Professional Documents
Culture Documents
Level: Intermediate
No. Domain Total Question Correct Incorrect Unattempted Marked for Review
2 Implement DLP 16 0 0 16 0
b a n
Your coordinator wants to ban employees in the accounting department from sending files containing sensitive data to people0 outside the
company.
You need to secure the content of the company's Microsoft Exchange mailbox.
A. Yes right
B. No wrong
Explanation:
Correct Answer: A
Option A is correct. To secure the content of the company’s mailbox, you should use document fingerprinting to detect word patterns in
files. Through document fingerprinting, you can safeguard data in your organization’s mailbox by recognizing unique word patterns in your
files included in emails. When a detected file in the mailbox matches sensitive information, document fingerprinting will ban the email from
being sent to people outside the company.
Reference:
To know more about document Fingerprinting, please refer to the link below
https://docs.microsoft.com/en-us/microsoft-365/compliance/document-fingerprinting?view=o365-worldwide
Ask our Experts
Question 2 Unattempted
Your coordinator wants to ban employees in the accounting department from sending files containing sensitive data to people outside the
company.
You need to secure the content of the company's Microsoft Exchange mailbox.
A. Yes
B. No right
Explanation:
Correct Answer: B
Option B is correct. In the process of data management, companies use retention policies to decide if specific data should be retained or
deleted. This will not allow banning sending files to people outside.
Reference:
Question 3 Unattempted
Your coordinator wants to ban employees in the accounting department from sending files containing sensitive data to people outside the
company.
You need to secure the content of the company's Microsoft Exchange mailbox.
A. Yes right
B. No
Explanation:
Correct Answer: A
This solution meets the goal. To secure the content of the company’s mailbox, you should use Microsoft 365 Message Encryption. Using this
feature, you can encrypt the messages that are sent by employees so that if emails containing sensitive files are received by people outside
the organization, they will not be able to view their content. In order to use this feature, a flow rule should be created in the Exchange Admin
Center
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome?view=o365-worldwide
Question 4 Unattempted
You are administering a Microsoft 365 tenant for a software development company. The supporting documentation with the programming
code must be identified as confidential.
You need to implement a secure solution while keeping administrative efforts to a minimum.
A. Yes
B. No right
Explanation:
Correct Answer: B
Option B is correct. Keyword dictionaries represent a powerful possibility to handle large lists of regularly changing words.
Reference:
https://docs.microsoft.com/en-us/learn/modules/create-manage-sensitive-information-types/6-create-keyword-dictionary
Question 5 Unattempted
You are administering a Microsoft 365 tenant for a software development company. The supporting documentation with the programming
code must be identified as confidential.
You need to implement a secure solution while keeping administrative efforts to a minimum.
A. Yes right
B. No
Explanation:
Correct Answer: A
Option A is correct. A single sensitive information type entity comprises the following fields: name, description, and pattern. A pattern
consists of a primary element, a supporting element, a confidence level, and proximity. Therefore, the regular expression is a method to
identify a primary element or supporting elements. In this case, it is very cumbersome to create a pattern based on a regular expression
as there is no specific pattern in the source code.
Reference:
Learn about sensitive information types - Microsoft Purview (compliance) | Microsoft Learn
Question 6 Unattempted
You are administering a Microsoft 365 tenant for a software development company. The supporting documentation with the programming
code must be identified as confidential.
You need to implement a secure solution while keeping administrative efforts to a minimum.
Solution: Request at least 50 samples of supporting documentation with the programming code. Then Implement a source code trainable
classifier.
A. Yes
B. No right
Explanation:
Correct Answer: B
Option B is correct. You should request at least 50 samples of supporting documentation with the programming code and implement a
source code trainable classifier. This type of data classification is applicable if content cannot be easily identified by applying pattern
matching. Trainable classifiers utilize the potential of AI and ML (machine learning) in order to identify data to protect and govern. This type
of classifier is trained to determine content based on what it is, instead of looking for a specific element in a document.
Resumes
Source Code
Harassment
Profanity
Threat
In this scenario, the best choice is a source code trainable classifier, as the documentation contains the source code.
Reference:
Question 7 Unattempted
You are administering a Microsoft 365 tenant for a software development company. The supporting documentation with the programming
code must be identified as confidential.
You need to implement a secure solution while keeping administrative efforts to a minimum.
Solution: Create a sensitive information type using Exact Data Match (EDM).
A. Yes
B. No right
Explanation:
Correct Answer: B
Option B is Correct. You should not create a sensitive information type using exact Data Match. Sensitive information types based on EDM
classification gives you the possibility to create custom sensitive information types, which correspond to the exact values in a sensitive
information database. The database can be refreshed daily. The database can hold up to 100 million rows of data. It does not matter how
often you register your partners, Contractors, Patients, and change the records about them, your custom sensitive information type will
stay current and still be applicable. In the presented scenario, there is no exact pattern to match to identify sensitive information.
Reference:
Question 8 Unattempted
The director of a hospital is planning to open a hospital in your region asks you to configure a Microsoft 365 Compliance tool for the hospital.
In order to avoid the employees of the accounting department from accidentally sharing sensitive information within the chat of Microsoft
Teams with the staff of the hospital.
You need to recommend a Microsoft 365 Compliance tool to protect its data as required by the director.
A. Trainable Classifiers
C. Auto-labeling policies
Explanation:
Correct Answer: D
Incorrect Answer A: You should not use trainable classifiers. A trainable classifier is a tool used in data classification that allows you to train
a classifier to detect content based on a training process carried out in SharePoint Online Libraries. This tool does not allow you to protect
data as required by the director.
Incorrect Answer B: You should not use OME. This tool is used for encrypting emails and keeping their content secure. It does now allow you
to prevent sensitive data from being shared in Microsoft Teams. Microsoft 365 Message Encryption is a part of Azure Information Protection.
Incorrect Answer C: You should not use auto-labeling policies. Sensitivity labels can be applied automatically to content based on auto-
labeling policies. Auto-labeling policies can be used in SharePoint, OneDrive and Exchange apps to automatically label files at rest by
matching content of file. They cannot stop messages from being shared on their own.
Correct Answer D: Using a DLP policy will allow you to ban the accidental sharing of sensitive information with people inside the
organization. A DLP policy examines files and messages for sensitive information that is predefined by the user when creating the policy.
On detecting the sensitive information within the chat of Microsoft Teams, the DLP policy can display a pop-up tip to the accounting
department to warn them before they share sensitive data with the hospital staff.
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide
Question 9 Unattempted
Domain: Implement DLP
You are the administrator of the Microsoft 365 tenant for Company A. The on-premises Active Directory (AD) root.companya.com domain is
synchronized with Azure Active Directory (Azure AD). Sensitivity labels for confidential documents are configured. Some employees have
Dropbox accounts.
A company responsible for compliance notices that some employees are using Dropbox to exchange confidential documents containing
credit card numbers.
You need to ensure whether a company document with the confidential sensitivity label applied is uploaded to Dropbox, and the file should get
deleted automatically.
A. Create a file policy in Microsoft defender for cloud apps that uses the built-in data loss prevention (DLP) inspection method right
D. Edit an existing retention label that enforces the item deletion settings
Explanation:
Correct Answer: A
Correct Answer A: You should create a file policy in Microsoft defender for cloud apps that uses the bui8lt-in DLP inspection method. Using
file policies, you can enforce a broad variety of automated processes. File policies can be configured to continuously scan for compliance
violations, sensitive content sharing violations, and many other different use cases. With the built-in DLP method, you can choose to use
either preset expression to look for additional events or to search content using customized expressions. When using data classification
service, you can define custom sensitive information types, exact data matches, document fingerprints, or trainable classifiers.
Besides protection of Microsoft 365 content, CAS can also take actions on non-Microsoft cloud applications, such as Dropbox. To be able to
protect your sensitive documents in this case, you have to create a connection to the Dropbox instance and create a file policy by first
connecting to MCAS portal and filtering all the relevant files.
Incorrect Answer B: You should not create a DLP policy that applies to devices. Microsoft Endpoint DLP is used to discover and protect
sensitive content throughout Microsoft 365 services. Endpoint DLP provides a solution to monitor Windows devices and to detect how
sensitive content saved physically on that device is used and shared.
Incorrect Answer C & D: You should not create or edit retention labels that enforce the item deletion settings. Retention labels cannot be
applied on Data stored in non-Microsoft cloud applications directly.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-use-policies-non-microsoft-cloud-apps?view=o365-worldwide
Question 10 Unattempted
You are asked to create a DLP policy to prevent Microsoft Teams users from sharing sensitive information.
Documents with sensitive information are not allowed to be shared in Microsoft Teams.
Messages with sensitive information should be deleted as soon as they are shared during a Microsoft Teams chat session
In which three locations should you apply the policy? Each correct answer presents part of the solution.
A. On-Premises repositories
B. Devices
D. Exchange email
Explanation:
Option C and E is correct - You should select SharePoint sites and OneDrive accounts as locations. All documents uploaded in Microsoft
Teams are saved in SharePoint. All documents shared in Microsoft Teams are saved in the OneDrive of the person who shared the
document. To prevent sharing and uploading documents with sensitive information in Microsoft Teams, you have to select both of these
locations.
Option F is correct - You should also select Teams chat and channel messages. Selecting this location in DLP policy will prevent disclosure
of sensitive information in chats and channel messages.
Option D is incorrect - You should not select Exchange email. You would select this location if you were required to protect sensitive
information sent in email messages.
Option A, B & G are incorrect - You should not use devices, Microsoft Cloud App Security, Or on-premises repositories. Creating DLP
protection in these locations is not a requirement in this scenario.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide
Question 11 Unattempted
A Member of a company’s accounting team requests access to the Data Loss Prevention (DLP) report generated at the end of the past month
due to suspicion regarding some emails sent by the team leader to people outside the organization.
You need to assign a role to accounting team members to allow them to read the DLP report. The role should prevent the team member from
making changes to the report.
A. Security Administrator
B. Compliance Administrator
D. Global Administrator
Explanation:
Correct Answer: C
Incorrect Answer A: A security administrator can read and manage security reports in addition to security configurations. This role does
not match the requirements, since employees should be granted read-only permission.
Incorrect Answer B: A Compliance administrator has full access to DLP reports, including the ability to make changes to them.
Correct Answer C: This is the only role that grants read-only permission for the DLP reports the user wants to read.
Incorrect Answer D: This role grants the user full access to reports, including the ability to edit, and allows them to search for the audit log
to find if an employee viewed a specified document. The employee in the scenario must have read-only permission that allows them to
only read the DLP reports.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?
view=o365-worldwide
Question 12 Unattempted
You are implementing Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed.
You need to ensure that Endpoint DLP policies can protect sensitive content on the computers.
Solution: You join the endpoints to Azure Ad or Hybrid Azure AD.
B. No right
Explanation:
Correct Answer: B
Option B is correct. Only Joining the devices to Azure Ad or Local AD won't work because signals from endpoint devices must go from
devices to the compliance center where it will be checked for DLP violation. Hence, we would need an agent installed on endpoint
computers.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide
Question 13 Unattempted
You are implementing Microsoft 365 Endpoint data loss prevention (Endpoint DLP).
You have computers that run Windows 10 and have Microsoft 365 Apps installed.
You need to ensure that Endpoint DLP policies can protect sensitive content on the computers
B. No
Explanation:
Correct Answer: A
Option A is correct. When you onboard the computers to Microsoft defender for Endpoint, Defender for Endpoint agent is installed in the
endpoint device. This agent communicates with the compliance center where we have our Endpoint DLP policy. Any action you do on that
computer will be monitored and checked with the policy; you can have a policy in the compliance portal to protect sensitive contents on
the computers like block copy to USB.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide
you have a Microsoft 365 Enterprise subscription. You create several customer data loss prevention (DLP) policies for your organization. You are
currently testing your policies
You need to reduce the number of alert notifications issued for DLP events. You edit the policies in the Security & Compliance center.
What configuration value do you need to change?
A. User override
B. Threshold right
C. Policy tips
D. Match accuracy
Explanation:
Correct Answer: B
Incorrect Answer A: You should not change the user override. User override determines if a user can override when an action blocks
access to content. User override is either or disabled for a rule.
Correct Answer B: You need to change the alert threshold. This is the only value listed that will change the number of alert notifications
issued. The threshold defines how many times an activity must occur before an alert is triggered
Incorrect Answer C: You should not change the policy tips. Policy tips define the information displayed in a user notification when an alert is
triggered, but it does not change how often the alert is triggered.
Incorrect Answer D: You should not change the match accuracy. Match accuracy is used to report the likelihood that a match is accurate.
Changing the value changes the reported information, but it does change how often the alert is triggered.
Reference:
To know more please refer to the link below
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
Question 15 Unattempted
Employees in your company use emails to contact vendors. All emails include sensitive information sent and received by vendors. Your
manager wants to prevent the deletion of all content included in the emails sent and received by the company.
A. Yes right
B. No
Explanation:
Correct Answer: A
Option A is correct. To prevent the deletion of all content included in the emails sent and received by the company, you should apply a
Litigation hold. A Litigation hold is a feature used in Microsoft Exchange, where the mailbox of the company is said to be put on Litigation
hold. This feature is used by companies to prevent the deletion of all content found in the mailbox of the company. You can apply a
Litigation hold in the Exchange Admin Center or by running an Exchange Online PowerShell cmdlet.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-litigation-hold?view=o365-worldwide
Question 16 Unattempted
Employees in your company use emails to contact vendors. All emails include sensitive information sent and received by vendors. Your
manager wants to prevent the deletion of all content included in the emails sent and received by the company.
A. Yes
B. No right
Explanation:
Correct Answer: B
Option B is correct. In the process of data classification, companies use trainable classifiers to detect content based on a training process
performed within SharePoint Online Libraries. This tool does not allow you to prevent the deletion of all content included in the emails sent
and received by the company as is required in the scenario.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide
Question 17 Unattempted
Employees in your company use emails to contact vendors. All emails include sensitive information sent and received by vendors. Your
manager wants to prevent the deletion of all content included in the emails sent and received by the company.
A. Yes
B. No right
Explanation:
Correct Answer: B
Option B is correct. Creating a file policy in MCAS is included in the process of combining DLP with MCAS, where you can detect, for
example, when a file is shared from SharePoint with a non-Microsoft app. This does not meet the scenario requirement since this solution
cannot prevent the deletion of the content found in emails as required in the solution.
Reference:
https://docs.microsoft.com/en-us/defender-cloud-apps/data-protection-policies
Question 18 Unattempted
You administer a Microsoft 365 for a hardware manufacturing company. After a hardware item is pulled from production, the company policy
requires the hardware item documents to be preserved for 15 years.
You need to ensure that, when the document retention period starts, the relevant documents stay immutable. They should not be able to be
modified or deleted at any point during their retention period.
What should you do to meet these requirements?
A. Create an event
Explanation:
Correct Answer: B
Incorrect Answer A: An event is an integral part of event-driven retention. Events help a retention period to get started as soon as a specific
type of event occurs, not when the content was created, last modified, or labeled.
Correct Answer B: A record is an electronic or physical entity that provides evidence of an activity executed by the organization and
requires retention for a duration of time. Microsoft provides a solution to manage records to enable organizations to manage their legal
requirements. Before using record management, it is first necessary to declare the relevant items as records. Once content is declared as
a record, it becomes immutable and cannot be modified or deleted until the retention period has expired.
Incorrect Answer C: Label policies combine one or multiple retention labels in one unit, which can be applied to one or multiple items. First,
you should create a retention label and set the label to Mark items as records. Then you can publish the retention label as a label policy
and apply it to the required locations.
Incorrect Answer D: With this option, if a document item has a retention policy assigned to it, that document item will be kept in its original
location, users are still able to work with all their items. In case they modify or remove a document item that is stamped with a retention
policy, a copy of that document item will automatically be preserved. The scenario requires documents to stay immutable and not be
modified or deleted throughout the duration of their retention period. To meet this requirement, you must mark such documents as
records.
References:
https://docs.microsoft.com/en-us/learn/modules/m365-compliance-information-manage-records/configure-event-driven-retention
Question 19 Unattempted
You manage records in your Microsoft 365 environment. You are granted the disposition Management role. Before completing the disposition,
you must review the content of the item. You open a content explorer, list the items, and select the item you want to review. Upon opening the
item, you receive an error message about missing permission.
You need to be able to review the content of the item before completing the disposition review. The solution must use the principle of least
privilege.
B. Security Reader
C. Retention Management
Explanation:
Correct Answer: A
Correct Answer A – To view the contents of an item during the disposition process, you need to be assigned to this role. If you do not have
the permissions from the role group, you can still complete the disposition review, but you cannot view the item’s content from the mini-
preview pane in the Microsoft 365 Compliance Center
Incorrect Answer B – Users with this role have read-only access to the security features of the Identity Protection Center, Privileged Identity
Management, Monitor Microsoft 365 Health, and Security and Compliance Center. This role would not enable you to review the content of
the item
Incorrect Answer C – Users with this role can manage retention policies, retention labels, and retention label policies. Assigning this role
would not enable you to review the content of the items.
Incorrect Answer D - You should not request to get assigned to the content Explorer List Viewer role group. Because you can list items in
content explorer, you do not need to get assigned to this role group again.
References:
Question 20 Unattempted
Your manager wants to retain all folders found in Microsoft Team’s private Channels conversations. You decide to create a retention policy to
fulfill the manager’s request.
You need to identify the locations where the policy will be applied.
Which two locations should you select? Each answer presents part of the solution.
A. Microsoft SharePoint Sites right
Explanation:
Correct Answer A: you should select Microsoft SharePoint sites. On creating any t6eam in Microsoft Teams, a site with the same name is
created in SharePoint. All the files that are shared within that team’s channels, even if they are private channels, will be found in the
created SharePoint site.
Incorrect Answer B: Folders that are uploaded to private channels will not be shown in office 365 groups. On creating a team in teams, a
Microsoft 365 group is created, where owners of that created team can choose to be in an existing Microsoft 365 group.
Incorrect Answer C: In Teams chat, you will find folders that are uploaded to separate chat sections. You will not find folders that are
uploaded to private channels. The content that is uploaded to a chat section will not be shared with anyone except the users talking to
each other in that section. Folders that are shared in chat sections differ from folders that are shared within a private channel. A Private
channel belongs to a team, while a chat section belongs to users talking privately with each other.
Incorrect Answer D: Exchange email is not connected to Microsoft Teams channels and no uploaded files will be stored in Exchange email.
Microsoft Exchange is a platform that is used to send and receive email messages.
Correct Answer E: OneDrive files are associated with the account of Microsoft 365 including the Microsoft Teams app. Anyone that uploads
a file to a channel in Microsoft Teams will find that the file is also stored in their OneDrive for Business account.
Reference:
To know more please refer to the link below
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-retention-policies?view=o365-worldwide
Question 21 Unattempted
Data classification concepts, apply one or more of the following to your data
C. Labels right
D. e-discovery
E. Alerts
Explanation:
Options A, B and C are correct because, by using sensitive information types, trainable classifiers and labels, organizations can classify
their business-critical and sensitive data.
Option D is incorrect because, e-discovery is not a data classification solution whereas, eDiscovery, is the process of identifying and
delivering electronic information that can be used as evidence in legal cases. You can use eDiscovery tools in Microsoft 365 to search for
content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer teams. You can
search mailboxes and sites in the same eDiscovery search and then export the search results.
Option E is incorrect because Alerts are not used for data classification. Alerts are the part of monitoring tool in Microsoft 365.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-overview?view=o365-worldwide
Question 22 Unattempted
--------- understands and interprets regulations, which ones apply to the organization, and what kind of controls are needed.
A. Data Admin
C. Data Owner
D. Help Desk
Explanation:
Correct Answer: B
Option A is incorrect because Data Admin writes sensitive information classification policies based on guidance provided by the
governance committee.
Option B is correct because, Compliance Officer understands and interprets regulations, which ones apply to the organization, and what
kind of controls are needed
Option C is incorrect because Data Owner is a business owner of the content or process.
Option D is incorrect because the Help Desk is trained on how to assist information workers when issues arise. For example, when access to
a document is lost for an unknown reason.
Reference:
https://docs.microsoft.com/en-us/learn/modules/m365-compliance-information-governance/introduction?ns-enrollment-
type=LearningPath&ns-enrollment-id=learn.wwl.implement-information-protection
Question 23 Unattempted
In Whizlabs organization, the information protection team is tasked to implement an information and governance solution for Whizlabs
organization, the team is newly starting their journey, whatever approach the team uses, will involve people, processes, and technology. From a
process perspective, there are some major phases that the information team should follow for a successful implementation.
Arrange these phases in the correct order from the following options:
A. Define the data classification taxonomy🡪Define classification policy conditions 🡪 Create, test, and deploy the labels and policy
settings 🡪 Ongoing usage, monitoring and remediation right
B. Define classification policy conditions 🡪 Create, test, and deploy the labels and policy settings 🡪 Ongoing usage, monitoring and
remediation 🡪 Define the data classification taxonomy
C. Define the data classification taxonomy🡪Define classification policy conditions 🡪 Ongoing usage, monitoring and remediation 🡪
Create, test, and deploy the labels and policy settings
D. Define the data classification taxonomy🡪 Create, test, and deploy the labels and policy settings 🡪 Ongoing usage, monitoring and
remediation 🡪Define classification policy conditions
Explanation:
Correct Answer: A
Option A is correct because, From a process perspective, here are the major phases you should follow for a successful implementation.
Define the data classification taxonomy. The data classification taxonomy ends up as sensitivity and retention labels that will be applied
to your content. These labels may surface in productivity applications, SharePoint Online sites, Microsoft Teams workspaces, and Exchange
emails. They may be applied manually by users or automatically by Microsoft 365.
Define classification policy conditions. Once you have built your taxonomy, you need to determine how you are going to find and classify
the data in your environment and map it to the taxonomy.
Create, test, and deploy the labels and policy settings. Once you determine the methods you will use to protect and govern your data, it is
important to test everything thoroughly prior to deploying your configuration across the organization.
Ongoing usage, monitoring and remediation. It is important to understand how data classification is being used and to ensure your
policies are accurate and achieve the desired results.
Option B is incorrect because it is incorrect order as the process starts with a step “Define the data classification taxonomy” and not with
“Define classification policy conditions”
Option C is incorrect because it is incorrect order as “ongoing usage, monitoring and remediation” should be done after the “create, test,
and deploy the labels and policy settings” step.
Option D is incorrect because it is in incorrect order as the “Define classification policy conditions” step should be performed after the first
step i.e., “Define the data classification taxonomy” and not as the last step.
Reference:
https://docs.microsoft.com/en-us/learn/modules/m365-compliance-information-governance/introduction?ns-enrollment-
type=LearningPath&ns-enrollment-id=learn.wwl.implement-information-protection
Ask our Experts
Question 24 Unattempted
When a compliance administrator wants a classifier to independently and accurately identify an item as being in a particular category of
content, then which classifier is suitable from the following?
C. Activity explorer
D. Content explorer
Explanation:
Correct Answer: B
Option A is incorrect because a sensitive information type does not identify contents based on items, it identifies by a regular expression,
keyword list or function.
Option B is correct because a trainable classifier identifies contents independently and accurately based on an item as being in a
particular category of content.
Option C is incorrect because, activity explorer is not used as a classifier but it is used to review activity related to content containing data
classification tools i.e., sensitive information types or has labels applied on data. (activities such as what labels were changed, files were
modified, and more.)
Option D is incorrect because content explorer is not used as a classifier but it is used to view the items like email and documents in your
organization that contain sensitive information or have labels applied.
Reference:
https://docs.microsoft.com/en-us/learn/modules/m365-compliance-information-governance/know-your-data?ns-enrollment-
type=LearningPath&ns-enrollment-id=learn.wwl.implement-information-protection
Question 25 Unattempted
Which of the following are not the parts of Sensitive Information Type?
A. Primary pattern
B. Additional checks
C. Character proximity
D. Confidence level
Correct Answer: E
Option A is incorrect because it is a part of the sensitive information type (shown in the screenshot) as, Primary pattern helps to search
patterns for detection, consisting of keywords or regular expressions.
Option B is incorrect because it is a part of sensitive information type (shown in the screenshot) as Additional checks is a second search
pattern for higher matching accuracy of the primary pattern, consisting of keywords.
Option C is incorrect because it is a part of sensitive information type (shown in the screenshot) as Character Proximity is used as a
detection window in characters of primary patterns and additional evidence.
Option D is incorrect because it is a part of the sensitive information type (shown in the screenshot) as Confidence level is a supporting
level of pattern and evidence matching accuracy.
Option E is correct because the character length component does not exist in the sensitive information types.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-learn-about?view=o365-worldwide
Ask our Experts
Question 26 Unattempted
B. Step 1: Hash and upload the sensitive data 🡪 Step 2: Use EDM-based classification in policies 🡪 Step 3: Set up EDM-based classification
C. Step 1: Set up EDM-based classification🡪 Step 2: Use EDM-based classification in policies 🡪 Step 3: Hash and upload the sensitive data
D. Step 1: Set up EDM-based classification 🡪 Step 2: Hash and upload the sensitive data 🡪 Step 3: Use EDM-based classification in policies
Explanation:
Correct Answer: A
Option A is correct because it is the correct order i.e., a compliance administrator first set up EDM-based classification, then Hash and
upload the sensitive data followed by using EDM-based classification in policies to accomplish the task.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits?view=o365-worldwide
Ask our Experts
Question 27 Unattempted
Whizlabs is having an amount of sensitive data to be protected. So, the compliance administrator is tasked with applying sensitive data
controls and investigating suspicious activity in the organization’s data. What are the steps a compliance administrator should follow to
accomplish the task?
D. Create policies
E. Create Alerts
Explanation:
Option A is correct because it is the first step for applying sensitive data controls and investigating suspicious activity in the organization’s
data
Option B is correct because it is the second step for applying sensitive data controls and investigating suspicious activity in the
organization’s data
Option C is correct because it is the last step for applying sensitive data controls and investigating suspicious activity in the organization’s
data
Option D is incorrect because it is not a part of the process of given task accomplishment
Option E is incorrect because it is not a part of the process of given task accomplishment as the compliance administrator is not tasked to
create alerts.
To learn more, visit this link https://aka.ms/AAbfsel and microsoft documentation link
https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide
Question 28 Unattempted
The information protection team of Whizlabs organization wants to protect all sensitive and business-critical data in the organization using
Microsoft Information Protection solutions. For that, the compliance administrator has created one sensitive information type “Confidential
Data” to classify the sensitive data from the data classification menu. He then created a sensitivity label “Highly Confidential Data”. To make this
label more appropriate a compliance administrator now has to create the label policies. The first step to create a label policy for the scenario
is, to publish the label, arrange the following steps in the correct order, how the compliance administrator needs to first create a label “Highly
Confidential Data” to accomplish the task.
B. a, f, b, c, e, d
C. f, a, b, c, e, d
D. a, b, c, e, d, f right
Explanation:
Correct Answer: D
Option A is incorrect because, the order is incorrect to accomplish the task, as policy settings have to be done after publishing the label
“Highly Confidential Data”
Option B is incorrect because the order is incorrect to accomplish the task as the step name, the policy and provide description should be
the last step.
Option C is incorrect because, the order is incorrect to accomplish the task, as the step name the policy and provide description should be
the last step and policy settings have to be done after publishing the label “Highly Confidential Data”
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-worldwide
Ask our Experts
Question 29 Unattempted
In Whizlabs organization, the information protection team is tasked to protect the organization’s sensitive data with Microsoft information
protection which can help the team to discover sensitive and business-critical content across the organization, classify information, and
protect content whenever it stays at the location or travels to another location.
Now, by using this solution, a compliance administrator from the team has created a sensitivity information type named “Secret Data” adding
the pattern with keyword list as a primary and supporting element. (shown in the screenshot).
From the Information Protection menu in the compliance center, a compliance administrator added one sub-label named “Highly Secret Data”
as shown in the screenshot. This label will now detect sensitive information related to highly confidential data and suggest appropriate
labeling to the end user.
After this label is created, it won’t be available for use until a policy is created to either publish or auto-apply it. Is this correct?
A. Yes right
B. No
Explanation:
Correct Answer: A
Option A is correct because, whenever a label is created, we cannot use it until we publish or auto-apply it and when we start to publish
the created label, we will be asked to create the policy for the label during the process.
Option B is incorrect because we cannot use the label before publishing the created label.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-sensitivity-labels?view=o365-worldwide
Question 30 Unattempted
In Whizlabs organization, the information protection team is tasked to protect the organization’s sensitive data with Microsoft information
protection which can help the team to discover sensitive and business-critical content across the organization, classify information, and
protect content whenever it stays at the location or travels to another location.
Now, by using this solution, a compliance administrator from the team has created a sensitivity information type named “Secret Data” adding
the pattern with keyword list as a primary and supporting element. (shown in the screenshot).
From the Information Protection menu in the compliance center, a compliance administrator added one sub-label named “Highly Secret Data”
as shown in the screenshot. This label will now detect sensitive information related to highly confidential data and suggest appropriate
labeling to the end user.
In this case, if a compliance administrator wants to publish the “Highly Secret Data” label, can it be available to use if the compliance
administrator only publishes the sub-label “Highly Secret Data”?
A. Yes
B. No right
Explanation:
Correct Answer: B
Option A is incorrect, because “Highly Secret Data” is a sub-label of the “Highly Confidential” label, the compliance administrator needs to
select both the labels to publish. As soon as the compliance administrator publishes both the label and sub-label, then it will be available
to use.
Option B is correct because when the compliance administrator publishes only the sub-label, it will not be available to use as the label
“Highly Confidential” is not published while publishing the sub-label.
Reference:
Create and publish sensitivity labels - Microsoft Purview (compliance) | Microsoft Learn
Question 31 Unattempted
Now, by using this solution, a compliance administrator from the team has created a sensitivity information type named “Secret Data” adding
the pattern with keyword list as a primary and supporting element. (shown in the screenshot).
From the Information Protection menu in the compliance center, a compliance administrator added one sub-label named “Highly Secret Data”
as shown in the screenshot. This label will now detect sensitive information related to highly confidential data and suggest appropriate
labeling to the end user.
B. No
Explanation:
Correct Answer: A
Option A is correct because, when the compliance administrator starts the process of publishing the label then automatically it will
redirect to the process of creating the label policy.
Option B is incorrect because the given statement is true, i.e., the first step in creating a label policy is to publish the label.
Reference:
Create and publish sensitivity labels - Microsoft Purview (compliance) | Microsoft Learn
Question 32 Unattempted
In Whizlabs organization, the compliance administrator is tasked with configuring data loss prevention for endpoints in your organization.
Endpoint Data Loss Prevention settings create a framework in which Endpoint Data Loss Prevention policies work; a compliance administrator
wants to limit where you can work with protected files. Which of the following settings, a compliance administrator explore to accomplish the
task?
Explanation:
Correct Answer: B
Option A is incorrect because File path exclusions are applied to all Endpoint DLP policies and allow you to limit where your policies are in
effect.
Option B is Correct because Unallowed apps are applied when a policy blocks unallowed apps and allows you to limit where you can work
with protected files.
Option C is incorrect because Unallowed Browsers/Service Domains are applied when a policy blocks unallowed browsers and allows you
to limit where you can share protected files.
Option D is incorrect because advanced classification scanning and protection can use Exact Data Match and named entities in your
Data Loss Prevention policies.
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide
Question 33 Unattempted
The information protection team wants to get overview of Data Loss Prevention violations from Data Loss Prevention reports which includes
Data Loss Prevention policy matches, Data Loss Prevention incidents, and Data Loss Prevention false positives and user overrides reports. All
these are used to fine-tune your policies and identify configurations. The team needs this reports quickly within 5-10 mins, is it possible to get
these reports?
A. Yes
B. No right
Explanation:
Correct Answer: B
Option A is incorrect because DLP Reports which provides an overview of DLP violations can take up to 24 hours to update, hence it is not
possible to get the reports in 5-10minutes.
Option B is correct because, for getting an update on the requested reports can take up to 24 hours.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide
Question 34 Unattempted
Which of the following, the information protection team should use to get individual alerts to provide a deeper insight into Data Loss Prevention
violations?
D. Azure Portal
Explanation:
Correct Answer: B
Option A is incorrect because, Data Loss Prevention Reports provides an overview of DLP violations
Option B is Correct because, Data Loss Prevention alerts Dashboard provides a deeper insight into Data Loss Prevention violations, displays
individual alerts and can aggregate alerts to spot patterns more easily
Option C is incorrect because Microsoft Defender for Cloud Apps Dashboard displays alerts of Defender for Cloud file policies and shows
alerts of all your Defender for Cloud DLP policies
Option D is incorrect because the information protection team can not access insights of data loss prevention policies from Azure portal
directly.
Reference:
To learn more about data loss prevention alerts dashboard, visit here
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-alerts-dashboard-get-started?view=o365-worldwide
Question 35 Unattempted
The information protection team has created a retention label for email and documents in the library for 6 years and published it. The
published label will be available at the location where it has been published by the team which is to be assigned manually, which of the
following locations the label can be applied?
A. Exchange mail right
Explanation:
Option E is incorrect because Skype for Business does not support retention labels.
Option F is incorrect because Teams and Yammer messages do not support labels. retention labels
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-apply-retention-labels?view=o365-worldwide
Question 36 Unattempted
You have a requirement in your organization to create a file plan to group the creation of labels, auto-apply label policies, and additional
metadata tags together in records management. Which of the following steps do you need to follow to achieve the requirement?
A. Create a retention label and specify the retention period in the retention settings and publish the label to use
B. Create a retention label and specify the retention period in the retention settings and publish the label. Then, use export file plans as
CSV files and import them into other tenants
D. Create a retention label and specify the retention period in the retention settings and publish the label. Then, use export file plans as
CSV files and import them into other tenants and use trainable classifiers to identify content it should match right
Explanation:
Correct Answer: D
Option A is incorrect because the process of file plan creation given in this option in incomplete.
Option D is correct because this is the correct process to create a file plan.
Reference:
To know more about the steps followed in this process, visit here
https://docs.microsoft.com/en-us/microsoft-365/compliance/file-plan-manager?view=o365-worldwide
Question 37 Unattempted
Microsoft Exchange will automatically apply the label to unlabeled emails, regardless of which device or platform is used to send and receive
the email. OneDrive and SharePoint will automatically apply the label to unlabeled Office documents.
A. True right
B. False
Explanation:
Correct Answer: A
Option A is correct because the statement “OneDrive and SharePoint will automatically apply the label to unlabeled Office documents” is
correct
Option B is incorrect because OneDrive and SharePoint will automatically apply the label to unlabeled Office documents.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide
Question 38 Unattempted
You are tasked to create a new custom OME configuration and create a transport rule to apply the OME configuration to all mails sent from the
finance department of your organization. To create a new OME configuration, which of the following PowerShell commands should you use?
C. Install-Module ExchangeOnlineManagement
D. Neither A nor B
Explanation:
Correct Answer: A
Option A is correct because, to create a new OME configuration New-OMEConfiguration -Identity "finance department" is used.
Option B is incorrect because, Set-OMEConfiguration -Identity "finance department" Is used to change the execution policy.
Option C is incorrect because Install-Module ExchangeOnlineManagement is used to install the latest Exchange Online PowerShell module
version.
Option D is incorrect because, New-OMEConfiguration -Identity "finance department" is used to create the new OME configuration.
Reference:
https://github.com/MicrosoftLearning/SC-400T00A-Microsoft-Information-Protection-
Administrator/blob/master/Instructions/Labs/LAB_AK_01_Lab1_Ex2_message_encryption.md
Question 39 Unattempted
The Whizlabs organization is planning to use records management for their data, a record is a document or other electronic or physical entity
in an organization that serves as evidence of an activity or transaction performed by the organization and requires retention for some time
period. There are different actions an information protection administrator needs to take to possibly prevent the data, such as changing the
assigned Retention Label of an item, changing the content of an item or it’s metadata, deletion of a file or remove a retention label from a file
and moving a file between containers (SharePoint libraries for example).
Arrange the following steps in the correct order, how an information protection administrator needs to plan and decide:
A. a, b, c, d right
B. b, a, c, d
C. c, a, b, d
D. d, a, d, c
Explanation:
Correct Answer: A
Option B is incorrect because the order is incorrect as to whether to add a Record or a Regulatory Record to a label should be planned
after deciding to add a Record to a label or not.
Option C is incorrect because the configuration of the Record to a label should be done after deciding to add a Record to a label or not
and deciding to add a Record or a Regulatory Record to a label.
Option D is incorrect because deciding to have an auto labeling functionality and configure it is the last step of this process and not the
first.
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide
https://youtu.be/CAUDKL4FyQ8
You upload project materials to a Microsoft SharePoint Online library containing numerous files at the end of a project. An example of a project
document file name is as follows:
All documents that use this naming format must be labeled as confidential Documents
A. A Document fingerprint
C. A Retention Label
Explanation:
Correct Answer: B
Option A is incorrect: A document fingerprint is a Microsoft 365 tool used to protect information through the identification of forms used by
the company, allowing you to prevent unwanted sharing of files and documents created officially within the company. It does not allow
you to create an auto=apply retention label policy.
Option B is correct: Retention labels can be applied automatically to content when the content contains a match for the trainable
classifier. A trainable classifier is a Microsoft 365 tool that is used in the identification of several types of content. The classifier is trained by
giving it examples to examine and then classify accordingly.
Option C is incorrect: Retention labels are used in retaining data, like documents and files that you need, and getting rid of items that you
do not need. They cannot be used to create an auto-apply retention label policy
Option D is incorrect: Sensitive information types are used in a company’s data protection strategy. They are pattern-based classifiers that
identify patterns presented by expressions and functions. Sensitive Information types can be used in validating data in companies but
cannot be used to create auto-apply retention label policies.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide
Question 41 Unattempted
Your manager asks you to build a trainable classifier to identify identification numbers stored in your Microsoft 365 tenant. You start the
process of creating a custom trainable classifier by identifying 100 files that should be used as seed content.
Explanation:
Correct Answer: B
Incorrect Answer A: Microsoft Teams is one of the places chosen to apply the trainable classifier, but not to store the seed content. The files
tab in any channel in Microsoft Teams is used to store data for teams members, but it cannot be used as a storage location for sees the
content. Trainable classifiers are not configured through Microsoft Teams.
Correct Answer B: To create and publish a custom trainable classifier, you need to collect seed content in a SharePoint Online folder
Incorrect Answer C: In an Azure file share, you can write logs, analytics, and crash dumps for cloud apps. The application instances can
write logs using REST File API and developers can access them by mounting the shared file on their own local computer. It cannot be used
for storing seed content.
Incorrect Answer D: OneDrive for Business allows users to securely exchange information and set degrees of security through direct
access or links for editing or viewing files. This may also be done at the folder level inside OneDrive to allow access to a certain group of
files or folders within the drive. It cannot be used to seed content when creating a trainable classifier
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?azure-portal=true&view=o365-worldwide
Question 42 Unattempted
Domain: Implement information protection
You are administering sensitive information types with Exact Data Match (EDM)-based classification. The database with sensitive information
was refreshed per scheduled job every day at 8:00 AM. A few hours later, your security information officer requests you to urgently update the
values in a database of sensitive information, because fields used for EDM-Based classification were uploaded. You prepare the plain text
source file, Database schema, and your rule package as requested and use a windows 10 computer with .NET version 4.6.2 installed to execute
EdmUploadAgent.exe accordingly. After testing the update, you notice that the upload matches cannot be found.
C. Reduce the amount of data rows and inform the security officer that the database can only hold 100 thousand rows of data
Explanation:
Correct Answer: A
Correct Answer A - You should wait 24 hours and try again. The sensitive information database can only be refreshed daily. You must wait
24 hours before executing your next sensitive information database update. You must use the EDM upload tool to re-index the sensitive
data and subsequently upload the re-indexed data again
Incorrect Answer B – You should not update your current .NET version. One of the prerequisites to run EDMUploadAgent is a Windows 10 or
Windows Server 2016 machine with .NET version 4.6.2.
Incorrect Answer C – You should reduce the amount of data rows. The limitation is not up to 100 thousand rows of data.
Incorrect Answer D - Using a Plain text file as a source is a requirement from Microsoft hence excel should not be used. You can use the
Microsoft Excel app to re-export the sensitive data and prepare it for the refresh of the sensitive information database. Then you have to
save the data into a plain text file such as .csv or .txt and use EdmUploadAgent.exe to upload the data. You will still need to wait for 24 hours
before uploading the data.
Reference:
To know more about EDM Classification, please refer to the doc below
Get started with exact data match based sensitive information types - Microsoft 365 Compliance | Microsoft Docs
Question 43 Unattempted
An employee in the accounting department sends you an email containing a list of words that should be used for a sensitive information type.
You need to generate a file that will be used as a source for the Keyword dictionary
Explanation:
Correct Answer: C
Incorrect Answer A: This type of file is used in a content inspection carried out by the Microsoft Cloud App Security built-in Data Loss
Prevention (DLP) engine when texts are from various formats of files, including RTF files
Incorrect Answer B: HTML files cannot be used as a source for keyword dictionaries, but they can be used for text extraction done by the
DLP engine of Microsoft Cloud App Security.
Correct Answer C: you should use an XML file containing keyword tags for the words. This will allow you to use the file as a source for the
keywords dictionary. You must use XML files to be able to create or edit keyword lists. Keyword dictionaries are used to match requirements
for sensitive information types or can be used themselves as a sensitive information type.
Incorrect Answer D: CSV files are used in the process of importing a file plan or filling out a file plan. File Plans are used in record
Management, which is a methodology used in companies to manage and protect their data.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-worldwide
Question 44 Unattempted
You manage Exchange Online for a software development company. You notice that a developer is emailing SQL connection strings with
passwords in plain text to a partner company’s email address.
You need to ensure that when a SQL connection string with a password is emailed, the emails are encrypted.
Which two options can you implement to satisfy the requirements? Each correct answer presents a complete solution.
A. A Data loss prevention policy that has only the Exchange email location selected right
D. A data loss prevention (DLP) policy that has all locations selected
Explanation:
Correct Answer A & E: Exchange Online allows you to classify messages and define mail flow rules. You can also combine these protection
features with the detection of sensitive information within messages. The mail flow framework can integrate sensitive information types to
trigger an action if a message contains a sensitive information match. In this case, if the message contains a SQL connection string with
the password, then encrypt this message.
Using the DLP policy feature in Microsoft 365 compliance center gives you another way to encrypt messages if a sensitive information type is
detected. In this case, you would define a sensitive information type, create a DLP policy based on it, and select Exchange email as the location
Incorrect Answer B: AD RMS is used to protect sensitive information stored on-premises. If you want to use Exchange Online with AD RMS,
you have to migrate AD RMS to Azure Information first.
Incorrect Answer C: S/MIME is used to encrypt and sign email messages. This is a client-side encryption technology that requires a complex
environment for certificate management, creation, and publishing. Although it is possible to use this technology to encrypt email
messages, this technology cannot by itself be used to identify the sensitive information in emails and is dependent on a certificate
publishing infrastructure.
Incorrect Answer D: You should not implement a DLP policy that has all locations selected. Although it is possible to use DLP in Microsoft 365
compliance center to address all the locations of Microsoft 365, it is not required in this case. To solve the problem, it is enough to define
either a mail flow rule or create a DLP policy with only Exchange email selected.
References:
https://docs.microsoft.com/en-us/exchange/security-and-compliance/data-loss-prevention/integrate-sensitive-information-rules
https://docs.microsoft.com/en-us/exchange/policy-and-compliance/data-loss-prevention/data-loss-prevention?view=exchserver-2019
Question 45 Unattempted
You are asked to create a custom sensitive info type based on a keyword dictionary. You create the source file for the keyword dictionary.
Which file format should you use to source the keywords from?
A. .XML
B. .XLSX
C. .CSV right
D. JSON
Explanation:
Correct Answer: C
Incorrect Answer A: XML is not a supported file type. XML files are used to store and transport data.
Correct Answer C: You should source the keywords from a .csv file format. You can import keywords for a dictionary using Microsoft
Security & Compliance Center or PowerShell. Microsoft requires the keyword file type to be either in a plain text(.TXT) or a comma-
separated value (.CSV) file format in order to import it into a keyword dictionary. The keyword file can be stored on a network share or
locally on a PC.
Incorrect Answer D: JSON is not a supported file type. JavaScript Object Notation (JSON) is a lightweight data-interchange format.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-worldwide
Question 46 Unattempted
You manage your company’s Microsoft 365 tenant. You need to monitor label performance using Label Analytics.
Which two actions should you perform first to start using label analytics? Each correct answer presents part pf the solution.
A. Set up the Log Analytics agent
B. Set up and configure Log analytics using System Center Operations Manager (SCOM)
Explanation:
Incorrect Answer A: You should not set up the Log Analytics agent. The Azure Log Analytics agent collects telemetry data from Windows
and Linus virtual machines in the cloud and on-premises and sends the collected data to a Log Analytics workspace in Azure Monitor. The
log analytics agent cannot meet the requirement.
Incorrect Answer B: SCOM is a cross-platform monitoring system to monitor the performance and availability of infrastructure and
applications in your data center. It can be connected to an Azure monitor to provide an end-to-end solution for a hybrid environment.
Correct Answer C & E: You should create an Azure subscription first. Then, you should then create a Log Analytics workspace. To be able to
use label analytics and create customized reports, you need an Azure subscription and a log analytics workspace. All the data for
sensitivity label usage is logged there so that you can build customized advance reports as you need them.
Incorrect Answer D: Azure Synapse is an analytics service that combines enterprise data warehousing and Big Data analytics. To be able to
use Synapse you have to create a Synapse workspace. In this question’s requirement, there is no need.
Reference:
https://docs.microsoft.com/en-us/learn/modules/apply-manage-sensitivity-labels/6-monitor-label-usage-using-label-analytics
Ask our Experts
Question 47 Unattempted
You are asked to create a DLP policy to prevent Microsoft Teams users from sharing sensitive information.
Documents with sensitive information are not allowed to be shared in Microsoft Teams
Messages with sensitive information should be deleted as soon as they are shared during a Microsoft Teams chat session
In which three locations should you apply the policy? Each correct answer presents part of the solution.
B. Exchange email
Explanation:
Incorrect Answer B: You should not select Exchange email. You would select this location if you were required to protect sensitive
information sent in email messages.
Correct Answer C: You should select Teams to chat and channel messages. Selecting this location in a DLP policy will prevent the
disclosure of sensitive information in chats and channel messages.
Incorrect Answer D: You should not MCAS. This does not fulfill the requirement
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-on-premises-scanner-use?view=o365-worldwide
Question 48 Unattempted
Your compliance officer asks you to make sure that no files with the confidential classification leave your organization.
Identify existing files in your Microsoft 365 environment that contain sensitive information
Remove external sharing permissions
C. Implement Bitlocker
Explanation:
Correct Answer: A
Correct Answer A: To be able to satisfy all the requirements, you should implement a file policy in Microsoft Cloud App Security. A file policy
in MCAS enabled you to scan the existing Microsoft 365 environment and detect all files classified as confidential. You can automatically
remove remote sharing permissions and define an action to enforce encryption.
Incorrect Answer B: You should not stop sharing OneDrive or SharePoint Sites. If you stop sharing OneDrive or SharePoint files, you prevent
file sharing with your business partners completely. That is not what you want.
Incorrect Answer C: You should not implement BitLocker. Bitlocker drive encryption is integrated into Microsoft Windows 10. It allows you to
encrypt data on a device or disk drive. In this scenario, the data is stored in your Microsoft 365 cloud environment.
Incorrect Answer D: AD RMS will not work here. AD RMS is used to protect sensitive information on-premises.
Reference:
Question 49 Unattempted
You are in the process of creating an advanced rule in DLP policy named Policy1.
You need to detect when specified sensitive information is shared in a OneDrive document with People outside the organization.
Which of the following options should you select on the Create Rule window to meet the requirement?
Explanation:
Correct Answer: C
Incorrect Answer A: The audit or restrict activities on Windows devices option is not the correct choice. This option is used to allow or
restrict specified activities, usually done by users, such as uploading files to USB.
Incorrect Answer B: This option would allow you to block people from accessing files stored in on-Premises repositories in addition to
enabling you to set permissions on files so that only specific people can access them.
Correct Answer C: You should select ‘Content is shared from Microsoft 365’. This option is used to detect when content is sent in an email
message, Teams chat, channel message, or when it is shared in a SharePoint or OneDrive document with people outside the organization.
You select this option when specifying the content that you want to be detected in the Content Contains options.
Incorrect Answer D: Restrict third-party apps option is used to enable automatic actions within Microsoft Cloud App Security that protect
the company’s data from being threatened by third-party applications. This option will not allow you to detect if sensitive information is
shared from OneDrive.
Reference:
Create a DLP policy from a template - Microsoft 365 Compliance | Microsoft Docs
Question 50 Unattempted
You manage the company’s Microsoft 365 tenant. You create a data loss prevention (DLP) policy named Pol1. The policy is specifically for
testing and the policy tips are disabled in the policy setting.
Before activating policy tips, you need to fine-tune the DLP policy.
Explanation:
Correct Answer: B
Incorrect Answer A: Third-party policy matches report provides information if the user violates organizational policy during interaction or
data exchange with a third-party cloud application, like uploading data to Dropbox. In this case, this report is not useful because you need
to test your initial created policy first.
Correct Answer B: This DLP report is used to tune or refine DLP policies that you run in test mode. The report lists rules that match the
desired content. This report provides the best way to evaluate whether the new DLP policy matches your intentions without disturbing the
productivity of users.
Incorrect Answer C: This report shows the count of overrides or false positives. If you are evaluating overrides, you can use this report to see
the justification users create change the policy from higher confidentially to the lower one. The result can be filtered by date, location, or
policy. In this question, you do not yet know about the number of false positives or overrides. The requirements are to test it first. This report
does not run the DLP policy in test mode and evaluate whether requirements are met
Incorrect Answer D: You would use this report to find parts of the content that can cause issues or violate corporate policies. You can
evaluate such incidents and define more protective actions. This report does not run the DLP policy in test mode and evaluate whether
requirements are met.
Reference:
View the reports for data loss prevention - Microsoft 365 Compliance | Microsoft Docs
Ask our Experts
Question 51 Unattempted
The employees of the accounting department work on devices running Windows 10. You plan to implement Microsoft Endpoint data loss
prevention for the company.
You need to restrict specific activities done by users on their Windows 10 devices that might compromise the company’s data.
B. Renaming an item
D. Creating an item
Explanation:
Correct Answer A: You should restrict users from printing a document. A document printed from the company’s devices might include
sensitive information like identification numbers for employees. Printing such information can easily lead to the company’s data being
comprised.
Incorrect answer B: Renaming option cannot be restricted by endpoint DLP. It can only be audited.
Correct Answer C: When a user copies a file to an app, this app might contain malicious software that could allow the sharing of the file to
devices other than the company’s devices. As this might include sensitive information, this means that the company’s data policies would
likely be broken, and the sensitive information would be compromised. Endpoint DLP is a tool that you can use to audit, manage, and
restrict actions on sensitive items that are physically stored on Windows 10 devices. You can block the user from carrying it out
Incorrect Answer D: When you create an item, Endpoint DLP can capture the activity however cannot restrict it as this feature is not
provided by Endpoint DLP.
Correct Answer E: Cloud services can be easily attacked by hackers, leading to data being stolen and compromised. By sharing or
uploading items to a cloud service, users would be risking the security of the company’s data. With Endpoint DLP, you can both audit and
restrict the activity of uploading items to a cloud service
Reference:
Learn about Microsoft 365 Endpoint data loss prevention - Microsoft 365 Compliance | Microsoft Docs
Question 52 Unattempted
You are administering the Microsoft 365 environment of a small startup company. The company is using Teams extensively to collaborate.
There is a data loss prevention (DLP) policy for Teams in place. In the DLP incident report, you notice too many false positives.
You need
What should you perform to reduce false positives by following Microsoft’s best practices.?
A. Design a new DLP Policy
Explanation:
Correct Answer: D
Incorrect Answer A: You Should not design a new policy. Although it is possible to design a new policy, tuning or refining an existing DLP
policy is the best practice solution recommended by Microsoft
Incorrect answer B: You should not delete the policy. By deleting the policy, you remove the possibility of monitoring and taking action in
case of inappropriate usage of the company’s sensitive information.
Incorrect Answer C: Ignoring warnings will not reduce the false positives. Ignoring policy can cause missing security threats to your
security and information protection.
Correct Answer D: This is the best option to reduce the false positive. To address the issue with too many false positives, you can tune your
policy rules by adjusting the instance count and match accuracy to make it harder or easier for content to match the rule in the policy.
Reference:
Learn about Microsoft 365 Endpoint data loss prevention - Microsoft 365 Compliance | Microsoft Docs
Question 53 Unattempted
You are implementing a record management system at your company. You plan on importing a file plan. You need to download the file plan
template.
A. RTF
B. XML
C. CSV right
D. HTML
Explanation:
Correct Answer: C
Incorrect Answer A: RTF files are used in content inspection done by MCAS’s built-in DLP engine, where texts are extracted from various
formats of files, including RTF files. You cannot download the file plan template in this format. Microsoft Cloud App Security is a system that
allows companies to control the consumption of data in addition to protecting it.
Incorrect answer B: XML files are used as a source for keyword dictionaries. Keyword lists require you to use XML files to create or edit them.
Keyword dictionaries are used to match requirements for sensitive information types or can be used themselves as sensitive information
types.
Correct Answer C: CSV files are used in the process of importing a file plan. This format is required for downloading the template and you
cannot download it in any other format. File plans are used in records management, which is a methodology used in companies to
manage and protect data.
Incorrect Answer D: HTML files can only be used for extraction done by the DLP engine of Microsoft Cloud App Security
Reference:
Question 54 Unattempted
You are administering Exchange Online; you are tasked with creating a retention policy named RetnPol1. You create a retention tag RetnTag1, a
RetnPol1 policy, and the RetnTag1 retention tag.
There is a new requirement in which you must replace the retention tag RetTag1 with the retention tag RetnTag2. You remove RetnTag1 from the
policy and replace it with RetnTag2
A. Items tagged with RetnTag1 will continue to be tagged. The Managed Folder Assistant (MFA) will disregard RetnTag1 every time it runs
B. The RetnPol1 policy will remove RetnTag1 from the tagged item the next time RetnPol1 is applied
C. Items tagged with RetnTag1 will continue to be tagged, but tag settings will no longer be applied
D. Items tagged with RetnTag1 will continue to be tagged. The Managed Folder Assistant (MFA) will continue to process RetnTag1 right
Explanation:
Correct Answer: D
Incorrect Answer A: If you replace the RetnTag1 tag in policy, items tagged will continue to be tagged and MFA will continue to process the
RetnTag1. Removing the tag from the policy will not stop the MFA from processing the item or change the way in which it is processed. The
tag removed from the policy will still be applied to the item the next time MFA runs.
Incorrect answer B: The RetnPol1 policy will not remove RetnTag1 from the tagged item the next time RetnPol1 is applied. To remove RetnTag1
from the tagged item you have to delete the tag. This way, a tag will be removed from all retention policies and from all tagged items.
Incorrect Answer C: Items tagged with RetnTag1 will continue to be tagged, but MFA will not disregard RetnTag1 every time it runs. Removing
the tag from a policy will not stop the MFA from processing the item or change the way in which it is processed. The MFA will continue to
process all tags and tagged items.
Correct Answer D: Items tagged with RetnTag1 will continue to be tagged and tag settings will continue to be applied. The MFA will continue
to process all tags and tagged items
Reference:
Question 55 Unattempted
Domain: Implement data lifecycle and records management
Your manager wants a solution that saves time for employees when they are identifying files that should always remain in the company’s
Microsoft 365 tenant.
C. Keyword dictionaries
D. Data loss Prevention (DLP) combined with Microsoft Cloud App Security
Explanation:
Correct Answer: B
Incorrect Answer A: This solution would enable you to retain messages within Microsoft Exchange Online
Correct Answer B: These labels can be applied automatically to content only if the content applies to conditions specified upon creating
the retention label. This helps employees to save time as they will not need to manually apply the retention labels on content. Microsoft 365
will do the job for them.
Incorrect Answer C: Keyword dictionaries are one of the data classification tools used for managing reused keywords lists for matching
company information on a large scale. They are also used for detecting specified words and taking related actions. They cannot be used a
s a time-saving solution for identifying data that should remain in the company’s Microsoft 365 tenant.
Incorrect Answer D: Combining DLP with Microsoft Cloud App Security is used to detect, for example, when a file is shared from SharePoint
with a non-Microsoft app. This does not meet the requirement
Reference:
To know more please refer to the link below
Automatically apply a retention label to retain or delete content - Microsoft 365 Compliance | Microsoft Docs
Finish Review
Legal Support
Privacy Policy Contact Us
Terms of Use Discussions
EULA FAQs
Refund Policy
Programs Guarantee