HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You plan to create a new sensitive information type (SIT) by using the Microsoft Purview compliance portal.
You need to copy and modify an existing SIT from which to create the new SIT.
What are two SITs that you can copy and modify? To answer, select the appropriate SITs in the answer area.
NOTE: Each selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You need to implement a compliance solution that meets the following requirements:
•	Captures clips of key security-related user activities, such as the exfiltration of sensitive company data.
•	Integrates data loss prevention (DLP) capabilities with insider risk management.
What should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You plan to implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You need to identify which end user activities can be audited on the endpoints, and which activities can be restricted on the endpoints.
What should you identify for each activity? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Build-in DLP inspection method and send alerts to Microsoft Power Automate.
Does this meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Data Classification service inspection method and send alerts as email.
Does this meet the goal?

A. Yes

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).
You need to ensure that Endpoint DLP policies can protect content on the computers.
Solution: You enroll the computers in Microsoft Intune.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 E5 subscription that contains two Microsoft SharePoint Online sites named Site1 and Site2.
You plan to configure a retention label named Label1 and apply Label1 to all the files in Site1.
You need to ensure that two years after a file is created in Site1, the file moves automatically to Site2.
How should you configure the Choose what happens after the retention period setting for Label1?

A. Run a Power Automate flow

B. Change the label

C. Deactivate retention settings

D. Start a disposition review

HOTSPOT -
You need to implement an information compliance policy to meet the following requirements:
✑ Documents that contain passport numbers from the United States, Germany, Australia, and Japan must be identified automatically.
✑ When a user attempts to send an email or an attachment that contains a passport number, the user must receive a tooltip in Microsoft Outlook.
✑ Users must be blocked from using Microsoft SharePoint Online or OneDrive for Business to share a document that contains a passport number.
What is the minimum number of sensitivity labels and auto-labeling policies you should create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT
-
You have a Microsoft SharePoint Online site named Site1 that contains the files shown in the following table.
 
You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.
 
You apply DLP1 to Site1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
The subscription contains the users shown in the following table.
 
You create the mail flow rules shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains two users named User1 and User2 and a group named Group1. User1 is a member of Group1.
The subscription contains the sensitivity labels shown in the following table.
 
You have a sensitivity label policy named Policy1 that is published to User1 and User2. The policy includes the following labels:
•	General
•	Confidential
•	Confidential/Low
•	Confidential/High
•	Confidential/Medium
For Policy1, the default label for documents is Confidential/Low.
You have a sensitivity label policy named Policy2 that is published to Group1. The policy includes the following labels:
•	Secret
•	General
•	Secret/Low
•	Secret/High
•	Secret/Medium
For Policy2, the default label for documents is Secret/Low.
You have a sensitivity label policy named Policy3 that is published to User1 and User2. The policy includes the following labels:
•	Secret
•	General
•	Secret/Low
•	Secret/High
•	Secret/Medium
For Policy3, the default label for documents is Secret/Medium.
The order of the policies is shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription.
You need to create a Microsoft Defender for Cloud Apps policy that will detect data loss prevention (DLP) violations.
What should you create?

A. a Cloud Discovery anomaly detection policy

B. an activity policy

C. a session policy

D. a file policy

You need to recommend a solution that meets the executive requirements.
What should you recommend?

A. From the Microsoft 365 compliance center, create a DLP policy.

B. From the Exchange admin center, enable archive mailboxes.

C. From the Microsoft 365 compliance center, create a retention label.

D. From the Microsoft 365 compliance center, create a retention policy.

You have a Microsoft SharePoint Online site that contains employee contracts in a document library named Contracts.
The contracts must be treated as records in accordance with your company's records management policy.
You need to implement a solution to automatically mark all the contracts as records when they are uploaded to Contracts.
Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. Create a sensitivity label.

B. Create a retention label.

C. Configure a default label on the Contracts document library.

D. Create a retention policy.

E. Create a file plan.

F. Create a retention lock.

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You are evaluating Data Protection Baseline compliance by using Compliance Manager.
You need to identify improvement actions that meet the following requirements:
• Provide data loss prevention (DLP) policy recommendations.
• Provide Data Protection Baseline recommendations.
Which filter should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and three branch offices in Seattle, Boston, and Johannesburg.
Existing Environment -
Microsoft 365 Environment -
Contoso has a Microsoft 365 E5 tenant. The tenant contains the administrative user accounts shown in the following table.
 
Users store data in the following locations:
SharePoint sites
OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages
When users in the research department create documents, they must add a 10-digit project code to each document. Project codes that start with the digits 999 are confidential.
SharePoint Online Environment -
Contoso has four Microsoft SharePoint Online sites named Site1, Site2, Site3, and Site4.
Site2 contains the files shown in the following table.
 
Two users named User1 and User2 are assigned roles for Site2 as shown in the following table.
 
Site3 stores documents related to the company's projects. The documents are organized in a folder hierarchy based on the project.
Site4 has the following two retention policies applied:
Name: Site4RetentionPolicy1
- Locations to apply the policy: Site4
- Delete items older than: 2 years
- Delete content based on: When items were created
Name: Site4RetentionPolicy2
- Locations to apply the policy: Site4
- Retain items for a specific period: 4 years
- Start the retention period based on: When items were created
- At the end of the retention period: Do nothing
Problem Statements -
Management at Contoso is concerned about data leaks. On several occasions, confidential research department documents were leaked.
Requirements -
Planned Changes -
Contoso plans to create the following data loss prevention (DLP) policy:
Name: DLPpolicy1
Locations to apply the policy: Site2
Conditions:
- Content contains any of these sensitive info types: SWIFT Code
- Instance count: 2 to any
Actions: Restrict access to the content
Technical Requirements -
Contoso must meet the following technical requirements:
All administrative users must be able to review DLP reports.
Whenever possible, the principle of least privilege must be used.
For all users, all Microsoft 365 data must be retained for at least one year.
Confidential documents must be detected and protected by using Microsoft 365.
Site1 documents that include credit card numbers must be labeled automatically.
All administrative users must be able to create Microsoft 365 sensitivity labels.
After a project is complete, the documents in Site3 that relate to the project must be retained for 10 years.
You are evaluating the technical requirements for the DLP reports.
Which user can currently view the DLP reports?

A. Admin4

B. Admin1

C. Admin5

D. Admin2

E. Admin3

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings, you add the application to the unallowed apps list.
Does this meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-AdminAuditlogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox* command.
Does that meet the goal?

A. Yes

B. No

You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the following actions:
✑ Publish Sensitivity1.
✑ Create an auto-labeling policy for Sensitivity2.
You plan to create a file policy named Policy1 in Microsoft Cloud App Security.
Which sensitivity labels can you apply to Microsoft SharePoint Online in Policy1?

A. Sensitivity1 only

B. Sensitivity1, Sensitivity2, and Sensitivity3

C. Sensitivity2 only

D. Sensitivity1 and Sensitivity2 only

You have a Microsoft 365 E5 tenant that contains the policies shown in the following table.
 
A file named File1 has all the policies applied.
How long will File1 be retained?

A. File1 will be deleted automatically after seven years.

B. File1 will be deleted automatically after five years.

C. File1 will be retained until the file is deleted manually.

D. File1 will be deleted automatically after 10 years.

You are creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy1 that will have all locations selected.
Which two conditions can you use in the rule? Each correct answer presents a complete solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. Content contains

B. Content is shared from Microsoft 365

C. Document size equals or is greater than

D. Attachment’s file extension is

E. Document property is

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Data Classification service inspection method and send alerts as email.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1.
You need to create a data loss prevention (DLP) policy to prevent the sharing of files that contain source code. The solution must minimize administrative effort.
What should you include in the solution?

A. an exact data match (EDM) data classification

B. a sensitive info type that uses a keyword dictionary

C. a sensitive info type that uses regular expressions

D. a trainable classifier

You have a Microsoft 365 subscription.
You have a team named Team1 in Microsoft Teams.
You plan to place all the content in Team1 on hold.
You need to identify which mailbox and which Microsoft SharePoint site collection are associated to Team1.
Which cmdlet should you use?

A. Get-UnifiedGroup

B. Get-TeamChannel

C. Get-MailUser

D. Get-Team

You have a Microsoft 365 E5 tenant that contains a Microsoft SharePoint Online site named Site1 and a user named User1. The tenant has auditing enabled.
You need to ensure that User1 can perform disposition reviews. The solution must use the principle of the least privilege.
What should you do?

A. Assign User1 the Compliance Data Administrator role.

B. Add User1 to the Records Management role group.

C. Assign User1 the Data Investigator role.

D. Add User1 to the Content Explorer Content Viewer role group.

You have a Microsoft SharePoint Online site that contains employee contracts in a document library named Contracts.
The contracts must be treated as records in accordance with your company's records management policy.
You need to implement a solution to automatically mark all the contracts as records when they are uploaded to Contracts.
Which two actions should you perform? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. Create a sensitivity label.

B. Create a retention label.

C. Configure a default label on the Contracts document library.

D. Create a retention policy.

E. Create a file plan.

F. Create a retention lock.

You have a Microsoft 365 E5 subscription.
Users access their mailbox by using the following apps:
• Outlook Win32
• Outlook on the web
• Outlook for iOS and Android
You create a data loss prevention (DLP) policy named DLP1 that has the following settings:
• Location: Exchange email
• Status: On
• User notifications: On
• Notify users in Office 365 service with a policy tip: Enabled
Which apps display a policy tip when content is matched by using DLP1?

A. Outlook Win32 only

B. Outlook on the web only

C. Outlook Win32 and Outlook on the web only

D. Outlook Win32 and Outlook for iOS and Android only

E. Outlook Win32, Outlook on the web, and Outlook for iOS and Android

HOTSPOT -
You have a Microsoft 365 tenant.
A retention hold is applied to all the mailboxes in Microsoft Exchange Online.
A user named User1 leaves your company, and the account of User1 is deleted from Azure Active Directory (Azure AD).
You need to create a new user named User2 and provide User2 with access to the mailbox of User1.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You have the data loss prevention (DLP) rule match shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 tenant that uses Microsoft Teams.
You need to ensure that all internal communication is stored for a minimum of seven years.
What should you create first?

A. a retention label

B. a Microsoft SharePoint Online site

C. a Microsoft Exchange Online shared mailbox

D. a retention label policy

A compliance administrator recently created several data loss prevention (DLP) policies.
After the policies are created, you receive a higher than expected volume of DLP alerts.
You need to identify which rules are generating the alerts.
Which DLP report should you use?

A. Third-party DLP policy matches

B. DLP policy matches

C. DLP incidents

D. False positive and override

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has all locations selected.
Does this meet the goal?

A. Yes

B. No

DRAG DROP
-
Your company has two departments named department1 and department2 and a Microsoft 365 E5 subscription.
You need to prevent communication between the users in department1 and the users in department2.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription.
You create a role group named Role1.
You need to add a role to Role1 that will enable group members to view the metadata of records that were tagged for deletion automatically at the end of the records’ retention period. The solution must use the principle of least privilege.
Which role should you add?

A. Review

B. View-Only Retention Management

C. Retention Management

D. Disposition Management

E. Record Management

HOTSPOT -
You create a sensitivity label as shown in the Sensitivity Label exhibit.
 
You create an auto-labeling policy as shown in the Auto Labeling Policy exhibit.
 
A user sends the following email:
From:
user1@contoso.com
-
To:
user2@fabrikam.com
-
Subject: Address List -
Message Body:
Here are the lists that you requested.
Attachments:
<>
<>
Both attachments contain lists of IP addresses.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

In Microsoft Exchange Online, you have a retention policy named Policy1 that applies a retention tag named Tag1.
You plan to remove Tag1 from Policy1.
What will occur when you remove the tag from Policy1?

A. The content will remain tagged and the Managed Folder Assistant will process Tag1.

B. Tag1 will be removed if Policy1 applied the tag to the content.

C. The content will remain tagged, but the Managed Folder Assistant will ignore Tag1.

SIMULATION
-
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@123456789.onmicrosoft.com
Microsoft 365 Password: **********
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 12345678
-
You are investigating a data breach.
You need to retain all Microsoft Exchange items in the mailbox of Alex Wilber that contain the word Falcon and were created in the year 2021.
To complete this task, sign in to the appropriate admin center.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-Mailbox -Identity "User1" -AuditEnabled $true command.
Does that meet the goal?

A. Yes

B. No

HOTSPOT -
You need to meet the technical requirements for the confidential documents.
What should you create first, and what should you use for the detection method? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the following actions:
✑ Publish Sensitivity1.
✑ Create an auto-labeling policy for Sensitivity2.
You plan to create a file policy named Policy1 in Microsoft Cloud App Security.
Which sensitivity labels can you apply to Microsoft SharePoint Online in Policy1?

A. Sensitivity1 only

B. Sensitivity1, Sensitivity2, and Sensitivity3

C. Sensitivity2 only

D. Sensitivity1 and Sensitivity2 only

You have a Microsoft 365 E5 subscription.
You plan to implement retention policies for Microsoft Teams.
Which item types can be retained?

A. voice memos from the Teams mobile client

B. embedded images

C. code snippets

HOTSPOT
-
You have a Microsoft 365 subscription that contains a sensitivity label named Contoso Confidential.
You publish Contoso Confidential to all users.
Contoso Confidential is configured as shown in the Configuration exhibit. (Click the Configuration tab.)
 
The Encryption settings of Contoso Confidential are configured as shown in the Encryption exhibit. (Click the Encryption tab.)
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You need to recommend a solution to configure the Microsoft 365 Records management settings by using the CSV file. The solution must meet the compliance requirements.
What should you recommend?

A. Use EdmUploadAgent.exe to upload a hash of the CSV to a datastore.

B. Use a PowerShell command that pipes the Import-Csv cmdlet to the New-RetentionPolicy cmdlet.

C. From the Microsoft 365 compliance center, import the CSV file to a file plan.

D. Use a PowerShell command that pipes the Import-Csv cmdlet to the New-Label cmdlet.

You have a Microsoft 365 E5 subscription that contains two Microsoft SharePoint Online sites named Site1 and Site2.
You plan to configure a retention label named Label1 and apply Label1 to all the files in Site1.
You need to ensure that two years after a file is created in Site1, the file moves automatically to Site2.
How should you configure the Choose what happens after the retention period setting for Label1?

A. Run a Power Automate flow

B. Change the label

C. Deactivate retention settings

D. Start a disposition review

You have a Microsoft 365 tenant that has devices onboarded to Microsoft Defender for Endpoint as shown in the following table.
 
You plan to start using Microsoft 365 Endpoint data loss protection (Endpoint DLP).
Which devices support Endpoint DLP?

A. Device5 only

B. Device2 only

C. Device1, Device2, Device3, Device4, and Device5

D. Device3 and Device4 only

E. Device1 and Device2 only

You have a Microsoft 365 E5 tenant and the Windows 10 devices shown in the following table.
 
To which devices can you apply Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings?

A. Device1, Device3, and Device4 only

B. Device1, Device2, Device3, and Device4

C. Device1 and Device2 only

D. Device1 and Device3 only

E. Device1 only

HOTSPOT -
You have a Microsoft 365 tenant that uses data loss prevention (DLP) to protect sensitive information.
You create a new custom sensitive info type that has the matching element shown in the following exhibit.
 
The supporting elements are configured as shown in the following exhibit.
 
The confidence level and character proximity are configured as shown in the following exhibit.
 
For each of the following statements, select Yes if statement is true. Otherwise, select No
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 subscription.
You need to be notified by email whenever an administrator starts an eDiscovery search.
What should you do from the Microsoft Purview compliance portal?

A. From Records management create event type.

B. From eDiscovery, create an eDiscovery case.

C. From Content search, create a new search.

D. From Policies, create an alert policy.

You need to provide a user with the ability to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The solution must use the principle of least privilege.
Which role should you assign to the user?

A. Compliance data administrator

B. Security operator

C. Compliance administrator

D. Security reader

You create a retention label that has a retention period of seven years.
You need to ensure that documents containing a credit card number are retained for seven years. Other documents must not be retained.
What should you create?

A. a retention label policy of type publish

B. a retention policy that retains files automatically

C. a retention policy that deletes files automatically

D. a retention label policy of type auto-apply