Microsoft Security, Compliance, and Identity Fundamentals · Domain 4 · 22% of exam

Describe the capabilities of Microsoft compliance solutions

Drill 20 practice questions focused entirely on Describe the capabilities of Microsoft compliance solutions for the Microsoft SC-900 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

A compliance investigator at a healthcare organization needs to determine which administrator accessed a specific patient's mailbox, when files were downloaded from SharePoint, and whether any user changed a retention policy over the past 90 days. Which Microsoft Purview capability should the investigator use to retrieve this record of user and administrator activities?

Reviewed for accuracy · Report an issue
Question 2 of 20

A security analyst at your organization needs to search through user and admin activity logs from Exchange, SharePoint, and Microsoft Entra ID to investigate a suspected incident. The organization currently uses Microsoft Purview Audit (Standard). Which statement correctly describes what Audit (Standard) provides in this situation?

Reviewed for accuracy · Report an issue
Question 3 of 20

A compliance officer at a healthcare organization needs to measure how well the company's Microsoft 365 environment aligns with the HIPAA/HITECH regulation. They want a prebuilt set of controls and recommended actions specific to that regulation, rather than starting from a blank template. Which Microsoft Purview Compliance Manager feature should they use?

Reviewed for accuracy · Report an issue
Question 4 of 20

A compliance officer wants a single dashboard in Microsoft Purview that measures their organization's progress against regulatory requirements like GDPR, provides prebuilt assessment templates, and lists recommended improvement actions that raise a numeric score as they are completed. Which capability should they use?

Reviewed for accuracy · Report an issue
Question 5 of 20

A compliance officer at a healthcare company wants a single dashboard that shows their organization's current compliance posture as a numeric value, so leadership can quickly gauge risk at a glance and track progress over time. Which Microsoft Purview Compliance Manager feature provides this at-a-glance measurement of how well the organization is meeting compliance requirements?

Reviewed for accuracy · Report an issue
Question 6 of 20

A compliance officer opens Microsoft Purview Compliance Manager for the first time and wants a single numeric indicator that summarizes the organization's overall progress toward meeting data protection and regulatory requirements. Which element provides this at-a-glance measurement?

Reviewed for accuracy · Report an issue
Question 7 of 20

A compliance analyst at a healthcare company needs to see exactly where sensitive information such as patient health records currently resides across SharePoint, OneDrive, and Exchange, and view the actual items that have been classified with sensitivity labels or sensitive info types. Which Microsoft Purview Information Protection capability should the analyst use?

Reviewed for accuracy · Report an issue
Question 8 of 20

A compliance analyst at a healthcare organization needs to review the specific actions users have taken with labeled content over the past week—such as when files were relabeled, downloaded, or shared—to understand how sensitive data is being handled. Which Microsoft Purview data classification tool should the analyst use?

Reviewed for accuracy · Report an issue
Question 9 of 20

A financial services company wants to automatically govern the lifecycle of business documents in Microsoft 365 — keeping content for a required period, then either deleting it or triggering a disposition review at the end of its useful life. They are researching which Microsoft Purview capability addresses this need. Which capability should they use?

Reviewed for accuracy · Report an issue
Question 10 of 20

A manufacturing company is concerned that employees may copy files containing confidential product designs from their corporate Windows laptops onto USB flash drives. The security team wants to detect and block these copy actions on the physical devices themselves, without relying on email or cloud upload scanning. Which Microsoft Purview capability should they configure?

Reviewed for accuracy · Report an issue
Question 11 of 20

A compliance administrator at a healthcare company wants to prevent employees from sharing documents that contain patient health identifiers across Exchange email, SharePoint sites, OneDrive accounts, and Teams chats. They want to manage these protections centrally rather than configuring each service separately. Which Microsoft Purview capability should they use?

Reviewed for accuracy · Report an issue
Question 12 of 20

A company wants to reduce accidental sharing of confidential documents in Microsoft Teams and SharePoint. They ask for a solution that automatically detects when a document containing sensitive information is being shared externally and shows the user a warning message explaining the risk before the action completes. Which Microsoft Purview capability provides this behavior?

Reviewed for accuracy · Report an issue
Question 13 of 20

A financial services company notices that employees occasionally paste customer credit card numbers into outbound emails. Compliance wants an automated control that inspects messages and blocks or restricts sharing of this sensitive content across Exchange, SharePoint, and Teams. Which Microsoft Purview capability should they implement?

Reviewed for accuracy · Report an issue
Question 14 of 20

A company's legal team is preparing for a lawsuit and needs a tool in Microsoft Purview that lets them identify, hold, collect, and analyze relevant content across Exchange mailboxes, SharePoint, and Teams so the material can be produced as evidence. Which Purview solution should they use?

Reviewed for accuracy · Report an issue
Question 15 of 20

A company's legal team is preparing for pending litigation. They need to identify, preserve, and collect relevant email and document content from specific custodians across Microsoft 365, and then review and export that content for outside counsel. Which Microsoft Purview solution should they use?

Reviewed for accuracy · Report an issue
Question 16 of 20

A company's HR team notifies the security group that an employee has submitted their resignation. Management is concerned that during their remaining weeks, the employee may download and exfiltrate confidential product designs. The compliance team wants a solution that correlates HR data (such as resignation dates) with user activity signals to detect potentially risky behavior like abnormal file downloads before the employee leaves. Which Microsoft Purview capability should they use?

Reviewed for accuracy · Report an issue
Question 17 of 20

A security team wants to detect risky behavioral patterns across an organization — such as an employee who suddenly downloads unusual volumes of data, disables security controls, and browses sensitive SharePoint sites in an abnormal way — and correlate those signals into a risk score for investigation. Which Microsoft Purview capability is designed for this purpose?

Reviewed for accuracy · Report an issue
Question 18 of 20

A newly hired compliance administrator needs a single, unified web-based location to configure sensitivity labels, review data loss prevention alerts, manage retention policies, and access Compliance Manager. Which tool should they use?

Reviewed for accuracy · Report an issue
Question 19 of 20

A privacy officer at a healthcare company is reviewing how Microsoft handles the organization's data stored in Microsoft 365. She wants to confirm which Microsoft privacy principle assures the company that it retains ownership of its data and can access, control, and delete that data at any time. Which principle addresses this concern?

Reviewed for accuracy · Report an issue
Question 20 of 20

A marketing team lead is concerned that data stored in the organization's Microsoft 365 environment might be scanned by Microsoft and used to target advertisements to employees. Which Microsoft privacy principle directly addresses this concern?

Reviewed for accuracy · Report an issue

More SC-900 practice

Keep going with the other Microsoft Security, Compliance, and Identity Fundamentals domains, or take a full timed mock exam.

← Back to SC-900 overview