CCNA Describe the capabilities of Microsoft compliance solutions Questions

75 of 333 questions · Page 3/5 · Describe the capabilities of Microsoft compliance solutions · Answers revealed

151
MCQhard

A company receives a subject rights request (SRR) from a customer under GDPR, asking for the deletion of all personal data held about them. The compliance team needs a tool to orchestrate the discovery of this data across Microsoft 365 and other systems, and to track the response and fulfillment of the request. Which Microsoft Purview solution should they use?

A.Microsoft Purview eDiscovery
B.Microsoft Purview Audit
C.Microsoft Purview Data Lifecycle Management (retention labels)
D.Microsoft Priva (Privacy Management)
AnswerD

Microsoft Priva provides a centralized solution to handle subject rights requests, including automated data discovery across Microsoft 365 and other connected systems, and tracking the entire fulfillment process.

Why this answer

Microsoft Priva (Privacy Management) is the correct solution because it is specifically designed to help organizations manage subject rights requests (SRRs) under regulations like GDPR. It automates the discovery of personal data across Microsoft 365 and connected systems, provides a workflow to track the request lifecycle, and facilitates the fulfillment of actions such as deletion. This directly addresses the compliance team's need to orchestrate discovery and track response for an SRR.

Exam trap

The trap here is that candidates often confuse eDiscovery (which handles legal holds and litigation) with privacy management (which handles subject rights requests), but eDiscovery lacks the automated SRR workflow and privacy-specific orchestration that Priva provides.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview eDiscovery is focused on legal discovery for litigation or investigations, not on managing privacy subject rights requests; it lacks the automated workflow for SRR fulfillment and tracking. Option B is wrong because Microsoft Purview Audit is a logging and monitoring tool for auditing user and admin activities, not a solution for orchestrating data discovery or responding to deletion requests. Option C is wrong because Microsoft Purview Data Lifecycle Management (retention labels) is used to apply retention and deletion policies to data based on business or regulatory requirements, not to handle the end-to-end process of a subject rights request.

152
MCQmedium

A compliance officer needs to investigate a potential data exfiltration incident. They must search the unified audit log for all activities where users accessed a specific sensitive SharePoint site in the last 7 days. Additionally, they need to create a custom alert that triggers when more than 10 file downloads occur from that site within an hour. Which Microsoft Purview solution should they use?

A.Microsoft Purview Audit (Standard)
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview eDiscovery
D.Microsoft Purview Communications Compliance
AnswerA

Audit (Standard) allows searching the unified audit log for user and admin activities and creating alert policies to detect specific patterns like a spike in file downloads. This directly meets both requirements.

Why this answer

Microsoft Purview Audit (Standard) logs all user activities, including file accesses and downloads from SharePoint sites, for 90 days. The compliance officer can search the unified audit log for the specific site's activities over the last 7 days and create custom alert policies (e.g., threshold-based alerts for >10 downloads per hour) using the Microsoft 365 Defender portal. This makes Audit (Standard) the correct solution for both investigation and alerting.

Exam trap

The trap here is that candidates confuse the investigative and alerting capabilities of Audit (Standard) with the preventive controls of DLP, assuming DLP can retroactively search logs or create threshold-based alerts, when in fact DLP only applies real-time policies to content in transit or at rest.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to prevent data exfiltration by applying policies (e.g., blocking or warning on sensitive data sharing), not to search historical audit logs or create activity-based threshold alerts. Option C is wrong because Microsoft Purview eDiscovery is used for legal holds, content search, and export of data for litigation, not for real-time alerting or unified audit log searches for incident investigation. Option D is wrong because Microsoft Purview Communications Compliance focuses on monitoring internal and external communications (e.g., email, Teams) for policy violations like harassment or insider trading, not on SharePoint file download activity or audit log searches.

153
MCQeasy

Your company uses Microsoft Purview to manage records. You need to ensure that financial records are retained for 7 years and then permanently deleted. Which type of policy should you create?

A.A retention policy with a retention period of 7 years and then delete
B.A sensitivity label set to 'Financial' with auto-labeling
C.A retention label that triggers a disposition review after 7 years
D.A DLP policy that blocks sharing of financial records
AnswerA

A retention policy can automatically delete content after the retention period.

Why this answer

Option C is correct because a retention policy with a retention period of 7 years and then deletion will meet the requirement. Option A is wrong because a retention label with a disposition review does not guarantee automatic deletion. Option B is wrong because a DLP policy prevents data loss, not retention.

Option D is wrong because a sensitivity label does not manage retention.

154
MCQmedium

A financial organization needs to automatically detect documents containing credit card numbers in SharePoint Online and apply a sensitivity label that encrypts the document and restricts editing to internal users. The label must also be automatically assigned when the sensitive content is detected. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP)
B.Information Protection (Sensitivity Labels)
C.Audit (Unified Audit Log)
D.eDiscovery (Content Search)
AnswerB

Sensitivity labels with auto-labeling rules can detect sensitive content and automatically apply encryption, headers, and permissions.

Why this answer

Option B is correct because Microsoft Purview Information Protection (sensitivity labels) supports automatic labeling based on sensitive content types (e.g., credit card numbers) using built-in or custom sensitive info types. When configured with auto-labeling policies, the label can be applied automatically in SharePoint Online, enforcing encryption and restricting editing to internal users via rights management.

Exam trap

The trap here is that candidates often confuse Data Loss Prevention (DLP) with auto-labeling, assuming DLP can apply sensitivity labels, but DLP only detects and blocks—it does not assign labels or enforce persistent protection like encryption and editing restrictions.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) policies detect and block or warn about sensitive data, but they do not automatically apply sensitivity labels or enforce encryption and editing restrictions; DLP focuses on preventing data exfiltration, not on persistent protection via labels. Option C is wrong because Audit (Unified Audit Log) records user and admin activities for forensic analysis but cannot automatically detect content or apply labels; it is a logging mechanism, not a protection or labeling solution. Option D is wrong because eDiscovery (Content Search) is used for searching and exporting content for legal or investigative purposes, not for automatic detection and labeling of sensitive data in real time.

155
Multi-Selecthard

A company must comply with the General Data Protection Regulation (GDPR). They need a unified solution that provides a compliance score, actionable recommendations to improve their security posture, and the ability to track their progress over time. Additionally, they want to assign improvement actions to specific teams and automate the collection of evidence for controls. Which two Microsoft Purview solutions should the administrator use? (Select two.)

Select 2 answers
A.Compliance Manager
B.Data Lifecycle Management
C.Insider Risk Management
D.Audit (Premium)
AnswersA, D

Compliance Manager offers a compliance score, continuous assessment, recommended improvement actions, and evidence collection workflows.

Why this answer

Compliance Manager is correct because it provides a unified compliance score, actionable recommendations to improve security posture, and the ability to track progress over time. It also allows administrators to assign improvement actions to specific teams and automate evidence collection for controls, directly meeting all the stated GDPR compliance requirements.

Exam trap

The trap here is that candidates may confuse Audit (Premium) as a primary compliance management tool, but it only provides logging and investigation capabilities, not the scoring, recommendations, or task assignment features required by the question.

156
MCQeasy

A company wants to automatically detect and remediate compliance issues such as sharing sensitive data externally. Which Microsoft Purview solution should they use?

A.Microsoft Purview Records Management
B.Microsoft Purview Data Loss Prevention
C.Microsoft Purview eDiscovery
D.Microsoft Purview Audit
AnswerB

DLP policies detect and prevent unauthorized sharing.

Why this answer

Option D is correct because Microsoft Purview Data Loss Prevention prevents unauthorized sharing of sensitive data. Option A is wrong because eDiscovery is for legal discovery. Option B is wrong because Audit is for logging.

Option C is wrong because Records Management is for managing records.

157
MCQhard

A multinational corporation stores highly sensitive intellectual property in SharePoint Online. To meet regulatory requirements, they need an additional layer of encryption beyond Microsoft's baseline encryption. The company wants to manage their own encryption keys using Azure Key Vault, so that if they remove the key from the service, the data becomes unreadable. Which Microsoft Purview solution should they implement?

A.Double Key Encryption
B.Customer Key
C.Information Rights Management
D.Customer Lockbox
AnswerB

Correct. Microsoft Purview Customer Key allows customers to provide and manage their own encryption keys using Azure Key Vault, providing an additional layer of encryption on top of the baseline. Data is encrypted using these keys, and the customer can control key access.

Why this answer

Customer Key (Option B) is the correct solution because it provides the ability to control and manage the encryption keys used to encrypt data at rest in Microsoft 365, including SharePoint Online. By using Azure Key Vault to store the keys, the organization can revoke access at any time, rendering the data unreadable—a key requirement for meeting regulatory obligations. This goes beyond Microsoft's baseline encryption by adding a customer-controlled layer of encryption.

Exam trap

The trap here is that candidates often confuse Customer Key with Double Key Encryption, mistakenly thinking DKE is required for customer-managed keys in Azure Key Vault, when in fact Customer Key is the correct solution for managing encryption keys at rest across Microsoft 365 workloads.

How to eliminate wrong answers

Option A is wrong because Double Key Encryption (DKE) uses two keys—one held by Microsoft and one held by the customer—but it is designed for protecting the most sensitive data with a key that never leaves the customer's control, not for managing encryption keys via Azure Key Vault for all data at rest; it also does not allow key removal to make data unreadable in the same way Customer Key does. Option C is wrong because Information Rights Management (IRM) applies usage restrictions (e.g., preventing copy, print, or forward) to documents and emails, but it does not provide customer-managed encryption keys or the ability to render data unreadable by key removal. Option D is wrong because Customer Lockbox provides a controlled approval process for Microsoft engineers to access customer data during support requests, but it does not involve encryption key management or data encryption at rest.

158
MCQmedium

Your organization uses Microsoft Purview Audit to investigate a security incident. You need to search for activities performed by a specific user over the past 90 days. Which solution should you use?

A.Microsoft Purview Audit (Standard)
B.Microsoft Purview Audit (Premium)
C.Microsoft Defender XDR Advanced Hunting
D.Microsoft Purview eDiscovery (Standard)
AnswerA

Audit Standard retains audit logs for 90 days by default.

Why this answer

Option C is correct because Audit (Standard) provides 90-day retention for audit logs. Option A is wrong because Audit (Premium) provides longer retention but is not required. Option B is wrong because Content Search is for eDiscovery.

Option D is wrong because Advanced Hunting is for Microsoft 365 Defender.

159
MCQmedium

A legal team is managing a large litigation case involving over two million documents in SharePoint Online and Exchange Online. They want to reduce the time required for manual review by using a machine learning model that learns from a seed set of relevant and non-relevant documents and then predicts the relevance of the remaining documents. Which Microsoft Purview solution provides this advanced analytical capability?

A.Communication Compliance
B.eDiscovery (Standard)
C.eDiscovery (Premium)
D.Audit (Premium)
AnswerC

eDiscovery (Premium) builds on Standard with advanced features like predictive coding, text analytics, and near-duplicate identification to streamline large-scale document review.

Why this answer

eDiscovery (Premium) in Microsoft Purview provides advanced analytics capabilities, including predictive coding, which uses machine learning models trained on a seed set of relevant and non-relevant documents to automatically predict the relevance of the remaining content. This directly addresses the legal team's need to reduce manual review time for over two million documents in SharePoint Online and Exchange Online.

Exam trap

The trap here is that candidates often confuse eDiscovery (Standard) with eDiscovery (Premium) because both involve searching and holding content, but only Premium includes the advanced analytics and machine learning capabilities described in the scenario.

How to eliminate wrong answers

Option A is wrong because Communication Compliance is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) using policy templates and classifiers, not to perform predictive relevance scoring on litigation documents. Option B is wrong because eDiscovery (Standard) offers basic search and hold capabilities but lacks the machine learning-based predictive coding and advanced analytics found in eDiscovery (Premium). Option D is wrong because Audit (Premium) provides detailed logging and investigation of user and admin activities, not document relevance prediction or review analytics.

160
MCQhard

Your organization uses Microsoft Purview Communication Compliance to detect harassing messages. You receive an alert for a message that appears to be a joke between colleagues. What should you do to prevent similar false positives?

A.Train users not to joke about sensitive topics
B.Delete the alert and ignore future similar messages
C.Refine the policy conditions to exclude certain keywords or users
D.Turn off the policy and use a different solution
AnswerC

Refining conditions reduces false positives while maintaining detection.

Why this answer

Option C is correct because you can refine the policy conditions to reduce false positives, such as excluding certain words or users. Option A is wrong because turning off the policy would stop detection entirely. Option B is wrong because training users may not address the policy configuration.

Option D is wrong because the correct action is to adjust the policy, not delete it.

161
Multi-Selecteasy

Which TWO features are part of Microsoft Purview Information Protection?

Select 2 answers
A.Communication monitoring
B.Retention policies
C.Automatic classification based on sensitive content
D.Sensitivity labels
E.Audit log investigation
AnswersC, D

Automatic classification is a key capability of Information Protection.

Why this answer

Information Protection includes sensitivity labels and automatic classification. Data Lifecycle Management is a separate solution. Communication Compliance is separate.

Audit is separate.

162
Multi-Selectmedium

Which TWO actions can be performed using Microsoft Purview Data Lifecycle Management?

Select 2 answers
A.Create a retention policy to keep financial records for 7 years
B.Monitor internal emails for policy violations
C.Create a deletion policy to remove old drafts after 30 days
D.Block sharing of sensitive files with external users
E.Automatically classify documents containing PII
AnswersA, C

Retention policies are a core feature of Data Lifecycle Management.

Why this answer

Data Lifecycle Management allows creating retention policies to keep content for a specified period and deletion policies to remove content after a period. It does not classify content (Information Protection) or monitor communications (Communication Compliance).

163
MCQmedium

A healthcare organization must demonstrate compliance with HIPAA by assessing their current posture against regulatory controls, tracking improvement actions, and generating reports for auditors. Which Microsoft Purview solution should they use?

A.Microsoft Purview Information Protection
B.Microsoft Purview Data Lifecycle Management
C.Microsoft Purview Compliance Manager
D.Microsoft Purview Insider Risk Management
AnswerC

Compliance Manager provides pre-built assessments for regulations like HIPAA, allows tracking of improvement actions, and generates compliance reports.

Why this answer

Microsoft Purview Compliance Manager is the correct solution because it provides a built-in assessment template for HIPAA, enabling the organization to assess its current compliance posture against regulatory controls, track improvement actions, and generate auditor-ready reports. It offers a compliance score, automated control mapping, and evidence collection workflows specifically designed for regulatory frameworks like HIPAA.

Exam trap

The trap here is that candidates confuse Compliance Manager (which assesses and tracks compliance posture) with Information Protection (which protects data) or Insider Risk Management (which detects risky behavior), because all three are Purview solutions but serve fundamentally different compliance lifecycle stages.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Information Protection focuses on classifying, labeling, and protecting sensitive data (e.g., encryption, rights management), not on assessing compliance posture or tracking improvement actions against regulatory controls. Option B is wrong because Microsoft Purview Data Lifecycle Management handles data retention, deletion, and archiving policies (e.g., retention labels, records management), not compliance assessment or audit reporting for HIPAA. Option D is wrong because Microsoft Purview Insider Risk Management detects and investigates risky user activities (e.g., data exfiltration, policy violations), not compliance posture assessment or improvement tracking against regulatory frameworks.

164
MCQhard

Your organization is implementing Microsoft Purview Communication Compliance to detect potential regulatory violations. You need to configure a policy that alerts when employees discuss insider trading in emails and Microsoft Teams messages. The solution should minimize false positives. Which action should you take?

A.Include all message types without filtering
B.Use a trainable classifier and train it with sample data
C.Create a global keyword list of insider trading terms
D.Set the policy sensitivity threshold to 90%
AnswerB

Trainable classifiers learn from examples and improve detection accuracy.

Why this answer

Option B is correct because training trainable classifiers with relevant sample data improves accuracy and reduces false positives. Option A is wrong because increasing the sensitivity threshold reduces alerts, increasing false negatives. Option C is wrong because including all messages increases noise.

Option D is wrong because a global keyword list is less accurate than a trainable classifier.

165
MCQhard

Your organization uses Microsoft Purview Audit (Standard) and needs to investigate a data breach that occurred 120 days ago. You discover that the required audit logs are not available. What is the most likely reason?

A.The user does not have an appropriate license
B.Audit log retention is limited to 90 days for Audit (Standard)
C.The organization has insufficient storage
D.The audit logs were manually deleted by an administrator
AnswerB

Audit (Standard) retains logs for 90 days; beyond that, logs are purged.

Why this answer

Microsoft Purview Audit (Standard) retains audit logs for only 90 days. Option C is correct. Audit (Premium) retains logs for 1 year.

Licenses and storage are not the issue.

166
MCQeasy

A financial services firm is required by regulatory bodies to monitor employee communications (email, Teams chats) for potential insider trading or market manipulation. They need a solution that allows them to define policies to detect messages containing specific keywords or phrases (e.g., 'confidential', 'insider info'), and then assign flagged messages to designated reviewers for investigation. Which Microsoft Purview solution should they use?

A.Microsoft Purview Communication Compliance
B.Microsoft Purview Insider Risk Management
C.Microsoft Purview eDiscovery (Standard or Premium)
D.Microsoft Purview Audit (Standard or Premium)
AnswerA

Correct. Communication Compliance allows policy-based detection of inappropriate or risky messages in communications and provides a review workflow for compliance officers.

Why this answer

Microsoft Purview Communication Compliance is the correct solution because it is specifically designed to detect policy violations in employee communications, such as email and Teams chats, by scanning for sensitive keywords or phrases like 'confidential' or 'insider info'. It then automatically flags and routes these messages to designated reviewers for investigation, directly meeting the regulatory requirement for monitoring potential insider trading or market manipulation.

Exam trap

The trap here is confusing Insider Risk Management (which focuses on behavioral analytics and user risk scores) with Communication Compliance (which directly scans communication content for specific text patterns), leading candidates to choose the wrong solution for keyword-based message monitoring.

How to eliminate wrong answers

Option B (Insider Risk Management) is wrong because it focuses on detecting risky user behaviors and activities (e.g., data exfiltration, unusual file access) rather than scanning the content of communications for specific keywords or phrases. Option C (eDiscovery) is wrong because it is used for searching and exporting content as part of legal or regulatory investigations after an incident has been identified, not for proactive policy-based monitoring and flagging of communications. Option D (Audit) is wrong because it logs user and admin activities for forensic review but does not analyze message content for policy violations or assign flagged items to reviewers.

167
MCQhard

A financial services company is required by the Payment Card Industry Data Security Standard (PCI-DSS) to retain all documents containing credit card numbers for at least seven years. The compliance team has created a custom sensitive information type (SIT) to detect credit card numbers in Microsoft 365. They want to automatically apply a retention label (e.g., "7-Year Retention") to any document in SharePoint or OneDrive that matches this SIT. Which Microsoft Purview solution should they configure to apply the label automatically based on content?

A.Data Loss Prevention (DLP)
B.Insider Risk Management
C.Communication Compliance
D.Data Lifecycle Management
AnswerD

Data Lifecycle Management provides auto-apply retention label policies that can use sensitive information types (SITs) to classify and retain content automatically. This is the correct solution to apply a retention label based on content detection.

Why this answer

Data Lifecycle Management (DLM) in Microsoft Purview is the solution specifically designed for automatically applying retention labels based on conditions like sensitive information types (SITs). By creating a retention label policy with auto-labeling rules that reference the custom SIT for credit card numbers, DLM can automatically assign the '7-Year Retention' label to documents in SharePoint and OneDrive that contain PCI-DSS data, ensuring compliance with retention requirements.

Exam trap

The trap here is that candidates confuse Data Loss Prevention (DLP) with Data Lifecycle Management because both use sensitive information types, but DLP is for protection (blocking/sharing) while DLM is for governance (retention/deletion).

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) is focused on preventing unauthorized sharing or leakage of sensitive data through policies that block or warn users, not on automatically applying retention labels for lifecycle management. Option B is wrong because Insider Risk Management is designed to detect and investigate risky user activities (e.g., data exfiltration) using behavioral analytics, not to apply retention labels based on content matching. Option C is wrong because Communication Compliance monitors communications (e.g., email, Teams) for policy violations like harassment or insider trading, not for applying retention labels to documents in SharePoint or OneDrive.

168
MCQmedium

A company uses Microsoft Purview Information Protection to classify and protect sensitive data. They want to automatically apply a sensitivity label to documents containing credit card numbers. Which should you configure?

A.Use a manual labeling policy requiring users to apply labels
B.Create a trainable classifier for credit card patterns
C.Configure an auto-labeling policy with a sensitive info type for credit card numbers
D.Set up a data classification activity explorer to monitor credit card usage
AnswerC

Auto-labeling policies can use sensitive info types to automatically apply labels.

Why this answer

Option B is correct because auto-labeling policies can automatically apply sensitivity labels based on sensitive information types like credit card numbers. Option A is wrong because trainable classifiers are for more complex patterns. Option C is wrong because manual labeling requires user action.

Option D is wrong because activity explorer is a monitoring tool.

169
MCQmedium

An organization needs to prevent users from sharing files containing trade secrets with external parties via email. The solution must allow internal sharing. Which Microsoft Purview capability should be configured?

A.Microsoft Purview Communication Compliance
B.Microsoft Purview Data Loss Prevention policies
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Sensitivity Labels with encryption
AnswerB

DLP policies can block sharing of sensitive data via email and other channels.

Why this answer

Option B is correct because Microsoft Purview DLP can be configured to block external sharing of emails and attachments containing sensitive info. Option A is wrong because Sensitivity Labels control access and encryption but don't block sharing by themselves. Option C is wrong because Data Lifecycle Management handles retention.

Option D is wrong because Communication Compliance monitors for policy violations, not block sharing.

170
MCQhard

A multinational corporation must comply with regulations that require them to keep financial records for 7 years and then permanently delete them. However, they are currently involved in litigation that requires preservation of all documents related to a specific project. They use Microsoft Purview. Which combination of features should they use to meet both requirements?

A.Data Lifecycle Management to retain for 7 years then delete, and eDiscovery (Premium) to place a legal hold on the project documents
B.Data Lifecycle Management to retain for 7 years then delete, and Sensitivity labels to mark documents
C.Audit (Premium) to log access and eDiscovery (Premium) to search
D.Information Protection to classify data and Data Lifecycle Management to retain
AnswerA

This combination correctly applies a retention-delete policy for financial records and uses legal hold to preserve the specific project documents during litigation.

Why this answer

Option A is correct because Data Lifecycle Management (DLM) allows you to create retention labels that enforce a 7-year retention period followed by automatic deletion, satisfying the regulatory requirement. eDiscovery (Premium) provides the ability to place a legal hold on specific documents, which overrides the deletion policy to preserve data relevant to ongoing litigation. This combination ensures both compliance with the retention/deletion mandate and the preservation obligation.

Exam trap

The trap here is that candidates often confuse Sensitivity labels (which mark or protect data) with retention labels (which enforce lifecycle policies), or assume eDiscovery alone can handle both retention and hold, missing the need for DLM to define the deletion schedule.

How to eliminate wrong answers

Option B is wrong because Sensitivity labels are used for classification and protection (e.g., encryption, marking) but do not provide legal hold functionality to override deletion policies. Option C is wrong because Audit (Premium) logs user activities but does not enforce retention or deletion, and eDiscovery (Premium) alone cannot set a retention schedule; it needs DLM for the lifecycle policy. Option D is wrong because Information Protection classifies data but does not enforce retention or deletion schedules, and DLM alone cannot place a legal hold to preserve documents during litigation.

171
MCQhard

A financial company needs to prevent any communication between their mergers and acquisitions (M&A) team and the trading desk across all Microsoft 365 channels, including email, Microsoft Teams, and SharePoint. They must ensure that no user in one group can send emails to or chat with users in the other group. Which Microsoft Purview solution should they implement?

A.Information Barriers
B.Communication Compliance
C.Data Lifecycle Management
D.Data Loss Prevention (DLP)
AnswerA

Correct. Information Barriers enforce restrictions between user segments to prevent unwanted communication and collaboration.

Why this answer

Information Barriers (IB) is the correct solution because it is specifically designed to prevent communication and collaboration between two user groups across Microsoft 365 services, including email, Teams, and SharePoint. By defining policies that block segments (e.g., M&A team and trading desk), IB enforces restrictions at the transport, chat, and document level, ensuring no email, chat, or file sharing occurs between the groups. This directly addresses the requirement to isolate the M&A team from the trading desk across all channels.

Exam trap

The trap here is that candidates often confuse Information Barriers with Communication Compliance, mistakenly thinking that monitoring and blocking are the same, but Communication Compliance only detects and reports violations after the fact, whereas Information Barriers proactively prevents communication from occurring.

How to eliminate wrong answers

Option B (Communication Compliance) is wrong because it is designed for monitoring and detecting policy violations (e.g., insider trading, harassment) after communication occurs, not for proactively blocking communication between groups. Option C (Data Lifecycle Management) is wrong because it focuses on retaining or deleting data based on age or classification, not on restricting communication between users. Option D (Data Loss Prevention) is wrong because it prevents sensitive data from being shared externally or with unauthorized users, but it does not block all communication between two internal groups across all channels.

172
MCQmedium

You are the compliance administrator for a healthcare organization that must comply with HIPAA. You need to automatically detect and prevent patients' protected health information (PHI) from being shared via email. Additionally, you need to retain all emails containing PHI for 6 years. You also need to allow users to manually classify documents as 'Medical Record' with encryption that expires after 30 days. Which combination of Microsoft Purview solutions should you implement?

A.Data Loss Prevention (DLP) policy to block PHI; retention policy for 6 years on emails containing PHI; sensitivity label with encryption and expiration
B.Data Loss Prevention (DLP) policy to block PHI; eDiscovery to retain emails; sensitivity label with encryption
C.Retention label for 6 years; sensitivity label with encryption; communication compliance to monitor sharing
D.Data Loss Prevention (DLP) policy to block PHI; auto-labeling policy to apply retention label; no manual label needed
AnswerA

DLP blocks sharing; retention policy retains; sensitivity label provides manual classification with encryption and expiration.

Why this answer

DLP detects and prevents sharing of PHI via email. A retention policy retains emails containing PHI for 6 years. A sensitivity label allows users to manually apply encryption with expiration.

Option B: DLP handles prevention, retention policy handles retention, sensitivity label handles manual classification. Option A: eDiscovery does not prevent sharing. Option C: only uses DLP, no retention or manual label.

Option D: retention label cannot expire encryption.

173
MCQmedium

An organization needs to automatically apply a 'Confidential' label to documents that contain EU personal data, and also encrypt those documents. Which Microsoft Purview feature should they configure?

A.Data Loss Prevention (DLP) policy
B.Retention label policy
C.Data classification service
D.Auto-labeling policy
AnswerD

Automatically applies sensitivity labels based on conditions, and labels can include encryption.

Why this answer

Auto-labeling policies can be configured to automatically apply sensitivity labels based on sensitive info types like EU personal data. Sensitivity labels support encryption. Data classification is a prerequisite, but auto-labeling is the feature that applies the label automatically.

174
Multi-Selecthard

Which THREE capabilities are part of Microsoft Purview Data Lifecycle Management?

Select 3 answers
A.Retention labels
B.Data Loss Prevention policies
C.Retention policies
D.eDiscovery
E.Records management
AnswersA, C, E

Retention labels are used to apply retention settings to items.

Why this answer

Data Lifecycle Management includes retention policies, retention labels, and records management. DLP is data loss prevention, not lifecycle management. eDiscovery is discovery. So correct: A, B, D.

175
MCQhard

A legal team is preparing for litigation and needs to collect relevant data from Microsoft Teams chats, email, and SharePoint documents. They need to place a hold on the data to prevent deletion, review it, and then use advanced analytics such as relevance ranking and email threading to reduce the review set. Which Microsoft Purview solution should they use to perform these tasks?

A.Microsoft Purview eDiscovery (Standard)
B.Microsoft Purview Copilot
C.Microsoft Purview eDiscovery (Premium)
D.Microsoft Purview Compliance Manager
AnswerC

eDiscovery (Premium) builds on Standard by adding intelligent analytics including relevance, email threading, and near-duplicate detection, as well as advanced review workflows for large volumes of data.

Why this answer

Microsoft Purview eDiscovery (Premium) is the correct solution because it provides the full lifecycle of legal hold, collection, review, and advanced analytics such as relevance ranking, email threading, and predictive coding. These capabilities are specifically designed for complex litigation scenarios, whereas the Standard edition lacks the advanced analytics features needed to reduce the review set.

Exam trap

The trap here is that candidates confuse eDiscovery (Standard) with eDiscovery (Premium) because both support holds and searches, but only Premium includes the advanced analytics features explicitly mentioned in the question.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview eDiscovery (Standard) supports basic hold and search but does not include advanced analytics like relevance ranking or email threading. Option B is wrong because Microsoft Purview Copilot is an AI assistant for productivity, not a compliance solution for legal hold, collection, or analytics. Option D is wrong because Microsoft Purview Compliance Manager is used for assessing and managing compliance posture against regulations, not for eDiscovery workflows or data hold and review.

176
MCQmedium

Your legal team needs to search for all emails from a specific executive that mention a project name 'ProjectX' for a litigation hold. Which Microsoft Purview tool should they use?

A.Microsoft Purview Communication Compliance
B.Microsoft Purview Data Loss Prevention
C.Microsoft Purview Audit
D.Microsoft Purview eDiscovery
AnswerD

eDiscovery allows searching and exporting content relevant to litigation.

Why this answer

Microsoft Purview eDiscovery (Standard or Premium) allows searching across Exchange, SharePoint, etc. for specific keywords and custodians. Option A is wrong because Audit only shows activity logs, not content. Option B is wrong because DLP is for policy enforcement.

Option D is wrong because Communication Compliance monitors communications for policy violations, not litigation searches.

177
MCQmedium

A compliance administrator creates the DLP policy shown in the exhibit. When a user shares a document containing a credit card number with an external partner, what is the expected outcome?

A.The document is blocked from being shared externally, and the user receives a notification.
B.The document is automatically deleted.
C.A sensitivity label is automatically applied.
D.The document is blocked from being shared both internally and externally.
AnswerA

The action 'BlockAccess' with 'BlockExternal' blocks external sharing, and 'NotifyUser' sends a notification.

Why this answer

The policy blocks access when sharing externally (BlockExternal) and notifies the user. Access is not blocked for internal sharing, and the document is not deleted or automatically labeled.

178
MCQeasy

A company wants to ensure that emails containing credit card numbers are blocked from being sent externally. Which Microsoft Purview solution should they use?

A.Sensitivity labels
B.Communication compliance
C.Information barriers
D.Data Loss Prevention (DLP) policy
AnswerD

DLP policies detect and block sharing of sensitive data.

Why this answer

Option B is correct because Microsoft Purview Data Loss Prevention (DLP) policies can detect sensitive information like credit card numbers and block external sharing. Option A is wrong because sensitivity labels classify data but do not prevent sharing. Option C is wrong because communication compliance monitors for policy violations but does not block data exfiltration.

Option D is wrong because information barriers restrict communication between specific groups, not sensitive data.

179
MCQhard

You are investigating a potential data leak. You need to find all emails that contain the word 'confidential' sent to external recipients in the last 30 days. Which Microsoft Purview tool should you use?

A.Communication Compliance
B.Audit Log Search
C.Content Search
D.Data loss prevention (DLP) policy
AnswerC

Content Search can find specific content in emails.

Why this answer

Option C is correct because Content Search in Microsoft Purview can search for specific keywords in emails and filter by date and recipients. Option A is wrong because Audit Log Search tracks activities, not content. Option B is wrong because DLP policies prevent leaks but do not provide historical search.

Option D is wrong because Communication Compliance monitors for policy violations but is not optimized for ad-hoc content search.

180
Multi-Selecthard

A healthcare organization is implementing Microsoft Purview Data Lifecycle Management to retain medical records for 7 years. Which THREE components must be configured to achieve this retention requirement?

Select 3 answers
A.Create a retention label policy to publish the label.
B.Create a retention label with a retention period of 7 years.
C.Apply a sensitivity label to classify the records.
D.Configure adaptive scopes to target the relevant users or sites.
E.Implement Data Loss Prevention (DLP) policies to prevent data exfiltration.
AnswersA, B, D

Publishing the label makes it available for application.

Why this answer

Option A is correct because a retention label with the appropriate duration is needed. Option B is correct because a retention label policy publishes the label. Option C is correct because adaptive scopes allow targeting specific users or content.

Option D is wrong because Data Loss Prevention policies are for preventing data leaks, not retention. Option E is wrong because sensitivity labels are for classification, not retention.

181
MCQeasy

A company stores customer data in Microsoft 365 and needs to identify which data is subject to GDPR. Which Microsoft Purview solution should be used?

A.Data Lifecycle Management
B.Data Loss Prevention
C.Audit
D.Data Classification
AnswerD

Data Classification in Microsoft Purview helps discover and classify sensitive data, including personal data subject to GDPR.

Why this answer

Microsoft Purview Data Classification enables organizations to identify and classify sensitive data across their Microsoft 365 environment. This includes detecting personal data that may be subject to regulations like GDPR. The other options serve different purposes: lifecycle management for retention, DLP for protection, and audit for logging.

182
MCQhard

An organization uses Microsoft Purview Information Protection. They want to ensure that when a user manually applies a 'Highly Confidential' sensitivity label to a document, the label is automatically applied to any new content pasted from that document into another app. Which configuration should they enable?

A.Marking content as sensitive
B.Data Loss Prevention policies
C.Encryption with rights management
D.Auto-labeling policies
AnswerA

Marking content as sensitive tracks the sensitivity label when content is copied.

Why this answer

Option D is correct because Microsoft Purview Information Protection supports markdown of sensitive content, which tracks the label when content is copied. Option A is wrong because auto-labeling is for automated classification, not manual application. Option B is wrong because encryption is a protection action, not a tracking mechanism.

Option C is wrong because DLP policies do not track labels across copy-paste.

183
MCQeasy

A company wants to automatically classify and protect sensitive documents stored in SharePoint Online. The compliance administrator needs to create a policy that detects credit card numbers and applies encryption. Which Microsoft Purview solution should the administrator use?

A.Communication Compliance
B.Sensitivity labels with auto-labeling
C.Microsoft Entra ID
D.Data Lifecycle Management
AnswerB

Sensitivity labels with auto-labeling can automatically classify and encrypt documents based on sensitive content.

Why this answer

Sensitivity labels with auto-labeling in Microsoft Purview Information Protection can automatically classify and encrypt documents containing sensitive data like credit card numbers. Data Lifecycle Management (formerly retention) focuses on retention and deletion, not automatic protection. Communication Compliance monitors communications for policy violations.

Microsoft Entra ID is an identity service.

184
MCQmedium

Refer to the exhibit. You are reviewing a sensitivity label configuration in Microsoft Purview. Based on the exhibit, what is the result when a user applies this label to a document?

A.The label is automatically removed after one year
B.The document is automatically deleted after 30 days
C.The document is encrypted and a header/footer is added
D.The document can be printed but not edited
AnswerC

Encryption and markings are both configured.

Why this answer

The exhibit shows encryption enabled and header/footer markings. Encryption prevents unauthorized access, and markings add text. Option B is correct.

The label does not automatically delete the document or prevent printing. It does not remove the label after a period.

185
MCQmedium

Your organization uses Microsoft 365 and wants to automatically quarantine suspicious emails before they reach users' inboxes. Which solution should you configure?

A.Microsoft Purview Data Loss Prevention
B.Microsoft Sentinel
C.Microsoft Intune
D.Microsoft Defender for Office 365
AnswerD

Defender for Office 365 quarantines malicious emails.

Why this answer

Option A is correct because Microsoft Defender for Office 365 (part of Microsoft 365 Defender) includes Safe Attachments and Safe Links that can quarantine malicious emails. Option B is wrong because Microsoft Purview focuses on compliance, not security. Option C is wrong because Microsoft Intune manages devices.

Option D is wrong because Microsoft Sentinel is a SIEM, not an email security solution.

186
MCQmedium

A compliance officer needs to create a policy that automatically detects and blocks the sharing of credit card numbers in emails and Teams messages. Which Microsoft Purview solution should be used?

A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Communication Compliance
C.Microsoft Purview Audit
D.Microsoft Purview Information Protection
AnswerA

DLP can detect and block sensitive content in communications.

Why this answer

Data Loss Prevention (DLP) policies in Microsoft Purview can be applied to emails and Teams messages to detect sensitive information like credit card numbers and block sharing. Communication Compliance monitors for policy violations but does not enforce blocking. Information Protection labels content.

Audit logs activities.

187
Multi-Selecthard

Which TWO Microsoft Purview features allow you to monitor and manage data across hybrid environments (on-premises and cloud)?

Select 2 answers
A.eDiscovery
B.Information Protection
C.Communication Compliance
D.Microsoft Purview Data Map
E.Microsoft Purview Data Estate Insights
AnswersD, E

Scans both on-prem and cloud data sources.

Why this answer

Options B and D are correct. Microsoft Purview Data Map provides a unified map of data assets across on-prem and cloud. Microsoft Purview Data Estate Insights gives visibility into data estate health and governance.

Option A is wrong because Information Protection is primarily cloud-focused. Option C is wrong because eDiscovery is for search. Option E is wrong because Communication Compliance monitors communications.

188
MCQhard

A multinational corporation needs to enforce data residency requirements by storing data in specific geographic locations. They are using Microsoft Purview for data governance. Which capability should they leverage to meet this requirement?

A.Data loss prevention policies
B.Sensitivity labels with encryption
C.Azure Information Protection unified labeling
D.Microsoft Purview Multi-Geo
AnswerD

Multi-Geo provides data residency at the tenant level for core Microsoft 365 services.

Why this answer

Option D is correct because Microsoft Purview Multi-Geo enables data residency at the tenant level for Exchange Online, SharePoint, and OneDrive. Option A is wrong because sensitivity labels classify data but do not enforce storage location. Option B is wrong because DLP policies control data movement, not storage.

Option C is wrong because Azure Information Protection is for classification and protection, not data residency.

189
MCQhard

A company deploys a sensitivity label as shown in the exhibit. The custom sensitive information type 'Custom_PII_Type' is configured to detect employee IDs. What happens when a user creates a new document in SharePoint Online that contains an employee ID?

A.The user is prompted to manually apply the label.
B.The document is blocked from being shared externally.
C.The document is automatically labeled 'Highly Confidential' and encrypted.
D.The document is deleted automatically.
AnswerC

Auto-labeling applies the label and encryption automatically.

Why this answer

The label has auto-labeling enabled, so it will automatically apply the label and encryption to the document when the condition is met. The user does not need to manually apply the label, and the document is not blocked or deleted.

190
MCQmedium

A financial institution uses Microsoft 365 and needs to prevent employees from accidentally sharing sensitive financial data (e.g., account numbers) via email. They also need to inform the sender with a policy tip if they attempt to send such data and block the email if it's shared externally. Which Microsoft Purview solution should they use?

A.Data Loss Prevention (DLP)
B.Information Protection (Sensitivity labels)
C.Communication Compliance
D.Records Management
AnswerA

DLP policies can automatically identify, monitor, and protect sensitive information, including providing user notifications (policy tips) and blocking actions when sensitive data is shared in violation of policy.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect, warn, and block the accidental sharing of sensitive data—such as financial account numbers—via email. DLP policies can be configured with conditions that trigger a policy tip to inform the sender and automatically block the email if it is sent externally, meeting both requirements.

Exam trap

The trap here is that candidates often confuse Information Protection (sensitivity labels) with DLP, not realizing that sensitivity labels handle classification and encryption of data at rest, while DLP is the solution for monitoring and controlling data in motion (e.g., email) with real-time user notifications and blocking.

How to eliminate wrong answers

Option B (Information Protection / Sensitivity labels) is wrong because sensitivity labels are used to classify and protect data at rest (e.g., applying encryption or visual markings), but they do not natively inspect email content in transit or provide real-time policy tips and blocking actions for outgoing messages. Option C (Communication Compliance) is wrong because its primary purpose is to monitor and detect policy violations (e.g., insider trading, harassment) for review, not to proactively block emails or show policy tips to senders. Option D (Records Management) is wrong because it focuses on managing the lifecycle and retention of records for legal or regulatory compliance, not on preventing accidental data leakage via email.

191
MCQmedium

A company has a policy that prohibits employees from sharing confidential customer data with unauthorized parties. The compliance team needs to detect patterns of unusual user activity that may indicate insider data theft, such as downloading large volumes of data to a personal device or emailing sensitive files to external recipients. They also want to investigate the activity and take remediation actions like generating a case for litigation or notifying the user's manager. Which Microsoft Purview solution should they use?

A.Microsoft Purview Insider Risk Management
B.Microsoft Purview Data Loss Prevention
C.Microsoft Purview Audit
D.Microsoft Purview eDiscovery
AnswerA

Insider Risk Management detects risky user patterns and provides investigation and remediation workflows.

Why this answer

Microsoft Purview Insider Risk Management is designed specifically to detect, investigate, and remediate insider data theft scenarios. It uses predefined and customizable policies to identify patterns like large-volume downloads to personal devices or emailing sensitive files externally, and provides built-in remediation actions such as generating a case for litigation or notifying a user's manager.

Exam trap

The trap here is that candidates confuse Data Loss Prevention (DLP) with Insider Risk Management because both deal with data protection, but DLP is a preventive control for policy enforcement, whereas Insider Risk Management is a detective and investigative solution with remediation workflows.

How to eliminate wrong answers

Option B (Microsoft Purview Data Loss Prevention) is wrong because DLP focuses on preventing data exfiltration in real-time by blocking or alerting on policy violations, but it does not provide the investigative workflow, case management, or remediation actions like notifying a manager or generating a litigation case. Option C (Microsoft Purview Audit) is wrong because Audit only logs user and admin activities for forensic review; it does not proactively detect patterns of unusual activity or offer remediation actions. Option D (Microsoft Purview eDiscovery) is wrong because eDiscovery is used for legal hold, search, and export of content for litigation or investigation, not for detecting insider risk patterns or initiating remediation workflows.

192
MCQmedium

A healthcare organization uses Microsoft 365 and wants to prevent users from sending emails that contain patient health information (PHI) to external recipients. Which Microsoft Purview solution should they implement?

A.Data Lifecycle Management
B.Data Loss Prevention (DLP)
C.Insider Risk Management
D.eDiscovery
AnswerB

DLP policies can inspect content in emails and files for sensitive data, and then block or warn users according to the configured rules.

Why this answer

Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect and prevent the unauthorized sharing of sensitive data, such as patient health information (PHI), via email and other channels. DLP policies can be configured with sensitive information types (e.g., HIPAA-defined PHI patterns) to automatically block or warn users when they attempt to send such data to external recipients.

Exam trap

The trap here is that candidates may confuse Insider Risk Management (which investigates suspicious behavior) with DLP (which proactively prevents data loss), leading them to choose Option C because they think 'insider' implies an employee sending PHI externally.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management focuses on retaining, deleting, and archiving data based on compliance or business requirements, not on preventing the transmission of sensitive data. Option C is wrong because Insider Risk Management is designed to identify, triage, and investigate risky user activities (e.g., data theft or policy violations) after the fact, not to proactively block outbound emails containing PHI. Option D is wrong because eDiscovery is used for searching, preserving, and exporting content for legal or investigative purposes, not for real-time prevention of data leakage.

193
MCQeasy

A company wants to prevent employees from accidentally sharing a document containing personally identifiable information (PII) with external users. The document is stored in OneDrive for Business. Which Microsoft Purview solution should they use?

A.Microsoft Purview Communication Compliance
B.Microsoft Purview Information Protection
C.Microsoft Purview Audit
D.Microsoft Purview Data Loss Prevention (DLP)
AnswerD

DLP policies can detect PII and block external sharing.

Why this answer

Data Loss Prevention (DLP) policies in Microsoft Purview can detect sensitive content and block sharing with external users. Information Protection labels can classify but rely on DLP to enforce restrictions. Communication Compliance monitors communications.

Audit logs record sharing events but do not prevent them.

194
MCQeasy

A company wants to automatically detect and remediate inappropriate messages in Microsoft Teams. Which Microsoft Purview solution should be configured?

A.Microsoft Purview eDiscovery
B.Microsoft Purview Insider Risk Management
C.Microsoft Purview Data Loss Prevention
D.Microsoft Purview Communication Compliance
AnswerD

Communication Compliance detects and remediates inappropriate messages.

Why this answer

Microsoft Purview Communication Compliance helps detect offensive language, harassment, and policy violations in Teams, Exchange, etc. Option A is wrong because eDiscovery is for searching content. Option B is wrong because DLP is for sensitive data, not inappropriate language.

Option D is wrong because Insider Risk Management focuses on data theft and leaks.

195
MCQmedium

Your organization uses Microsoft Purview to manage records. For legal reasons, you need to preserve all documents related to a specific litigation case and prevent any modification or deletion. Which feature should you use?

A.Retention labels
B.eDiscovery (Premium) legal hold
C.Data Loss Prevention
D.Audit logs
AnswerB

Legal hold preserves content and prevents modification or deletion.

Why this answer

Option D is correct because eDiscovery (Premium) allows you to place a legal hold on content. Option A is wrong because DLP is for data loss prevention. Option B is wrong because retention labels retain but do not prevent modification.

Option C is wrong because audit logs track activity but do not prevent changes.

196
MCQhard

A company wants to monitor employee communications in Microsoft Teams and Exchange Online for potential policy violations such as harassment or inappropriate sharing of confidential information. They need a solution that allows them to define policies, review flagged messages, and manage investigations. Which Microsoft Purview solution should they use?

A.Communication Compliance
B.Insider Risk Management
C.Information Barriers
D.Audit (Standard or Premium)
AnswerA

Correct. Communication Compliance is purpose-built for detecting and reviewing policy violations in communications (e.g., harassment), with policy creation and investigation capabilities.

Why this answer

Communication Compliance is the correct Microsoft Purview solution because it is specifically designed to monitor communications (e.g., emails in Exchange Online and messages in Microsoft Teams) for policy violations such as harassment or inappropriate sharing of confidential information. It allows administrators to define customizable policies, automatically flag messages that match sensitive information types or offensive language, and manage investigations through a built-in review workflow.

Exam trap

The trap here is confusing Communication Compliance with Insider Risk Management, as both deal with compliance and risk, but Insider Risk Management is focused on user behavior and data theft, not on monitoring communication content for policy violations like harassment or inappropriate sharing.

How to eliminate wrong answers

Option B (Insider Risk Management) is wrong because it focuses on detecting, investigating, and acting on risky user activities (e.g., data exfiltration, malicious insiders) rather than monitoring communications for policy violations like harassment. Option C (Information Barriers) is wrong because it is used to restrict communication and collaboration between specific groups or users to prevent conflicts of interest, not to monitor or review flagged messages for compliance. Option D (Audit (Standard or Premium)) is wrong because it provides logging and forensic investigation of user and admin activities across Microsoft 365, but it does not include policy-based detection, flagging, or review of communication content for harassment or confidential information sharing.

197
MCQeasy

Your organization is implementing Microsoft Purview to manage data governance. You need to classify sensitive data such as social security numbers automatically. What should you create?

A.Data loss prevention policy
B.Retention label
C.Sensitive information type
D.Trainable classifier
AnswerC

Sensitive information types are patterns that automatically detect sensitive data like SSNs.

Why this answer

Option A is correct because sensitive information types (SITs) detect patterns like SSNs. Option B is wrong because retention labels manage retention. Option C is wrong because DLP policies use SITs but are not the classification mechanism.

Option D is wrong because trainable classifiers require training data.

198
MCQhard

A compliance officer needs to evaluate their organization's security and compliance posture against multiple regulatory frameworks such as HIPAA, GDPR, and ISO 27001. The solution must provide a continuous assessment score, actionable improvement actions, and the ability to track implementation progress. Which Microsoft Purview solution should they use?

A.Microsoft Purview Information Protection
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Compliance Manager
D.Microsoft Purview eDiscovery
AnswerC

Compliance Manager offers a compliance score, pre-built assessments for standards like GDPR and HIPAA, and tracks improvement actions to remediate gaps.

Why this answer

Microsoft Purview Compliance Manager is the correct solution because it provides a continuous compliance assessment score against multiple regulatory frameworks (including HIPAA, GDPR, and ISO 27001), offers actionable improvement actions, and enables tracking of implementation progress through a centralized dashboard. It maps controls to specific regulations and generates a compliance score based on implemented controls, making it the only option that meets all stated requirements.

Exam trap

The trap here is that candidates often confuse Compliance Manager with Information Protection or DLP because all three are Purview solutions, but only Compliance Manager provides multi-framework compliance scoring and improvement tracking, while the others focus on data classification or leakage prevention.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Information Protection focuses on classifying, labeling, and protecting sensitive data (e.g., via sensitivity labels and encryption), not on evaluating compliance posture against regulatory frameworks or providing a continuous assessment score. Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to detect and prevent unauthorized sharing of sensitive data through policies and rules, not to assess compliance against multiple frameworks or track improvement actions. Option D is wrong because Microsoft Purview eDiscovery is used for identifying, preserving, and exporting electronic content for legal or investigative purposes, not for continuous compliance scoring or regulatory framework mapping.

199
MCQmedium

A multinational company deploys Microsoft Purview Data Loss Prevention (DLP) to protect credit card numbers. The compliance team reports that a DLP policy blocks a legitimate payment processing workflow. What should the compliance administrator do to allow the workflow while maintaining protection?

A.Add the payment processing server to the DLP policy’s allow list.
B.Configure a DLP policy tip that allows users to override the block with a business justification.
C.Reduce the minimum confidence level in the DLP policy.
D.Disable the DLP policy for the payment processing department.
AnswerB

Policy tips with override enable legitimate workflows while maintaining oversight.

Why this answer

Option D is correct because DLP policy tips allow users to override a block and provide a business justification, which can then be reviewed. Option A is wrong because disabling the policy leaves the data unprotected. Option B is wrong because adding the payment server to an allow list would bypass DLP entirely for that server.

Option C is wrong because lowering the confidence level would reduce detection accuracy, potentially allowing real violations.

200
MCQhard

Fabrikam Inc., a global financial services company, uses Microsoft Purview to manage compliance. They have the following requirements: (1) Prevent users from sending emails containing credit card numbers (CCN) to external recipients; (2) automatically encrypt emails containing CCN; (3) notify users when an email is blocked; (4) allow users to override the block for business justifications; (5) generate incident reports for compliance teams. The company uses Microsoft 365 E5 licenses and has Exchange Online configured. The compliance team wants to implement a solution with minimal administrative overhead. What should the administrator configure?

A.Configure information barriers between the finance department and external recipients.
B.Create a Data Loss Prevention (DLP) policy in the Microsoft Purview compliance portal with conditions for CCN, and configure actions to block, encrypt, notify, and allow override.
C.Create a sensitivity label that automatically classifies emails with CCN and configure a label policy to encrypt them.
D.Enable Microsoft Purview Message Encryption and create a mail flow rule in Exchange to encrypt emails with CCN.
AnswerB

DLP policy meets all requirements with minimal overhead.

Why this answer

Option B is correct because a DLP policy can block, encrypt, notify, and allow override, with incident reports. Option A is wrong because sensitivity labels with auto-labeling classify but do not prevent sending. Option C is wrong because information barriers prevent communication between groups, not data exfiltration.

Option D is wrong because message encryption without DLP does not block or provide override.

201
Matchingmedium

Match each security control type to its example.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Warning signs or security policies

Firewall rules blocking unauthorized access

Intrusion detection system alerts

Patching a vulnerability after discovery

Requiring strong passwords via policy

Why these pairings

These are common categories of security controls.

202
Multi-Selectmedium

A law firm uses Microsoft 365 and has two legal teams working on opposing sides of the same lawsuit. The compliance officer needs to prevent any communication (email, Teams chat, file sharing) between the two teams. Additionally, the firm must block emails containing the case name from being sent outside the organization. Which two Microsoft Purview solutions should be configured to meet these requirements? (Choose two.)

Select 2 answers
A.Microsoft Purview Information Barriers
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Communication Compliance
D.Microsoft Purview Audit (Standard)
AnswersA, B

Information Barriers can prevent communication between defined user groups, which is exactly needed to separate the two legal teams.

Why this answer

Microsoft Purview Information Barriers (A) is correct because it is specifically designed to prevent communication and collaboration between two groups within an organization, such as legal teams on opposing sides of a lawsuit. It enforces policies that block email, Teams chat, and file sharing between the defined segments, directly meeting the first requirement.

Exam trap

The trap here is that candidates often confuse Communication Compliance (which reviews communications) with Information Barriers (which blocks communications), or they overlook that DLP is required for the outbound email blocking requirement while Information Barriers handles the internal team separation.

203
Multi-Selectmedium

Which TWO of the following are examples of sensitive information types in Microsoft Purview? (Select TWO.)

Select 2 answers
A.Passport number
B.Public holiday list
C.Employee name
D.Internal project code name
E.Credit card number
AnswersA, E

Passport number is a predefined sensitive info type.

Why this answer

Options A and E are correct because credit card numbers and passport numbers are predefined sensitive info types. Option B is wrong because employee names are not a sensitive info type by default. Option C is wrong because public holidays are not sensitive.

Option D is wrong because project names are not sensitive info types.

204
MCQhard

Your organization uses Microsoft Purview eDiscovery to manage legal holds. You need to place a hold on mailboxes and OneDrive accounts for a specific user who is involved in a litigation. Which eDiscovery solution should you use?

A.Audit
B.Communication Compliance
C.Content search
D.eDiscovery (Standard)
AnswerD

eDiscovery (Standard) can place holds on Exchange mailboxes and OneDrive accounts.

Why this answer

Option C is correct because eDiscovery (Standard) supports core hold functionality. Option A is wrong because Content search is for search only, not hold. Option B is wrong because Audit is for logging.

Option D is wrong because Communication Compliance is for monitoring communications.

205
MCQmedium

A company uses Microsoft 365 and needs to comply with a regulatory requirement to retain all customer contracts for 5 years after the contract's end date, after which they must be automatically deleted. Additionally, the legal department needs the ability to preserve all documents related to an ongoing lawsuit, overriding any deletion timelines. Which Microsoft Purview solution should the company use?

A.Information Barriers
B.Data Lifecycle Management with retention labels and eDiscovery holds
C.Communication Compliance
D.Audit (Premium)
AnswerB

Data Lifecycle Management provides retention labels to retain and then delete content, while eDiscovery holds preserve content during litigation, overriding any deletion policies. Together they meet both requirements.

Why this answer

Data Lifecycle Management (DLM) with retention labels allows the company to apply a retention label to customer contracts that retains them for 5 years after the contract end date and then automatically deletes them. eDiscovery holds can be placed on all documents related to an ongoing lawsuit, which overrides any deletion timelines, ensuring that content is preserved until the hold is released. This combination directly meets both the regulatory retention and legal preservation requirements.

Exam trap

The trap here is that candidates may confuse eDiscovery holds with retention labels, thinking that retention labels alone can handle legal preservation, but they fail to recognize that eDiscovery holds are required to override deletion timelines for litigation purposes.

How to eliminate wrong answers

Option A is wrong because Information Barriers are used to prevent communication and collaboration between specific groups or users to avoid conflicts of interest, not to manage retention or legal holds. Option C is wrong because Communication Compliance is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) by analyzing messages, not to enforce retention schedules or preserve documents for litigation. Option D is wrong because Audit (Premium) provides detailed logging and investigation of user and admin activities, but it does not offer retention policies or the ability to override deletion with legal holds.

206
MCQhard

A financial services organization needs to automatically classify and protect sensitive documents containing credit card information in SharePoint Online and OneDrive for Business. They want a purple-colored label to be applied automatically when the document is saved, and the document should be encrypted with a predefined template that restricts editing to internal users only. Which Microsoft Purview solution should they configure?

A.Sensitivity labels with auto-labeling
B.Data Loss Prevention (DLP) policies
C.Data Lifecycle Management (retention labels)
D.Audit (Unified Auditing)
AnswerA

Sensitivity labels can automatically classify and encrypt documents based on sensitive data patterns, applying a label and encryption exactly as described.

Why this answer

Sensitivity labels with auto-labeling in Microsoft Purview can automatically apply a purple-colored label to documents containing credit card information when saved in SharePoint Online or OneDrive for Business. This label can be configured with encryption using a predefined template that restricts editing to internal users only, meeting the organization's classification and protection requirements.

Exam trap

The trap here is that candidates confuse DLP policies with sensitivity labels, but DLP policies only block or warn on sharing actions and do not apply persistent encryption or visual markings like labels.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies detect and prevent accidental sharing of sensitive data but do not apply persistent labels or encryption to documents; they enforce rules at the point of sharing or use. Option C is wrong because Data Lifecycle Management (retention labels) manage retention and deletion of content, not classification or encryption based on sensitive data patterns. Option D is wrong because Audit (Unified Auditing) logs user and admin activities for compliance and investigation but does not classify, label, or encrypt documents automatically.

207
MCQmedium

Refer to the exhibit. A Microsoft Purview DLP policy is configured as shown. What will happen when a user tries to email an external recipient a document containing a credit card number?

A.The email will be sent but the attachment will be removed
B.The email will be blocked and the user will receive a notification
C.The email will be delivered and the admin will be alerted
D.The email will be sent and the event will be logged for audit
AnswerB

The policy includes BlockAccess and NotifyUser actions.

Why this answer

Option A is correct because the policy has actions to block access and notify the user. Option B is wrong because the email is blocked, not quarantined. Option C is wrong because the email is blocked, not sent.

Option D is wrong because there is no mention of logging; the policy blocks access.

208
MCQmedium

A company wants to automatically detect emails in Exchange Online that contain credit card numbers and apply encryption to those emails before they are sent. Which Microsoft Purview solution should the administrator configure?

A.Information Protection (sensitivity labels)
B.Data Loss Prevention (DLP)
C.Data Lifecycle Management
D.eDiscovery
AnswerB

DLP policies can inspect emails for sensitive data patterns (e.g., credit card numbers) and automatically apply encryption as a protective action.

Why this answer

Data Loss Prevention (DLP) in Microsoft Purview is specifically designed to detect sensitive information such as credit card numbers in emails and automatically apply protective actions like encryption. DLP policies can scan Exchange Online messages in transit and enforce rules to encrypt the email before it is sent, which directly meets the requirement.

Exam trap

The trap here is that candidates often confuse sensitivity labels (which can also apply encryption) with DLP, but sensitivity labels require manual or automatic classification based on label policies, not real-time content scanning of specific sensitive data patterns like credit card numbers in transit.

How to eliminate wrong answers

Option A is wrong because Information Protection (sensitivity labels) is used to classify and protect documents and emails based on manual or automatic labeling, but it does not natively scan for specific sensitive data patterns like credit card numbers and automatically trigger encryption on outbound emails. Option C is wrong because Data Lifecycle Management focuses on retaining, deleting, or archiving data based on age or policy, not on detecting sensitive content in transit and applying encryption. Option D is wrong because eDiscovery is used for searching and exporting content for legal or investigative purposes, not for real-time detection and protection of sensitive data in email flow.

209
MCQeasy

A compliance officer wants to automatically classify emails containing credit card numbers as 'Highly Confidential' and apply encryption. Which Microsoft Purview feature should be used?

A.Microsoft Purview Sensitivity Labels
B.Microsoft Purview Retention Labels
C.Microsoft Purview eDiscovery
D.Microsoft Purview Data Loss Prevention (DLP)
AnswerD

DLP policies can detect credit card numbers and automatically apply encryption and other actions.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies can detect sensitive information like credit card numbers and automatically apply actions such as encryption. Option A is wrong because Sensitivity labels are manually applied or auto-classified via DLP, but DLP itself triggers the action. Option B is wrong because retention labels are for retention, not encryption.

Option D is wrong because eDiscovery is for search and export.

210
MCQeasy

A company uses Microsoft 365 and wants to automatically classify documents based on sensitive information types like Social Security numbers. Which Microsoft Purview feature should be used?

A.Microsoft Purview Communication Compliance
B.Microsoft Purview Data Classification
C.Microsoft Purview Data Loss Prevention
D.Microsoft Purview Sensitivity Labels
AnswerB

Data Classification uses built-in sensitive info types and trainable classifiers to identify content.

Why this answer

Option C is correct because Microsoft Purview Data Classification uses trainable classifiers and sensitive info types to auto-classify content. Option A is wrong because Sensitivity labels are for manual or automatic labeling, but classification is the broader term. Option B is wrong because DLP policies prevent data loss but don't classify by default.

Option D is wrong because Communication Compliance monitors communications, not classification.

211
MCQmedium

Your organization uses Microsoft Purview to manage data classification. You need to ensure that sensitive data containing social security numbers is automatically labeled when stored in SharePoint Online. What should you configure?

A.Use the data classification dashboard in Microsoft Purview
B.Create a retention label policy
C.Configure a data loss prevention (DLP) policy
D.Create an auto-labeling policy for sensitivity labels
AnswerD

Auto-labeling policies automatically apply sensitivity labels based on sensitive info types.

Why this answer

Option A is correct because auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels to documents containing sensitive information types such as social security numbers. Option B is wrong because retention labels are for retention, not classification. Option C is wrong because DLP policies detect and prevent sharing but do not apply labels automatically.

Option D is wrong because data classification dashboards provide visibility but do not apply labels.

212
MCQmedium

A financial services company uses Microsoft 365 and must prevent employees from emailing credit card numbers in plain text. The compliance team wants to automatically detect credit card numbers in outgoing emails and block them before delivery. They also want to allow users to override the block with a business justification. Which Microsoft Purview solution should they configure?

A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Information Protection
C.Microsoft Purview Records Management
D.Microsoft Purview Insider Risk Management
AnswerA

DLP policies can detect sensitive data (like credit card numbers) in emails and block them before delivery, with the option for users to override the block with a business justification.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect sensitive data, such as credit card numbers, in transit (e.g., email) and enforce actions like blocking the message. DLP policies can be configured with user override options that require a business justification, meeting the compliance team's requirement for automatic detection and conditional blocking.

Exam trap

The trap here is that candidates often confuse Information Protection (labeling) with DLP (enforcement), thinking that applying a sensitivity label automatically blocks emails, but DLP is required for the blocking and override functionality described in the scenario.

How to eliminate wrong answers

Option B (Microsoft Purview Information Protection) is wrong because it focuses on classifying and labeling sensitive data (e.g., applying sensitivity labels) but does not automatically block emails based on content detection; it requires DLP to enforce actions. Option C (Microsoft Purview Records Management) is wrong because it manages retention and disposition of records, not real-time detection or blocking of sensitive data in email traffic. Option D (Microsoft Purview Insider Risk Management) is wrong because it analyzes user behavior and activities to identify potential insider threats, not to scan and block specific data patterns in outgoing emails.

213
Multi-Selectmedium

A company uses Microsoft Purview to manage data compliance. They need to meet regulatory requirements that mandate retention of financial records for 7 years and deletion of personal data after 3 years. Which THREE capabilities should they configure?

Select 3 answers
A.Microsoft Purview Information Protection
B.Microsoft Purview Records Management
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Communication Compliance
E.Microsoft Purview eDiscovery
AnswersA, B, C

Correct: Can apply sensitivity labels that enforce retention and deletion.

Why this answer

Microsoft Purview Data Lifecycle Management includes retention labels and policies to keep data for required periods and deletion policies to remove data after specified time. Microsoft Purview Records Management enables marking records as regulatory records to prevent deletion during retention. Microsoft Purview Information Protection can apply sensitivity labels that trigger retention, but the primary tools for retention and deletion are Data Lifecycle Management and Records Management. eDiscovery is for search and export, not lifecycle management.

Communication Compliance is for monitoring communications, not retention.

214
Multi-Selecthard

Which THREE of the following are features of Microsoft Purview Compliance Manager? (Select THREE.)

Select 3 answers
A.Record declaration and disposition reviews
B.Compliance score and templates for custom assessments
C.Pre-built assessments for common regulations like GDPR
D.Trainable classifiers to identify sensitive content
E.Microsoft-managed improvement actions for regulations
AnswersB, C, E

Compliance Manager provides templates and compliance scores.

Why this answer

Options A, B, and E are correct because Compliance Manager includes actions, assessments, and templates. Option C is wrong because trainable classifiers are for auto-labeling. Option D is wrong because records management is a separate feature.

215
MCQhard

A financial services firm has a strict compliance requirement to prevent insider trading. The firm must ensure that employees in the Investment Banking division cannot communicate or share documents via Microsoft Teams and SharePoint Online with employees in the Equity Research division. The solution must automatically block all communication and collaboration between the two groups, and any attempts to share must be denied. Which Microsoft Purview solution should they implement?

A.Information Barriers
B.Communication Compliance
C.Insider Risk Management
D.Sensitivity Labels
AnswerA

Information Barriers allow administrators to define policies that block communication and collaboration between defined user segments, ensuring compliance with ethical walls and insider trading regulations.

Why this answer

Information Barriers (A) is the correct solution because it is specifically designed to prevent communication and collaboration between defined user groups within Microsoft Teams, SharePoint Online, and other Microsoft 365 services. It enforces policies that automatically block unauthorized communications and document sharing, which directly meets the firm's compliance requirement to segregate Investment Banking and Equity Research divisions to prevent insider trading.

Exam trap

The trap here is that candidates often confuse Information Barriers with Communication Compliance, mistakenly thinking that monitoring and reviewing communications (Option B) can prevent insider trading, but only Information Barriers provide the proactive, automatic blocking required by the scenario.

How to eliminate wrong answers

Option B (Communication Compliance) is wrong because it is designed to monitor and review communications for policy violations (e.g., inappropriate language or regulatory breaches) after they occur, not to proactively block all communication and sharing between groups. Option C (Insider Risk Management) is wrong because it focuses on detecting, investigating, and acting on risky user activities (e.g., data exfiltration or policy violations) based on analytics and alerts, not on enforcing static, automatic blocks between entire divisions. Option D (Sensitivity Labels) is wrong because they are used to classify and protect data through encryption and visual markings, but they do not inherently block communication or collaboration between specific user groups; they require additional policies (like conditional access) to enforce restrictions.

216
MCQhard

An organization uses Microsoft Purview Compliance Manager. They need to track their progress against a specific regulatory standard and assign improvement actions to different teams. Which component should they use?

A.Compliance Manager assessments
B.eDiscovery
C.Data Loss Prevention
D.Audit logs
AnswerA

Assessments in Compliance Manager allow tracking against standards and assigning improvement actions.

Why this answer

Option B is correct because Compliance Manager provides assessments and improvement actions for regulatory standards. Option A is wrong because DLP is for data loss prevention. Option C is wrong because eDiscovery is for search.

Option D is wrong because Audit is for logging.

217
MCQmedium

Refer to the exhibit. An administrator created a retention label with the settings shown. What is the behavior of this label when applied to content?

A.It retains content for 5 years and then applies a disposition review.
B.It marks content as a regulatory record and prevents deletion.
C.It retains content for 7 years and then automatically deletes it.
D.It retains content indefinitely with no deletion.
AnswerC

2555 days = 7 years, and delete after retention is true.

Why this answer

Option C is correct because the retention duration is 2555 days (7 years) and deletion is enabled after retention. Option A is wrong because it does not specify deletion after 5 years. Option B is wrong because record type is standard, not regulatory.

Option D is wrong because the label is not locked.

218
MCQeasy

Your organization uses Microsoft 365 and wants to classify and protect documents based on their content, such as credit card numbers. Which Microsoft Purview feature automatically classifies content based on sensitive information types?

A.Data Loss Prevention policy
B.Auto-labeling with sensitivity labels
C.Unified labeling client
D.eDiscovery
AnswerB

Auto-labeling can apply labels automatically based on conditions like sensitive info types.

Why this answer

Auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels based on sensitive information types like credit card numbers. Option A is correct. Unified labeling is the client, not automatic.

DLP blocks sharing. eDiscovery searches.

219
MCQmedium

A company must retain all customer service emails in Exchange Online for 7 years for regulatory purposes. After 7 years, the emails must be automatically deleted. Additionally, employees must not be able to permanently delete these emails before the retention period ends. Which Microsoft Purview solution should they configure?

A.Data Lifecycle Management (retention policies and labels)
B.Communication Compliance
C.eDiscovery (Premium)
D.Data Loss Prevention (DLP)
AnswerA

Retention policies and labels can enforce retention for 7 years and automatic deletion, and protect against premature deletion by users.

Why this answer

Data Lifecycle Management (DLM) via retention policies and labels in Microsoft Purview is the correct solution because it allows you to define a retention period of 7 years for Exchange Online emails and then automatically delete them. Additionally, DLM retention policies prevent users from permanently deleting emails before the retention period ends by locking the items in a 'preservation hold' state, ensuring regulatory compliance.

Exam trap

The trap here is that candidates confuse retention policies (which enforce deletion after a period) with eDiscovery holds (which preserve content indefinitely for legal cases), leading them to select eDiscovery (Premium) instead of Data Lifecycle Management.

How to eliminate wrong answers

Option B is wrong because Communication Compliance is designed to detect and remediate inappropriate or policy-violating communications (e.g., harassment, insider trading), not to enforce retention or deletion schedules. Option C is wrong because eDiscovery (Premium) is used for legal discovery and holds content for litigation, not for automated lifecycle management or deletion after a fixed period. Option D is wrong because Data Loss Prevention (DLP) prevents unauthorized sharing of sensitive data (e.g., credit card numbers) but does not manage retention periods or enforce deletion.

220
MCQhard

A multinational organization must comply with GDPR and local data residency requirements. The compliance team needs to ensure that personal data is not stored in regions outside the permitted locations. Which Microsoft Purview capability should they use to discover and map personal data across the organization's data estate?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview Compliance Manager
C.Microsoft Purview Data Map
D.Microsoft Purview Audit
AnswerC

Data Map discovers and maps data across the organization, identifying personal data locations.

Why this answer

Microsoft Purview Data Map provides automated data discovery and classification across on-premises, multi-cloud, and SaaS data sources, enabling organizations to understand where personal data resides. Data Lifecycle Management handles retention, not discovery. Audit logs record activities but do not map data.

Compliance Manager is for managing compliance assessments.

221
MCQhard

Your organization has a Microsoft Purview retention policy that retains SharePoint documents for 5 years. After 5 years, you want an administrator to review and approve deletion. Which configuration is required?

A.Configure a disposition review at the end of the retention period
B.Apply a retention label and enable disposition review
C.Use eDiscovery (Premium) to export and then delete
D.Set the retention policy to delete automatically after 5 years
AnswerA

Disposition review allows an administrator to review and approve deletion.

Why this answer

Option D is correct because disposition review allows manual review before permanent deletion. Option A is wrong because automatic deletion would delete without review. Option B is wrong because retention labels can be part of a disposition workflow but disposition review is the specific feature.

Option C is wrong because eDiscovery does not manage disposition.

222
MCQeasy

An organization wants to allow users to classify documents as 'Public', 'Internal', 'Confidential', or 'Highly Confidential' with different levels of protection. Which Microsoft Purview solution should they use?

A.Sensitivity labels
B.Data Loss Prevention (DLP)
C.Communication compliance
D.Retention policies
AnswerA

Users can apply different labels with varying protection.

Why this answer

Sensitivity labels allow users to manually classify documents with different levels of protection (e.g., encryption, markings). Retention policies manage retention, not classification. DLP prevents data loss.

Communication compliance monitors communications.

223
MCQhard

A company uses Microsoft Purview Data Loss Prevention (DLP) to protect sensitive data. They want to receive alerts when a user attempts to share a file containing personally identifiable information (PII) via email. Which DLP rule component is used to define the notification action?

A.Actions
B.Conditions
C.Location
D.Exceptions
AnswerA

Actions define what happens when a match occurs, such as sending alerts.

Why this answer

Option D is correct because DLP rules include actions like sending notifications to users or admins. Option A is wrong because conditions define what triggers the rule. Option B is wrong because exceptions override conditions.

Option C is wrong because the location specifies where the rule applies.

224
MCQmedium

A company is involved in litigation and needs to preserve all Exchange Online mailboxes and SharePoint sites related to the case. The legal team also requires the ability to search, review, and export relevant content. Which Microsoft Purview solution should they use?

A.Microsoft Purview eDiscovery (Premium)
B.Microsoft Purview Communication Compliance
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Audit (Premium)
AnswerA

eDiscovery (Premium) provides end-to-end workflow for legal holds, search, review, and export of content across Microsoft 365 services.

Why this answer

Microsoft Purview eDiscovery (Premium) is the correct solution because it provides end-to-end workflow for preserving, searching, reviewing, and exporting content from Exchange Online mailboxes and SharePoint sites. It supports legal hold placement on custodians and data sources, advanced search with keyword and proximity queries, review sets with analytics, and export in a format suitable for litigation. This directly matches the requirement to preserve all relevant mailboxes and sites while enabling the legal team to search, review, and export content.

Exam trap

The trap here is that candidates confuse eDiscovery (Premium) with Audit (Premium) because both involve searching, but Audit only searches activity logs, not the actual content of mailboxes and sites, and cannot place legal hold or export content.

How to eliminate wrong answers

Option B (Microsoft Purview Communication Compliance) is wrong because it is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) by analyzing messages and patterns, not for preserving and exporting content for litigation. Option C (Microsoft Purview Data Lifecycle Management) is wrong because it focuses on retention and deletion policies based on data lifecycle, not on preserving content for legal hold or providing search/review/export capabilities. Option D (Microsoft Purview Audit (Premium)) is wrong because it provides detailed audit log search and investigation of user and admin activities, but does not offer legal hold, content preservation, or export of mailbox and site content.

225
MCQmedium

A company must retain all HR documents stored in SharePoint Online for exactly 7 years. After 7 years, the documents must be automatically deleted. Additionally, employees must not be able to permanently delete these documents before the retention period ends. Which Microsoft Purview solution should they configure?

A.Data Lifecycle Management
B.Records Management
C.Data Loss Prevention
D.Audit
AnswerA

Data Lifecycle Management provides retention labels and policies that can automatically retain and then delete content after a specified period, and it prohibits users from purging the content during retention.

Why this answer

Data Lifecycle Management (DLM) in Microsoft Purview is designed to retain content for a specified period and then automatically delete it. By applying a retention policy with a 7-year retention period and a deletion action at the end, DLM ensures HR documents are kept exactly as required. Additionally, DLM prevents users from permanently deleting documents during the retention period by locking the retention settings, which overrides user delete permissions.

Exam trap

The trap here is that candidates often confuse Records Management with Data Lifecycle Management, assuming that 'records' automatically implies retention and deletion, but Records Management focuses on declaring records and managing disposition reviews, not automatic time-based deletion without user intervention.

How to eliminate wrong answers

Option B (Records Management) is wrong because Records Management is focused on declaring content as records for legal or regulatory compliance, often with immutability and disposition reviews, but it does not inherently enforce automatic deletion after a fixed period without additional configuration; it is more about managing records throughout their lifecycle with manual or review-based disposition. Option C (Data Loss Prevention) is wrong because DLP is designed to prevent sensitive information from being shared or leaked, not to manage retention or deletion schedules. Option D (Audit) is wrong because Audit provides logging and monitoring of user activities, but it does not enforce retention or deletion policies.

← PreviousPage 3 of 5 · 333 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Describe the capabilities of Microsoft compliance solutions questions.