Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC - 900 Microsoft Security, Compliance, and Identity Fundamentals > Describe the eDiscovery and audit capabilities of Microsoft Purview > Flashcards

Describe the eDiscovery and audit capabilities of Microsoft Purview Flashcards

1
Q

Microsoft Purview eDiscovery solutions

A
  • Electronic discovery (eDiscovery) is the process of identifying and delivering electronic information as evidence in legal cases.
  • Microsoft Purview provides three eDiscovery solutions: Content Search, eDiscovery (Standard), and eDiscovery (Premium).

Content Search allows searching for content across Microsoft 365 data sources and exporting the search results.

eDiscovery (Standard) enhances Content Search by enabling the creation of eDiscovery cases, assigning eDiscovery managers, associating searches and exports with cases, and placing eDiscovery holds on relevant content locations.

eDiscovery (Premium) offers an end-to-end workflow for comprehensive investigations, including identifying, preserving, collecting, reviewing, analysing, and exporting content.

  • eDiscovery (Premium) includes features such as managing custodians, collecting data into review sets, applying filters and tags, leveraging analytics and machine learning-based predictive coding models, and narrowing the investigation to the most relevant content.
  • Microsoft Purview eDiscovery solutions support searching and exporting content from various Microsoft 365 data sources, including Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer teams.
  • eDiscovery cases in Microsoft Purview allow for the identification, holding, and exporting of content found in mailboxes and sites, facilitating legal and compliance requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Microsoft Purview auditing solutions

A
  • Auditing solutions in Microsoft Purview help organizations respond to security events, forensic investigations, internal investigations, and compliance obligations.
  • The unified audit log in Microsoft 365 captures and retains thousands of user and admin operations across multiple services and solutions.
  • Audit records are searchable by security ops, IT admins, insider risk teams, and compliance and legal investigators, providing visibility into activities performed in Microsoft 365.
  • Microsoft Purview offers two auditing solutions: Audit (Standard) and Audit (Premium).
  • Audit (Standard) is enabled by default and allows logging and searching for audited activities in most Microsoft 365 services. Records are retained for 90 days.
  • Audit (Premium) builds on Audit (Standard) by providing longer retention of audit records, audit log retention policies, and access to high-value crucial events for security and compliance investigations.
  • The Office 365 Management Activity API can be used to retrieve audit records and export them for further analysis in tools like Microsoft Excel.
  • There may be a delay of 30 minutes to 24 hours for audit log records to appear in search results.
  • Licensing for Audit (Standard) or Audit (Premium) requires the appropriate organization-level subscription and per-user licensing.
  • Admins and investigation team members need to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A new admin has joined the compliance team and needs access to eDiscovery (Standard) to be able to add and remove members, create and edit searches, and export content from a case. To which role should the admin be assigned?

A. Add them as a member of the eDiscovery Manager role group.

B. Add them as a member of the eDiscovery review role.

C. Add them as a member of the eDiscovery custodian role.

A

A. Add them as a member of the eDiscovery Manager role group.

Members of this role group can create and manage eDiscovery cases. They can also add and remove members, place an eDiscovery hold on users, create and edit searches, and export content from an eDiscovery case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The compliance admin team needs to be able to collect and copy data into review sets and to be able filter, search, and tag content, which solution can best address their needs?

A. Audit (Standard).

B. Search

C. eDiscovery (Premium).

A

C. eDiscovery (Premium).

The eDiscovery (Premium) solution allows you to collect and copy data into review sets, where you can filter, search, and tag content so you can identify and focus on content that’s most relevant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The compliance team needs to preserve the records for high-value crucial events that can help the organization investigate possible security or compliance breaches and determine the scope of compromise. Which solution can best address that need?

A. Audit (Premium).

B. Search.

C. eDiscovery (Standard).

A

A. Audit (Premium).

Audit (Premium) helps organizations to conduct forensic and compliance investigations by providing access to these crucial events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SC - 900 Microsoft Security, Compliance, and Identity Fundamentals (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions