CCNA Describe the capabilities of Microsoft compliance solutions Questions

75 of 333 questions · Page 4/5 · Describe the capabilities of Microsoft compliance solutions · Answers revealed

226
Multi-Selectmedium

Which TWO Microsoft Purview features can be used to automatically classify and protect sensitive data in documents?

Select 2 answers
A.Data loss prevention policies
B.eDiscovery (Premium)
C.Trainable classifiers
D.Retention labels
E.Sensitive information types
AnswersC, E

Trainable classifiers use machine learning to classify content based on examples.

Why this answer

Trainable classifiers (C) use machine learning to intelligently identify sensitive content based on context and patterns, enabling automatic classification. Sensitive information types (E) are predefined or custom patterns (e.g., credit card numbers, SSNs) that detect specific data types, which can then trigger protection actions like encryption or access restrictions. Both features work together to automatically classify and protect sensitive data in documents.

Exam trap

Microsoft often tests the misconception that Data loss prevention policies (A) perform automatic classification, when in fact they enforce actions based on pre-existing classifications or sensitive information types, not the classification itself.

227
MCQhard

A legal team is preparing for an internal investigation related to a potential policy violation. They need to identify all relevant documents stored in Exchange Online and SharePoint Online, but there are millions of items across the organization. The team wants to use a machine learning model that learns from a set of manually reviewed relevant and non-relevant documents to predict relevance and prioritize review. Which Microsoft Purview solution provides this capability?

A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Audit (Premium)
C.Microsoft Purview eDiscovery (Advanced)
D.Microsoft Purview Insider Risk Management
AnswerC

eDiscovery (Advanced) includes predictive coding, which uses machine learning to identify relevant documents and accelerate the review process.

Why this answer

Microsoft Purview eDiscovery (Advanced) provides predictive coding capabilities that use machine learning to analyze a seed set of manually reviewed relevant and non-relevant documents. The model learns from this training to predict the relevance of millions of items across Exchange Online and SharePoint Online, prioritizing review for internal investigations. This directly matches the need for a machine learning model to identify and prioritize relevant documents.

Exam trap

The trap here is that candidates often confuse Insider Risk Management (which also uses machine learning for risk detection) with eDiscovery's predictive coding, but Insider Risk Management targets behavioral patterns and alerts, not document relevance prediction for legal hold and review.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to detect and prevent accidental sharing of sensitive data based on predefined policies, not to predict document relevance for eDiscovery investigations. Option B is wrong because Microsoft Purview Audit (Premium) provides detailed logging and forensic analysis of user and admin activities, but it does not include machine learning models to predict relevance of documents for legal review. Option D is wrong because Microsoft Purview Insider Risk Management focuses on identifying and mitigating risky user activities (e.g., data theft, policy violations) through behavioral analytics, not on predicting document relevance for eDiscovery.

228
MCQhard

A compliance officer needs to identify and monitor potentially risky user activities, such as users copying large amounts of data to external devices or sharing sensitive files with unauthorized recipients. They want to create a policy that detects these activities and automatically escalates them for investigation. Which Microsoft Purview solution should they use?

A.Microsoft Purview Insider Risk Management
B.Microsoft Purview Audit
C.Microsoft Purview Communication Compliance
D.Microsoft Purview Compliance Manager
AnswerA

Insider Risk Management detects risky activities like data exfiltration, assigns risk scores, and can automatically generate cases for investigation.

Why this answer

Microsoft Purview Insider Risk Management is specifically designed to detect and investigate malicious or inadvertent insider risks based on activities like data exfiltration, unusual file sharing, or violations of corporate policies. It uses indicators and adaptive policies to assign risk scores and trigger alerts for review. Audit (option B) only provides logging and does not have built-in risk analysis.

Communication Compliance (option C) focuses on inappropriate communications, not data-related risks. Compliance Manager (option D) assesses compliance posture but does not detect risky user activities. Therefore, Insider Risk Management is the correct solution.

229
Multi-Selecteasy

Which TWO of the following are valid uses for Microsoft Purview eDiscovery?

Select 2 answers
A.Placing legal holds on content
B.Classifying content with sensitivity labels
C.Reviewing audit logs for user activity
D.Applying retention policies to prevent deletion
E.Searching for content across mailboxes and sites
AnswersA, E

Legal hold is a key feature of eDiscovery.

Why this answer

Option A is correct because eDiscovery can search across Exchange, SharePoint, and OneDrive. Option C is correct because eDiscovery supports legal holds. Option B is wrong because DLP is for prevention.

Option D is wrong because sensitivity labels are for classification. Option E is wrong because audit logs are for activity tracking.

230
MCQeasy

An organization wants to automatically retain all financial documents for seven years and then delete them. Which Microsoft Purview solution should be used to create the retention policy?

A.Microsoft Purview Information Protection
B.Microsoft Purview Audit
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Communication Compliance
AnswerC

Data Lifecycle Management provides retention and deletion policies.

Why this answer

Data Lifecycle Management (formerly Microsoft 365 retention policies) allows organizations to define retention and deletion rules for content. Information Protection focuses on classification and protection. Communication Compliance monitors communications.

Audit logs record activities.

231
MCQhard

A healthcare organization stores patient records in SharePoint Online. The compliance officer needs to ensure that records containing Protected Health Information (PHI) are retained for 7 years per regulatory requirements. Which Microsoft Purview solution should they implement?

A.Microsoft Purview Audit
B.Microsoft Purview eDiscovery
C.Microsoft Purview Records Management
D.Microsoft Purview Data Lifecycle Management
AnswerC

Records Management labels content as records and applies retention schedules.

Why this answer

Option D is correct because Microsoft Purview Records Management allows labeling documents as records and applying retention policies. Option A is wrong because Data Lifecycle Management manages non-record content. Option B is wrong because Audit is for logging, not retention.

Option C is wrong because eDiscovery is for search and export, not retention enforcement.

232
MCQhard

Your organization is subject to GDPR and must respond to data subject deletion requests within 30 days. You have identified all personal data in Microsoft 365. Which Microsoft Purview solution should you use to permanently delete the data?

A.Retention policies to preserve the data
B.Data Lifecycle Management (disposition review)
C.Data Loss Prevention to block the data
D.eDiscovery (Premium) to export the data
AnswerB

Disposition review allows administrators to permanently delete content after review.

Why this answer

Option C is correct because Data Lifecycle Management (disposition review) allows permanent deletion of content after review. Option A is wrong because eDiscovery can export data but not delete. Option B is wrong because DLP prevents data loss, not deletion.

Option D is wrong because retention policies keep data, not delete permanently.

233
MCQmedium

A company uses Microsoft 365 and needs to automatically detect documents in SharePoint Online that contain personally identifiable information (PII) such as social security numbers. When such documents are detected, they want to apply a sensitivity label that encrypts the document and restricts access to only the compliance team. Which Microsoft Purview solution should they use?

A.Data Lifecycle Management
B.Records Management
C.Data Loss Prevention (DLP)
D.Communication Compliance
AnswerC

Correct. DLP policies can detect sensitive information and enforce actions like applying encryption or restricting access.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it can automatically scan documents in SharePoint Online for sensitive information types (e.g., social security numbers) using built-in or custom sensitive info types. When a match is found, DLP policies can trigger an action to apply a sensitivity label that encrypts the document and restricts access, such as limiting it to the compliance team. This combines content detection with automated protection, which is exactly the scenario described.

Exam trap

The trap here is that candidates often confuse DLP with Data Lifecycle Management or Records Management, thinking those solutions handle content classification, but DLP is the only one that combines real-time content inspection with automated label application for protection.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management focuses on retaining or deleting content based on age or policy, not on detecting PII or applying sensitivity labels. Option B is wrong because Records Management is designed to mark content as records for legal or regulatory retention, not to scan for PII or enforce encryption via labels. Option D is wrong because Communication Compliance monitors internal and external communications (e.g., email, Teams) for policy violations like harassment or insider trading, not for scanning SharePoint documents for PII.

234
Multi-Selectmedium

A company wants to automatically apply a 'Confidential' sensitivity label to any document that contains a credit card number, and also encrypt the document as part of the label. Which two components must be configured to achieve this? (Choose two.)

Select 2 answers
A.A sensitivity label with encryption settings
B.A DLP policy that detects sensitive info
C.An auto-labeling policy
D.A data classification dashboard
AnswersA, C

Correct. The sensitivity label must define the protection (encryption) that will be applied to documents containing credit card numbers.

Why this answer

Option A is correct because a sensitivity label must include encryption settings to automatically encrypt documents when the label is applied. The encryption is configured within the label's protection settings, which defines how content is protected (e.g., with a predefined template or user-defined permissions). Without encryption configured in the label, the automatic application would only assign the label without encrypting the document.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling policies, thinking DLP can apply labels and encryption, but DLP only detects and acts on content (e.g., block or notify) and does not apply sensitivity labels.

235
MCQeasy

Refer to the exhibit. An administrator runs the PowerShell command shown. What is the purpose of this command?

A.Delete all files modified by a user in the last 90 days
B.Modify permissions on files uploaded by a user
C.Search audit logs for file activities performed by a specific user
D.Block a user from uploading files
AnswerC

The command specifies operations and user IDs to search.

Why this answer

The command searches the unified audit log for file-related operations by a specific user in the last 90 days. Option A is correct. It does not delete files, modify permissions, or block the user.

236
MCQhard

Refer to the exhibit. A Microsoft Purview retention policy is configured as shown. Which statement about this policy is accurate?

A.The policy will delete items after 7 years from the date they were created.
B.The policy will retain items for 7 years from the last modification date.
C.The policy will delete items 7 years after they were last modified.
D.The policy will keep items for 7 years and then delete them.
AnswerC

Correct: 'ModificationAgeInDays' with 2557 days means deletion 7 years after last modification.

Why this answer

Option D is correct because the policy uses retention type 'ModificationAgeInDays' with a duration of 2557 days (7 years), meaning items will be deleted 7 years after they were last modified. Option A is wrong because the retention action is 'Delete', not 'Keep'. Option B is wrong because the duration is in days, not years directly.

Option C is wrong because the retention type is based on modification age, not creation age.

237
MCQmedium

A company uses Microsoft 365 and wants to automatically detect when employees attempt to share credit card numbers in emails or Microsoft Teams messages. The company also wants to block the message if it contains such sensitive data, and notify the sender with a policy tip. Which Microsoft Purview solution should the administrator configure?

A.Data Lifecycle Management
B.Data Loss Prevention (DLP)
C.Information Protection (Sensitivity labels)
D.Insider Risk Management
AnswerB

DLP policies detect sensitive information (e.g., credit card numbers) and enforce actions such as blocking, encrypting, or notifying users. This matches the scenario requirements.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect, block, and notify users when sensitive data—such as credit card numbers—is shared in emails or Teams messages. DLP policies can be configured with built-in sensitive information types (e.g., credit card number) and actions like blocking the message and sending a policy tip to the sender.

Exam trap

The trap here is that candidates often confuse Information Protection (sensitivity labels) with DLP, not realizing that sensitivity labels classify and protect data at rest, while DLP actively monitors and controls data in motion (email and chat).

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management focuses on retaining, deleting, and managing data based on age or compliance requirements, not on real-time detection and blocking of sensitive data sharing. Option C is wrong because Information Protection (Sensitivity labels) is used to classify and protect data at rest (e.g., documents) with encryption or markings, but it does not natively inspect and block messages in transit in email or Teams. Option D is wrong because Insider Risk Management is designed to detect risky user activities (e.g., data theft, policy violations) based on analytics and alerts, not to automatically block messages containing sensitive data in real time.

238
Multi-Selectmedium

Which TWO Microsoft Purview solutions are primarily used for investigating and responding to compliance incidents?

Select 2 answers
A.Microsoft Purview eDiscovery
B.Microsoft Purview Audit
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Data Loss Prevention
E.Microsoft Purview Insider Risk Management
AnswersA, B

eDiscovery is used to search and export content for investigations.

Why this answer

eDiscovery is used for legal investigations, and Audit is used for investigating user activities. DLP is for prevention, not investigation. Retention is for lifecycle management.

Insider Risk Management is for detecting risky activities, but it is more proactive than investigative.

239
MCQhard

A company stores HR documents in SharePoint Online. The compliance team wants to automatically apply a sensitivity label that encrypts the document whenever it contains a passport number. They do not want users to be able to override this classification. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP) policy
B.Auto-labeling policy for sensitivity labels
C.Retention policy
D.Communication compliance policy
AnswerB

Auto-labeling policies automatically apply sensitivity labels, including encryption, based on conditions like the presence of passport numbers, and can be set to not allow override.

Why this answer

An auto-labeling policy for sensitivity labels can automatically apply a sensitivity label (e.g., 'Highly Confidential') that encrypts documents when they contain sensitive data like passport numbers. This policy can be configured to enforce mandatory labeling without allowing user override, meeting the compliance team's requirement. In contrast, a DLP policy can detect and block sharing of sensitive data but does not apply encryption labels automatically.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling, assuming DLP can also apply encryption labels, but DLP only detects and blocks actions—it does not automatically classify or encrypt content.

How to eliminate wrong answers

Option A is wrong because a Data Loss Prevention (DLP) policy is designed to detect and prevent the unauthorized sharing of sensitive information (e.g., via email or cloud apps) by blocking or alerting, but it does not automatically apply a sensitivity label that encrypts the document. Option C is wrong because a retention policy governs how long content is kept or deleted, not the classification or encryption of content based on sensitive data. Option D is wrong because a communication compliance policy monitors and analyzes communications (e.g., email, Teams) for policy violations like harassment or insider trading, not for automatic labeling or encryption of documents.

240
MCQmedium

A company uses Microsoft 365 and needs to automatically apply a retention label to documents that contain personally identifiable information (PII) in SharePoint Online. The label should retain the documents for 5 years and then delete them. Which Microsoft Purview solution should they use?

A.Microsoft Purview Information Protection
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview eDiscovery
AnswerC

Data Lifecycle Management provides retention labels that can be auto-applied based on sensitive information types and enforce retention and deletion rules.

Why this answer

Microsoft Purview Data Lifecycle Management (formerly known as Microsoft 365 Records Management) is the solution specifically designed to apply retention labels and policies that automatically retain content for a specified period and then delete it. In this scenario, the requirement to automatically apply a retention label to documents containing PII in SharePoint Online and then retain them for 5 years before deletion is a core capability of Data Lifecycle Management, which uses auto-labeling policies based on sensitive information types.

Exam trap

The trap here is that candidates often confuse the purpose of Data Lifecycle Management (retention and deletion) with Information Protection (sensitivity labels and encryption), especially since both use labels and can be auto-applied based on sensitive content.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Information Protection focuses on classifying and protecting data through sensitivity labels (e.g., encryption, marking), not on retention and deletion schedules. Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) is designed to prevent accidental sharing of sensitive data by enforcing policies (e.g., blocking or warning), not to manage retention or deletion. Option D is wrong because Microsoft Purview eDiscovery is used for searching, holding, and exporting content for legal or investigative purposes, not for applying retention labels or managing lifecycle policies.

241
Multi-Selecteasy

Your organization is implementing Microsoft Purview to govern data across Microsoft 365 and Azure. Which TWO capabilities should you use to discover and classify sensitive data?

Select 2 answers
A.Microsoft Purview Information Protection
B.Microsoft Purview Data Map
C.Microsoft Purview eDiscovery
D.Microsoft Purview Audit
E.Microsoft Purview Data Lifecycle Management
AnswersA, B

Correct: Applies sensitivity labels to classify and protect data.

Why this answer

Microsoft Purview Data Map provides automated data discovery and classification across on-premises, multi-cloud, and SaaS data. Microsoft Purview Information Protection enables classification and labeling of sensitive data. Data Lifecycle Management focuses on retention and deletion, not discovery/classification.

Audit and eDiscovery are for investigation and legal holds, not initial discovery. Insider Risk Management detects risky user activities, not data classification.

242
MCQmedium

You are a compliance administrator for a multinational corporation that uses Microsoft Purview. The company must comply with the General Data Protection Regulation (GDPR). You need to implement a solution that allows data subjects to request access to their personal data stored in Exchange Online, SharePoint Online, and OneDrive for Business. The solution must provide a centralized portal for data subjects to submit requests and for privacy officers to manage the entire process, including searching for data, reviewing results, and exporting or redacting data. You also need to ensure that requests are automatically routed to the appropriate privacy officer based on the data subject's region. Microsoft Purview has been licensed for the entire organization. What should you configure?

A.Use Microsoft Purview Information Protection to manually classify and search for personal data.
B.Configure Microsoft Purview eDiscovery (Premium) cases with workflow automation and role-based access for privacy officers.
C.Configure Microsoft Purview eDiscovery (Standard) cases to manage each request manually.
D.Create retention labels and policies to retain personal data for GDPR compliance.
AnswerB

Correct: eDiscovery (Premium) provides case management, review, export, and automation for DSRs.

Why this answer

Microsoft Purview eDiscovery (Standard) allows for content searches across Exchange, SharePoint, and OneDrive, and can be used to manage GDPR data subject requests. However, the centralized portal and automated routing are features of Microsoft Purview eDiscovery (Premium), which includes case management, review sets, and advanced workflows. Therefore, the best option is to configure eDiscovery (Premium) cases with workflow automation.

Option A is too basic. Option C is for data retention, not subject access requests. Option D is for classification, not access requests.

243
MCQhard

Refer to the exhibit. You are evaluating a Microsoft Purview retention policy. The policy is applied to Exchange Online, SharePoint Online, and OneDrive for Business. What is the behavior of this policy?

A.Items are retained indefinitely and cannot be deleted
B.Items are deleted 365 days after last modification
C.Items are preserved with a lock and cannot be deleted by users
D.Items are automatically deleted 365 days after creation
AnswerD

RetentionDuration is 365, trigger is WhenCreated, action is Delete.

Why this answer

The policy retains items for 365 days from creation and then deletes them. Without preservation lock, users can delete items before 365 days, but the system retains them until the period ends. Option C is correct.

Option A is wrong because it says items are kept indefinitely. Option B is wrong because deletion triggers after 365 days. Option D is wrong because preservation lock is false.

244
MCQeasy

A healthcare organization needs to automatically classify documents containing patient health information (PHI) in Microsoft SharePoint. The solution should apply a 'Confidential - Healthcare' sensitivity label to any document that matches the HIPAA content pattern. Which Microsoft Purview feature should be used?

A.Retention label auto-apply
B.Manual sensitivity labeling
C.Data loss prevention (DLP) policy
D.Auto-labeling for sensitivity labels
AnswerD

Auto-labeling automatically classifies documents based on content patterns.

Why this answer

Option B is correct because auto-labeling in Microsoft Purview can apply sensitivity labels based on content patterns. Option A is wrong because manual labeling requires user action. Option C is wrong because DLP policies prevent sharing, not classify.

Option D is wrong because retention labels manage retention, not classification.

245
MCQmedium

Contoso Pharmaceuticals is implementing Microsoft Purview to meet regulatory compliance (HIPAA and GDPR). They need to: (1) automatically classify and protect patient health information (PHI) and personally identifiable information (PII) in Exchange Online, SharePoint Online, and OneDrive for Business; (2) detect and prevent unauthorized sharing of sensitive data; (3) retain audit logs for 7 years; and (4) allow users to manually apply classification labels to documents. The company has 5,000 users and uses Microsoft 365 E5 licenses. The security team wants to minimize manual effort and ensure consistent protection. What should the compliance administrator configure first?

A.Configure Data Loss Prevention (DLP) policies to block sharing of content containing PHI and PII.
B.Create sensitivity labels with auto-labeling policies configured to detect PHI and PII, and publish them via label policies.
C.Set up retention policies for Exchange, SharePoint, and OneDrive to retain data for 7 years.
D.Enable auditing for all workloads and configure alert policies for unauthorized access.
AnswerB

Auto-labeling provides consistent classification and protection with minimal manual effort.

Why this answer

Option A is correct because sensitivity labels with auto-labeling for file types containing PHI/PII provide consistent automated classification and protection across the specified workloads. Option B is wrong because DLP policies can block sharing but do not classify or protect data inherently. Option C is wrong because retention policies handle retention, not classification or protection.

Option D is wrong because auditing is for logging, not classification.

246
MCQhard

A financial services firm uses Microsoft Purview Information Barriers to prevent traders from communicating with investment bankers. A new employee in the trading department cannot access a SharePoint site used for compliance training. What should the administrator do?

A.Add the employee to the 'Traders' Microsoft 365 group.
B.Add the employee to the 'Traders' segment in Microsoft Purview Information Barriers.
C.Use the 'Override' option in the Information Barrier policy.
D.Disable the Information Barrier policy for the trading department.
AnswerB

Assigning the user to the correct segment allows access to permitted sites.

Why this answer

Option D is correct because Information Barriers enforce segments; adding the employee to the correct segment allows access. Option A is wrong because disabling barriers would remove protection. Option B is wrong because segment membership is not based on group membership by default.

Option C is wrong because overriding the block would violate the policy.

247
MCQhard

An organization's security team needs to investigate a security incident that occurred two months ago. They need to search the unified audit log for specific activities performed by a user, such as file access, email actions, and sign-in events, to understand the scope of the compromise. Which Microsoft Purview solution provides these audit log search capabilities?

A.Microsoft Purview eDiscovery
B.Microsoft Purview Audit
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Communication Compliance
AnswerB

Audit provides the ability to search the unified audit log for historical user and administrator activities across Microsoft 365, meeting the investigation need.

Why this answer

Microsoft Purview Audit (specifically Audit (Standard) or Audit (Premium)) provides the ability to search the unified audit log for activities like file access, email actions, and sign-in events. This solution is designed for forensic investigation of user and admin activity within Microsoft 365, making it the correct choice for investigating a security incident that occurred two months ago.

Exam trap

The trap here is that candidates often confuse eDiscovery (which deals with legal holds and content search) with Audit (which deals with activity logs), leading them to select eDiscovery when the question specifically asks for searching user activities like file access and sign-in events.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview eDiscovery is used for identifying, collecting, and producing electronically stored information (ESI) for legal or regulatory cases, not for searching the unified audit log for user activity. Option C is wrong because Microsoft Purview Data Lifecycle Management focuses on retaining and deleting content based on compliance policies, not on auditing user actions. Option D is wrong because Microsoft Purview Communication Compliance is designed to detect and remediate inappropriate communications (e.g., harassment, sensitive info sharing), not to provide a general audit log search for security incidents.

248
Multi-Selectmedium

Which TWO of the following are capabilities of Microsoft Purview that help organizations manage compliance? (Choose two.)

Select 2 answers
A.Microsoft Entra ID
B.Data Loss Prevention (DLP)
C.Microsoft Defender for Cloud
D.Insider Risk Management
E.Microsoft Intune
AnswersB, D

DLP helps prevent data leaks.

Why this answer

Option A is correct because Data Loss Prevention is a key compliance capability. Option B is correct because Insider Risk Management helps detect and manage insider risks. Option C is wrong because Microsoft Entra ID is an identity service, not a compliance solution.

Option D is wrong because Microsoft Defender for Cloud is a cloud security posture management solution. Option E is wrong because Microsoft Intune is a device management solution.

249
MCQmedium

A company wants to monitor internal communications for inappropriate content such as harassment or threats, and also prevent employees from accidentally sharing credit card numbers via email. Which combination of Microsoft Purview solutions should they use?

A.Use Communication Compliance for both detecting harassment and preventing credit card sharing
B.Use Data Loss Prevention (DLP) for both detecting harassment and preventing credit card sharing
C.Use Communication Compliance for harassment detection and DLP for preventing sharing of credit card numbers
D.Use eDiscovery for both harassment detection and data leak prevention
AnswerC

Correct. Communication Compliance handles detection of inappropriate content like harassment, while DLP policies prevent unauthorized sharing of sensitive data such as credit card numbers.

Why this answer

Communication Compliance is designed to detect and investigate inappropriate internal communications (e.g., harassment, threats) by analyzing messages against customizable policies. Data Loss Prevention (DLP) is purpose-built to identify and prevent the accidental sharing of sensitive data, such as credit card numbers, by scanning content for predefined patterns (e.g., regex for credit card formats) and enforcing policy actions like blocking the email. Together, they address the two distinct requirements: Communication Compliance for behavioral monitoring and DLP for data protection.

Exam trap

The trap here is that candidates often confuse the overlapping capabilities of Communication Compliance and DLP, assuming one tool can handle both behavioral monitoring and data protection, when in fact each is specialized for a distinct compliance domain.

How to eliminate wrong answers

Option A is wrong because Communication Compliance is not designed to prevent the sharing of sensitive data like credit card numbers; it focuses on communication surveillance and policy violations, not data leak prevention actions. Option B is wrong because DLP is not intended for detecting harassment or threats in communications; it scans for sensitive data patterns (e.g., credit card numbers, PII) and enforces data handling policies, not behavioral monitoring. Option D is wrong because eDiscovery is used for legal discovery and holds, not for real-time monitoring or prevention of harassment or data leaks; it is an investigation tool, not a proactive compliance solution.

250
MCQeasy

A company needs to automatically detect and protect sensitive information such as credit card numbers in emails sent from Exchange Online and documents stored in SharePoint Online. They want to create policies that can block emails if such data is detected, and also automatically encrypt documents with specific labels. Which Microsoft Purview solution should they use?

A.Microsoft Purview Information Protection
B.Microsoft Purview Data Loss Prevention
C.Microsoft Purview Audit
D.Microsoft Purview Compliance Manager
AnswerB

Correct. DLP policies can detect sensitive information types (e.g., credit card numbers) and automatically apply actions such as blocking email delivery or encrypting documents at rest.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to automatically detect sensitive information (e.g., credit card numbers) in Exchange Online emails and SharePoint Online documents, and then enforce protective actions such as blocking email transmission or applying encryption labels. DLP policies use sensitive information types and policy tips to identify and remediate data exposure risks across these workloads.

Exam trap

The trap here is that candidates often confuse Information Protection (labeling/encryption) with DLP (detection and enforcement), but DLP is the engine that triggers the protective actions, while Information Protection provides the labels and encryption mechanisms that DLP can apply.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Information Protection focuses on classifying, labeling, and protecting data at rest (e.g., applying sensitivity labels) but does not natively include the automated detection and blocking of sensitive data in transit or the enforcement of DLP actions like email blocking. Option C is wrong because Microsoft Purview Audit is solely for logging and investigating user and admin activities, not for detecting or protecting sensitive data in real time. Option D is wrong because Microsoft Purview Compliance Manager is a risk assessment and compliance management tool that helps track regulatory compliance posture, not a solution for detecting or protecting sensitive content in emails or documents.

251
MCQmedium

A financial services company uses Microsoft Purview to manage compliance. They need to automatically apply a 'Confidential' label to all documents containing financial data in SharePoint. What should they configure?

A.Auto-labeling policy for sensitivity labels
B.Data classification dashboard
C.Trainable classifiers for manual labeling
D.Data Loss Prevention (DLP) policy
AnswerA

Auto-labeling applies labels automatically based on content.

Why this answer

Option C is correct because auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels based on sensitive information types. Option A is wrong because manual labeling requires user action. Option B is wrong because DLP detects but does not apply labels.

Option D is wrong because data classification dashboard provides visibility, not automatic labeling.

252
MCQmedium

Your organization uses Microsoft Purview Records Management to manage high-value records that must not be deleted. You need to apply a label that marks content as a regulatory record. What label type should you use?

A.Data loss prevention policy
B.Retention label configured for regulatory records
C.Retention label configured for record
D.Sensitivity label
AnswerB

Regulatory records provide the highest level of protection, preventing deletion and modification.

Why this answer

Option A is correct because regulatory records are a specific disposition type. Option B is wrong because retention labels can have different actions. Option C is wrong because sensitivity labels classify but don't manage records.

Option D is wrong because DLP is not for records.

253
MCQhard

An organization has a Microsoft Purview Data Lifecycle Management policy that retains all documents for 5 years. However, legal requires that documents related to a specific lawsuit be preserved indefinitely. What should you do?

A.Configure information barriers
B.Place the relevant sites on litigation hold
C.Apply a retention label with indefinite retention
D.Create a DLP policy to block deletion
AnswerB

Litigation hold preserves content indefinitely for legal purposes.

Why this answer

Option B is correct because a litigation hold in eDiscovery (Premium) preserves content indefinitely, overriding retention policies. Option A is wrong because retention labels are for scheduled retention, not indefinite preservation. Option C is wrong because DLP policies do not preserve content.

Option D is wrong because information barriers restrict communication, not preserve data.

254
MCQmedium

A law firm needs to retain client documents for 10 years after case closure, but automatically delete drafts after 30 days. Which two Microsoft Purview solutions should be combined?

A.Microsoft Purview Data Loss Prevention and eDiscovery
B.Microsoft Purview eDiscovery and Audit
C.Microsoft Purview Audit and Data Loss Prevention
D.Microsoft Purview Records Management and Data Lifecycle Management
AnswerD

Records Management for regulatory records and Data Lifecycle Management for non-records.

Why this answer

Option B is correct because Records Management handles retention for records (client documents), and Data Lifecycle Management handles retention for non-record content (drafts). Option A is wrong because eDiscovery is for search, not retention. Option C is wrong because Audit logs events.

Option D is wrong because DLP is for protection.

255
MCQeasy

Your organization needs to monitor Microsoft Teams chats for inappropriate language and alert compliance officers. Which Microsoft Purview solution should you implement?

A.Communication Compliance
B.eDiscovery
C.Auditing
D.Information Protection
AnswerA

Communication Compliance detects policy violations in communications.

Why this answer

Option B is correct because Communication Compliance is designed to detect offensive language in communications. Option A is wrong because Information Protection classifies data. Option C is wrong because Auditing tracks activities.

Option D is wrong because eDiscovery is for legal investigations.

256
MCQhard

An organization needs to automatically apply a 'Highly Confidential' sensitivity label to all documents that contain a specific custom sensitive information type. The label should be applied when the document is created or modified. Which feature of Microsoft Purview Information Protection should be used?

A.Manual sensitivity labeling
B.Data Loss Prevention (DLP) policies
C.Auto-labeling policies
D.Communication Compliance policies
AnswerC

Auto-labeling policies automatically apply labels based on conditions.

Why this answer

Auto-labeling policies in Microsoft Purview Information Protection can automatically apply sensitivity labels based on conditions, including custom sensitive information types, when documents are created or modified. Manual labeling requires user action. DLP blocks sharing but does not apply labels.

Communication Compliance monitors communications.

257
Multi-Selectmedium

Which THREE actions can be performed using a Microsoft Purview Data Loss Prevention (DLP) policy?

Select 3 answers
A.Notify users via policy tip when they try to share sensitive data
B.Block sharing of sensitive data with external users
C.Automatically retain emails for 7 years
D.Encrypt emails containing sensitive data
E.Apply a sensitivity label automatically
AnswersA, B, E

DLP provides policy tips.

Why this answer

Options A, C, and D are correct. DLP policies can block sharing of sensitive data, notify users with policy tips, and automatically apply sensitivity labels. Option B is wrong because automatic retention is managed by retention policies, not DLP.

Option E is wrong because encryption is applied by sensitivity labels, not DLP directly.

258
MCQeasy

Your organization needs to audit all changes to sensitive files in SharePoint Online for at least 180 days. Which Microsoft Purview feature should be enabled?

A.Microsoft Purview eDiscovery
B.Microsoft Purview Audit (Premium)
C.Microsoft Purview Data Loss Prevention
D.Microsoft Purview Data Lifecycle Management
AnswerB

Audit (Premium) provides extended retention up to 1 year.

Why this answer

Microsoft Purview Audit (Standard) retains audit logs for 90 days, but Audit (Premium) can retain for up to 1 year (or longer via custom retention). Option A is wrong because DLP does not audit changes. Option C is wrong because eDiscovery is for searching, not auditing.

Option D is wrong because Data Lifecycle Management is for retention of content, not logs.

259
MCQeasy

Your organization needs to retain all email communications with customers for 7 years due to regulatory requirements. Which Microsoft Purview solution should you use?

A.Sensitivity labels
B.eDiscovery (Standard)
C.Retention policies
D.Data Loss Prevention policies
AnswerC

Retention policies enforce data retention for a defined period.

Why this answer

Option A is correct because retention policies in Microsoft Purview allow you to retain data for a specified period. Option B is wrong because DLP is for preventing data loss, not retention. Option C is wrong because sensitivity labels classify data but do not enforce retention.

Option D is wrong because eDiscovery is for search and export, not setting retention.

260
MCQmedium

A financial organization needs to automatically detect emails containing the phrase 'Non-Public Material Information' and apply a retention policy that retains those emails for 7 years. They also need to train senders with a policy tip before sending, and if they still send the email, it should be encrypted and blocked from being forwarded outside the organization. Which Microsoft Purview solution should they use?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Communication Compliance
D.Microsoft Purview Audit
AnswerB

DLP can detect sensitive information, provide policy tips, and automatically encrypt, block, and apply retention labels to messages.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it can automatically detect sensitive content (e.g., 'Non-Public Material Information') in emails, apply policy tips to train senders before sending, enforce encryption, and block forwarding outside the organization. DLP policies also integrate with retention labels to retain emails for a specified period, such as 7 years, by applying a retention label automatically when the sensitive content is detected.

Exam trap

The trap here is that candidates often confuse Data Lifecycle Management (retention only) with DLP (detection + action), or assume Communication Compliance handles all email content monitoring, but DLP is the only solution that combines real-time content detection, user training via policy tips, and automated enforcement actions like encryption and forwarding blocks.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Lifecycle Management focuses solely on retaining and deleting data based on policies, but it cannot detect sensitive content in real-time, apply policy tips, or enforce encryption and forwarding restrictions. Option C is wrong because Microsoft Purview Communication Compliance is designed to detect policy violations (e.g., harassment, insider trading) for review and remediation, not to automatically apply retention, encryption, or forwarding blocks on emails containing specific phrases. Option D is wrong because Microsoft Purview Audit provides logging and investigation of past activities, but it cannot proactively detect content, apply policy tips, encrypt emails, or block forwarding.

261
MCQhard

Refer to the exhibit. A Microsoft Purview retention policy is configured as shown. A document in SharePoint is labeled as 'Highly Confidential' and was created 5 years ago. What will happen to this document?

A.The document will be retained for 7 years from the policy creation date
B.The document will be deleted immediately
C.The document will be retained for 7 years from now
D.The document will be retained for 2 more years
AnswerD

The document was created 5 years ago, so it will be retained for 2 more years to reach 7 years total.

Why this answer

Option D is correct because the retention policy retains items labeled as 'Highly Confidential' for 7 years from creation. Since the document was created 5 years ago, it will be retained until 7 years from creation (2 more years). Option A is wrong because the retention action is 'Retain', not delete.

Option B is wrong because the label meets the condition. Option C is wrong because the retention is based on creation date, not the policy's start.

262
Multi-Selecthard

Which THREE actions can Microsoft Purview Data Loss Prevention (DLP) policies perform when a sensitive data match is detected?

Select 3 answers
A.Apply a retention label
B.Encrypt the content automatically
C.Block the sharing of the content
D.Send a notification to the user
E.Delete the content permanently
AnswersB, C, D

DLP can encrypt emails or documents to protect sensitive data.

Why this answer

Microsoft Purview DLP policies can automatically encrypt content when a sensitive data match is detected, typically using Azure Information Protection (AIP) or Microsoft 365 Message Encryption. This action helps protect the data by restricting access to authorized users only, even if the content is shared externally.

Exam trap

The trap here is that candidates often confuse DLP's native actions with other compliance features like retention labels or deletion, assuming DLP can delete or apply labels directly, but Microsoft explicitly limits DLP to blocking, encrypting, notifying, and auditing actions.

263
MCQmedium

A company is subject to a legal investigation and must preserve all email communications related to the case for an indefinite period, even if users try to delete them. The compliance officer needs a solution that can place a hold on specific user mailboxes and prevent any permanent deletion of relevant content. Which Microsoft Purview feature should be used?

A.Retention labels
B.Litigation hold
C.Data loss prevention
D.Compliance Manager
AnswerB

Litigation Hold preserves all mailbox content, including deleted items, and prevents permanent deletion until the hold is removed.

Why this answer

Litigation hold is the correct feature because it places a hold on an entire mailbox, preserving all content including deleted items and versions, and prevents permanent deletion by users or automated processes. Unlike retention labels or policies, litigation hold applies to the entire mailbox and is designed specifically for legal investigations where indefinite preservation is required.

Exam trap

The trap here is that candidates often confuse retention labels or policies with litigation hold, not realizing that retention labels apply granularly to content while litigation hold applies to the entire mailbox and is specifically designed for legal preservation scenarios.

How to eliminate wrong answers

Option A is wrong because retention labels are applied to individual items or folders for classification and retention, but they do not prevent users from deleting items; they only ensure items are retained after deletion according to a policy. Option C is wrong because Data Loss Prevention (DLP) is designed to detect and prevent unauthorized sharing or leakage of sensitive data, not to preserve email content for legal holds. Option D is wrong because Compliance Manager is a risk assessment and compliance score tool that helps manage compliance posture, not a feature for placing holds on mailboxes.

264
MCQhard

A financial services firm must comply with regulatory requirements that mandate supervisory review of communications between advisors and clients. They need to automatically capture emails and Microsoft Teams messages from a specific group of advisors, assign them to a supervisor for review, and flag messages containing potential code words for insider trading. Which Microsoft Purview solution should they use?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview Communication Compliance
C.Microsoft Purview Information Protection
D.Microsoft Purview Insider Risk Management
AnswerB

Communication Compliance enables organizations to capture communications, assign them to reviewers, and use built-in or custom classifiers to detect policy violations such as insider trading code words. It meets all described requirements.

Why this answer

Microsoft Purview Communication Compliance is the correct solution because it is specifically designed to capture and review communications (email, Teams messages) for regulatory compliance, such as supervisory oversight of advisor-client interactions. It can automatically flag messages containing sensitive keywords or patterns (e.g., potential code words for insider trading) and route them to designated supervisors for review, meeting the firm's regulatory mandate.

Exam trap

The trap here is that candidates often confuse the 'capture and review communications' requirement with Insider Risk Management (Option D), which focuses on behavioral analytics and risk scoring rather than direct communication capture and keyword-based flagging.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Lifecycle Management focuses on retaining, deleting, and managing data based on policies (e.g., retention labels, disposition review), not on capturing and reviewing communications for compliance or flagging specific content. Option C is wrong because Microsoft Purview Information Protection is used for classifying, labeling, and protecting sensitive data (e.g., encryption, rights management), not for supervisory review or automated flagging of communications. Option D is wrong because Microsoft Purview Insider Risk Management is designed to detect and investigate risky user activities (e.g., data exfiltration, policy violations) using analytics and behavioral indicators, not to capture and review communications for regulatory compliance or flag specific keywords.

265
MCQmedium

Your organization must ensure that financial reports are protected with encryption and cannot be forwarded. Which two Microsoft Purview features should you combine?

A.Data Lifecycle Management and Data Loss Prevention
B.Retention policies and Records Management
C.Information Barriers and Communication Compliance
D.eDiscovery (Premium) and Audit (Standard)
E.Sensitivity labels with encryption and Data Loss Prevention
AnswerE

Sensitivity labels encrypt the document; DLP can block forwarding.

Why this answer

Option D is correct because sensitivity labels can apply encryption, and DLP can block forwarding. Option A is wrong because retention policies do not encrypt or block forwarding. Option B is wrong because eDiscovery and Audit are for discovery and logging.

Option C is wrong because Information Barriers restrict communication but not forwarding. Option E is wrong because Data Lifecycle Management manages retention, not forwarding.

266
MCQhard

Tailspin Toys is a toy manufacturer with headquarters in the US and subsidiaries in Europe and Asia. You are the compliance administrator. The company must comply with the EU General Data Protection Regulation (GDPR). Requirements: 1) Personal data of EU residents must be retained only for as long as necessary (max 5 years after last interaction). 2) If a user tries to share personal data outside the EU, the action must be blocked. 3) Users must be able to manually mark documents as 'GDPR High Risk' which will encrypt them and add a watermark 'GDPR PROTECTED'. 4) All access to personal data must be audited. You have Microsoft Purview with E5 compliance licenses. What is the most efficient solution?

A.Use a retention policy to delete all content after 5 years; create a DLP policy to block sharing of personal data outside EU; create a sensitivity label for manual application with encryption and watermark; enable audit logging
B.Create an auto-labeling policy to apply a 'Personal Data' sensitivity label; create a retention label 'GDPR Retention' to auto-apply to personal data and retain for 5 years; create a DLP policy to block sharing of labeled personal data outside EU; create a separate sensitivity label 'GDPR High Risk' for manual application with encryption and watermark; enable audit logging
C.Use a retention policy to delete personal data after 5 years; create a DLP policy to block cross-border sharing; use a sensitivity label with auto-labeling for personal data; enable audit logging
D.Create a DLP policy to block sharing of personal data outside EU; use a retention label for 5 years; use a single sensitivity label for both automatic and manual scenarios; enable audit logging
AnswerB

Auto-labeling applies sensitivity label; retention label retains personal data for 5 years; DLP blocks cross-border sharing; manual label provides encryption and watermark; audit logging tracks access.

Why this answer

Option A: retention policy for 5 years on all content (not specific to personal data), but the requirement is to retain personal data only as long as necessary; a retention label with auto-apply is more precise. DLP can block cross-border sharing. Sensitivity label for manual marking with encryption and watermark.

Audit logging is enabled by default. Option B: auto-labeling for sensitivity is good, but retention label for personal data is needed; also DLP is required. Option C: DLP cannot enforce retention.

Option D: auto-labeling for retention label is good, but sensitivity label is needed for manual marking; also DLP is required.

267
MCQmedium

An organization needs to detect and address potential policy violations in Microsoft Teams chat messages and channel conversations. They want to configure a policy that automatically scans for keywords related to confidential information and for sensitive data patterns like credit card numbers. When a violation is found, the policy should notify the user and their manager, and optionally escalate to a designated reviewer. Which Microsoft Purview solution should they configure?

A.Communication Compliance
B.Data Lifecycle Management
C.eDiscovery
D.Audit
AnswerA

Correct. Communication Compliance is designed to detect and remediate policy violations in communications, including Teams messages, with automated alerts and review workflows.

Why this answer

Communication Compliance is the correct solution because it is specifically designed to detect policy violations in Microsoft Teams messages and other communication channels by scanning for keywords and sensitive data patterns (e.g., credit card numbers). It can automatically notify the user and their manager, and optionally escalate violations to a designated reviewer for remediation, directly matching the organization's requirements.

Exam trap

The trap here is that candidates may confuse Communication Compliance with Data Loss Prevention (DLP) or eDiscovery, but DLP focuses on preventing data leaks (e.g., blocking sharing) rather than detecting and escalating policy violations with user/manager notifications, while eDiscovery is reactive and not designed for automated detection and notification workflows.

How to eliminate wrong answers

Option B (Data Lifecycle Management) is wrong because it focuses on retaining and deleting data based on policies (e.g., retention labels and retention policies), not on scanning for policy violations or sensitive content in communications. Option C (eDiscovery) is wrong because it is used for legal discovery and holds to search and export content for litigation or investigation, not for real-time detection and notification of policy violations. Option D (Audit) is wrong because it logs user and admin activities for security and compliance investigations, but it does not proactively scan messages for keywords or sensitive data patterns, nor does it provide notification or escalation workflows.

268
MCQhard

A company wants to prevent users from sharing files containing personally identifiable information (PII) with external recipients. They also need to notify users if they attempt to share such files. Which Microsoft Purview solution should be configured?

A.Microsoft Purview Sensitivity Labels
B.Microsoft Purview Communication Compliance
C.Microsoft Purview eDiscovery
D.Microsoft Purview Data Loss Prevention
AnswerD

DLP policies can block sharing of sensitive data and notify users.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies can detect sensitive data like PII and block sharing while showing a policy tip to the user. Option A is wrong because sensitivity labels alone do not block sharing. Option B is wrong because eDiscovery is not for prevention.

Option D is wrong because Communication Compliance is for inappropriate messages.

269
MCQeasy

Your organization uses Microsoft Purview to classify documents containing health information. You need to ensure that only users with explicit permission can access these documents. Which Microsoft Purview capability should you use?

A.Audit logs
B.Retention policies
C.Data Loss Prevention
D.Sensitivity labels with encryption
AnswerD

Sensitivity labels can apply encryption and restrict access to authorized users.

Why this answer

Option B is correct because sensitivity labels can enforce encryption and permissions. Option A is wrong because DLP blocks sharing but does not manage access. Option C is wrong because audit logs track but do not control access.

Option D is wrong because retention policies manage time-based retention, not access.

270
Multi-Selecthard

A healthcare organization subject to HIPAA regulations stores patient health information (PHI) in SharePoint Online and OneDrive. The compliance team needs to automatically detect and classify medical record numbers and other PHI when documents are uploaded. Detected sensitive content must be protected by encryption and restricted to authorized users only. Additionally, the team wants to prevent users from sharing such documents externally. Which TWO Microsoft Purview solutions should they combine to achieve these requirements? (Choose two.)

Select 2 answers
A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Information Protection
C.Microsoft Purview Communication Compliance
D.Microsoft Purview Data Lifecycle Management
AnswersA, B

DLP can be configured to detect sensitive health information (via sensitive info types) and trigger actions such as blocking sharing or applying a label. This meets the detection and prevention requirements.

Why this answer

Microsoft Purview Information Protection (B) enables automatic classification and labeling of sensitive data like medical record numbers and PHI based on sensitive info types or trainable classifiers. Microsoft Purview Data Loss Prevention (A) then enforces policies to apply encryption, restrict access to authorized users, and block external sharing of labeled documents. Together, they meet the requirements for detection, protection, and sharing prevention.

Exam trap

The trap here is that candidates may confuse Communication Compliance (which monitors communications) with DLP or Information Protection, or assume Data Lifecycle Management handles classification, but it only manages retention and deletion.

271
MCQhard

A data analyst is planning to leave the company in two weeks and has access to a large volume of sensitive customer data. The compliance team wants to detect if the analyst starts downloading large amounts of files to a personal USB drive or sending sensitive content to an external email address. They need to set up a policy that alerts on such anomalous data exfiltration activities without blocking operations until a thorough investigation is completed. Which Microsoft Purview solution should they configure?

A.Microsoft Purview Insider Risk Management
B.Microsoft Purview Data Lifecycle Management
C.Microsoft Purview Communication Compliance
D.Microsoft Purview eDiscovery (Standard)
AnswerA

Correct. Insider Risk Management is designed to detect and investigate potential data leaks by employees, including anomalous exfiltration behaviors, with alerting and case management.

Why this answer

Microsoft Purview Insider Risk Management is designed to detect, investigate, and act on risky user activities, including data exfiltration by departing employees. It uses predefined indicators such as downloading files to USB drives or sending emails to external addresses, and can generate alerts without automatically blocking operations, allowing for a thorough investigation first.

Exam trap

The trap here is that candidates often confuse Insider Risk Management with Communication Compliance, but Communication Compliance focuses on communication content (e.g., offensive language) rather than behavioral data exfiltration patterns like USB downloads or bulk external emails.

How to eliminate wrong answers

Option B is wrong because Data Lifecycle Management focuses on retaining, deleting, and archiving data based on policies, not on detecting anomalous user behavior like exfiltration. Option C is wrong because Communication Compliance monitors for policy violations in communications (e.g., harassment, insider trading) but does not specifically detect file downloads to USB drives or bulk external emailing of sensitive data. Option D is wrong because eDiscovery (Standard) is used for searching and exporting content for legal or investigative purposes, not for real-time alerting on suspicious data exfiltration activities.

272
MCQmedium

A user receives a sensitivity label that automatically marks the email as 'Confidential' and prevents forwarding. The label was applied without user intervention. Which mechanism most likely applied the label?

A.Azure Information Protection file policy
B.Auto-classification via DLP policy
C.Default label configured in Microsoft 365
D.Manual labeling by the user
AnswerB

DLP can auto-apply sensitivity labels when sensitive content is detected.

Why this answer

Auto-classification via DLP policy can automatically apply sensitivity labels based on sensitive content. Option B is wrong because manual labeling requires user action. Option C is wrong because file policy is for Windows File Explorer.

Option D is wrong because default label applies to unlabeled emails by default, but the scenario suggests the label was applied based on content.

273
MCQmedium

A multinational corporation must retain all financial records for 7 years and then permanently delete them. The compliance officer wants to ensure that even a global administrator cannot modify or delete the retention policy. Which Microsoft Purview solution and configuration should they use?

A.eDiscovery (Standard)
B.Compliance Manager
C.Data Lifecycle Management with a preservation lock
D.Information Protection with sensitivity labels
AnswerC

Data Lifecycle Management includes retention policies for automatic retention/deletion; a preservation lock secures the policy against tampering.

Why this answer

C is correct because Data Lifecycle Management with a preservation lock allows an organization to apply a retention policy that cannot be modified, deleted, or turned off by any administrator, including a global administrator. This ensures financial records are retained for exactly 7 years and then permanently deleted, meeting the compliance officer's requirement for immutable retention.

Exam trap

The trap here is that candidates often confuse retention policies with sensitivity labels or eDiscovery, not realizing that only a preservation lock provides the immutable, administrator-proof retention enforcement required for regulatory compliance.

How to eliminate wrong answers

Option A is wrong because eDiscovery (Standard) is used for searching and exporting content for legal or investigative purposes, not for enforcing mandatory retention or deletion policies. Option B is wrong because Compliance Manager is a risk assessment and compliance scoring tool, not a solution for configuring retention or deletion rules. Option D is wrong because Information Protection with sensitivity labels focuses on classifying and protecting data based on sensitivity (e.g., encryption, access restrictions), not on enforcing time-based retention and deletion with administrative lock.

274
MCQeasy

You are the compliance administrator for a retail company that uses Microsoft 365 Business Premium. The company needs to: - Block customers' credit card numbers from being sent via email. - Retain all sales invoices for 3 years as per financial regulations. - Allow managers to search and export employee emails for HR investigations. - Ensure that only HR can access employee salary information. Which Microsoft Purview solutions should you use?

A.DLP, Information Barriers, eDiscovery, and sensitivity labels
B.DLP, Data Lifecycle Management, eDiscovery, and sensitivity labels
C.Insider Risk Management, Data Lifecycle Management, eDiscovery, and sensitivity labels
D.Communication Compliance, Data Lifecycle Management, eDiscovery, and sensitivity labels
AnswerB

All requirements are met.

Why this answer

Option A is correct because DLP blocks credit card sharing; Data Lifecycle Management retains invoices; eDiscovery exports emails; sensitivity labels restrict access to salary info. Option B is wrong because Communication Compliance is for monitoring, not blocking data. Option C is wrong because Information Barriers restrict communication, not access.

Option D is wrong because Insider Risk Management is for risk, not retention.

275
MCQmedium

Your organization uses Microsoft Purview to manage compliance. You need to ensure that financial documents are automatically labeled as 'Financial' and retained for 7 years. Additionally, if a user tries to share a financial document externally, they must see a policy tip warning them and be blocked if they proceed. You also need to audit all access to financial documents. Which configuration should you implement?

A.Create a DLP policy to detect financial data and block external sharing; use default audit logging
B.Create a manual labeling policy for users to apply 'Financial' label; create a retention label for 7 years; create a DLP policy to warn on external sharing
C.Create a retention label 'Financial' with auto-apply based on sensitive info type; create a DLP policy to block external sharing
D.Create an auto-labeling policy to apply a sensitivity label 'Financial' with encryption; create a retention policy to retain all labeled content for 7 years; create a DLP policy to block external sharing of 'Financial' labeled content with a policy tip; enable audit logging
AnswerD

Auto-labeling applies label automatically; retention policy retains; DLP blocks sharing; audit logging tracks access.

Why this answer

Option A: Auto-labeling applies the sensitivity label; a retention policy retains for 7 years; DLP blocks external sharing with policy tip; audit logging is enabled by default. Option B: manual labeling is not automatic; Option C: retention label is not sensitivity; Option D: DLP alone does not automate labeling or retention.

276
MCQmedium

Your organization uses Microsoft 365 and needs to identify internal users who are sending confidential data to external domains repeatedly. Which Microsoft Purview solution should you use?

A.Data Loss Prevention
B.Insider Risk Management
C.Audit (Premium)
D.Communication Compliance
AnswerB

Insider Risk Management uses analytics to detect patterns of risky behavior.

Why this answer

Option B is correct because Insider Risk Management can detect patterns of risky behavior like repeated data exfiltration. Option A is wrong because DLP blocks individual incidents but does not detect patterns. Option C is wrong because Audit logs show events but do not analyze patterns.

Option D is wrong because Communication Compliance monitors communications for policy violations, not exfiltration patterns.

277
MCQmedium

A financial services organization needs to prevent communication between its research analysts and investment bankers to comply with regulatory requirements. Which Microsoft Purview solution should the compliance team implement?

A.Data Loss Prevention (DLP)
B.Information Barriers
C.Data Lifecycle Management
D.Microsoft Purview eDiscovery
AnswerB

Information Barriers restrict communication and collaboration between user segments, ideal for separating analysts and bankers.

Why this answer

Information Barriers (IB) in Microsoft Purview is specifically designed to prevent communication and collaboration between certain user groups to comply with regulatory requirements, such as those in financial services that require separation between research analysts and investment bankers. IB policies enforce restrictions on Microsoft Teams, SharePoint, and OneDrive to block unauthorized communication and file sharing, directly addressing the need to avoid conflicts of interest.

Exam trap

Microsoft often tests the distinction between DLP and Information Barriers, where candidates mistakenly choose DLP because they think preventing communication is about protecting data, but DLP does not restrict person-to-person communication—it only restricts data sharing based on content classification.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) focuses on detecting and preventing the accidental or intentional sharing of sensitive data (e.g., credit card numbers, PII) via policies, not on restricting communication between specific user groups. Option C is wrong because Data Lifecycle Management (formerly known as retention policies) governs how long data is retained and when it is deleted, not who can communicate with whom. Option D is wrong because Microsoft Purview eDiscovery is used for searching and exporting content for legal or investigative purposes, not for proactively preventing communication between users.

278
MCQhard

Your organization uses Microsoft Purview Insider Risk Management. You need to create a policy that detects users exfiltrating sensitive data via email to external recipients. Which policy type should you configure?

A.Offensive language
B.Data leaks
C.Data theft
D.Security policy violations
AnswerB

Data leak policies are designed to detect accidental or intentional exfiltration of sensitive data.

Why this answer

Data leak policies in Insider Risk Management are designed to detect exfiltration of sensitive data. Option C is correct. Data theft policies focus on theft of intellectual property, not necessarily via email.

Security policy violations cover security rule breaches. Offensive language policies deal with harassment.

279
Multi-Selectmedium

A healthcare organization uses Microsoft Purview to protect patient health information (PHI). They need to identify sensitive data stored in Microsoft SharePoint Online and prevent unauthorized sharing. Which two Purview solutions should they implement? (Select all that apply.)

Select 2 answers
A.Data Classification
B.Data Loss Prevention (DLP)
C.Insider Risk Management
D.Communication Compliance
AnswersA, B

Data Classification (including automatic sensitivity labeling) helps identify and label PHI content in SharePoint Online.

Why this answer

Data Classification (A) is correct because it enables the organization to identify and label sensitive data, such as PHI, stored in SharePoint Online. By applying sensitivity labels or retention labels, the organization can classify content based on its sensitivity, which is a prerequisite for applying protective actions. This allows them to discover where PHI resides and prepare it for further controls.

Exam trap

The trap here is that candidates often confuse Insider Risk Management with Data Loss Prevention, thinking it can prevent data leaks, when in fact it only provides detection and investigation capabilities, not proactive blocking of unauthorized sharing.

280
MCQhard

A security analyst runs the above KQL query in Microsoft Sentinel. What is the primary purpose of this query?

A.Correlate MFA failures with other security events
B.Identify all users who had an MFA failure anomaly in the last 7 days
C.Identify users who have been blocked due to MFA failures
D.Identify users with more than 5 MFA failure anomalies in the last 7 days
AnswerD

The where clause filters for count > 5, so it returns users with excessive anomalies.

Why this answer

Option B is correct because the query counts alerts per user and filters for >5, indicating users with excessive MFA failures. Option A is wrong because it doesn't list all alerts. Option C is wrong because it doesn't correlate with other sources.

Option D is wrong because it doesn't identify blocked users.

281
MCQmedium

You work for a law firm that uses Microsoft 365 E5. The firm handles highly confidential client information and must comply with attorney-client privilege. You need to implement a compliance solution that: - Prevents unauthorized sharing of privileged documents via email. - Enables lawyers to easily classify documents as 'Privileged' and automatically encrypt them. - Allows the compliance team to monitor for accidental exposure of privileged information in Teams chats. - Ensures that privileged documents are retained for 7 years after case closure, then automatically deleted. - Provides the ability to search for privileged documents in case of a legal hold. What should you configure?

A.Sensitivity labels with encryption, DLP, Communication Compliance, Data Lifecycle Management, and eDiscovery
B.DLP, Communication Compliance, Data Lifecycle Management, and Audit (Standard)
C.Insider Risk Management, DLP, Data Lifecycle Management, and eDiscovery
D.Sensitivity labels, Information Barriers, Data Lifecycle Management, and eDiscovery
AnswerA

All requirements are covered: classification, encryption, DLP, monitoring, retention, and eDiscovery.

Why this answer

Option B is correct because sensitivity labels can classify and encrypt privileged documents; DLP prevents sharing; Communication Compliance monitors Teams; Data Lifecycle Management manages retention; eDiscovery handles legal hold. Option A is wrong because Information Barriers restrict communication between groups, not relevant for privilege. Option C is wrong because Audit (Standard) does not provide 7-year retention.

Option D is wrong because Insider Risk Management focuses on risk, not classification.

282
Multi-Selectmedium

A company must implement data classification labels in Microsoft Purview to protect sensitive information. Which TWO actions are required to create and publish a sensitivity label?

Select 2 answers
A.Deploy the label using Microsoft Intune configuration profiles.
B.Define the label scope to include SharePoint and OneDrive.
C.Create the label in the Microsoft Purview compliance portal.
D.Publish the label using a label policy.
E.Configure auto-labeling rules in Microsoft 365 Defender.
AnswersC, D

Labels are created in the Purview compliance portal.

Why this answer

Option A is correct because labels are created in the Microsoft Purview compliance portal. Option D is correct because labels must be published via a label policy. Option B is wrong because auto-labeling is a separate feature, not a requirement for creating a label.

Option C is wrong because label creation doesn't require scoping. Option E is wrong because labels are not published via Microsoft Intune.

283
Multi-Selecthard

Which THREE capabilities are included in Microsoft Purview Audit (Premium)?

Select 3 answers
A.Trainable classifiers
B.Access to high-value critical events
C.Custom alert policies
D.Higher bandwidth for API access
E.Longer retention of audit logs (up to 1 year)
AnswersB, D, E

Audit (Premium) logs high-value events like admin actions.

Why this answer

Correct answers: A, B, and C. Audit (Premium) provides longer retention (up to 1 year), high-value events, and higher bandwidth. Option D is wrong because custom alerts are part of Microsoft 365 Defender.

Option E is wrong because trainable classifiers are part of data classification, not audit.

284
MCQmedium

Your organization uses Microsoft Purview to manage data lifecycle. You need to ensure that after a project ends, all related files are automatically deleted after 3 years. What should you configure?

A.Create a retention label with a retention period of 3 years and a disposition action of deletion
B.Configure a DLP policy to delete files after 3 years
C.Create an eDiscovery case and manually delete the files
D.Apply a sensitivity label marked 'Project' and configure auto-deletion
AnswerA

Retention labels can enforce deletion after a specified period.

Why this answer

Option A is correct because a retention label can be applied to project files, specifying retain for 3 years and then delete. Option B is wrong because a sensitivity label does not manage deletion. Option C is wrong because a DLP policy prevents sharing, not deletion.

Option D is wrong because eDiscovery is for search and export.

285
MCQhard

A multinational corporation must comply with several regulatory frameworks, including GDPR, SOX, and HIPAA. The compliance officer wants to continuously assess the organization's compliance posture against these regulations, receive prioritized improvement actions, and track the implementation progress of those actions. Which Microsoft Purview solution should the compliance officer use?

A.Information Protection
B.Compliance Manager
C.Data Lifecycle Management
D.Insider Risk Management
AnswerB

Microsoft Purview Compliance Manager provides end-to-end compliance management, including assessments for multiple regulations, a compliance score, and actionable improvement actions with progress tracking. This directly addresses the compliance officer's needs.

Why this answer

Compliance Manager is the correct solution because it provides a centralized dashboard for continuously assessing compliance posture against multiple regulatory frameworks (GDPR, SOX, HIPAA), generates prioritized improvement actions based on built-in assessments, and tracks implementation progress of those actions through a task-based workflow. It uses automated control mapping and continuous monitoring to help organizations meet evolving compliance requirements.

Exam trap

The trap here is that candidates confuse Compliance Manager with Information Protection, thinking that protecting data automatically ensures compliance, but Compliance Manager is the only solution that provides continuous assessment and actionable improvement tracking across multiple regulations.

How to eliminate wrong answers

Option A is wrong because Information Protection focuses on classifying, labeling, and protecting sensitive data (e.g., encryption, rights management), not on assessing compliance posture or tracking improvement actions across multiple regulations. Option C is wrong because Data Lifecycle Management handles retention, deletion, and archiving of data based on policies, but does not provide compliance assessments or prioritized action tracking. Option D is wrong because Insider Risk Management is designed to detect, investigate, and act on risky user activities (e.g., data theft, policy violations), not to assess organizational compliance against regulatory frameworks.

286
MCQeasy

A company uses Microsoft 365. The compliance department requires that all financial documents be retained for 10 years and then automatically deleted, while marketing documents must be retained for 3 years and then deleted. Additionally, they want to apply a default retention policy to all SharePoint Online sites. Which Microsoft Purview solution should the company use?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview eDiscovery
C.Microsoft Purview Compliance Manager
D.Microsoft Purview Data Loss Prevention (DLP)
AnswerA

Data Lifecycle Management is designed for creating retention policies and labels to control how long content is retained and when it is deleted.

Why this answer

Microsoft Purview Data Lifecycle Management (formerly Microsoft 365 Retention) is the correct solution because it allows organizations to define retention and deletion policies based on content type and location. In this scenario, the company needs to apply different retention periods (10 years for financial documents, 3 years for marketing documents) and a default retention policy for all SharePoint Online sites, which is exactly what Data Lifecycle Management's retention policies and labels provide.

Exam trap

The trap here is that candidates often confuse eDiscovery (which holds content for legal reasons) with Data Lifecycle Management (which automates retention and deletion based on time), leading them to select eDiscovery when the question clearly asks for automated retention and deletion schedules.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview eDiscovery is used for legal discovery and litigation hold, not for automated retention and deletion based on time periods. Option C is wrong because Compliance Manager is a risk assessment and compliance score tool that helps track regulatory compliance posture, not a solution for applying retention or deletion policies. Option D is wrong because Data Loss Prevention (DLP) is designed to prevent unauthorized sharing or leakage of sensitive data through policies, not to manage retention schedules or automatic deletion.

287
MCQmedium

You are designing a compliance solution for a healthcare organization that must comply with HIPAA. You need to ensure that patient health information (PHI) is encrypted at rest in Microsoft 365. What should you use?

A.Microsoft Purview Message Encryption
B.Data Loss Prevention (DLP) policies
C.Sensitivity labels
D.Customer Key
AnswerA

Encrypts email messages with PHI.

Why this answer

Option A is correct because Microsoft Purview Message Encryption allows encrypting email messages containing PHI. Option B is wrong because DLP detects but does not encrypt. Option C is wrong because sensitivity labels can mark content but do not enforce encryption by default.

Option D is wrong because Customer Key provides additional encryption but is not the primary method for email encryption.

288
MCQmedium

A company is required by a compliance regulation to retain all user and admin activity audit logs for 2 years. They also need the ability to perform faster, historical searches on this audit data. Which Microsoft Purview solution should they use?

A.Microsoft Purview Audit (Standard)
B.Microsoft Purview Audit (Premium)
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview eDiscovery (Premium)
AnswerB

Audit (Premium) offers up to 1 year of retention by default, extendable to 2 years, and includes faster queries and higher API bandwidth.

Why this answer

Microsoft Purview Audit (Premium) provides a 2-year retention capability for audit logs, which meets the compliance regulation requirement. Additionally, it offers faster, historical searches through features like high-bandwidth access to the Audit Log Search API and intelligent insights, enabling efficient querying of large volumes of audit data. Standard Audit only retains logs for 90 days by default and lacks the performance optimizations for historical searches.

Exam trap

The trap here is that candidates confuse the 90-day default retention of Audit (Standard) with the 2-year requirement, or mistakenly think Data Lifecycle Management or eDiscovery can fulfill audit log retention and search needs, when only Audit (Premium) combines long-term retention with high-performance historical search capabilities.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Audit (Standard) retains audit logs for only 90 days by default (extendable to 1 year with manual configuration), not the required 2 years, and does not provide the enhanced search performance for historical data. Option C is wrong because Microsoft Purview Data Lifecycle Management focuses on retention and deletion policies for content (e.g., documents, emails) based on labels, not on auditing user and admin activity logs or enabling faster historical searches. Option D is wrong because Microsoft Purview eDiscovery (Premium) is designed for legal investigations and content search across Exchange, SharePoint, and Teams, not for long-term retention and high-performance querying of audit logs.

289
MCQmedium

A healthcare organization must comply with HIPAA regulations. They need to automatically detect and classify sensitive health information such as medical record numbers stored in SharePoint Online and OneDrive. When detected, the solution should apply encryption and restrict access to only authorized personnel. Which Microsoft Purview solution should they configure?

A.Information Protection
B.Data Lifecycle Management
C.Audit
D.eDiscovery
AnswerA

Information Protection provides sensitivity labels that can automatically classify and protect data based on patterns like medical record numbers, applying encryption and permissions.

Why this answer

Microsoft Purview Information Protection (specifically sensitivity labels and auto-labeling policies) can automatically detect sensitive health information like medical record numbers using built-in sensitive information types (e.g., U.S. HIPAA-defined types). When detected, it can apply encryption via Rights Management and restrict access to authorized personnel, meeting HIPAA compliance requirements.

Exam trap

The trap here is that candidates often confuse Data Lifecycle Management (retention/deletion) with Information Protection (classification/encryption), or assume Audit/eDiscovery can enforce access controls, when they only provide logging or search capabilities.

How to eliminate wrong answers

Option B (Data Lifecycle Management) is wrong because it focuses on retention and deletion policies, not on detecting, classifying, or encrypting sensitive data. Option C (Audit) is wrong because it logs user and admin activities but does not perform automatic detection, classification, or encryption of content. Option D (eDiscovery) is wrong because it is used for searching and exporting content for legal or investigative purposes, not for proactive classification and protection of sensitive data.

290
MCQeasy

Your company needs to detect and prevent employees from sharing confidential product plans via email with external parties. Which Microsoft Purview solution should you configure?

A.Sensitivity labels
B.Communication compliance
C.Data Loss Prevention (DLP)
D.Retention policies
AnswerC

DLP detects and blocks sharing of sensitive data.

Why this answer

Option B is correct because DLP policies can detect sensitive information and block external sharing. Option A is wrong because sensitivity labels classify but do not block. Option C is wrong because communication compliance monitors for inappropriate content, not data exfiltration.

Option D is wrong because retention policies manage data lifecycle, not prevention.

291
MCQhard

Refer to the exhibit. You are a compliance administrator managing a DLP policy in Microsoft Purview. The policy is set to 'enforce' mode but you notice that internal users can still share credit card numbers via email to external recipients. What is the most likely cause?

A.The policy is in test mode, not enforce mode
B.The policy is not applied to the user's mailbox
C.The condition requires a minimum count of 5
D.The action only blocks access to the content from external users, not sharing by internal users
AnswerD

blockOnlyExternal blocks external access but does not prevent internal users from sending to external recipients.

Why this answer

Option D is correct because the action 'blockAccess' with 'blockLevel' set to 'blockOnlyExternal' only blocks access from external users, but internal users can still share with external recipients. Option A is wrong because the policy is in enforce mode. Option B is wrong because the condition is met (content contains credit card numbers).

Option C is wrong because the policy applies to the whole tenant unless scoped.

292
MCQeasy

A company wants to automatically prevent users from sharing files containing personal data (e.g., passport numbers) via email. Which Microsoft Purview solution should they configure?

A.Communication Compliance
B.Data Loss Prevention (DLP)
C.Sensitivity labels
D.eDiscovery
AnswerB

DLP policies can detect sensitive data and block actions like email sharing.

Why this answer

Option C is correct because DLP policies can detect sensitive data and block sharing via email. Option A is wrong because sensitivity labels classify but do not block. Option B is wrong because eDiscovery is for search.

Option D is wrong because Communication Compliance monitors messages but does not block based on content.

293
MCQmedium

A multinational organization uses Microsoft 365 and must demonstrate compliance with both GDPR and ISO 27001. The compliance team needs a centralized tool to assess their current compliance posture against these frameworks, receive prioritized improvement actions, and track the implementation of those actions over time. Which Microsoft Purview solution should they use?

A.Compliance Manager
B.Data Lifecycle Management
C.Audit
D.eDiscovery
AnswerA

Compliance Manager provides a central dashboard to assess compliance posture, manage improvement actions, and track progress against multiple regulations like GDPR and ISO 27001.

Why this answer

Compliance Manager is the correct solution because it provides a centralized dashboard that assesses an organization's compliance posture against frameworks like GDPR and ISO 27001. It offers prioritized improvement actions based on built-in assessments and tracks the implementation of those actions over time, directly meeting the requirements for a unified compliance management tool.

Exam trap

The trap here is that candidates may confuse Audit or Data Lifecycle Management as compliance tools, but they lack the centralized assessment and action tracking capabilities that Compliance Manager uniquely provides for framework-specific compliance management.

How to eliminate wrong answers

Option B (Data Lifecycle Management) is wrong because it focuses on managing the lifecycle of data (retention, deletion, and classification) rather than assessing compliance posture against specific frameworks or tracking improvement actions. Option C (Audit) is wrong because it provides logging and search capabilities for auditing user and admin activities, but it does not offer compliance posture assessments or prioritized improvement actions. Option D (eDiscovery) is wrong because it is designed for legal discovery processes to search and export content for litigation, not for assessing compliance frameworks or tracking remediation tasks.

294
MCQmedium

A multinational corporation must comply with several regulations including GDPR, ISO 27001, and NIST. They need a single solution that provides a compliance score, tracks their progress, and recommends specific improvement actions that can be assigned to different departments. Which Microsoft Purview solution meets these requirements?

A.A
B.B
C.C
D.D
AnswerA

Correct. Microsoft Purview Compliance Manager offers a compliance score, recommended improvement actions, and task assignment capabilities for regulatory compliance.

Why this answer

Microsoft Purview Compliance Manager provides a unified compliance score, tracks progress over time, and offers recommended improvement actions that can be assigned to specific departments. It supports multiple regulations like GDPR, ISO 27001, and NIST by mapping controls to these frameworks, making it the correct solution for the multinational corporation's needs.

Exam trap

The trap here is that candidates may confuse Compliance Manager with other Purview solutions like Audit or eDiscovery, which address different compliance needs (logging vs. scoring), but only Compliance Manager provides a centralized score and assignable improvement actions.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Audit (Standard or Premium) is focused on logging and investigating user and admin activity, not on providing a compliance score or tracking improvement actions. Option C is wrong because Microsoft Purview eDiscovery is designed for identifying, collecting, and exporting content for legal or investigative purposes, not for compliance scoring or action assignment. Option D is wrong because Microsoft Purview Data Lifecycle Management (formerly Records Management) handles retention and deletion policies, not compliance scoring or improvement recommendations.

295
MCQhard

A healthcare organization must comply with HIPAA. They need to automatically detect protected health information (PHI) in emails sent from Exchange Online, prevent users from sharing these emails with unauthorized external recipients, and apply a retention label that retains PHI emails for six years. Which Microsoft Purview solution should they configure?

A.Microsoft Purview Information Protection and Data Loss Prevention
B.Microsoft Purview eDiscovery
C.Microsoft Purview Communication Compliance
D.Microsoft Purview Insider Risk Management
AnswerA

Information Protection auto-labels content with retention and classification, while DLP prevents unauthorized sharing. Together they meet all requirements.

Why this answer

Microsoft Purview Information Protection and Data Loss Prevention (DLP) is the correct solution because it combines sensitive data classification (to detect PHI via built-in HIPAA data classifiers) with policy-based enforcement (to block sharing with unauthorized external recipients) and can automatically apply a retention label (via auto-labeling policies) to retain PHI emails for six years. This directly addresses all three requirements: detection, prevention, and retention.

Exam trap

The trap here is that candidates may confuse Communication Compliance (which monitors for policy violations) with DLP (which enforces data protection actions), or assume eDiscovery handles retention and blocking, when in fact DLP is the only solution that combines detection, prevention, and retention label application in a single policy.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview eDiscovery is used for searching, holding, and exporting content for legal or investigative purposes, not for real-time detection or prevention of data sharing. Option C is wrong because Microsoft Purview Communication Compliance is designed to detect policy violations in communications (e.g., harassment, insider trading) and does not natively enforce DLP actions like blocking external sharing or applying retention labels. Option D is wrong because Microsoft Purview Insider Risk Management focuses on identifying risky user activities (e.g., data theft, sabotage) through behavioral analytics, not on automatically detecting PHI in emails or preventing external sharing.

296
MCQmedium

Refer to the exhibit. You are reviewing a Microsoft Purview DLP policy configuration for a compliance team. What is the effect of this policy?

A.The policy blocks access but allows users to override with a justification
B.The policy automatically applies encryption to the content
C.The policy sends a notification but does not block access
D.The policy automatically blocks access without user override
AnswerA

BlockWithOverride means the action is blocked but the user can provide a reason to override.

Why this answer

The policy contains a BlockAccess action with BlockWithOverride behavior, meaning the action is blocked but the user can override with a business justification. The NotifyUser action sends a custom notification. Option A is wrong because it does not block automatically; it allows override.

Option C is wrong because auto-apply is not an action listed. Option D is wrong because encryption is not configured.

297
MCQeasy

A company has a SharePoint Online site that stores project documents. Due to legal requirements, all documents in this site must be retained for exactly 5 years from the date they were created, and then automatically deleted. No user should be able to permanently delete a document before the retention period ends. Which Microsoft Purview solution should the administrator configure?

A.Retention policy
B.Sensitivity label
C.Data loss prevention (DLP) policy
D.Audit policy
AnswerA

A retention policy in Microsoft Purview allows administrators to set a retention period (e.g., 5 years) and an action (such as automatic deletion) for content in SharePoint sites. Users cannot permanently delete the content until the retention period expires.

Why this answer

Option A is correct because a retention policy in Microsoft Purview can be configured to retain documents for exactly 5 years from creation and then automatically delete them. This policy enforces a mandatory retention period that prevents users from permanently deleting documents before the period ends, meeting the legal requirement.

Exam trap

The trap here is that candidates may confuse a retention policy with a sensitivity label or DLP policy, mistakenly thinking those can enforce time-based retention and deletion, when only a retention policy provides the necessary preservation lock and automatic deletion capabilities.

How to eliminate wrong answers

Option B is wrong because sensitivity labels classify and protect data based on sensitivity (e.g., encryption, markings), but they do not enforce time-based retention or automatic deletion. Option C is wrong because a Data Loss Prevention (DLP) policy detects and prevents accidental sharing of sensitive data, but it cannot enforce a fixed retention period or block permanent deletion. Option D is wrong because an audit policy logs user activities (e.g., deletions) for investigation, but it does not prevent deletion or enforce retention.

298
MCQmedium

A company needs to ensure that employees cannot share sensitive financial reports with external parties via email. They want to automatically detect and block emails that contain the phrase 'Confidential-Financial' in the subject line or body, regardless of the recipient's domain. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP)
B.Information Protection (sensitivity labels)
C.Data Lifecycle Management (retention policies)
D.Audit
AnswerA

DLP policies can be configured to detect custom phrases in emails and automatically block the email from being sent, protecting sensitive data from unauthorized sharing.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct solution because it is specifically designed to detect and automatically block sensitive content—such as the phrase 'Confidential-Financial'—in emails, regardless of the recipient's domain. DLP policies can inspect subject lines and body text, then enforce actions like blocking delivery or notifying the user, making it ideal for preventing unauthorized external sharing of financial reports.

Exam trap

The trap here is that candidates confuse Information Protection (sensitivity labels) with DLP, thinking labels alone can block emails, but labels only classify and encrypt—blocking requires a DLP policy to enforce actions based on label conditions or content matches.

How to eliminate wrong answers

Option B (Information Protection/sensitivity labels) is wrong because sensitivity labels classify and protect data by applying encryption or visual markings, but they do not automatically detect and block emails based on content patterns like a specific phrase; they require manual or automated labeling and rely on DLP to enforce blocking actions. Option C (Data Lifecycle Management/retention policies) is wrong because retention policies govern how long data is kept or when it is deleted, not real-time detection and blocking of sensitive content in transit. Option D (Audit) is wrong because auditing logs user activities for review but does not actively detect or block emails; it is a detective control, not a preventive one.

299
MCQeasy

A company uses Microsoft 365. The compliance team needs to create a policy that automatically blocks outgoing emails that contain personally identifiable information (PII) such as social security numbers. However, they want to allow users to override the block with a business justification if necessary. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP)
B.Communication Compliance
C.Records Management
D.Audit
AnswerA

DLP is designed to prevent accidental sharing of sensitive data by detecting and blocking content in email and other locations, with options for user override.

Why this answer

Data Loss Prevention (DLP) in Microsoft Purview is designed to detect and protect sensitive information, such as social security numbers, by automatically blocking outgoing emails that contain PII. DLP policies support user override with a business justification through policy tips and allow overrides, enabling compliance teams to balance security with business needs.

Exam trap

The trap here is that candidates confuse Communication Compliance with DLP because both involve monitoring communications, but Communication Compliance is for policy violations and insider risk, not for automated blocking of sensitive data with user overrides.

How to eliminate wrong answers

Option B (Communication Compliance) is wrong because it focuses on monitoring and analyzing communications for policy violations (e.g., harassment, insider trading) and does not provide automatic blocking of PII with user override capabilities. Option C (Records Management) is wrong because it manages the lifecycle of records (retention, deletion, disposition) and does not inspect or block email content for sensitive data. Option D (Audit) is wrong because it logs user and admin activities for forensic analysis but does not enforce real-time content blocking or allow user overrides.

300
MCQmedium

A user reports that a sensitive document labeled 'Highly Confidential' was accidentally shared with an external vendor. You need to investigate how the sharing occurred. Which two Microsoft Purview tools should you use together?

A.Audit (Standard) and Content Explorer
B.Insider Risk Management and Information Barriers
C.eDiscovery (Premium) and Communication Compliance
D.Data Loss Prevention and Sensitivity labels
E.Records Management and Data Lifecycle Management
AnswerA

Audit logs show sharing events; Content Explorer shows the document's location and metadata.

Why this answer

Option D is correct because Audit logs track sharing events, and Content Explorer shows where sensitive documents are located. Option A is wrong because DLP would prevent sharing, not investigate. Option B is wrong because eDiscovery is for legal discovery.

Option C is wrong because Records Management is for records declaration. Option E is wrong because Insider Risk Management is for risky behavior, not specific document tracking.

← PreviousPage 4 of 5 · 333 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Describe the capabilities of Microsoft compliance solutions questions.