Your company has a Microsoft 365 tenant that uses a domain named contoso.com.
You are implementing data loss prevention (DLP).
The company's default browser is Microsoft Edge.
During a recent audit, you discover that some users use Firefox and Google Chrome browsers to upload files labeled as Confidential to a third-party Microsoft
SharePoint Online site that has a URL of https://m365x076709.sharepoint.com. Users are blocked from uploading the confidential files to the site from Microsoft
Edge.
You need to ensure that the users cannot upload files labeled as Confidential from Firefox and Google Chrome to any cloud services.
Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add m365x076709.sharepoint.com as a blocked service domain.

B. Create a DLP policy that applies to the Devices location.

C. From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, add Firefox and Google Chrome to the unallowed browsers list.

D. From the Microsoft 365 compliance center, onboard the devices.

E. From the Microsoft 365 Endpoint data loss prevention (Endpoint) DLP settings, add contoso.com as an allowed service domain.

You plan to implement Microsoft Office 365 Advanced Message Encryption.
You need to ensure that encrypted email sent to external recipients expires after seven days.
What should you create first?

A. a custom branding template

B. a remote domain in Microsoft Exchange

C. a mail flow rule

D. an X.509 version 3 certificate

E. a connector in Microsoft Exchange

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You have the alerts shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-AuditConfig -Workload Exchange command.
Does that meet the goal?

A. Yes

B. No

You are configuring a data loss prevention (DLP) policy to report when credit card data is found on a Windows 10 device joined to Azure Active Directory (Azure
AD).
You plan to use information from the policy to restrict the ability to copy the sensitive data to the clipboard.
What should you configure in the policy rule?

A. the incident report

B. an action

C. user notifications

D. user overrides

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains 1.000 user mailboxes.
An administrator named Admin1 must be able to search for the name of a competing company in the mailbox of a user named User5.
You need to ensure that Admin1 can search the mailbox of User5 successfully. The solution must prevent Admin1 from sending email messages as User5.
Solution: You modify the permissions of the mailbox of User5, and then create an eDiscovery case.
Does this meet the goal?

A. Yes

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has all locations selected.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have a Microsoft SharePoint Online site named Site1 that contains the files shown in the following table.
 
You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.
 
You apply DLP1 to Site1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You need to ensure that documents in a Microsoft SharePoint Online site that contain a reference to Project Alpha are retained for two years, and then deleted.
Which two objects should you create? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. a retention policy

B. an auto-apply label policy

C. a sensitive info type

D. a retention label

E. a sensitivity label

F. a publish labels policy

You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the following actions:
✑ Publish Sensitivity1.
✑ Create an auto-labeling policy for Sensitivity2.
You plan to create a file policy named Policy1 in Microsoft Cloud App Security.
Which sensitivity labels can you apply to Microsoft SharePoint Online in Policy1?

A. Sensitivity1 only

B. Sensitivity1, Sensitivity2, and Sensitivity3

C. Sensitivity2 only

D. Sensitivity1 and Sensitivity2 only

You need to automatically apply a sensitivity label to documents that contain information about your company's network including computer names, IP addresses, and configuration information.
Which two objects should you use? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. an Information protection auto-labeling policy

B. a custom trainable classifier

C. a sensitive info type that uses a regular expression

D. a data loss prevention (DLP) policy

E. a sensitive info type that uses keywords

F. a sensitivity label that has auto-labeling

You have a Microsoft 365 E5 subscription.
You need to create static retention policies for the following locations:
• Teams chats
• Exchange email
• SharePoint sites
• Microsoft 365 Groups
• Teams channel messages
What is the minimum number of retention policies required?

A. 1

B. 2

C. 3

D. 4

E. 5

HOTSPOT -
You have a Microsoft 365 tenant.
A retention hold is applied to all the mailboxes in Microsoft Exchange Online.
A user named User1 leaves your company, and the account of User1 is deleted from Azure Active Directory (Azure AD).
You need to create a new user named User2 and provide User2 with access to the mailbox of User1.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 contains 100 users and has dynamic user membership.
All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online.
You create a sensitivity label named Label1 and publish Label1 as the default label for Group1.
You need to ensure that the users in Group must apply Label1 to their email and documents.
Which two actions should you perform? Each correct answer presents part of the solution
NOTE: Each correct selection is worth one point.

A. From the Microsoft Purview compliance portal, create an auto-labeling policy.

B. Install the Active Directory Rights Management Services (AD RMS) client on the Windows 10 devices,

C. From the Microsoft Purview compliance portal, modify the settings of the Label1 policy.

D. Install the Azure Information Protection unified labeling client on the Windows 10 devices.

E. From the Microsoft Entra admin center, set Membership type for Group1 to Assigned.

You need to provide a user with the ability to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The solution must use the principle of least privilege.
Which role should you assign to the user?

A. Compliance data administrator

B. Security operator

C. Compliance administrator

D. Security reader

HOTSPOT -
How many files in Site2 will be visible to User1 and User2 after you turn on DLPpolicy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

DRAG DROP
-
You have a Microsoft 365 E5 subscription.
You need to prevent the sharing of sensitive information in Microsoft Teams.
Which entities can you protect by applying a data loss prevention (DLP) policy to each resource? To answer, drag the appropriate activities to the correct entity. Each activity may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You need to implement a compliance solution that meets the following requirements:
• Captures clips of key security-related user activities, such as the exfiltration of sensitive company data.
• Integrates data loss prevention (DLP) capabilities with insider risk management.
What should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

DRAG DROP
-
You have a Microsoft 365 subscription that contains 20 data loss prevention (DLP) policies.
You need to identify the following:
•	Rules that are applied without triggering a policy alert
•	The top 10 files that have matched DLP policies
•	Alerts that are miscategorized
Which report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 tenant that uses records management.
You use a retention label to mark legal files stored in a Microsoft SharePoint Online document library as regulatory records.
What can you do to the legal files?

A. Rename the files.

B. Edit the properties of the files.

C. Change the retention label of the files.

D. Copy the content of the files.

You have a Microsoft 365 E5 tenant that has data loss prevention (DLP) policies.
You need to create a report that includes the following:
•	Documents that have a matched DLP policy.
•	Documents that have had a sensitivity label changed.
•	Documents that have had a sensitivity label changed.
What should you use?

A. a content search

B. an eDiscovery case

C. communication compliance reports

D. Activity explorer

You have a Microsoft 365 E5 tenant that contains a user named User1. User1 is assigned the Compliance Administrator role.
User1 cannot view the regular expression in the IP Address sensitive info type.
You need to ensure that User1 can view the regular expression.
What should you do?

A. Assign User1 the Global Reader role.

B. Assign User1 to the Reviewer role group.

C. Instruct User to use the Test function on the sensitive info type.

D. Create a copy of the IP Address sensitive info type and instruct User1 to edit the copy.

HOTSPOT -
You have a Microsoft 365 tenant that uses Microsoft Teams.
You create a data loss prevention (DLP) policy to prevent Microsoft Teams users from sharing sensitive information.
You need to identify which locations must be selected to meet the following requirements:
✑ Documents that contain sensitive information must not be shared inappropriately in Microsoft Teams.
✑ If a user attempts to share sensitive information during a Microsoft Teams chat session, the message must be deleted immediately.
Which three locations should you select? To answer, select the appropriate locations in the answer area. (Choose three.)
NOTE: Each correct selection is worth one point.
Hot Area:
 

Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft Office 365 logo.
What should you do to create the branding templates?

A. Create a Transport rule.

B. Create an RMS template.

C. Run the Set-IRMConfiguration cmdlet.

D. Run the New-OMEConfiguration cmdlet.

You need to create a retention policy to delete content after seven years from the following locations:
✑ Exchange Online email
✑ SharePoint Online sites
✑ OneDrive accounts
Microsoft 365 groups -
 
✑ Teams channel messages
✑ Teams chats
What is the minimum number of retention policies that you should create?

A. 1

B. 2

C. 3

D. 4

You plan to implement sensitivity labels for Microsoft Teams.
You need to ensure that you can view and apply sensitivity labels to new Microsoft Teams sites.
What should you do first?

A. Run the Set-SPOSite cmdlet.

B. Create a new sensitivity label scoped to Groups & sites.

C. Run the Execute-AzureAdLabelSync cmdlet.

D. Configure the EnableMIPLabels Azure Active Directory (Azure AD) setting.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Microsoft Defender for Cloud Apps portal, you create an app discovery policy.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have a Microsoft 365 sensitivity label that is published to all the users in your Microsoft Entra tenant as shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

A user reports that she can no longer access a Microsoft Excel file named Northwind Customer Data.xlsx.
From the Cloud App Security portal, you discover the alert shown in the exhibit.
 
You restore the file from quarantine.
You need to prevent files that match the policy from being quarantined. Files that match the policy must generate an alert.
What should you do?

A. Modify the policy template.

B. Assign the Global reader role to the file owners.

C. Exclude file matching by using a regular expression.

D. Update the governance action.

You have a Microsoft 365 E5 subscription that contains the resources shown in the following table.
 
You have a retention label configured as shown in the following exhibit.
 
You publish the retention label and set the scope as shown in the following exhibit.
 
You apply the label to the resources.
Which items can you delete?

A. Mail1 only

B. File1.docx and File2.xlsx only

C. Mail1 and File1.docx only

D. Mail1 and File2.xlsx only

E. Mail1, File1.docx, and File2.xlsx

You have a Microsoft 365 E5 subscription that contains a data loss prevention (DLP) policy named DLP1.
DLP1 has a rule that triggers numerous alerts.
You need to reduce the number of alert notifications that are generated. The solution must maintain the sensitivity of DLP1.
What should you do?

A. Change the mode of DLP1 to Test without notifications.

B. Modify the rule and increase the instance count.

C. Modify the rule and configure an alert threshold.

D. Modify the rule and set the priority to the highest value.

You create a retention label that has a retention period of seven years.
You need to ensure that documents containing a credit card number are retained for seven years. Other documents must not be retained.
What should you create?

A. a retention label policy of type publish

B. a retention policy that retains files automatically

C. a retention policy that deletes files automatically

D. a retention label policy of type auto-apply

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-AdminAuditlogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox* command.
Does that meet the goal?

A. Yes

B. No

You have a Microsoft 365 tenant.
You discover that email does NOT use Microsoft Office 365 Message Encryption (OME).
You need to ensure that OME can be applied to email.
What should you do first?

A. Enable Microsoft Defender for Office 365.

B. Activate Azure Information Protection.

C. Activate Azure Rights Management (Azure RMS).

D. Create an Azure key vault.

SIMULATION
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@123456789.onmicrosoft.com
Microsoft 365 Password: **********
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You plan to create a data loss prevention (DIP) policy that will apply to content containing the following keywords:
• Tailspin
• Litware
• Falcon
You need to create a keyword list that can be used in the DLP policy.
You do NOT need to create the DLP policy at this time.
To complete this task, sign in to the appropriate admin center.

HOTSPOT
-
You have a hybrid Microsoft 365 deployment that contains the users shown in the following table.
 
You need to perform an eDiscovery content search.
Which user's data can be included in the content search? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft Office 365 logo.
What should you do to create the branding templates?

A. Create a Transport rule.

B. Create an RMS template.

C. Run the Set-IRMConfiguration cmdlet.

D. Run the New-OMEConfiguration cmdlet.

You have a Microsoft 365 E5 tenant and the Windows 10 devices shown in the following table.
 
To which devices can you apply Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings?

A. Device1, Device3, and Device4 only

B. Device1, Device2, Device3, and Device4

C. Device1 and Device2 only

D. Device1 and Device3 only

E. Device1 only

You plan to create a new data loss prevention (DLP) policy named DIP1.
DLP1 will be applied to the Exchange email location.
You need to exclude two users named User1 and User2 from DLP1.
What should you do first?

A. Create an organization sharing policy in Microsoft Exchange.

B. Create a mail flow rule in Microsoft Exchange.

C. Create a distribution list that contains User1 and User2.

D. Create an advanced DLP rule.

You have a Microsoft 365 subscription.
You create and run a content search from the Microsoft Purview compliance portal.
You need to download the results of the content search.
What should you obtain first?

A. a certificate

B. a password

C. an export key

D. a pin

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
 
Site1 includes a file named File1.docx.
You create two retention labels named Retention1 and Retention2.
You publish Retention1 to the following locations:
•	Exchange email
•	Included: User1
•	Microsoft 365 Groups
•	Included: Group2
You publish Retention2 to the following locations:
•	Exchange email
•	Included: All recipients
•	SharePoint sites
•	Included: Site1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You enable archive mailboxes for all the users at your company.
The Default MRM Policy is shown in the MRM exhibit.
 
A Microsoft 365 retention label policy is shown in the Label Policy exhibit.
 
You need to identify the following:
✑ How many years until an email is archived?
✑ What should you modify to change the retention period for archiving?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-MailboxFolderPermission -Identity "User1" -User
User1@contoso.com
-AccessRights Owner command.
Does that meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 contains 100 users and has dynamic user membership.
All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online.
You create a sensitivity label named Label1 and publish Label1 as the default label for Group1.
You need to ensure that the users in Group must apply Label1 to their email and documents.
Which two actions should you perform? Each correct answer presents part of the solution
NOTE: Each correct selection is worth one point.

A. From the Microsoft Purview compliance portal, create an auto-labeling policy.

B. Install the Active Directory Rights Management Services (AD RMS) client on the Windows 10 devices,

C. From the Microsoft Purview compliance portal, modify the settings of the Label1 policy.

D. Install the Azure Information Protection unified labeling client on the Windows 10 devices.

E. From the Microsoft Entra admin center, set Membership type for Group1 to Assigned.

You have a Microsoft 365 E5 tenant that contains a Microsoft SharePoint Online document library named Library1.
You need to declare a collection of files that are stored in Library1 as regulatory records.
What should you use?

A. a sensitivity label policy

B. a retention label policy

C. a retention policy

D. data loss prevention (DLP) policy

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.
Existing Environment -
Microsoft 365 Environment -
Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.
 
Users store data in the following locations:
SharePoint sites
OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages
When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.
SharePoint Online Environment -
Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.
Site2 contains the files shown in the following table.
 
Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.
 
Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.
Site4 has the following two retention policies applied:
Name: Site4RetentionPolicy1
- Locations to apply the policy: Site4
- Delete items older than: 2 years
- Delete content based on: When items were created
Name: Site4RetentionPolicy2
- Locations to apply the policy: Site4
- Retain items for a specific period: 4 years
- Start the retention period based on: When items were created
- At the end of the retention period: Do nothing
Problem Statements -
Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.
Requirements -
Planned Changes -
Contoso plans to create the following data loss prevention (DLP) policy:
Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
- Content contains any of these sensitive info types: SWIFT Code
- Instance count: 2 to any
Actions: Restrict access to the content
Technical Requirements -
Contoso must meet the following technical requirements:
All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used.
For all users, all Microsoft 365 data must be retained for at least one year.
Confidential documents must be detected and protected by using Microsoft 365.
Site1 documents that include credit card numbers must be labeled automatically.
All administrative users must be able to create Microsoft 365 sensitivity labels.
After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.
You need to meet the retention requirement for the users' Microsoft 365 data.
What is the minimum number of retention policies that you should use?

A. 1

B. 2

C. 3

D. 4

E. 6

You have a Microsoft 365 tenant that contains the users shown in the following table.
 
You configure a retention label to trigger a disposition review at the end of the retention period.
Which users can access the Disposition tab in the Microsoft 365 compliance center to review the content?

A. User1 only

B. User2 only

C. User3 only

D. User1 and User3

E. User3 and User4

You have a Microsoft 365 E5 subscription.
You need to create a Microsoft Defender for Cloud Apps policy that will detect data loss prevention (DLP) violations.
What should you create?

A. a Cloud Discovery anomaly detection policy

B. an activity policy

C. a session policy

D. a file policy

You are creating a data loss prevention (DLP) policy that will apply to all available locations.
You configure an advanced DLP rule in the policy.
Which type of condition can you use in the rule?

A. Keywords

B. Content search query

C. Sensitive info type

D. Sensitive label

HOTSPOT
-
You have a Microsoft 365 subscription.
In Microsoft Exchange Online, you configure the mail flow rule shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.