CCNA Describe the capabilities of Microsoft compliance solutions Questions

33 of 333 questions · Page 5/5 · Describe the capabilities of Microsoft compliance solutions · Answers revealed

301
MCQmedium

A company needs to retain all customer emails for 7 years for regulatory compliance. After 7 years, they must be permanently deleted. They also need a legal hold for an ongoing investigation. Which Microsoft Purview solution should they use for the retention and deletion requirement?

A.Data Lifecycle Management
B.Records Management
C.Compliance Manager
D.eDiscovery
AnswerA

Data Lifecycle Management policies can automatically retain emails for 7 years and then delete them. Legal hold can be applied separately via eDiscovery.

Why this answer

Data Lifecycle Management (DLM) in Microsoft Purview is the correct solution because it allows you to define retention policies that automatically retain customer emails for a specified period (7 years) and then permanently delete them. This directly addresses the regulatory compliance requirement for retention and deletion without manual intervention.

Exam trap

The trap here is that candidates often confuse Records Management with Data Lifecycle Management, thinking that 'records' implies retention and deletion, but Records Management is specifically for declaring items as records with immutable preservation, not for automated lifecycle-based retention and deletion.

How to eliminate wrong answers

Option B (Records Management) is wrong because it focuses on declaring records for long-term preservation and disposition, not on automated lifecycle-based retention and deletion for compliance; it is more about managing records as evidence. Option C (Compliance Manager) is wrong because it is a risk assessment and compliance score tool that helps track compliance posture, not a solution for implementing data retention or deletion policies. Option D (eDiscovery) is wrong because it is used for searching and exporting content for legal investigations, not for setting retention or deletion rules; it can place holds but does not manage lifecycle deletion.

302
MCQmedium

A company must retain all vendor contracts for 10 years to meet regulatory requirements. After 10 years, the contracts must be permanently destroyed with no possibility of recovery. The compliance team wants to automate this lifecycle and ensure that during the retention period, the contracts cannot be edited or deleted by users. Which Microsoft Purview solution should they use?

A.Data Lifecycle Management (DLM)
B.Records Management
C.eDiscovery (Premium)
D.Sensitivity Labels
AnswerB

Records Management uses retention labels that declare items as records, locking them against modifications or deletions during the retention period, and supports automated disposition review and permanent deletion.

Why this answer

Records Management in Microsoft Purview is designed to declare records (regulatory or legal) that must be retained for a specific period and then disposed of in a compliant manner. It enforces immutability during the retention period—users cannot edit or delete records—and supports a disposition review or automatic permanent deletion after the retention period ends, exactly matching the requirement for 10-year retention followed by destruction with no recovery.

Exam trap

Microsoft often tests the distinction between Data Lifecycle Management (which manages non-record content) and Records Management (which enforces immutability and disposition for regulatory records), so the trap here is assuming DLM can provide the required edit/delete prevention and automatic destruction, when only Records Management offers those capabilities.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management (DLM) manages the lifecycle of non-record content (e.g., aging out old data) but does not provide the immutability or disposition controls required for regulatory records; it allows users to edit or delete items during the retention period. Option C is wrong because eDiscovery (Premium) is used for searching, holding, and exporting content for legal or investigative purposes, not for automating retention and destruction lifecycles. Option D is wrong because Sensitivity Labels classify and protect data (e.g., encryption, visual markings) but do not enforce retention periods or automatic destruction; they can mark content as a record only when combined with a retention label from Records Management.

303
MCQhard

A large enterprise is concerned about insider threats. The compliance team needs to detect and investigate potential data theft scenarios, such as when employees nearing their resignation date suddenly copy large amounts of sensitive data to USB drives or email confidential files to personal accounts. They require a solution that uses machine learning to identify risky activities and create alerts for investigation. Which Microsoft Purview solution should they deploy?

A.Data Lifecycle Management
B.Audit (Premium)
C.Insider Risk Management
D.Compliance Manager
AnswerC

Insider Risk Management uses machine learning to detect, investigate, and act on insider threats based on behavioral patterns.

Why this answer

Insider Risk Management is the correct solution because it uses machine learning to correlate signals from user activities (e.g., copying files to USB, emailing to personal accounts) with contextual indicators like resignation dates, enabling detection of potential data theft scenarios. It provides built-in alerting and investigation workflows specifically designed for insider threat use cases, unlike the other options which focus on retention, auditing, or compliance posture.

Exam trap

The trap here is that candidates often confuse Audit (Premium) with a detection solution, but Audit is purely a logging and search tool, not a proactive ML-based risk detection system like Insider Risk Management.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management handles retention and deletion policies for data, not real-time detection of risky user behavior. Option B is wrong because Audit (Premium) provides detailed logging and forensic search capabilities but lacks the machine learning models to proactively identify anomalous patterns like pre-resignation data exfiltration. Option D is wrong because Compliance Manager is a risk assessment and compliance score tool that evaluates controls against regulations, not a solution for detecting insider threats.

304
MCQhard

Refer to the exhibit. A sensitivity label is configured as shown. A user applies the parent label to a document containing credit card numbers. What is the expected behavior?

A.The document gets the parent label's header and the sublabel's encryption and watermark
B.The document gets no protection because credit card numbers are only detected by auto-labeling
C.The document gets the parent label's encryption (ViewOnly) and header, but no watermark
D.The document gets the parent label's encryption and header, and auto-labeling applies the sublabel
AnswerC

Manual application applies parent label settings; auto-labeling is not invoked. Sublabel is not automatically applied.

Why this answer

The parent label has auto-labeling rules that automatically apply the label when credit card numbers are detected. Since the user manually applied the parent label, auto-labeling is not triggered; the manual label applies. The sublabel is not automatically applied because auto-labeling is configured only on the parent.

Therefore, the document gets the parent label's encryption (ViewOnly) and header, but no watermark.

305
MCQeasy

A company wants to create a sensitivity label called 'Highly Confidential' in Microsoft 365. When applied to a document, the label should automatically encrypt the document and restrict access to employees in the finance department only. Which Microsoft Purview solution should the administrator use to configure this label?

A.Microsoft Purview Data Lifecycle Management
B.Microsoft Purview Information Protection
C.Microsoft Purview Compliance Manager
D.Microsoft Purview Audit
AnswerB

Information Protection includes sensitivity labels that can apply encryption and access restrictions.

Why this answer

Microsoft Purview Information Protection is the correct solution because it provides the ability to create and configure sensitivity labels that enforce protection actions such as encryption and access restrictions. When a 'Highly Confidential' label is applied, it can automatically encrypt the document using Azure Rights Management (Azure RMS) and restrict access to only members of the finance department via a defined permission policy.

Exam trap

The trap here is that candidates often confuse Microsoft Purview Information Protection with Data Lifecycle Management, mistakenly thinking retention labels can enforce encryption, when in fact only sensitivity labels can apply protection actions like encryption and access control.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Lifecycle Management (formerly Data Lifecycle Management) focuses on retaining, deleting, and managing data based on retention policies and labels, not on applying encryption or access control. Option C is wrong because Microsoft Purview Compliance Manager is a risk assessment and compliance scoring tool that helps manage compliance posture, not a tool for configuring sensitivity labels or encryption. Option D is wrong because Microsoft Purview Audit provides auditing and logging of user and admin activities, not the ability to create or apply sensitivity labels with encryption and access restrictions.

306
MCQmedium

A company must retain all customer contracts for 10 years to comply with industry regulations. After 10 years, the contracts must be permanently deleted. Which Microsoft Purview solution should be used to automate this process?

A.Data Loss Prevention (DLP)
B.Data Lifecycle Management
C.eDiscovery
D.Information Protection
AnswerB

Data Lifecycle Management provides retention labels and policies to automatically retain data for a defined period and then delete it, meeting the regulatory requirement.

Why this answer

Data Lifecycle Management (DLM) in Microsoft Purview is the correct solution because it allows you to define retention labels and policies that automatically retain contracts for a specified period (10 years) and then trigger a permanent deletion disposition review or direct deletion. This aligns directly with the regulatory requirement to retain data for a fixed duration and then dispose of it securely.

Exam trap

The trap here is that candidates often confuse Data Lifecycle Management with Data Loss Prevention, mistakenly thinking DLP can delete data after a period, when DLP only blocks or alerts on data exfiltration, not manage retention schedules.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) is designed to detect and prevent the accidental sharing of sensitive data (e.g., via email or endpoints), not to manage retention or deletion schedules. Option C is wrong because eDiscovery is used for searching, holding, and exporting content for legal or investigative purposes, not for automating time-based retention and deletion. Option D is wrong because Information Protection focuses on classifying and protecting data with sensitivity labels (e.g., encryption, marking), not on lifecycle management or automated deletion after a retention period.

307
MCQeasy

Refer to the exhibit. A Microsoft Purview sensitivity label is configured as shown. What is the purpose of this label?

A.To prevent sharing with external users via DLP
B.To automatically apply the label based on content
C.To encrypt the document and add a visual marking
D.To automatically retain the document for a specific period
AnswerC

Encryption is enabled and header/footer markings are defined.

Why this answer

Option B is correct because the label enables encryption and adds a header/footer marking. Option A is wrong because the label does not specify retention. Option C is wrong because the label does not have a DLP policy linked.

Option D is wrong because the label does not include any auto-labeling configuration.

308
MCQeasy

A compliance administrator creates the above custom sensitive information type for detecting social security numbers (SSNs). What is required for a document to be classified as containing an SSN?

A.The document must contain either the SSN regex or a keyword
B.The document must contain the SSN regex with high confidence level
C.The document must contain a pattern matching the SSN regex and at least two keywords
D.The document must contain a pattern matching the SSN regex and at least one keyword
AnswerD

The rule has IdMatch for regex and Any with minMatches=1 for keyword.

Why this answer

Option A is correct because the pattern requires both a regex match (IdMatch) and at least one keyword (Any minMatches=1). Option B is wrong because it only needs one keyword. Option C is wrong because confidence level is just metadata.

Option D is wrong because it requires both regex and keyword.

309
MCQhard

Your organization uses Microsoft Purview for data governance. You need to ensure that when a user marks an email as 'Confidential' using a sensitivity label, the email is automatically encrypted and cannot be forwarded. What configuration is required?

A.Configure the sensitivity label with encryption and a rights management template that prohibits forwarding
B.Create a DLP policy that detects the 'Confidential' label and applies encryption
C.Use the Azure Information Protection unified labeling scanner
D.Apply a retention label that triggers encryption
AnswerA

Sensitivity labels support encryption and usage rights such as 'Do Not Forward'.

Why this answer

Option A is correct because sensitivity labels can be configured with encryption and rights management options like preventing forwarding. Option B is wrong because DLP policies can apply encryption but are not triggered by manual labeling alone. Option C is wrong because a retention label does not enforce encryption.

Option D is wrong because an Azure Information Protection scanner applies labels to on-premises files, not emails.

310
MCQhard

A company's security team needs to detect and investigate potential data theft by employees who have legitimate access to sensitive data. They want a solution that uses heuristics and behavioral analytics to identify risky user actions such as data exfiltration to personal cloud storage. Which Microsoft Purview solution should they use?

A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Insider Risk Management
C.Microsoft Purview Audit (Standard)
D.Microsoft Purview Information Barriers
AnswerB

Correct. Insider Risk Management uses built-in risk indicators and machine learning to identify activities that may pose insider risks, enabling investigation and response to incidents like data theft.

Why this answer

Microsoft Purview Insider Risk Management is the correct solution because it is specifically designed to detect, investigate, and act on risky user activities that may lead to data theft, using heuristics and behavioral analytics. It correlates signals from Microsoft 365 and Azure services to identify patterns like data exfiltration to personal cloud storage, which aligns directly with the scenario's requirements.

Exam trap

The trap here is that candidates often confuse the reactive, policy-based enforcement of Data Loss Prevention (DLP) with the proactive, behavioral detection of Insider Risk Management, assuming DLP can detect risky user actions when it actually only blocks or alerts on content matching static rules.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Loss Prevention (DLP) is a policy-based solution that prevents accidental or intentional sharing of sensitive data by enforcing rules on content, but it does not use heuristics or behavioral analytics to detect risky user actions; it relies on predefined policies and content inspection. Option C is wrong because Microsoft Purview Audit (Standard) provides logging and forensic investigation of user activities, but it lacks the proactive detection and behavioral analytics needed to identify risky patterns like data exfiltration; it is a passive logging tool, not an analytical detection solution. Option D is wrong because Microsoft Purview Information Barriers are used to prevent communication and collaboration between specific groups to avoid conflicts of interest, not to detect or investigate data theft by users with legitimate access.

311
MCQmedium

Your company uses Microsoft Purview Data Lifecycle Management. You need to ensure that emails in users' mailboxes are retained for 7 years for compliance, but users should be able to delete emails they no longer need before that period. Which configuration achieves this?

A.Configure a Data Loss Prevention policy
B.Place a litigation hold on the mailboxes
C.Apply a retention label with record locking
D.Apply a retention policy without a preservation lock
AnswerD

Without preservation lock, users can delete items, but the items are retained in a recoverable state.

Why this answer

A retention policy with preservation lock prevents deletion, but without lock, users can delete items before the retention period ends. Option B is correct. A retention label with record locking prevents deletion.

A DLP policy does not manage retention. An eDiscovery hold prevents deletion.

312
MCQhard

Refer to the exhibit. A Microsoft Purview retention policy is configured as shown. What will happen to emails after 365 days?

A.Emails will be deleted immediately
B.Emails will be retained for 365 days and then deleted
C.Emails will be retained and then reviewed for deletion
D.Emails will be kept indefinitely
AnswerB

KeepAndDelete retains for 365 days then deletes.

Why this answer

Option D is correct because the policy has 'KeepAndDelete' as the retention action, meaning items will be retained for 365 days and then deleted. Option A is wrong because the retention action is not just keep; it includes deletion. Option B is wrong because the policy does not specify a review.

Option C is wrong because deletion happens after 365 days, not immediately.

313
Multi-Selecteasy

Which TWO of the following are types of retention actions available in Microsoft Purview? (Choose two.)

Select 2 answers
A.Retain data for a specified period
B.Encrypt data at rest
C.Classify data as confidential
D.Delete data after a specified period
E.Search for data using eDiscovery
AnswersA, D

Retaining data is a core retention action.

Why this answer

Option A is correct because a retention policy can retain data for a specific period. Option D is correct because a retention policy can delete data after a specific period. Option B is wrong because encryption is not a retention action.

Option C is wrong because classification is done by sensitivity labels. Option E is wrong because eDiscovery is a search tool.

314
MCQmedium

A company is involved in a legal dispute and must preserve all emails and documents related to the case. The legal team needs to identify specific custodians (employees) and place a hold on their Exchange Online mailboxes and SharePoint sites to prevent any deletion or alteration of relevant content. Additionally, they need to collect the preserved data for review and analysis. Which Microsoft Purview solution should they use?

A.Microsoft Purview eDiscovery (Premium)
B.Microsoft Purview Audit
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview Communication Compliance
AnswerA

eDiscovery (Premium) provides end-to-end workflow for identifying, preserving, collecting, and reviewing data relevant to legal cases, including placing holds on custodians' data.

Why this answer

Microsoft Purview eDiscovery (Premium) is the correct solution because it provides end-to-end workflow for legal investigations: identifying and placing custodians on hold (via litigation hold on Exchange Online mailboxes and SharePoint sites), preserving content from deletion or alteration, and then collecting, reviewing, and analyzing the preserved data. This directly matches the scenario's requirements for legal hold and data collection for review.

Exam trap

The trap here is confusing the logging/auditing capability (Audit) with the preservation and collection workflow (eDiscovery), or assuming that retention policies (Data Lifecycle Management) can serve as a legal hold, when in fact they are designed for lifecycle management and do not support custodian-based holds or case-specific collection.

How to eliminate wrong answers

Option B (Microsoft Purview Audit) is wrong because it only logs and records user and admin activities (e.g., who accessed or deleted content) but does not place holds on data or allow collection for review. Option C (Microsoft Purview Data Lifecycle Management) is wrong because it focuses on retention and deletion policies based on data lifecycle (e.g., automatically deleting old emails), not on preserving data for a specific legal case or identifying custodians. Option D (Microsoft Purview Communication Compliance) is wrong because it is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) by analyzing messages, not for legal hold or eDiscovery collection.

315
Multi-Selectmedium

Which TWO Microsoft Purview solutions can help protect sensitive data in Microsoft Teams?

Select 2 answers
A.Microsoft Purview Insider Risk Management
B.Microsoft Purview Audit
C.Microsoft Purview eDiscovery
D.Microsoft Purview Data Loss Prevention
E.Microsoft Purview Communication Compliance
AnswersD, E

DLP policies can extend to Teams to prevent sharing of sensitive data.

Why this answer

DLP can protect sensitive data shared in Teams, and Communication Compliance can detect inappropriate content. eDiscovery is for searching, not protection. Insider Risk Management is for risky behavior. Audit is for logging.

316
Multi-Selecthard

Which THREE of the following are features of Microsoft Purview Compliance Manager?

Select 3 answers
A.Data Loss Prevention policies
B.Improvement actions with assigned owners
C.Audit log search
D.Compliance score
E.Pre-built assessments for regulations like GDPR
AnswersB, D, E

Actions can be assigned to users for tracking.

Why this answer

Option A is correct because Compliance Manager provides a compliance score. Option B is correct because it includes assessments for regulatory standards. Option D is correct because it tracks improvement actions.

Option C is wrong because auditing is a separate solution. Option E is wrong because DLP is separate.

317
MCQhard

A security team is investigating a data exfiltration incident. They need to see detailed events such as when a user accessed a file, the exact action (read, write, delete), and the file name. They also need to perform custom searches across all users. Which Microsoft Purview audit solution should they use to meet these requirements?

A.Audit (Standard)
B.Audit (Premium)
C.eDiscovery (Standard)
D.Communication Compliance
AnswerB

Audit (Premium) logs detailed events including the specific action (e.g., FileAccessed, FileModified), object identifiers, and supports advanced queries, meeting the requirements.

Why this answer

Audit (Premium) is the correct choice because it provides detailed audit logs that include specific actions (read, write, delete), file names, and user access events, and it supports custom searches across all users via the Microsoft Purview compliance portal or Search-UnifiedAuditLog cmdlet. Audit (Standard) only captures basic metadata like who accessed a resource and when, but not the granular action or file name details required for data exfiltration investigation.

Exam trap

The trap here is that candidates often confuse Audit (Standard) with Audit (Premium), assuming both provide the same level of detail, but Microsoft explicitly reserves granular action-level logging (e.g., read/write/delete) and custom search capabilities for the Premium tier.

How to eliminate wrong answers

Option A is wrong because Audit (Standard) logs only basic events (e.g., user, timestamp, resource) without the granular action type (read/write/delete) or file name, making it insufficient for detailed exfiltration analysis. Option C is wrong because eDiscovery (Standard) is designed for legal hold, search, and export of content for litigation, not for real-time or historical audit log investigation of user actions on files. Option D is wrong because Communication Compliance focuses on monitoring and detecting policy violations in communications (e.g., email, Teams messages), not on file access events or audit logs.

318
MCQeasy

A compliance officer needs to search for emails containing trade secrets across all mailboxes in the organization. Which Microsoft Purview solution should they use?

A.eDiscovery (Premium)
B.Communication Compliance
C.Data Loss Prevention
D.Audit (Standard)
AnswerA

eDiscovery (Premium) provides search and export across mailboxes and sites.

Why this answer

Option A is correct because eDiscovery allows searching across mailboxes and sites for content. Option B is wrong because Audit is for activity logs, not content search. Option C is wrong because DLP is for preventing data loss, not searching.

Option D is wrong because Communication Compliance is for monitoring communications for policy violations.

319
Multi-Selecteasy

Which TWO Microsoft Purview solutions can be used to identify and protect sensitive data in Microsoft 365?

Select 2 answers
A.Data Loss Prevention (DLP)
B.Communication compliance
C.Insider risk management
D.Sensitivity labels
E.eDiscovery
AnswersA, D

Detect and prevent sharing of sensitive data.

Why this answer

Sensitivity labels classify and protect data. Data Loss Prevention (DLP) policies detect and prevent sharing of sensitive data. Insider risk management and eDiscovery are not primarily for data protection; communication compliance monitors communications.

320
MCQeasy

Your organization needs to automatically detect and prevent accidental sharing of sensitive data in Microsoft Teams messages. Which Microsoft Purview solution should you use?

A.Retention policies
B.Data Loss Prevention (DLP)
C.eDiscovery
D.Sensitivity labels
AnswerB

DLP policies can detect sensitive data in transit and block sharing in Teams messages.

Why this answer

Data Loss Prevention (DLP) policies in Microsoft Purview can detect and prevent accidental sharing of sensitive information in Teams messages. Option B is correct. Sensitivity labels and retention policies do not provide real-time prevention. eDiscovery is for search and export, not prevention.

321
MCQhard

A compliance officer is tasked with continuously assessing the organization's compliance posture against GDPR and ISO 27001. The solution should generate a compliance score based on implemented controls, provide recommended improvement actions, and track remediation progress over time. Which Microsoft Purview solution should they use?

A.Audit (Premium)
B.Communication Compliance
C.Compliance Manager
D.Data Lifecycle Management
AnswerC

Compliance Manager provides built-in assessments, a compliance score, recommended actions, and supports ongoing tracking of improvement activities for standards like GDPR and ISO 27001.

Why this answer

Compliance Manager is the correct solution because it provides a continuous compliance score based on implemented controls, offers recommended improvement actions, and tracks remediation progress over time. It supports frameworks like GDPR and ISO 27001 by mapping controls to assessments and generating a dynamic score that reflects the organization's compliance posture.

Exam trap

The trap here is that candidates confuse Compliance Manager with Audit (Premium) because both involve compliance, but Audit is for log investigation, not for scoring or tracking control implementation against a framework.

How to eliminate wrong answers

Option A is wrong because Audit (Premium) focuses on capturing and analyzing audit logs for forensic investigation and security events, not on assessing compliance posture or generating a compliance score. Option B is wrong because Communication Compliance is designed to detect and remediate inappropriate communications (e.g., harassment, insider trading) and does not provide a compliance score or track control implementation against standards like GDPR or ISO 27001. Option D is wrong because Data Lifecycle Management handles data retention, deletion, and classification policies, but it does not assess compliance posture or generate a compliance score based on implemented controls.

322
MCQeasy

A company wants to monitor employee communications for potential harassment or policy violations. Which Microsoft Purview solution should they use?

A.Data Loss Prevention (DLP)
B.eDiscovery
C.Communication compliance
D.Insider risk management
AnswerC

Monitors communications for policy violations like harassment.

Why this answer

Communication compliance monitors communications for inappropriate content. Insider risk management focuses on data theft and risky activities. DLP prevents data loss. eDiscovery is for legal discovery.

323
MCQmedium

A financial services firm must monitor employee communications (email and Microsoft Teams) for potential insider trading. The compliance team wants to automatically detect messages containing specific financial keywords (e.g., 'non-public material information') and flag them for review. They also need to be able to remove violating messages from recipients' inboxes. Which Microsoft Purview solution should they configure?

A.Data Lifecycle Management
B.Communication Compliance
C.Insider Risk Management
D.Audit
AnswerB

Communication Compliance detects policy violations in messages and allows actions like removal.

Why this answer

Communication Compliance is the correct solution because it is specifically designed to detect and remediate inappropriate communications, including insider trading signals. It can automatically scan emails and Microsoft Teams messages for configurable sensitive information types (e.g., 'non-public material information') and enforce actions like removing violating messages from recipients' inboxes.

Exam trap

The trap here is confusing Communication Compliance (which detects and remediates message content) with Insider Risk Management (which focuses on behavioral analytics and risk scoring), leading candidates to choose the latter despite its inability to perform keyword-based message removal.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management focuses on retaining and deleting data based on policies (e.g., legal hold, expiration), not on real-time detection or remediation of message content. Option C is wrong because Insider Risk Management analyzes user behavior patterns (e.g., unusual data exfiltration) to identify potential insider threats, but it does not directly scan communications for specific keywords or remove messages from inboxes. Option D is wrong because Audit provides logging and investigation of past activities (e.g., who accessed what), not proactive detection or automatic removal of violating messages.

324
Multi-Selectmedium

Which THREE of the following are capabilities of Microsoft Purview Information Protection?

Select 3 answers
A.Auto-labeling for sensitive data
B.Communication monitoring
C.Sensitivity labels
D.Encryption and rights protection
E.Retention policies
AnswersA, C, D

Auto-labeling is a feature of Information Protection.

Why this answer

A, C, D are correct. Sensitivity labels, auto-labeling, and encryption are key capabilities. B (retention policies) is Data Lifecycle Management.

E (communication monitoring) is Communication Compliance.

325
MCQeasy

Your organization is implementing Microsoft Purview to manage sensitive data. You need to ensure that documents containing credit card numbers are automatically detected and protected. Which Microsoft Purview solution should you configure?

A.eDiscovery (Premium)
B.Data Loss Prevention (DLP)
C.Audit (Standard)
D.Information Barriers
AnswerB

DLP policies detect sensitive content like credit card numbers and apply protection actions.

Why this answer

Option C is correct because Data Loss Prevention (DLP) policies can automatically detect sensitive information like credit card numbers and apply protective actions. Option A is wrong because Information Barriers restrict communication but do not classify content. Option B is wrong because eDiscovery is for legal discovery, not auto-detection.

Option D is wrong because Audit logs track activities but do not protect data.

326
Multi-Selecthard

Which THREE actions can be performed by Microsoft Purview Data Loss Prevention (DLP) policies?

Select 3 answers
A.Create audit reports of policy matches
B.Send notification to users
C.Block sharing of sensitive data
D.Automatically delete files containing sensitive data
E.Apply encryption via sensitivity labels
AnswersB, C, E

DLP can show policy tips and send email notifications.

Why this answer

DLP policies can block sharing, send notifications, and apply encryption (e.g., via sensitivity labels). DLP cannot automatically delete or move files; that is for retention policies. DLP does not create audit reports directly; audit logs are generated by the Audit feature.

327
MCQhard

Refer to the exhibit. A Microsoft Purview administrator imported this JSON policy for automatic sensitivity labeling. After deployment, users report that emails containing German social security numbers are not being automatically labeled. What is the most likely cause?

A.The sensitive info type 'EU_Deutschland_SocialSecurityNumber' is not defined in the tenant.
B.Auto-labeling for emails requires 'applyWithOverride' behavior, not 'apply'.
C.The encryption setting prevents auto-labeling on emails.
D.The label is not published to users.
AnswerB

Correct: Exchange requires different behavior value.

Why this answer

The JSON defines a label with auto-labeling conditions based on the sensitive info type 'EU_Deutschland_SocialSecurityNumber'. However, the auto-labeling behavior is set to 'apply', which is only supported for SharePoint and OneDrive documents, not for Exchange emails. For emails, the behavior must be 'applyWithOverride' or 'applyWithNotify'.

Therefore, the auto-labeling will not apply to emails containing the sensitive type. Option B is correct. Option A is wrong because encryption is configured.

Option C is wrong because the label is published. Option D is wrong because the sensitivity type is valid.

328
MCQmedium

A healthcare organization must automatically detect documents containing patient health information (PHI) in SharePoint Online and apply a retention label that retains the documents for 10 years. Additionally, they want to prevent users from permanently deleting these documents during the retention period. Which Microsoft Purview solution should they use to achieve this?

A.Data Lifecycle Management
B.Records Management
C.Data Loss Prevention (DLP)
D.Communication Compliance
AnswerB

Correct. Records Management uses retention labels that can be configured to mark items as records. When an item is a record, it cannot be deleted, edited, or modified by users during the retention period. This satisfies the requirement to prevent permanent deletion.

Why this answer

Records Management (option B) is correct because it enables organizations to declare documents as records, which locks them against deletion or modification for a specified retention period. In this scenario, automatically detecting PHI in SharePoint Online and applying a retention label that both retains documents for 10 years and prevents permanent deletion is a core Records Management capability, as it uses retention labels configured to mark items as records (or regulatory records) to enforce immutability.

Exam trap

The trap here is that candidates often confuse Data Lifecycle Management (which handles retention and deletion but not immutability) with Records Management (which adds the critical 'lock as a record' capability to prevent deletion), leading them to incorrectly select option A.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management (DLP lifecycle) focuses on managing retention and deletion of content based on policies but does not inherently prevent users from permanently deleting documents during the retention period; it lacks the 'lock as a record' functionality that enforces immutability. Option C is wrong because Data Loss Prevention (DLP) is designed to detect and prevent unauthorized sharing or leakage of sensitive information (e.g., PHI), not to enforce retention or prevent deletion of documents. Option D is wrong because Communication Compliance is used to monitor and analyze communications (e.g., email, Teams) for policy violations, such as insider trading or harassment, and does not provide retention labeling or deletion prevention for documents.

329
Multi-Selecteasy

Which TWO Microsoft Purview solutions help organizations respond to data subject requests under GDPR?

Select 2 answers
A.eDiscovery
B.Information barriers
C.Data Lifecycle Management
D.Data Loss Prevention (DLP)
E.Communication compliance
AnswersA, C

Searches and exports data for subject access requests.

Why this answer

Correct answers: A and B. Data Lifecycle Management helps manage data retention and deletion, and eDiscovery helps search for and export personal data. Option C is wrong because DLP prevents data loss, not subject requests.

Option D is wrong because communication compliance monitors communications. Option E is wrong because information barriers restrict communication.

330
MCQmedium

Your organization uses Microsoft Purview eDiscovery (Premium) to manage a legal case. You need to place a hold on custodians' mailboxes and SharePoint sites to preserve relevant data. Which step must you first take in the eDiscovery workflow?

A.Export results
B.Create a case
C.Create a review set
D.Search for content
AnswerB

You must create a case first to manage the legal matter.

Why this answer

In eDiscovery (Premium), you first create a case, then add custodians, and then place holds on their data sources. Option B is correct. Creating a case is the first step.

Searching content and collecting to a review set comes after holds. Exporting is the final step.

331
MCQhard

AdventureWorks, a multinational manufacturing company, uses Microsoft Purview and Microsoft Communication Compliance to monitor and manage internal communications. They need to: (1) detect and review emails containing offensive language or harassment; (2) allow employees to report inappropriate messages; (3) retain reviewed messages for 5 years; (4) ensure that only designated reviewers can access the communication compliance data; (5) integrate with Microsoft Teams and Exchange Online. The company has 10,000 users and Microsoft 365 E5 licenses. The compliance team wants a solution that automates detection and provides secure review. What should they configure?

A.Create a Communication Compliance policy with conditions for offensive language, enable user reporting, and configure a retention policy for 5 years on the reviewer mailbox.
B.Enable mailbox auditing and create a custom script to search for offensive language.
C.Create a Data Loss Prevention (DLP) policy to block offensive language and enable eDiscovery for review.
D.Configure information barriers between departments and use audit logs for review.
AnswerA

Communication Compliance meets all requirements for detection, reporting, retention, and access control.

Why this answer

Option A is correct because Communication Compliance policies detect offensive language, allow user reporting, retain messages based on retention policies, and restrict access to reviewers. Option B is wrong because DLP does not detect offensive language. Option C is wrong because information barriers restrict communication, not detection.

Option D is wrong because auditing logs events but does not detect or review content.

332
MCQeasy

A company uses Microsoft 365 and needs to prevent employees in the Mergers & Acquisitions (M&A) department from communicating with employees in the Trading department via Microsoft Teams chat, email, and SharePoint sharing. They must ensure that these restrictions are automatically enforced by Microsoft 365. Which Microsoft Purview solution should the administrator configure?

A.Microsoft Purview Information Barriers
B.Microsoft Purview Communication Compliance
C.Microsoft Purview Data Lifecycle Management
D.Microsoft Purview eDiscovery (Premium)
AnswerA

Information Barriers allow you to restrict communication between defined groups to avoid conflicts of interest. This is the correct solution.

Why this answer

Information Barriers in Microsoft Purview are designed to prevent communication and collaboration between specified groups, helping organizations avoid conflicts of interest and comply with regulations.

333
MCQmedium

A healthcare organization uses Microsoft 365 and must comply with HIPAA regulations. They need to assess their current compliance posture, identify gaps, and implement improvement actions. They want a tool that provides a compliance score based on best practices and regulatory frameworks, and offers recommended actions to improve the score. Which Microsoft Purview solution should they use?

A.Compliance Manager
B.Insider Risk Management
C.Communication Compliance
D.Audit
AnswerA

Compliance Manager assesses compliance against standards and recommends actions to improve the score.

Why this answer

Compliance Manager is a Microsoft Purview solution that helps organizations assess their compliance posture against various regulations (including HIPAA) by providing a compliance score and actionable improvement recommendations. Insider Risk Management detects risky user activities. Communication Compliance monitors communications for policy violations.

Audit provides logging capabilities but does not assess compliance posture or provide a score.

← PreviousPage 5 of 5 · 333 questions total

Ready to test yourself?

Try a timed practice session using only Describe the capabilities of Microsoft compliance solutions questions.