SC-900 · topic practice

Describe the capabilities of Microsoft compliance solutions practice questions

Practise Microsoft Security, Compliance, and Identity Fundamentals SC-900 Describe the capabilities of Microsoft compliance solutions practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Describe the capabilities of Microsoft compliance solutions

What the exam tests

What to know about Describe the capabilities of Microsoft compliance solutions

Describe the capabilities of Microsoft compliance solutions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Describe the capabilities of Microsoft compliance solutions exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Describe the capabilities of Microsoft compliance solutions questions

20 questions · select your answer, then reveal the explanation

Question 1mediummulti select
Read the full NAT/PAT explanation →

A healthcare organization uses Microsoft Purview to protect patient health information (PHI). They need to identify sensitive data stored in Microsoft SharePoint Online and prevent unauthorized sharing. Which two Purview solutions should they implement? (Select all that apply.)

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation must comply with the General Data Protection Regulation (GDPR). They use Microsoft Purview Compliance Manager to manage compliance activities. The compliance manager wants to automatically assign each control to the appropriate team member for remediation. What should they configure?

A company is subject to a legal hold for an ongoing investigation. The IT administrator must prevent the deletion of any documents related to this case across SharePoint Online and OneDrive, overriding any existing deletion policies. Which Microsoft Purview capability should the administrator use?

A company wants to automatically apply a 'Confidential' sensitivity label to any document that contains a credit card number, and also encrypt the document as part of the label. Which two components must be configured to achieve this? (Choose two.)

A company must retain all customer contracts for 10 years to comply with industry regulations. After 10 years, the contracts must be permanently deleted. Which Microsoft Purview solution should be used to automate this process?

Question 6mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization uses Microsoft 365 and wants to prevent users from sending emails that contain patient health information (PHI) to external recipients. Which Microsoft Purview solution should they implement?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A multinational corporation must retain all financial records for 7 years and then permanently delete them. The compliance officer wants to ensure that even a global administrator cannot modify or delete the retention policy. Which Microsoft Purview solution and configuration should they use?

A company is subject to a legal investigation and must preserve all email communications related to the case for an indefinite period, even if users try to delete them. The compliance officer needs a solution that can place a hold on specific user mailboxes and prevent any permanent deletion of relevant content. Which Microsoft Purview feature should be used?

A financial services organization needs to prevent communication between its research analysts and investment bankers to comply with regulatory requirements. Which Microsoft Purview solution should the compliance team implement?

A financial institution uses Microsoft 365 and must ensure that Microsoft support engineers cannot access the institution's content (e.g., Exchange Online mailboxes, SharePoint sites) without explicit approval from the institution's compliance officer. The compliance officer needs to review and approve or reject each access request. Which Microsoft Purview feature should be configured?

Question 11hardmultiple choice
Read the full NAT/PAT explanation →

A financial services organization must prevent employees in the Research department from communicating via email or Microsoft Teams with employees in the Investment Banking department to avoid conflicts of interest. Additionally, they need to prevent any credit card numbers from being shared in emails sent to external recipients. Which combination of Microsoft Purview solutions should they implement?

A company's security team needs to detect and investigate potential data theft by employees who have legitimate access to sensitive data. They want a solution that uses heuristics and behavioral analytics to identify risky user actions such as data exfiltration to personal cloud storage. Which Microsoft Purview solution should they use?

A company must retain all vendor contracts for 10 years to meet regulatory requirements. After 10 years, the contracts must be permanently destroyed with no possibility of recovery. The compliance team wants to automate this lifecycle and ensure that during the retention period, the contracts cannot be edited or deleted by users. Which Microsoft Purview solution should they use?

A compliance officer needs to evaluate their organization's security and compliance posture against multiple regulatory frameworks such as HIPAA, GDPR, and ISO 27001. The solution must provide a continuous assessment score, actionable improvement actions, and the ability to track implementation progress. Which Microsoft Purview solution should they use?

Question 15hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation must comply with several regulatory frameworks, including GDPR, SOX, and HIPAA. The compliance officer wants to continuously assess the organization's compliance posture against these regulations, receive prioritized improvement actions, and track the implementation progress of those actions. Which Microsoft Purview solution should the compliance officer use?

A financial services company must comply with a regulation that requires all audit-related documents to be retained for 7 years and then permanently deleted. The compliance officer wants to ensure that even if a user modifies or deletes a file, the original content is preserved for the full 7 years, and at the end of the period the files are automatically destroyed without any manual approval. The company uses Microsoft 365 and stores these documents in SharePoint Online and Microsoft Teams. Which Microsoft Purview solution should the compliance officer configure?

A company receives a subject rights request (SRR) from a customer under GDPR, asking for the deletion of all personal data held about them. The compliance team needs a tool to orchestrate the discovery of this data across Microsoft 365 and other systems, and to track the response and fulfillment of the request. Which Microsoft Purview solution should they use?

A law firm uses Microsoft 365 and has two legal teams working on opposing sides of the same lawsuit. The compliance officer needs to prevent any communication (email, Teams chat, file sharing) between the two teams. Additionally, the firm must block emails containing the case name from being sent outside the organization. Which two Microsoft Purview solutions should be configured to meet these requirements? (Choose two.)

A legal team is involved in a lawsuit and needs to ensure that all emails and documents related to the case are preserved in their original state, even if users edit or delete them. They also need the ability to search for these items and export them for legal review. Which Microsoft Purview solution should the compliance team configure to meet these requirements?

Question 20mediummultiple choice
Read the full NAT/PAT explanation →

A multinational organization uses Microsoft 365 and must demonstrate compliance with both GDPR and ISO 27001. The compliance team needs a centralized tool to assess their current compliance posture against these frameworks, receive prioritized improvement actions, and track the implementation of those actions over time. Which Microsoft Purview solution should they use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Describe the capabilities of Microsoft compliance solutions sessions

Start a Describe the capabilities of Microsoft compliance solutions only practice session

Every question in these sessions is drawn from the Describe the capabilities of Microsoft compliance solutions domain — nothing else.

Related practice questions

Related SC-900 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SC-900 exam test about Describe the capabilities of Microsoft compliance solutions?
Describe the capabilities of Microsoft compliance solutions questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Describe the capabilities of Microsoft compliance solutions questions in a focused session?
Yes — the session launcher on this page draws every question from the Describe the capabilities of Microsoft compliance solutions domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SC-900 topics?
Use the topic links above to move to related areas, or go back to the SC-900 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SC-900 exam covers. They are not copied from any real exam or dump site.