Understand data protection and governance tasks for Microsoft 365 and Copilot
Drill 20 practice questions focused entirely on Understand data protection and governance tasks for Microsoft 365 and Copilot for the Microsoft AB-900 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A compliance analyst at Contoso has deployed sensitivity labels across the organization and wants to review how users are interacting with labeled and classified content over the past week — for example, which files had labels applied, changed, or downgraded, and where sensitive information types were detected. Which Microsoft Purview tool should the analyst use to view this historical activity data?
A compliance administrator wants to ensure that any document containing credit card numbers stored across all SharePoint sites and OneDrive accounts is automatically classified and encrypted, even for files that users created months ago and never manually labeled. Which Microsoft Purview capability should be configured to meet this requirement?
A financial services organization deploys Microsoft 365 Copilot. The compliance team is concerned that employees might use Copilot to draft emails or Teams messages that share confidential deal information inappropriately, use offensive language, or make unauthorized promises to clients. They want a Purview solution that specifically reviews the human-facing communications employees send — including any content that originated from Copilot-generated drafts — so reviewers can escalate policy violations. Which Purview solution should they configure?
A legal team at Contoso is responding to a litigation hold and needs to locate all Microsoft 365 Copilot prompts and responses generated by a specific employee, along with any documents Copilot referenced, so the content can be preserved and reviewed. Which Microsoft Purview tool should the administrator use to search for and export this content?
A compliance officer is concerned that Microsoft 365 Copilot might expose confidential documents to employees who should not see them. A department manager asks whether enabling Copilot will let staff read files they currently cannot access. What should you tell the manager about how Copilot accesses organizational data?
A compliance officer wants to automatically remove Teams chat messages and SharePoint documents seven years after they were created, without requiring users to manually classify or act on the content. The organization needs this to apply broadly across workloads to reduce data hoarding and limit what Microsoft 365 Copilot can surface from stale content. Which Microsoft Purview capability should the officer configure?
A compliance officer needs to ensure that all documents in a specific set of SharePoint sites are automatically kept for seven years to meet a regulatory requirement, without requiring end users to manually tag or classify each file. The retention must be enforced uniformly across every item in those sites. Which Microsoft Purview Data Lifecycle Management approach best meets this requirement?
A compliance administrator wants to prevent Microsoft 365 Copilot from surfacing content that contains credit card numbers when users ask Copilot to summarize documents. The administrator needs a Purview capability that inspects content for sensitive information types and can restrict how that content is handled across Microsoft 365 services, including Copilot interactions. Which Purview capability should the administrator configure?
A compliance analyst wants to understand, before broadly enabling Microsoft 365 Copilot, what percentage of the files that Copilot could reference are protected with sensitivity labels versus left unlabeled. They need a single Purview experience that surfaces this labeling coverage alongside AI-specific data risk insights and offers recommended actions to close the gap. Which Purview capability should they use?
A compliance administrator wants to understand how employees are using Microsoft 365 Copilot, including how many interactions reference sensitive information and whether any labeled documents are being surfaced in Copilot responses. Which Microsoft Purview capability should the administrator use to discover and gain visibility into this AI activity?
A compliance administrator wants to begin using Data Security Posture Management (DSPM) for AI in Microsoft Purview to gain visibility into how employees interact with Copilot and other generative AI apps. When they open DSPM for AI for the first time, the dashboard shows limited data and recommends completing several one-click policy and setup actions. What is the primary purpose of completing these recommended onboarding actions in DSPM for AI?
A compliance administrator has recently deployed Microsoft 365 Copilot across the organization. Leadership wants a starting point that automatically assesses the organization's readiness for AI usage, surfaces built-in recommendations (such as enabling sensitivity labeling and reviewing oversharing), and provides one-click policies to protect data used by generative AI tools. Which Microsoft Purview capability should the administrator open first?
A compliance analyst at Contoso wants to understand what sensitive data is being referenced in interactions with Microsoft 365 Copilot and to see one consolidated place that surfaces AI-related data security risks along with actionable recommendations. Before diving into individual DLP alerts or eDiscovery searches, which Microsoft Purview capability should the analyst open first to get this organization-wide view of AI usage and associated data risks?
A compliance officer wants a purpose-built dashboard that summarizes how many Microsoft 365 Copilot interactions occurred across the organization, highlights which of those interactions referenced sensitive information, and surfaces recommended policies to reduce AI-related data risk. Which Microsoft Purview capability should the officer use to meet all of these needs in a single, AI-focused experience?
A compliance officer at a pharmaceutical company needs to detect when employees leaving the organization download unusually large volumes of research documents from SharePoint and OneDrive during their final weeks. The solution must correlate this activity with the employee's resignation status from HR and generate risk-scored alerts for investigation. Which Microsoft Purview solution should the officer configure?
A compliance officer at a financial services firm needs to detect when employees paste inappropriate or harassing language into Microsoft Teams chats and emails, so the content can be flagged and reviewed by a designated reviewer group. Which Microsoft Purview solution is specifically designed to detect and remediate these types of communication policy violations?
A compliance officer at a financial services firm wants to strengthen Insider Risk Management investigations. When a high-risk user triggers a data exfiltration alert, the officer needs to see visual capture of the user's device activity (such as screen recordings of what happened during risky actions) to provide evidentiary context for the investigation. Which Microsoft Purview Insider Risk Management capability should be enabled to meet this requirement?
A compliance analyst at a manufacturing company wants to understand the level of potential insider risk activity across the organization before committing to creating specific Insider Risk Management policies. They need aggregated, de-identified insights to justify which policy types to configure without immediately naming individual users. Which Insider Risk Management capability should they use first?
A compliance analyst at a financial services firm receives a Microsoft Purview Insider Risk Management alert indicating that a user copied a large number of files containing customer account data to a personal USB device. Before taking action, the analyst needs to review the sequence of activities, associated risk score, and supporting evidence for this specific user without exposing the user's identity to unauthorized reviewers. Which Insider Risk Management capability should the analyst use?
A compliance analyst wants Microsoft Purview to automatically increase the strictness of Data Loss Prevention enforcement for individual users based on their evolving risk level — for example, blocking data sharing for a user who has recently accumulated risky activity while keeping normal DLP behavior for everyone else. Which Purview capability provides this dynamic, risk-based enforcement?
More AB-900 practice
Keep going with the other Microsoft 365 Copilot and Agent Administration Fundamentals domains, or take a full timed mock exam.
← Back to AB-900 overview