You have a Microsoft 365 E5 subscription.
Users access their mailbox by using the following apps:
• Outlook Win32
• Outlook on the web
• Outlook for iOS and Android
You create a data loss prevention (DLP) policy named DLP1 that has the following settings:
• Location: Exchange email
• Status: On
• User notifications: On
• Notify users in Office 365 service with a policy tip: Enabled
Which apps display a policy tip when content is matched by using DLP1?

A. Outlook Win32 only

B. Outlook on the web only

C. Outlook Win32 and Outlook on the web only

D. Outlook Win32 and Outlook for iOS and Android only

E. Outlook Win32, Outlook on the web, and Outlook for iOS and Android

You have a Microsoft 365 subscription.
You create a new trainable classifier.
You need to train the classifier.
Which source can you use to train the classifier?

A. a Microsoft SharePoint Online site

B. an on-premises Microsoft SharePoint Server site

C. an NFS file share

D. an Azure Files share

You have a Microsoft 365 E3 subscription.
You plan to audit all Microsoft Exchange Online user and admin activities.
You need to ensure that all the Exchange audit log records are retained for one year.
What should you do?

A. Modify the record type of the default audit retention policy.

B. Modify the retention period of the default audit retention policy.

C. Create a custom audit retention policy.

D. Assign Microsoft 365 Enterprise E5 licenses to all users.

DRAG DROP
-
You have a Microsoft 365 E5 subscription.
You need to prevent the sharing of sensitive information in Microsoft Teams.
Which entities can you protect by applying a data loss prevention (DLP) policy to each resource? To answer, drag the appropriate activities to the correct entity. Each activity may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

A user reports that she can no longer access a Microsoft Excel file named Northwind Customer Data.xlsx.
From the Cloud App Security portal, you discover the alert shown in the exhibit.
 
You restore the file from quarantine.
You need to prevent files that match the policy from being quarantined. Files that match the policy must generate an alert.
What should you do?

A. Modify the policy template.

B. Assign the Global reader role to the file owners.

C. Exclude file matching by using a regular expression.

D. Update the governance action.

DRAG DROP
-
You have a Microsoft 365 E5 subscription.
You need to label Microsoft Exchange Online emails that match the following conditions:
•	Contain employment offers
•	Contain offensive language
•	Contain medical terms and conditions
The solution must minimize administrative effort.
Which type of data classification should you use for each condition? To answer, drag the appropriate data classification types to the correct conditions. Each data classification type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 tenant that contains a trainable classifier named Classifier1.
You need to increase the accuracy of Classifier1. The solution must use the principle of least privilege.
Which feature should you use and to which role group should you be added? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You create a custom sensitive info type that uses Exact Data Match (EDM).
You plan to periodically update and upload the data used for EDM.
What is the maximum frequency with which the data can be uploaded?

A. twice per week

B. twice per day

C. once every six hours

D. once every 48 hours

E. twice per hour

HOTSPOT -
You plan to create a custom sensitive information type that will use Exact Data Match (EDM).
You need to identify what to upload to Microsoft 365, and which tool to use for the upload.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

DRAG DROP
-
You have a Microsoft 365 E5 subscription.
You need to create the Microsoft Purview insider risk management policies shown in the following table.
 
Which policy template should you use for each policy? To answer, drag the appropriate policy templates to the correct policies. Each template may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You need to identify resumes that are stored in the subscription by using a built-in trainable classifier.
Solution: You create an auto-labeling policy for a sensitivity label.
Does this meet the goal?

A. Yes

B. No

You plan to import a file plan to the Microsoft 365 compliance center.
Which object type can you create by importing a records management file plan?

A. retention label policies

B. sensitive info types

C. sensitivity labels

D. retention labels

You are creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy1 that will have all locations selected.
Which two conditions can you use in the rule? Each correct answer presents a complete solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. Content contains

B. Content is shared from Microsoft 365

C. Document size equals or is greater than

D. Attachment’s file extension is

E. Document property is

You have a Microsoft 365 tenant that uses records management.
You use a retention label to mark legal files stored in a Microsoft SharePoint Online document library as regulatory records.
What can you do to the legal files?

A. Rename the files.

B. Edit the properties of the files.

C. Change the retention label of the files.

D. Copy the content of the files.

You have a Microsoft 365 E5 subscription that contains the resources shown in the following table.
 
You have a retention label configured as shown in the following exhibit.
 
You publish the retention label and set the scope as shown in the following exhibit.
 
You apply the label to the resources.
Which items can you delete?

A. Mail1 only

B. File1.docx and File2.xlsx only

C. Mail1 and File1.docx only

D. Mail1 and File2.xlsx only

E. Mail1, File1.docx, and File2.xlsx

You have a Microsoft 365 E5 subscription that contains a trainable classifier named Trainable1.
You plan to create the items shown in the following table.
 
Which items can use Trainable1?

A. Label2 only

B. Label1 and Label2 only

C. Label1 and Policy1 only

D. Label2, Policy1, and DLP1 only

You have a Microsoft 365 subscription linked to a Microsoft Entra tenant that contains a user named User1.
You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege.
Which role should you assign to User1?

A. the Reviewer role in the Microsoft Purview compliance portal

B. the View-Only Audit Logs role in the Exchange admin center

C. the Compliance Management role in the Exchange admin center

D. the Security Reader role in the Microsoft Entra admin center

Your company has a Microsoft 365 tenant.
The company performs annual employee assessments. The assessment results are recorded in a document named AssessmentTemplate.docx that is created by using a Microsoft Word template. Copies of the employee assessments are sent to employees and their managers. The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and OneDrive for Business folders. A copy of each assessment is also stored in a SharePoint Online folder named
Assessments.
You need to create a data loss prevention (DLP) policy that prevents the employee assessments from being emailed to external users. You will use a document fingerprint to identify the assessment documents. The solution must minimize effort.
What should you include in the solution?

A. Create a fingerprint of 100 sample documents in the Assessments folder.

B. Create a sensitive info type that uses Exact Data Match (EDM).

C. Import 100 sample documents from the Assessments folder to a seed folder.

D. Create a fingerprint of AssessmentTemplate.docx.

You are creating an advanced data loss prevention (DLP) rule in a DLP policy named Policy1 that will have all locations selected.
Which two conditions can you use in the rule? Each correct answer presents a complete solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. Content contains

B. Content is shared from Microsoft 365

C. Document size equals or is greater than

D. Attachment’s file extension is

E. Document property is

HOTSPOT -
You are implementing Microsoft Office 365 Message Encryption (OME) for a Microsoft 365 tenant named contoso.com.
You need to meet the following requirements:
✑ All email to a domain named fabrikam.com must be encrypted automatically.
✑ Encrypted emails must expire seven days after they are sent.
What should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You recently discovered that the developers at your company emailed Azure Storage keys in plain text to third parties.
You need to ensure that when Azure Storage keys are emailed, the emails are encrypted.
Solution: You create a data loss prevention (DLP) policy that has only the Exchange email location selected.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription.
From Microsoft Purview, you plan to create a content search for email messages that have a recipient of either
user1@contoso.com
or user2.contoso.com.
You need to add a condition to the KQL editor for the content search.
Which KQL query should you add as a condition?

A. Recipients: “user””#1-2””@contoso.com”

B. Recipients: (“user1@contoso.com” “user2@contoso.com”)

C. Recipients: (“user””#1-1””@contoso.com”)

D. Recipients= “user1@contoso.com” OR Recipients= “user2@contoso.com”

You have a Microsoft 365 E5 tenant that has data loss prevention (DLP) policies.
You need to create a report that includes the following:
•	Documents that have a matched DLP policy.
•	Documents that have had a sensitivity label changed.
•	Documents that have had a sensitivity label changed.
What should you use?

A. a content search

B. an eDiscovery case

C. communication compliance reports

D. Activity explorer

You have a Microsoft 365 tenant that contains a Microsoft SharePoint Online site named Site1.
You have the users shown in the following table.
 
You create a data loss prevention (DLP) policy for Site1 that detects credit card number information. You configure the policy to use the following protection action:
✑ When content matches the policy conditions, show policy tips to users and send them an email notification.
You use the default notification settings.
To Site1, User1 uploads a file that contains a credit card number.
Which users receive an email notification?

A. User1 and User2 only

B. User1 and User4 only

C. User1, User2, User3, and User4

D. User1 only

E. User1 and User3 only

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 contains 100 users and has dynamic user membership.
All users have Windows 10 devices and use Microsoft SharePoint Online and Exchange Online.
You create a sensitivity label named Label1 and publish Label1 as the default label for Group1.
You need to ensure that the users in Group must apply Label1 to their email and documents.
Which two actions should you perform? Each correct answer presents part of the solution
NOTE: Each correct selection is worth one point.

A. From the Microsoft Purview compliance portal, create an auto-labeling policy.

B. Install the Active Directory Rights Management Services (AD RMS) client on the Windows 10 devices,

C. From the Microsoft Purview compliance portal, modify the settings of the Label1 policy.

D. Install the Azure Information Protection unified labeling client on the Windows 10 devices.

E. From the Microsoft Entra admin center, set Membership type for Group1 to Assigned.

You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the following actions:
✑ Publish Sensitivity1.
✑ Create an auto-labeling policy for Sensitivity2.
You plan to create a file policy named Policy1 in Microsoft Cloud App Security.
Which sensitivity labels can you apply to Microsoft SharePoint Online in Policy1?

A. Sensitivity1 only

B. Sensitivity1, Sensitivity2, and Sensitivity3

C. Sensitivity2 only

D. Sensitivity1 and Sensitivity2 only

You have a Microsoft 365 E5 tenant that uses a domain named contoso.com.
A user named User1 sends link-based, branded emails that are encrypted by using Microsoft Office 365 Advanced Message Encryption to the recipients shown in the following table.
 
For which recipients can User1 revoke the emails?

A. Recipient4 only

B. Recipient1 only

C. Recipient1, Recipient2, Recipient3, and Recipient4

D. Recipient3 and Recipient4 only

E. Recipient1 and Recipient2 only

You are planning a data loss prevention (DLP) solution that will apply to computers that run Windows 10.
You need to ensure that when users attempt to copy a file that contains sensitive information to a USB storage device, the following requirements are met:
✑ If the users are members of a group named Group1, the users must be allowed to copy the file, and an event must be recorded in the audit log.
✑ All other users must be blocked from copying the file.
What should you create?

A. two DLP policies that each contains one DLP rule

B. one DLP policy that contains one DLP rule

C. one DLP policy that contains two DLP rules

You have a Microsoft 365 tenant that contains a Microsoft SharePoint Online site named Site1.
You have the users shown in the following table.
 
You create a data loss prevention (DLP) policy for Site1 that detects credit card number information. You configure the policy to use the following protection action:
✑ When content matches the policy conditions, show policy tips to users and send them an email notification.
You use the default notification settings.
To Site1, User1 uploads a file that contains a credit card number.
Which users receive an email notification?

A. User1 and User2 only

B. User1 and User4 only

C. User1, User2, User3, and User4

D. User1 only

E. User1 and User3 only

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You need to delegate the following tasks:
• Create and manage data loss prevention (DLP) policies.
• Review classified content by using Content explorer.
The solution must use the principle of least privilege.
Which user should perform each task? To answer, drag the appropriate users to the correct tasks. Each user may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
Solution: You run the Set-MailboxFolderPermission -Identity "User1" -User
User1@contoso.com
-AccessRights Owner command.
Does that meet the goal?

A. Yes

B. No

You plan to create a new data loss prevention (DLP) policy named DIP1.
DLP1 will be applied to the Exchange email location.
You need to exclude two users named User1 and User2 from DLP1.
What should you do first?

A. Create an organization sharing policy in Microsoft Exchange.

B. Create a mail flow rule in Microsoft Exchange.

C. Create a distribution list that contains User1 and User2.

D. Create an advanced DLP rule.

You have a Microsoft OneDrive for Business folder that contains the files shown in the following table.
 
In Microsoft Cloud App Security, you create a file policy to automatically apply a classification.
What is the effect of applying the policy?

A. The policy will apply to only the .docx and .txt files. The policy will classify the files within 24 hours.

B. The policy will apply to all the files. The policy will classify only 100 files daily.

C. The policy will apply to only the .docx files. The policy will classify only 100 files daily.

D. The policy will apply to only the .docx and .txt files. The policy will classify the files immediately.

You need to automatically apply a sensitivity label to documents that contain information about your company's network including computer names, IP addresses, and configuration information.
Which two objects should you use? Each correct answer presents part of the solution. (Choose two.)
NOTE: Each correct selection is worth one point.

A. an Information protection auto-labeling policy

B. a custom trainable classifier

C. a sensitive info type that uses a regular expression

D. a data loss prevention (DLP) policy

E. a sensitive info type that uses keywords

F. a sensitivity label that has auto-labeling

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are configuring a file policy in Microsoft Cloud App Security.
You need to configure the policy to apply to all files. Alerts must be sent to every file owner who is affected by the policy. The policy must scan for credit card numbers, and alerts must be sent to the Microsoft Teams site of the affected department.
Solution: You use the Built-in DLP inspection method and send alerts to Microsoft Power Automate.
Does this meet the goal?

A. Yes

B. No

You need to provide a user with the ability to view data loss prevention (DLP) alerts in the Microsoft 365 compliance center. The solution must use the principle of least privilege.
Which role should you assign to the user?

A. Compliance data administrator

B. Security operator

C. Compliance administrator

D. Security reader

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 10. The computers are onboarded to the Microsoft 365 compliance center.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers. Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From the Cloud App Security portal, you create an app discovery policy.
Does this meet the goal?

A. Yes

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You implement Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed. The computers are joined to Azure Active Directory (Azure AD).
You need to ensure that Endpoint DLP policies can protect content on the computers.
Solution: You deploy the Endpoint DLP configuration package to the computers.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have a Microsoft 365 sensitivity label that is published to all the users in your Microsoft Entra tenant as shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You create a data loss prevention (DLP) policy. The Advanced DLP rules page is shown in the Rules exhibit.
 
The Review your settings page is shown in the Review exhibit.
 
You need to review the potential impact of enabling the policy without applying the actions.
What should you do?

A. Edit the policy, remove all the actions in DLP rule 1, and select I’d like to test it out first.

B. Edit the policy, remove the Restrict access to the content and Send incident report to Administrator actions, and then select Yes, turn it on right away.

C. Edit the policy, remove all the actions in DLP rule 1, and select Yes, turn it on right away.

D. Edit the policy, and then select I’d like to test it out first.

HOTSPOT -
While creating a retention label, you discover that the following options are missing:
✑ Mark items as a record
✑ Mark items as a regulatory record
You need to ensure that the options are available when you create retention labels in the Microsoft 365 compliance center.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 E5 subscription.
You need to create a Microsoft Defender for Cloud Apps policy that will detect data loss prevention (DLP) violations.
What should you create?

A. a Cloud Discovery anomaly detection policy

B. an activity policy

C. a session policy

D. a file policy

You have a Microsoft 365 E5 tenant that contains a user named User1. User1 is assigned the Compliance Administrator role.
User1 cannot view the regular expression in the IP Address sensitive info type.
You need to ensure that User1 can view the regular expression.
What should you do?

A. Assign User1 the Global Reader role.

B. Assign User1 to the Reviewer role group.

C. Instruct User to use the Test function on the sensitive info type.

D. Create a copy of the IP Address sensitive info type and instruct User1 to edit the copy.

HOTSPOT
-
You have a hybrid Microsoft 365 deployment that contains the users shown in the following table.
 
You need to perform an eDiscovery content search.
Which user's data can be included in the content search? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

DRAG DROP -
You have a Microsoft 365 tenant that uses data loss prevention (DLP).
You have a custom employee information form named Template1.docx.
You need to create a classification rule package based on the document fingerprint of Template1.docx.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

Your company has a Microsoft 365 tenant that uses a domain named contoso.com.
The company uses Microsoft Office 365 Message Encryption (OME) to encrypt email sent to users in fabrikam.com.
A user named User1 erroneously sends an email to
user2@fabrikam.com
.
You need to prevent
user2@fabrikam.com
from accessing the email.
What should you do?

A. Run the Get-MessageTrace cmdlet.

B. Run the Set-OMEMessageRevocation cmdlet.

C. Instruct User1 to delete the email from her Sent Items folder from Microsoft Outlook.

D. Run the New-ComplianceSearchAction cmdlet.

E. Instruct User1 to select Remove external access from Microsoft Outlook on the web.

You have a Microsoft 365 E5 subscription.
You need to prevent users from uploading data loss prevention (DLP)-protected documents to the following third-party websites:
•	web1.contoso.com
•	web2.contoso.com
The solution must minimize administrative effort.
To what should you set the Service domains setting for Endpoint DLP?

A. contoso.com

B. web*.contoso.com

C. *.contoso.com

D. web1.contoso.com and web2.contoso.com

You have a Microsoft 365 E5 subscription that contains a user named User1.
You need to ensure that all email messages that contain attachments are encrypted automatically by using Microsoft Purview Message Encryption.
What should you create?

A. a sensitivity label

B. an information barrier segment

C. a data loss prevention (DLP) policy

D. a mail flow rule

You have a Microsoft 365 tenant that contains the users shown in the following table.
 
You configure a retention label to trigger a disposition review at the end of the retention period.
Which users can access the Disposition tab in the Microsoft 365 compliance center to review the content?

A. User1 only

B. User2 only

C. User3 only

D. User1 and User3

E. User3 and User4

You need to meet the retention requirement for the users' Microsoft 365 data.
What is the minimum number of retention policies that you should use?

A. 1

B. 2

C. 3

D. 4

E. 6