Topic 1: Contoso, Ltd Case Study 1
You need to meet the retention requirement for the users' Microsoft 365 data. What is the minimum number of retention policies required to achieve the goal?
A. 1
B. 2
C. 3
D. 4
E. 6
Explanation:
The requirement states that all Microsoft 365 data for users must be retained for at least
one year. In Microsoft 365, retention policies must be configured for each type of data
storage.
Step 1: Identifying Where Data is Stored
From the case study, users store data in the following locations:
SharePoint Online sites
OneDrive accounts
Exchange email
Exchange public folders
Teams chats
Teams channel messages
Since these locations fall under two broad categories:
Microsoft Exchange data (Emails, Public folders)
SharePoint, OneDrive, and Teams data
Step 2: Required Retention Policies
1. A single retention policy can cover:
SharePoint Online
OneDrive
Microsoft Teams
2. A second retention policy is required for:
Exchange (Emails & Public Folders)
Thus, the minimum number of retention policies required to meet the requirement is 2.
Microsoft 365 retention policies can be applied broadly across multiple services with just
two policies:
One for Exchange & Public Folders
One for SharePoint, OneDrive, and Teams
There's no need for separate policies for each individual workload unless different retention
durations are required, which is not stated in the requirement.
You need to meet the technical requirements for the Site1 documents. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to meet the technical requirements for the creation of the sensitivity labels. To which user or users must you assign the Sensitivity Label Administrator role?
A. Admin1 only
B. Admin1 and Admin4 only
C. Admin1 and Admin5 only
D. Admin1, Admin2, and Admin3 only
E. Admin1, Admin2, Admin4, and Admin5 only
HOTSPOT
You are reviewing policies for the SharePoint Online environment.
For each of the following statements, select Yes if the statement is true. Otherwise, select
No.
NOTE: Each correct selection is worth one point.
HOTSPOT
How many files in Site2 can User1 and User2 access after you turn on DLPpolicy1? To
answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
HOTSPOT
You need to meet the technical requirements for the confidential documents.
What should you create first, and what should you use for the detection method? To
answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 tenant that has devices onboarded to Microsoft Defender for Endpoint as shown in the following table.
A. Device1 only
B. Device1 and Device2 only
C. Device1 and Device4 only
D. Device1, Device2, and Device4 only
E. Device1, Device2, Device3, and Device4
Explanation:
Microsoft 365 Endpoint data loss prevention (Endpoint DLP) is supported only on Windows
10 and Windows 11 devices. It does not support macOS or iOS at this time.
From the provided table:
Device1 (Windows 11) - Supported
Device2 (Windows 10) - Supported
Device3 (iOS) - Not supported
Device4 (macOS) - Not supported
Thus, only Device1 and Device2 support Endpoint DLP.
You have a Microsoft 365 tenant.
You have a database that stores customer details. Each customer has a unique 13-digit
identifier that consists of a fixed pattern of numbers and letters.
You need to implement a data loss prevention (DLP) solution that meets the following requirements:
Email messages that contain a single customer identifier can be sent outside your
company.
Email messages that contain two or more customer identifiers must be approved by the
company's data privacy team.
Which two components should you include in the solution? Each correct answer presents
part of the solution.
NOTE: Each correct selection is worth one point.
A. a sensitivity label
B. a sensitive information type
C. a DLP policy
D. a retention label
E. a mail flow rule
Explanation:
You need to define a custom sensitive information type that recognizes the unique 13-digit
identifier format for customer records. Microsoft Purview DLP policies use these types to
identify and protect sensitive data.
A Data Loss Prevention (DLP) policy is required to enforce the rules. It will allow emails
with a single identifier but trigger an approval workflow when two or more identifiers are
detected.
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the device configurations shown in
the following table.
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following
table.
You have a Microsoft 365 E5 subscription that contains three DOCX files named File1, File2, and File3.
Your company has a Microsoft 365 tenant.
The company performs annual employee assessments. The assessment results are
recorded in a document named AssessmentTemplate.docx that is created by using a
Microsoft Word template. Copies of the employee assessments are sent to employees and
their managers.
The assessment copies are stored in mailboxes, Microsoft SharePoint Online sites, and
OneDrive folders. A copy of each assessment is also stored in a SharePoint Online folder
named Assessments.
You need to create a data loss prevention (DLP) policy that prevents the employee
assessments from being emailed to external users. You will use a document fingerprint to
identify the assessment documents. The solution must minimize effort.
What should you include in the solution?
A. Create a fingerprint of AssessmentTemplate.docx.
B. Create a sensitive info type that uses Exact Data Match (EDM).
C. Import 100 sample documents from the Assessments folder to a seed folder.
D. Create a fingerprint of 100 sample documents in the Assessments folder.
Explanation:
Since all employee assessments follow a specific template (AssessmentTemplate.docx),
the best way to identify these documents for Data Loss Prevention (DLP) is to create a
document fingerprint of that template.
Document fingerprinting allows Microsoft 365 DLP policies to recognize documents based
on their structure and format, even when content inside varies (such as different employee
names and results). By creating a fingerprint of AssessmentTemplate.docx, any copy
derived from that template will be automatically detected by the DLP policy and blocked
from being emailed externally.
Steps to implement:
| Page 1 out of 6 Pages |