FREE SC-900 Capabilities of Microsoft Purview Insider Risk Management Questions and Answers

Question 1

What is the primary purpose of Microsoft Purview Insider Risk Management?

Accepted Answer

To detect, investigate, and act on risky activities by users within the organization.

Answer

Insider Risk Management is designed to help organizations minimize internal risks by detecting, investigating, and acting on malicious and inadvertent activities by users. It leverages signals from various Microsoft 365 services to identify potential risks like data theft or security policy violations.

Question 2

Which of the following is a key prerequisite for enabling and using Microsoft Purview Insider Risk Management?

Accepted Answer

A Microsoft 365 E5 license or an equivalent add-on.

Answer

Microsoft Purview Insider Risk Management is a premium feature included in specific high-tier licenses. The Microsoft 365 E5 license (or the E5 Compliance / E5 Insider Risk Management add-ons) is required to access the advanced signals and capabilities needed for the service to function.

Question 3

An administrator wants to create a policy to detect potential data theft by employees who have recently resigned. How can this be accomplished in Insider Risk Management?

Accepted Answer

By using a pre-configured policy template for departing users.

Answer

Insider Risk Management provides several pre-configured policy templates for common risk scenarios, including 'Data theft by departing users'. These templates simplify setup by pre-selecting relevant indicators and triggers, such as connecting to the HR system for termination dates.

Question 4

What is the purpose of the 'anonymization' feature within the Insider Risk Management console?

Accepted Answer

To hide the real names of users associated with alerts to protect their privacy during investigation.

Answer

The anonymization feature is a crucial privacy control. It replaces usernames with pseudonyms (e.g., 'Anonymous user 123') in the alerts and cases, helping investigators focus on the risky activity itself without initial bias and protecting user privacy until a deeper investigation is warranted.

Question 5

Insider Risk Management relies on signals from various sources to detect risky behavior. Which service is the primary source for user activity signals like 'File downloaded' or 'File shared externally'?

Accepted Answer

Microsoft 365 unified audit log

Answer

Insider Risk Management is built upon the signals captured in the Microsoft 365 unified audit log. This log records a wide range of user and admin activities across services like SharePoint Online, OneDrive for Business, and Exchange Online, which are then analyzed to detect risky patterns.

SC-900 - Microsoft Certified: Security, Compliance, and Identity Fundamentals Certification Practice Test

SC-900 - Microsoft Certified: Security, Compliance, and Identity Fundamentals Certification Practice Test

FREE SC-900 Capabilities of Microsoft Purview Insider Risk Management Questions and Answers