Administering Information Security in Microsoft 365 Questions and Answers
HOTSPOT
You have a Microsoft 365 E5 subscription.
You receive the data loss prevention (DLP) alert shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE : Each correct selection is worth one point.

You have a Microsoft 565 E5 tenant that uses Microsoft Teams and contains two users named User1 and User2. You create a data Joss prevention (DIP) policy that is applied to the Teams chat and channel messages location for User1 and User?
Which Teams entities will have DLP protection?
You have a Microsoft 365 subscription.
You configure a Microsoft Purview insider risk management policy named Policy1.
You need to ensure that you will receive real-time recommendations on how to configure the indicator thresholds for Policy1. The solution must ensure that the recommendations are based on a user ' s activity from the past 10 days.
What should you do first?
You need to be alerted when users share sensitive documents from Microsoft OneDrive to any users outside your company.
What should you do?
You need to create a retention policy to delete content after seven years from the following locations:
• Exchange Online email
• SharePoint Online sites
• OneDrive accounts
• Microsoft 365 Groups
• Teams channel messages
• Teams chats
What is the minimum number of retention policies that you should create?
HOTSPOT
You have a Microsoft 365 E5 subscription that contains two users named User1 and User2.
You create the audit retention policies shown in the following table.

The users perform the following actions:
● User1 renames a Microsoft SharePoint Online site.
● User2 sends an email message.
How long will the audit log records be retained for each action? To answer, select the appropriate options in the answer area.
NOTE : Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains a sensitivity label named Contoso Confidential.
You publish Contoso Confidential to all users.
Contoso Confidential is configured as shown in the Configuration exhibit. (Click the Configuration tab.)

The Access control settings of Contoso Confidential are configured as shown in the Access control exhibit. (Click the Access control tab.)


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You receive an email that contains a list of words that will be used for a sensitive information type.
You need to create a file that can be used as the source of a keyword dictionary.
In which format should you save the list?
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need to create a sensitive information type (SIT) to detect project code content that starts with the letters pjt followed by six digits and ends with the letters set The following is an example of the project code.
pjtl234S6sct
How should you complete the regular expression? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains a retention policy named RP1 as shown in the following table.

You place a preservation lock on RP1.
You need to modify RP1.
Which two modifications can you perform? Each correct answer presents part of the solution.
NOTE : Each correct selection is worth one point.
You have a Microsoft J65 ES subscription.
You need to create a Microsoft Defender for Cloud Apps policy that will detect data loss prevention (DIP) violations. What should you create?
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You plan to create a Microsoft Purview insider risk management case named Case1.
Which insider risk management object should you select first, and which users will be added as contributors for Case1 by default?
To answer, select the appropriate options in the answer area.
NOTE : Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

The subscription contains the groups shown in the following table.

You plan to create a priority user group named Priority1.
You need to identify the following:
. Which users and groups can be added to Priority1?
. Which users can be enabled to view alerts that involve the members of Priority1?
What should you identify? To answer, select the appropriate options in the answer area.


You have a Microsoft 365 E5 subscription.
You are implementing insider risk management.
You need to maximize the amount of historical data that is collected when an event is triggered.
What is the maximum number of days that historical data can be collected?
You have a Microsoft 365 E5 tenant and the Windows Client devices shown in the following table.

To which devices can you apply Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings?
You have a Microsoft 365 subscription.
You create a new trainable classifier.
You need to train the classifier.
Which source can you use to train the classifier?
You have a Microsoft J65 subscription linked to a Microsoft Entra tenant that contains a user named User1. You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege. Which role should you assign to User1?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You plan to deploy a Defender for Cloud Apps file policy that will be triggered when the following conditions are met:
● A file is shared externally.
● A file is labeled as internal only.
Which filter should you use for each condition? To answer, drag the appropriate filters to the correct conditions. Each filter may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE : Each correct selection is worth one point.

Your company has Microsoft 365 E5 subscription and plans to use Microsoft Purview Advanced Message Encryption.
Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft 365 logo.
What should you do to create the branding templates?
HOTSPOT
You have a Microsoft 365 E5 subscription.
You need to implement a compliance solution that meets the following requirements:
● Captures clips of key security-related user activities, such as the exfiltration of sensitive company data.
● Integrates data loss prevention (DLP) capabilities with insider risk management.
What should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains a trainable classifier named Trainable1.
You plan to create the items shown in the following table.

Which items can use Trainable 1?
You have a Microsoft 365 E5 subscription.
You need to prevent users from uploading data loss prevention (DLP)-protected documents to the following third-party websites:
● web1.contoso.com
● web2.contoso.com
The solution must minimize administrative effort.
To what should you set the Service domains setting for Endpoint DLP?
You have a Microsoft J65 E5 subscription. You plan to implement retention policies for Microsoft Teams. Which item types can be retained?
You have a Microsoft 36S ES subscription that contains a Windows 11 device named Device 1 and three users named User 1. User2. and User3.
You plan to deploy Azure Information Protection (AIP) and the Microsoft Purview Information Protection client to Device 1.
You need to ensure that the users can perform the following actions on Device1 as part of the planned deployment
• User 1 will test the functionality of the client.
• User2 will install and configure the Microsoft Rights Management connector.
• User3 will be configured as the service account for the information protection scanner.
The solution must maximize the security of the sign-in process for the users What should you do?
You have a Microsoft 365 alert named Alert2 as shown in the following exhibit.

You need to manage the status of Alert? To which status can you change Alette?
You have a Microsoft 365 E5 subscription.
Users access their mailbox by using the following apps.
• Outlook for Microsoft 365
• Outlook on the web
• Outlook Mobile fiOS. Android)
You create a data loss prevention (DLP) policy named DLP1 that has the following settings:
• Location; Exchange email
• Status: On
• User notifications: On
• Notify users with a policy tip: Enabled
Which apps display a policy tip when content is matched by using DIP1 ?
You have a Microsoft 365 subscription. You create a retention policy and apply the policy to Exchange Online mailboxes.
You need to ensure that the retention policy tags can be assigned to mailbox items as soon as possible.
What should you do?
You have a Microsoft 365 E5 subscription.
You plan to implement insider risk management for users that manage sensitive data associated with a project.
You need to create a protection policy for the users. The solution must meet the following requirements:
● Minimize the impact on users who are NOT part of the project.
● Minimize administrative effort.
What should you do first?
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site! and the data loss prevention (DLP) policies shown in the following table.

The DLP rules are configured as shown In the following table.

All the policies are assigned to Site1.
You need to ensure that if a user uploads a document to Site1 that matches all the rules, the user will be shown the Tip 2 policy tip. What should you do?
You have a Microsoft 365 subscription.
Users have devices that run Windows 11.
You plan to create a Microsoft Purview insider risk management policy that will detect when a user performs the following actions:
● Deletes files that contain a sensitive information type (SIT) from their device
● Copies files that contain a SIT to a USB drive
● Prints files that contain a SIT
You need to prepare the environment to support the policy.
What should you do?
You have a Microsoft 365 E5 subscriptions.
You deploy Microsoft Purview Data Security Posture Management for Al (DSPM for Al).
You need to edit the default policies created as part of the deployment.
Which two Microsoft Purview solutions should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
DRAG DROP
You have a Microsoft 365 E5 subscription that has data loss prevention (DLP) implemented.
You need to create a custom sensitive info type. The solution must meet the following requirements:
● Match product serial numbers that contain a 10-character alphanumeric string.
● Ensure that the abbreviation of SN appears within six characters of each product serial number.
● Exclude a test serial number of 1111111111 from a match.
Which pattern settings should you configure for each requirement? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that has a sensitivity label named Sensitivity1.
You plan to create an auto-labeling policy that will apply Sensitivity1 to Microsoft Exchange Online mailboxes.
On February 1, you create the auto-labeling policy and enable simulation mode by using the default settings. No modifications are made to the policy in simulation mode.
When will the policy first be turned on?
HOTSPOT
How many files in Site2 can User1 and User2 access after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You need to meet the retention requirement for the users ' Microsoft 365 data.
What is the minimum number of retention policies required to achieve the goal?
You need to meet the technical requirements for the creation of the sensitivity labels.
To which user or users must you assign the Sensitivity Label Administrator role?
HOTSPOT
You need to meet the technical requirements for the confidential documents.
What should you create first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You need to meet the technical requirements for the Site1 documents.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

HOTSPOT
You are reviewing policies for the SharePoint Online environment.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

























