Free SC-900 Capabilities of Microsoft Purview Insider Risk Management Questions and Answers

Question 1

What is the primary purpose of Microsoft Purview Insider Risk Management?

Accepted Answer

To detect, investigate, and act on risky activities by users within the organization.

Answer

To block external phishing attacks targeting the organization.

Answer

To manage device compliance and enforce configuration policies on endpoints.

Answer

To discover, classify, and apply sensitivity labels to data at rest.

Question 2

Which of the following is a key prerequisite for enabling and using Microsoft Purview Insider Risk Management?

Accepted Answer

A Microsoft 365 E5 license or an equivalent add-on.

Answer

A Microsoft 365 E3 license.

Answer

An Azure Active Directory Premium P1 license.

Answer

A standalone Microsoft Defender for Endpoint P1 license.

Question 3

An administrator wants to create a policy to detect potential data theft by employees who have recently resigned. How can this be accomplished in Insider Risk Management?

Accepted Answer

By using a pre-configured policy template for departing users.

Answer

By manually reviewing the audit logs for every departing user.

Answer

By creating a custom alert rule in Microsoft Defender for Cloud.

Answer

By configuring a mail flow rule in Exchange Online.

Question 4

What is the purpose of the 'anonymization' feature within the Insider Risk Management console?

Accepted Answer

To hide the real names of users associated with alerts to protect their privacy during investigation.

Answer

To permanently delete all user-identifiable information from alerts.

Answer

To encrypt alert details so only specific investigators can view them.

Answer

To automatically assign alerts to investigators using a randomized algorithm.

Question 5

Insider Risk Management relies on signals from various sources to detect risky behavior. Which service is the primary source for user activity signals like 'File downloaded' or 'File shared externally'?

Accepted Answer

Microsoft 365 unified audit log

Answer

Microsoft Intune device compliance reports

Answer

Microsoft Defender for Identity security alerts

Answer

Azure Active Directory sign-in logs

Question 6

When an Insider Risk Management policy generates a high-severity alert, what is the typical next step in the built-in workflow?

Accepted Answer

The alert is triaged, and an investigator can create a case for deeper analysis.

Answer

The user's account is automatically suspended.

Answer

The policy that generated the alert is automatically disabled.

Answer

An email notification is sent directly to the user who triggered the alert.