Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

MS-102 > MS-102 Implement Compliance > Flashcards

MS-102 Implement Compliance Flashcards

(41 cards)

Start Studying
1
Q

Microsoft Purview Compliance Manager

A

uses a centralized dashboard to calculate a risk-based score, measuring an organization’s progress in completing actions that help reduce risks around data protection and regulatory standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Organizations can use sensitivity labels to:

A

Enforce message encryption

Enforce usage restrictions

Apply visual markings

Protect information across platforms and devices, on-premises and in the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Services that Retention policies can be applied to

A

Teams and Yammer messages
Exchange email
SharePoint sites
OneDrive accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Key elements of Compliance Manager

A

Controls, Assessments, Templates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Controls

A

a requirement of a regulation, standard, or policy. It defines how an organization assesses and manages system configuration, organizational process, and the people responsible for meeting a specific requirement of a regulation, standard, or policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Assessments

A

grouping of controls from a specific regulation, standard, or policy. Completing the actions within an assessment helps organizations meet the requirements of a standard, regulation, or law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When an organization comes to Compliance Manager for the first time, what is its initial score based on?

Microsoft 365 data protection baseline

A

the Microsoft 365 data protection baseline. This baseline assessment, which is available to all organizations, is a set of controls that includes common industry regulations and standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

to enable insider risk analytics:

A

In the Microsoft Purview compliance portal, select Insider risk management in the navigation pane.

Select Run scan on the Scan for insider risks in your organization card on the Insider risk management Overview tab. This action turns on analytics scanning for your organization. You can also turn on scanning in your organization by navigating to Insider risk settings, then Analytics and enabling the option titled: Scan your tenant’s user activity to identify potential insider risks.

On the Analytics details pane, select Run scan to start the scan for your organization. Analytics scan results may take up to 48 hours before insights are available as reports for review.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Insider risk management policies

A

define what triggering events and risk indicators an organization examines. These conditions include:

How alerts use risk indicators.
The users included in the policy.
The services the organization prioritized.
The monitoring time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following actions is considered the heart of the insider risk management workflow?

A

Creating a case,

This area is where risk activities, policy conditions, alerts details, and user details are synthesized into an integrated view for reviewers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Members of the following roles can assign users to Insider risk management role groups

A

Microsoft Entra Global Administrator
Microsoft Entra Compliance Administrator
Microsoft Purview compliance portal Organization Management
Microsoft Purview compliance portal Compliance Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Policy templates

A

Insider risk management templates are predefined policy conditions. Each template defines the types of risk indicators and risk scoring model the associated policy uses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How many policies does insider risk management support for each policy template?

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To create a new Insider risk management policy

A

In the Microsoft Purview compliance portal, select Insider risk management in the navigation pane.

On the Insider risk management page, select the Policies tab.

Select Create policy on the menu bar. This option opens the Policy wizard.

In the Policy wizard, on the Policy template page, choose a policy category and then select the template for the new policy. These templates consist of conditions and indicators that define the risk activities an organization wants to detect and investigate. Review the template prerequisites, triggering events, and detected activities to confirm this policy template fits your needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

To manually start scoring an activity for users in one or more Insider risk management policies

A

In the Microsoft Purview compliance portal, select Insider risk management on the navigation pane.

On the Insider risk management page, select the Policies tab.

On the policy dashboard, select the policy or policies you want to add users to.

Select Start scoring activity for users.

In the Reason field in the Add users to multiple policies pane, add a reason for adding the users.

In the This should last for (choose between 5 and 30 days) field, define the number of days to score the user’s activity for the policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To triage an insider risk alert,

A

In the Microsoft Purview compliance portal, select Insider risk management in the navigation pane.

On the Insider risk management page, select the Alerts tab.

On the Alerts dashboard, select the alert you want to triage.

On the Alert detail page, you can review information about the alert. You can:

Confirm the alert and create a new case.
Confirm the alert and add to an existing case.
Dismiss the alert.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Alert throttling

Study These Flashcards
A

Insider risk management uses built-in alert throttling to help protect and optimize an organization’s risk investigation and review experience. Throttling guards against issues that may result in an overload of policy alerts.

18
Q

To escalate a case to a user investigation:

Study These Flashcards
A

in the Microsoft Purview compliance portal, select Insider risk management on the navigation pane.

On the Insider risk management page, select the Cases tab.

On the Cases tab, select a case. Then select the Escalate for investigation button on the menu bar.

In the Escalate for investigation dialog box, enter a name for the new user investigation. If needed, enter notes about the case and select Escalate.
Review the notice fields and update as appropriate. The values entered here override the values on the template.

19
Q

Complete the following steps to resolve a case:

Study These Flashcards
A

In the Microsoft Purview compliance portal, select Insider risk management on the navigation pane.

On the Insider risk management page, select the Cases tab.

On the Cases tab, select a case. Then select the Resolve case button on the menu bar.

20
Q

Microsoft Purview Information Barriers (IB)

Study These Flashcards
A

a compliance solution that allows organizations to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint, and OneDrive.

21
Q

SharePoint, information barriers (IBs) can determine and prevent the following kinds of unauthorized collaborations:

Study These Flashcards
A

Adding a user to a site.
User access to a site or site content.
Sharing a site or site content with other users.

22
Q

What’s the maximum number of compatible segments that can be associated with a site?

23
Q

What happens if the segments associated with a user’s OneDrive don’t match the segment applied to the user?

Study These Flashcards
A

The user can’t access their OneDrive

24
Q
  1. How many segments can a user be in?
25
What does it mean when the information barrier mode for a SharePoint site is set to Open?
The SharePoint site doesn't have segments
26
DLP policy
can find and protect sensitive information across Microsoft 365. It doesn't matter where the data is located. You can apply DLP policies to data at rest, data in use, and data in motion
27
DLP policy in simulation mode
it's run as if it were being enforced, without any actual enforcement. All matched items and alerts are reported in a separate dashboard. This design makes it easy to see the impact of the policy before you enforce it by keeping all the simulation results separate from the results of policies that are being enforced.
28
A DLP policy contains one or more of which item?
Rules
29
Endpoint DLP
extends the activity monitoring and protection capabilities of DLP to sensitive items that users physically store on Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) devices.
30
Adaptive protection
uses machine learning to identify the most critical risks and proactively and dynamically apply protection controls from DLP and Conditional Access policies.
31
DLP Alerts Dashboard
Configure DLP alerts Review them Triage them Track their resolution
32
DLP Activity explorer
Use this tool to review activity related to content that contains sensitive information or has labels applied, such as what labels were changed, files were modified, and matched a rule.
33
Can you rename a DLP policy?
No
34
To give permissions to create DLP policies:
Create a Microsoft 365 group and add the company's compliance officers to it. Create a role group on the Permissions page of the Microsoft Purview compliance portal. While creating the role group, use the Choose Roles section to add the DLP Compliance Management role to the role group. Use the Choose Members section to add the Microsoft 365 group you created in step 1 to the role group.
35
Organizations can complete the following steps to create a DLP policy from a template:
Sign in to the Microsoft Purview compliance portal. In the Microsoft Purview compliance portal, select Data loss prevention in the navigation pane to expand this group. In the Data loss prevention group on the navigation pane, select Policies. On the Policies page, select +Create policy in the menu bar. The Create policy wizard begins. In the Create policy wizard, on the Start with a template or create a custom policy page, select the category. Doing so displays the list of templates for that category. Then select the template that protects the type of sensitive information that you need. A description of the template appears in the right-hand column. Read this description to verify you selected the correct template. Select Next. On the Name your DLP policy page, the name of the selected template appears in the Name field. You can use this template name as long as you didn't use it for a previous policy. Select Next. On the Choose locations to apply the policy page, determine the locations that you want the DLP policy to protect. Then either accept the default scope for each selected location or customize the scope. See the following examples:
36
Defining notifications occurs when you get to the step of defining the policy settings:
On the Define policy settings page, select the Create or customize advanced DLP rules option, and then select Next. On the Customize advanced DLP rules page, select +Create rule on the menu bar. On the Create rule page, enter a name for the rule in the Name field. Under the User notifications section, set the toggle switch to On. Setting this option to On enables two more options. Under the Endpoint devices section, you can select the option to Show users a policy tip notification when an activity is restricted. Under the Microsoft 365 services section, you can select an option to Notify users in Office 365 service with a policy tip.
37
Editing existing content triggers...
Policy tips but not email notifications
38
For each rule in a Microsoft Purview DLP policy, an organization can configure policy tips to:
Notify the person the content conflicts with a DLP policy. As such, they can take action to resolve the conflict. You can use the default text (see the following tables) or enter custom text about your organization's specific policies. Allow the person to override the DLP policy. You can optionally: Require the person to enter a business justification for overriding the policy . The system logs this information. You can view it in the DLP reports in the Reports section of the portal. Allow the person to report a false positive and override the DLP policy. The system also logs this information for reporting. You can use false positives to fine tune your rules.
39
Designing a DLP policy typically involves which of the following actions
Clearly define your business needs
40
When using a policy tip to override a rule, the option to override is per rule. As such, it overrides all the actions in the rule, with one exception. Which of the following actions is the one exception?
Sending a notification
41

MS-102 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions