Question 963 of 1,411

Quick Answer

The answer is Sensitive information types and Trainable classifiers. Sensitive information types rely on predefined or custom regex patterns—such as credit card numbers or Social Security numbers—to detect specific data formats, while Trainable classifiers use machine learning to intelligently identify sensitive content based on context and patterns, even when no fixed pattern exists. On the SC-900 exam, this question tests your understanding of how Microsoft Purview’s automatic classification features work together to protect data in documents, often appearing as a “select two” item where common traps include confusing Trainable classifiers with simple keyword lists or assuming Data Loss Prevention policies alone handle classification. Remember the memory tip: “Patterns and Patterns” – Sensitive information types match fixed patterns, Trainable classifiers learn behavioral patterns.

SC-900 Practice Question: Describe the capabilities of Microsoft compliance solutions

This SC-900 practice question tests your understanding of describe the capabilities of microsoft compliance solutions. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Which TWO Microsoft Purview features can be used to automatically classify and protect sensitive data in documents?

Question 1mediummulti select
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Trainable classifiers

Trainable classifiers (C) use machine learning to intelligently identify sensitive content based on context and patterns, enabling automatic classification. Sensitive information types (E) are predefined or custom patterns (e.g., credit card numbers, SSNs) that detect specific data types, which can then trigger protection actions like encryption or access restrictions. Both features work together to automatically classify and protect sensitive data in documents.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Data loss prevention policies

    Why it's wrong here

    DLP policies enforce actions but do not classify data themselves.

  • eDiscovery (Premium)

    Why it's wrong here

    eDiscovery is used for legal discovery, not classification.

  • Trainable classifiers

    Why this is correct

    Trainable classifiers use machine learning to classify content based on examples.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Retention labels

    Why it's wrong here

    Retention labels manage data retention, not classification.

  • Sensitive information types

    Why this is correct

    Sensitive information types automatically detect patterns like credit cards.

    Related concept

    Read the scenario before looking for a memorised answer.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Microsoft often tests the misconception that Data loss prevention policies (A) perform automatic classification, when in fact they enforce actions based on pre-existing classifications or sensitive information types, not the classification itself.

Detailed technical explanation

How to think about this question

Trainable classifiers use a two-stage process: first, they are trained on seed content to learn patterns, then they apply similarity scoring to new documents, achieving over 95% accuracy for well-defined categories like 'contracts' or 'resumes'. Sensitive information types rely on regex patterns, keyword lists, and confidence levels (e.g., 85% for a credit card with Luhn check) to detect data, and can be combined with trainable classifiers for higher precision. In practice, a financial firm might use a trainable classifier for 'financial reports' and a sensitive information type for 'IBAN numbers' to automatically apply a sensitivity label and encrypt the document.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A company's IT admin needs to give a contractor read-only access to production logs without sharing account credentials. Using role-based access control (RBAC) and temporary scoped permissions — not a permanent shared password — is the correct pattern. Questions like this test whether you can apply least-privilege access across cloud identity services.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SC-900 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SC-900 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SC-900 question test?

Describe the capabilities of Microsoft compliance solutions — This question tests Describe the capabilities of Microsoft compliance solutions — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Trainable classifiers — Trainable classifiers (C) use machine learning to intelligently identify sensitive content based on context and patterns, enabling automatic classification. Sensitive information types (E) are predefined or custom patterns (e.g., credit card numbers, SSNs) that detect specific data types, which can then trigger protection actions like encryption or access restrictions. Both features work together to automatically classify and protect sensitive data in documents.

What should I do if I get this SC-900 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

1 more ways this is tested on SC-900

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. Which TWO Microsoft Purview solutions can be used to automatically classify sensitive data at rest?

easy
  • A.Data Lifecycle Management
  • B.Communication Compliance
  • C.eDiscovery
  • D.Auditing
  • E.Information Protection

Why A: Options A and B are correct. Information Protection includes auto-labeling policies that can classify data at rest. Data Lifecycle Management includes retention labels that can classify data based on conditions. Option C is wrong because Communication Compliance monitors communications. Option D is wrong because eDiscovery is for search. Option E is wrong because Auditing tracks activities.

Keep practising

More SC-900 practice questions

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SC-900 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SC-900 exam.