium

Your organization uses Microsoft Purview Records Management to manage high-value contracts. You need to ensure that once a contract is declared as a record, it cannot be modified or deleted by any user, including administrators. Which type of record should you use?

A.Disposition review
B.Event-based retention policy
C.Retention label with default settings
D.Regulatory record
AnswerD

Regulatory records are immutable and cannot be deleted or modified by anyone.

Why this answer

Option C is correct because Regulatory records provide the highest level of protection and cannot be modified or deleted by anyone. Option A is wrong because regular retention labels do not lock content. Option B is wrong because event-based retention is for time-based triggers.

Option D is wrong because disposition review is for review before deletion.

150
MCQmedium

A financial services company uses Microsoft 365 and must comply with PCI DSS. They want to automatically prevent users from sending emails that contain credit card numbers to external recipients. If a user tries to send such an email, the system should block the message and notify the user with a policy tip. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP)
B.Communication Compliance
C.Information Protection
D.Insider Risk Management
AnswerA

Microsoft Purview DLP policies can automatically detect sensitive data (e.g., credit card numbers) and take actions such as blocking the email and notifying the sender with a policy tip.

Why this answer

Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect and block sensitive data, such as credit card numbers, in transit (e.g., email). DLP policies can be configured with conditions to match credit card number patterns (using a built-in sensitive info type) and set actions to block the message and display a policy tip to the sender, meeting the PCI DSS compliance requirement.

Exam trap

The trap here is that candidates often confuse Information Protection (labels/encryption) with DLP, but Information Protection does not provide real-time blocking of outbound data; it only applies protection after classification, whereas DLP actively monitors and blocks data in motion.

How to eliminate wrong answers

Option B is wrong because Communication Compliance is designed to detect and remediate inappropriate or policy-violating communications (e.g., harassment, insider trading), not to block sensitive data like credit card numbers in email. Option C is wrong because Information Protection (e.g., sensitivity labels and encryption) focuses on classifying and protecting data at rest or in transit via encryption, but it does not automatically block outbound emails containing credit card numbers or provide policy tips. Option D is wrong because Insider Risk Management is used to detect, investigate, and act on risky user activities (e.g., data theft, leaks) based on analytics, not to enforce real-time blocking of specific data patterns in email.

← PreviousPage 2 of 5 · 333 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Describe the capabilities of Microsoft compliance solutions questions.