🔥 3-day streak
Microsoft Cybersecurity Architect Expert122 / 158
Question 122 of 158

A multinational insurer must comply simultaneously with GDPR, PCI DSS, and a new regional data-residency law. The compliance team hands the security architect a list of legal obligations expressed in regulatory language. The architect must design a repeatable process that translates these obligations into concrete, testable technical and administrative controls, tracks implementation status across Microsoft 365 and Azure, and provides evidence for auditors — without manually reinventing control mappings for each overlapping regulation. Which approach best meets this requirement?

Reviewed for accuracy · Report an issueNext question