Describe the capabilities of Microsoft compliance solutions
Drill 20 practice questions focused entirely on Describe the capabilities of Microsoft compliance solutions for the Microsoft SC-900 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A compliance investigator at a healthcare organization needs to determine which administrator accessed a specific patient's mailbox, when files were downloaded from SharePoint, and whether any user changed a retention policy over the past 90 days. Which Microsoft Purview capability should the investigator use to retrieve this record of user and administrator activities?
A security analyst at your organization needs to search through user and admin activity logs from Exchange, SharePoint, and Microsoft Entra ID to investigate a suspected incident. The organization currently uses Microsoft Purview Audit (Standard). Which statement correctly describes what Audit (Standard) provides in this situation?
A compliance officer at a healthcare organization needs to measure how well the company's Microsoft 365 environment aligns with the HIPAA/HITECH regulation. They want a prebuilt set of controls and recommended actions specific to that regulation, rather than starting from a blank template. Which Microsoft Purview Compliance Manager feature should they use?
A compliance officer wants a single dashboard in Microsoft Purview that measures their organization's progress against regulatory requirements like GDPR, provides prebuilt assessment templates, and lists recommended improvement actions that raise a numeric score as they are completed. Which capability should they use?
A compliance officer at a healthcare company wants a single dashboard that shows their organization's current compliance posture as a numeric value, so leadership can quickly gauge risk at a glance and track progress over time. Which Microsoft Purview Compliance Manager feature provides this at-a-glance measurement of how well the organization is meeting compliance requirements?
A compliance officer opens Microsoft Purview Compliance Manager for the first time and wants a single numeric indicator that summarizes the organization's overall progress toward meeting data protection and regulatory requirements. Which element provides this at-a-glance measurement?
A compliance analyst at a healthcare company needs to see exactly where sensitive information such as patient health records currently resides across SharePoint, OneDrive, and Exchange, and view the actual items that have been classified with sensitivity labels or sensitive info types. Which Microsoft Purview Information Protection capability should the analyst use?
A compliance analyst at a healthcare organization needs to review the specific actions users have taken with labeled content over the past week—such as when files were relabeled, downloaded, or shared—to understand how sensitive data is being handled. Which Microsoft Purview data classification tool should the analyst use?
A financial services company wants to automatically govern the lifecycle of business documents in Microsoft 365 — keeping content for a required period, then either deleting it or triggering a disposition review at the end of its useful life. They are researching which Microsoft Purview capability addresses this need. Which capability should they use?
A manufacturing company is concerned that employees may copy files containing confidential product designs from their corporate Windows laptops onto USB flash drives. The security team wants to detect and block these copy actions on the physical devices themselves, without relying on email or cloud upload scanning. Which Microsoft Purview capability should they configure?
A compliance administrator at a healthcare company wants to prevent employees from sharing documents that contain patient health identifiers across Exchange email, SharePoint sites, OneDrive accounts, and Teams chats. They want to manage these protections centrally rather than configuring each service separately. Which Microsoft Purview capability should they use?
A company wants to reduce accidental sharing of confidential documents in Microsoft Teams and SharePoint. They ask for a solution that automatically detects when a document containing sensitive information is being shared externally and shows the user a warning message explaining the risk before the action completes. Which Microsoft Purview capability provides this behavior?
A financial services company notices that employees occasionally paste customer credit card numbers into outbound emails. Compliance wants an automated control that inspects messages and blocks or restricts sharing of this sensitive content across Exchange, SharePoint, and Teams. Which Microsoft Purview capability should they implement?
A company's legal team is preparing for a lawsuit and needs a tool in Microsoft Purview that lets them identify, hold, collect, and analyze relevant content across Exchange mailboxes, SharePoint, and Teams so the material can be produced as evidence. Which Purview solution should they use?
A company's legal team is preparing for pending litigation. They need to identify, preserve, and collect relevant email and document content from specific custodians across Microsoft 365, and then review and export that content for outside counsel. Which Microsoft Purview solution should they use?
A company's HR team notifies the security group that an employee has submitted their resignation. Management is concerned that during their remaining weeks, the employee may download and exfiltrate confidential product designs. The compliance team wants a solution that correlates HR data (such as resignation dates) with user activity signals to detect potentially risky behavior like abnormal file downloads before the employee leaves. Which Microsoft Purview capability should they use?
A security team wants to detect risky behavioral patterns across an organization — such as an employee who suddenly downloads unusual volumes of data, disables security controls, and browses sensitive SharePoint sites in an abnormal way — and correlate those signals into a risk score for investigation. Which Microsoft Purview capability is designed for this purpose?
A newly hired compliance administrator needs a single, unified web-based location to configure sensitivity labels, review data loss prevention alerts, manage retention policies, and access Compliance Manager. Which tool should they use?
A privacy officer at a healthcare company is reviewing how Microsoft handles the organization's data stored in Microsoft 365. She wants to confirm which Microsoft privacy principle assures the company that it retains ownership of its data and can access, control, and delete that data at any time. Which principle addresses this concern?
A marketing team lead is concerned that data stored in the organization's Microsoft 365 environment might be scanned by Microsoft and used to target advertisements to employees. Which Microsoft privacy principle directly addresses this concern?
More SC-900 practice
Keep going with the other Microsoft Security, Compliance, and Identity Fundamentals domains, or take a full timed mock exam.
← Back to SC-900 overview