Sample Questions and Answers
What does the “Use Auditing” checkbox in a DLP policy do?
A. Enables encryption
B. Logs all matches for review
C. Flags content for deletion
D. Encrypts outbound messages
Answer: B. Logs all matches for review
Explanation: Enabling auditing captures DLP matches in logs for administrators to review violations or false positives.
Which role is required to access and manage Microsoft Purview Content Explorer?
A. Global Reader
B. Content Explorer Viewer
C. Compliance Reader
D. Exchange Administrator
Answer: B. Content Explorer Viewer
Explanation: Only users assigned to the Content Explorer Viewer role can see item-level details in the Content Explorer.
You need to investigate possible data leaks in Microsoft Teams. Which solution is best?
A. Retention policies
B. Microsoft Defender for Office 365
C. DLP with Teams chat scanning
D. Exchange Transport Rules
Answer: C. DLP with Teams chat scanning
Explanation: DLP policies can monitor messages in Microsoft Teams (chats and channel messages) for sensitive information.
Which Microsoft Purview feature helps classify sensitive information based on patterns and dictionaries?
A. Trainable classifiers
B. Sensitivity labels
C. Retention labels
D. Azure Information Protection scanner
Answer: A. Trainable classifiers
Explanation: Trainable classifiers use machine learning models to identify sensitive content based on patterns, keywords, and context.
How can you prevent users from applying a specific sensitivity label?
A. Remove the label from the label policy for those users
B. Disable the label globally
C. Restrict the label to specific locations only
D. Assign the label only to admins
Answer: A. Remove the label from the label policy for those users
Explanation: Sensitivity labels are published to users via label policies; removing a label from a policy prevents users from applying it.
Which feature allows an administrator to apply sensitivity labels to documents stored in on-premises file shares?
A. Microsoft Defender for Endpoint
B. Azure Information Protection unified labeling client
C. Microsoft Defender for Cloud Apps
D. Data Loss Prevention policies
Answer: B. Azure Information Protection unified labeling client
Explanation: The AIP unified labeling client can apply sensitivity labels to files stored on-premises, such as local file shares.
What does the “Content Explorer” tool in Microsoft Purview provide?
A. Automated content classification
B. Search and view content that matches sensitivity labels or DLP policies
C. User activity monitoring
D. Endpoint data collection
Answer: B. Search and view content that matches sensitivity labels or DLP policies
Explanation: Content Explorer lets admins see files and emails labeled or matched by DLP policies.
When configuring a DLP policy, which of the following can you use to create exceptions?
A. Users or groups
B. Content containing specific keywords
C. Locations such as SharePoint sites or mailboxes
D. All of the above
Answer: D. All of the above
Explanation: Exceptions can be based on users, content keywords, and locations within the policy.
Which Microsoft 365 compliance feature can help meet GDPR data subject requests?
A. Retention labels
B. Records Management
C. Data Subject Requests (DSR) in Microsoft Purview
D. Sensitivity labels
Answer: C. Data Subject Requests (DSR) in Microsoft Purview
Explanation: The DSR tool helps identify and manage personal data related to GDPR compliance.
You need to configure a sensitivity label to allow external users to access encrypted files. Which setting should you configure?
A. Set permissions to allow access for specified external users
B. Disable encryption on the label
C. Use automatic labeling only
D. Block sharing externally
Answer: A. Set permissions to allow access for specified external users
Explanation: Permissions in the label’s encryption settings can be customized to allow external access.
Which service is required to enable automatic labeling of emails based on content?
A. Exchange Online
B. SharePoint Online
C. Microsoft Teams
D. Microsoft Defender for Endpoint
Answer: A. Exchange Online
Explanation: Automatic labeling of emails requires Exchange Online to scan message content.
Which of these is a valid scope for applying a retention label?
A. Microsoft Teams messages
B. OneDrive files
C. Exchange mailboxes
D. All of the above
Answer: D. All of the above
Explanation: Retention labels can apply to Teams, OneDrive, Exchange, SharePoint, and other Microsoft 365 services.
What kind of data can Endpoint DLP monitor and protect?
A. Files on Windows devices
B. Clipboard activities
C. Printing activities
D. All of the above
Answer: D. All of the above
Explanation: Endpoint DLP tracks files, clipboard, printing, and other sensitive data usage on endpoints.
You want to generate reports on DLP policy matches and actions taken. Which tool should you use?
A. Microsoft Purview compliance portal’s Reports tab
B. Azure Security Center
C. Microsoft Defender for Identity
D. Azure Sentinel
Answer: A. Microsoft Purview compliance portal’s Reports tab
Explanation: The compliance portal provides DLP reports for policy matches, overrides, and incidents.
Which Microsoft 365 service integrates with Azure Information Protection to protect documents?
A. Microsoft Intune
B. Azure Rights Management Service (Azure RMS)
C. Microsoft Defender for Endpoint
D. Microsoft Teams
Answer: B. Azure Rights Management Service (Azure RMS)
Explanation: Azure RMS enforces encryption and rights management for labeled documents.
What is the default action if a DLP policy match is found but no user notification is configured?
A. Content is automatically deleted
B. Content is blocked
C. The match is logged but no action is taken
D. Users receive an email notification
Answer: C. The match is logged but no action is taken
Explanation: Without configured actions, DLP matches are logged silently.
Which feature can be used to restrict external sharing of files with specific sensitivity labels?
A. Sensitivity label encryption permissions
B. External sharing settings in SharePoint Admin Center
C. Conditional Access policies
D. Both A and B
Answer: D. Both A and B
Explanation: Encryption permissions in labels and SharePoint sharing settings can both restrict external sharing.
You want to create a custom sensitive information type. What tool should you use?
A. Microsoft Purview Sensitive Information Types editor
B. Azure Security Center
C. Microsoft Defender for Cloud Apps
D. Azure Information Protection portal
Answer: A. Microsoft Purview Sensitive Information Types editor
Explanation: Custom sensitive info types are created and managed in the Purview compliance portal.
How does Microsoft Purview classify data in third-party cloud services?
A. Using Microsoft Defender for Cloud Apps and Cloud Discovery
B. Through Exchange transport rules
C. Using Azure AD conditional access
D. It cannot classify data in third-party clouds
Answer: A. Using Microsoft Defender for Cloud Apps and Cloud Discovery
Explanation: Defender for Cloud Apps provides visibility and classification across third-party clouds.
Which component enables protection of emails via sensitivity labels in Outlook?
A. Outlook add-in for Azure Information Protection
B. Exchange Transport Rules
C. Microsoft Intune
D. Azure AD Conditional Access
Answer: A. Outlook add-in for Azure Information Protection
Explanation: The AIP Outlook add-in allows users to apply sensitivity labels that enforce protection on emails.
What is the role of the Microsoft 365 Compliance Manager?
A. To manage endpoint security configurations
B. To assess compliance against regulatory standards
C. To manage Azure AD users
D. To monitor network traffic
Answer: B. To assess compliance against regulatory standards
Explanation: Compliance Manager provides compliance score and helps implement controls for regulations.
When configuring a sensitivity label, which action encrypts content using Azure RMS?
A. Enable “Encryption” and define permissions
B. Add a watermark
C. Enable content marking
D. Configure retention settings
Answer: A. Enable “Encryption” and define permissions
Explanation: Encryption settings in a sensitivity label define RMS protection and user access.
What is the benefit of using automatic labeling policies?
A. Reduces manual labeling errors and improves consistency
B. Eliminates need for retention policies
C. Removes user access controls
D. Automatically deletes sensitive files
Answer: A. Reduces manual labeling errors and improves consistency
Explanation: Automatic labeling enforces consistent protection by labeling content based on rules.
Reviews
There are no reviews yet.