Describe the data compliance solutions of Microsoft Purview

Question 1

An employee is suspected of sending sensitive infos to a key competitor.
You need to preserve the evidence of the activity.
What should you do?

Answer 1

A legal hold in the mailbox
In Purview, eDiscovery has an hold feature.
It can apply to a mailbox and will retain all changes, including deletions.

Question 2

For what a Data Loss Prevention (DLP) Policy can be used?

Answer 2

A DLP Policy can be used to identify sensitive info used in M365 apps and it can be set up to prevent that info from being shared.

Question 3

Define Digital signature

Answer 3

Digital signatures ensure that unauthorized data modifications can be detected.
It uses digital certificates in outlook: if the email has been modified in transit, the signature will be invalid

BUT
* it doesn’t encrypt data in email (that’s S/MIME protocol)
* it doesn’t ensure data can be recovered if accidentally deleted

Question 4

——–helps customers with compliance by displaying controls for a given standard, starting with templates.
However it doesn’t guarantee compliance

Answer 4

Compliance Manager

Question 5

What does Microsoft Purview Insider Risk Management correlate to identify potential risks?

Answer 5

Various signals to identify potential malicious or inadvertent insider risks such as IP theft, data leakage, and security violations.

Insider risks can be both intentional and unintentional actions that compromise security.

Question 6

What does insider risk management enable customers to create?

Answer 6

Policies to manage security and compliance.

These policies help organizations tailor their risk management strategies.

Question 7

What is a key design principle of Microsoft Purview Insider Risk Management?

Answer 7

Built with privacy by design.

This means that privacy considerations are integrated into the system from the outset.

Question 8

How are users treated in Microsoft Purview Insider Risk Management regarding privacy?

Answer 8

Users are pseudonymized by default.

Pseudonymization helps protect user identities while managing risks.

Question 9

What access controls are in place to ensure user-level privacy?

Answer 9

Role-based access controls and audit logs.
These measures help restrict data access and track user interactions.

Question 10

What is the primary function of Microsoft Purview Insider Risk Management?

Answer 10

To help minimize internal risks by detecting, investigating, and acting on malicious and inadvertent activities.

This involves monitoring user behavior to identify potential threats.

Question 11

What do insider risk policies allow organizations to define?

Answer 11

The types of risks to identify and detect in their organization.

This customization is crucial for addressing specific organizational needs.

Question 12

What can be done with cases identified by insider risk policies?

Answer 12

Acting on cases and escalating cases to Microsoft eDiscovery (Premium) if needed.
Escalation ensures that serious cases receive appropriate attention.

Question 13

When you create a new insider risk policy with the policy workflow, what are the policy templates available?

Answer 13

• Data theft by departing users: works with indicators and info from HR connector
• Data leaks
• Data leaks by risky users: to detect when a potentially stressed user has unadvertenly or maliciously contravened security protocols. Works with combined indicators from Defender for endpoint with HR connector
• Security policy violations: to determine when a user has installed malware or disabled security feature on its device. Leverages MS Defender for endpoint to determine

Question 14

What does eDiscovery allow you to search for?

Answer 14

Content stored in Exchange mailboxes, OneDrive accounts, SharePoint sites, Microsoft Teams, Microsoft 365 Groups, and Viva Engage Teams

Question 15

What is the purpose of exporting search results in eDiscovery?

Answer 15

To copy items from their original content location and package them for download to a local computer

Question 16

What does placing content locations on hold accomplish?

Answer 16

Preserves content relevant to an investigation and secures it from deletion

Question 17

What is a review set in eDiscovery?

Answer 17

A secure Azure Storage location in the Microsoft cloud for collecting and analyzing data

Question 18

What can you do with the items in a review set?

Answer 18

Search, filter, tag, analyze, and predict relevancy using predictive coding models

Question 19

What functionality does Optical Character Recognition (OCR) provide in a review set?

Answer 19

Extracts text from images and includes it with the content added to a review set

Question 20

What is the benefit of conversation threading in eDiscovery?

Answer 20

Allows collection of entire conversation threads for context during review

Question 21

True or False: eDiscovery allows for the deletion of content during an investigation.

Answer 21

False

Question 22

Fill in the blank: A review set provides a _______ set of content that can be analyzed.

Answer 22

[static, known]

Question 23

What is Microsoft Purview Data Lifecycle Management?

(formerly Microsoft Information Governance)

Answer 23

tools and capabilities to retain the content that you need to keep, and delete the content that you don’t.

Question 24

What are Microsoft Purview Data Lifecycle Management features?

Answer 24

Retention policies are the cornerstone for data lifecycle management. Use these policies for Microsoft 365 workloads that include Exchange, SharePoint, OneDrive, Teams, and Viva Engage.

• Configure whether content for these services needs to be retained indefinitely, or for a specific period if users edit or delete it.
• Or you can configure the policy to automatically permanently delete the content after a specified period if it’s not already deleted.
• You can also combine these two actions for retain and then delete, which is a very typical configuration. For example, retain email for three years and then delete it.

When you configure a retention policy, you can target all instances in your organization (such as all mailboxes and all SharePoint sites), or individual instances (such as only the mailboxes for specific departments or regions, or just selected SharePoint sites).

If you need exceptions for individual emails or documents, such as a longer retention period for legal documents, you do this with retention labels that you publish to apps so that users can apply them, or automatically apply them by inspecting the content.

Retention labels are also used with Adaptive Protection, if you’re using this solution with insider risk management. In this case, the retention label and auto-apply policy is automatically created for you.

Other data lifecycle management capabilities to help you keep what you need and delete what you don’t:
* Mailbox archiving to provide users with additional mailbox storage space, and auto-expanding archiving for mailboxes that need more than 100 GB storage. A default archiving policy automatically moves email to the archive mailbox, and if required, you can customize this policy.
* Inactive mailboxes that retain mailbox content after employees leave the organization.

Question 25

What's the difference between Azure Information Protection and Azure Rights Management?

Answer 25

Azure Information Protection (AIP) provides classification, labeling, and protection for an organization's documents and emails. Content is protected using the Azure Rights Management service, which is now a component of AIP.

Question 26

What's the difference between Azure Information Protection and Microsoft Purview Information Protection?

Answer 26

Unlike Azure Information Protection, Microsoft Purview Information Protection isn't a subscription or product that you can buy. Instead, it's a framework for products and integrated capabilities that help you protect your organization's sensitive information. Microsoft Purview Information Protection products include: - Azure Information Protection - Microsoft 365 Information Protection, such as Microsoft 365 DLP - Windows Information Protection - Microsoft Defender for Cloud Apps Microsoft Purview Information Protection capabilities include: - Unified label management - End-user labeling experiences built into Office apps - The ability for Windows to understand unified labels and apply protection to data - The Microsoft Information Protection SDK - Functionality in Adobe Acrobat Reader to view labeled and protected PDFs

Question 27

What is Azure Information Protection?

Answer 27

Azure Information Protection (AIP) provides the encryption service, Azure Rights Management, that's used by Microsoft Purview Information Protection and the following capabilities: - Sensitivity labels - Microsoft Purview Information Protection client - Microsoft Purview Information Protection scanner - Microsoft Information Protection SDK

Question 28

What is Azure Rights Management?

Answer 28

Azure Rights Management (Azure RMS) is the cloud-based protection technology used by Azure Information Protection. Azure RMS helps to protect files and emails across multiple devices, including phones, tablets, and PCs by using encryption, identity, and authorization policies. For example, when employees email a document to a partner company, or save a document to their cloud drive, Azure RMS's persistent protection helps secure the data. Protection settings remain with your data, even when it leaves your organization's boundaries, keeping your content protected both within and outside your organization. Azure RMS may be legally required for compliance, legal discovery requirements, or best practices for information management. Azure RMS ensures that authorized people and services, such as search and indexing, can continue to read and inspect the protected data. Ensuring ongoing access for authorized people and services, also known as "reasoning over data", is a crucial element in maintaining control of your organization's data. This capability may not be easily accomplished with other information protection solutions that use peer-to-peer encryption.

Question 29

What role do sensitivity labels play in data protection?

Answer 29

Sensitivity labels safeguard sensitive content, offering multiple layers of protection.

Question 30

How do sensitivity labels enforce security measures?

Answer 30

Once defined and applied, they automatically enforce necessary security measures to protect data.

Question 31

What is one key feature of sensitivity labels related to file encryption?

Answer 31

They can automatically apply encryption to sensitive files and emails.

Question 32

What does encryption ensure regarding sensitive content?

Answer 32

Only authorized users with decryption keys can access the content.

Question 33

What is the purpose of access control in sensitivity labels?

Answer 33

To restrict access to sensitive data, controlling who can view, edit, or share specific content.

Question 34

Fill in the blank: A file labeled as 'Confidential' might only be accessible to a _______.

Answer 34

[select group of employees]

Question 35

What visual markings can sensitivity labels add to documents?

Answer 35

Watermarks, headers, or footers.

Question 36

Why are visual markings important in document management?

Answer 36

They provide a visible indication of the content’s sensitivity level.

Question 37

True or False: Sensitivity labels do not help users identify how to handle documents.

Answer 37

False

Question 38

What risk do sensitivity labels help reduce?

Answer 38

The risk of unintentional misuse of documents.

Question 39

What is records management?

Answer 39

Records management takes retention a step further by applying advanced controls to business-critical or legally required records.

Question 40

What does immutability mean in the context of records management?

Answer 40

Immutability means records can't be altered once classified as records, ensuring legal and regulatory compliance.

Question 41

What is the purpose of understanding the records management solution?

Answer 41

To leverage advanced retention capabilities designed for content that must be preserved as records.

Question 42

What is a file plan in records management?

Answer 42

A file plan helps organize your retention schedules by categorizing records based on their type and retention requirements.

Question 43

How does a file plan function in records management?

Answer 43

It acts as a roadmap for governing specific sets of content across your organization.

Question 44

What are retention labels?

Answer 44

Retention labels classify content as a record and apply the appropriate retention rules.

Question 45

What is the role of retention labels in records management?

Answer 45

They ensure that content is retained according to your file plan and that records are protected against deletion or modification.

Question 46

What happens once records reach the end of their retention period?

Answer 46

The system can be configured to automatically delete or review the content for disposition.

Question 47

Why is managing the permanent deletion of data important?

Answer 47

It helps maintain compliance by ensuring no records are kept beyond their required retention.

Question 48

What is awarded when you complete the requirements for implementation of an improvement action?

Answer 48

Points

Question 49

How often is the action status updated on your dashboard after a change?

Answer 49

Within 24 hours

Question 50

What happens to the control status after following a recommendation to implement a control?

Answer 50

Updated the next day

Question 51

How are points awarded for actions that appear in multiple assessments?

Answer 51

Per action per assessment

Question 52

What is the exception for technical actions scoped to your tenant regarding points?

Answer 52

Points are granted once per action

Question 53

What is the basis for calculating an improvement action's overall score?

Answer 53

Average of scores received by its subscriptions

Question 54

What affects the score of each subscription?

Answer 54

Status of the relevant virtual resources

Question 55

What determines the score value assigned to actions?

Answer 55

Whether they’re mandatory or discretionary, and whether they’re preventative, detective, or corrective

Question 56

What are mandatory actions?

Answer 56

Actions that can't be bypassed

Question 57

Give an example of a mandatory action.

Answer 57

Centrally managed password policy

Question 58

What are discretionary actions?

Answer 58

Actions that rely on users to understand and adhere to a policy

Question 59

Give an example of a discretionary action.

Answer 59

Locking computer when unattended

Question 60

What do preventative actions address?

Answer 60

Specific risks

Question 61

Give an example of a preventative action.

Answer 61

Protecting information at rest using encryption

Question 62

What do detective actions do?

Answer 62

Actively monitor systems to identify irregular conditions or behaviors

Question 63

Give an example of a detective action.

Answer 63

System access auditing

Question 64

What do corrective actions aim to do?

Answer 64

Minimize adverse effects of a security incident

Question 65

Give an example of a corrective action.

Answer 65

Privacy incident response

Question 66

What does each action have assigned in Compliance Manager?

Answer 66

A value based on the risk it represents

Question 67

What is the workflow in Purview communication compliance?

Answer 67

- configure - investigate - remediate - monitor

Question 68

What does the Compliance Manager dashboard display?

Answer 68

Your overall compliance score ## Footnote This score measures progress in completing recommended improvement actions within controls.

Question 69

What does the overall compliance score help you understand?

Answer 69

Your current compliance posture ## Footnote It can also help prioritize actions based on their potential to reduce risk.

Question 70

What is the basis for assigning a score value to improvement actions?

Answer 70

The potential risk involved ## Footnote Each action has a different impact on your score.

Question 71

How is the assessment score calculated?

Answer 71

Using improvement action scores ## Footnote Each Microsoft action and each improvement action managed by your organization is counted once.

Question 72

How is the overall compliance score calculated?

Answer 72

Using improvement action scores ## Footnote Each Microsoft action, technical action, and nontechnical action managed is counted once.

Question 73

What can cause your overall compliance score to differ from the average of your assessment scores?

Answer 73

The logic used to count actions ## Footnote Each action is counted once to provide accurate accounting of implementation and testing.

Question 74

Fill in the blank: The Compliance Manager dashboard measures your progress in completing recommended _______.

Answer 74

improvement actions

Question 75

True or False: Each improvement action is counted multiple times in the compliance score calculation.

Answer 75

False ## Footnote Each action is counted once to ensure accurate scoring.

Question 76

The initial score in Compliance Manager is based on..............

Answer 76

**MS 365 data protection baseline,** which is a set of controls including key regulations and standards for data protection

Question 77

**TRUE OR FALSE** Sensitivity label can be used to encrypt documents to prevent unauthorized access to information?

Answer 77

TRUE

Question 78

Are sensitivity labels visible for all users?

Answer 78

**No** They are not visible in apps to guests and users from other orgs

Question 79

**TRUE OR FALSE** Sentivity labels can be used to protect meeting and chats in MS Teams

Answer 79

**TRUE** Teams admins can use sensitivity labels to protect meetings and chats to safeguard sensitive content created inside Teams

Question 80

In compliance manager what is a control?

Answer 80

A control defines how system configurations are managed ## Footnote Compliance score is calculated on 3 control categories: MS managed controls, customer managed control, shared controls

Question 81

In compliance manager, what is an assessment?

Answer 81

An assessment defines actions that are required to meet the requirements of a standard

Question 82

In compliance manager, what is a group?

Answer 82

A group organizes assessments by standard or service. They make locating assessments easier. You can group assessments by chosen attributes: by team, year, standard...

Question 83

In compliance manager, what are templates?

Answer 83

Templates are preconfigured assessments