MS-102 - Microsoft 365 Administrator Expert Configuring Information Protection Questions and Answers

Question 1

An organization needs to automatically apply a 'Confidential' sensitivity label to all documents stored in a specific SharePoint Online site. This label must encrypt the content and restrict access. What is the most direct method to configure this requirement in the Microsoft Purview compliance portal?

Accepted Answer

Create an auto-labeling policy that targets the specific SharePoint site location and applies the 'Confidential' label.

Answer

An auto-labeling policy is the correct tool to automatically find and apply a sensitivity label to content at rest in specific locations like a SharePoint site. [18] While a default label can be set on a library, an auto-labeling policy is more scalable and can be managed centrally for multiple sites or conditions. [3, 20] DLP policies are designed to prevent data exfiltration, not primarily for applying encryption labels to all content at rest. Manual application is not an automatic solution.

Question 2

A company wants to prevent employees from sharing documents containing EU Debit Card Numbers with anyone outside the organization via email. Which component is the fundamental building block used within a Data Loss Prevention (DLP) policy to detect this specific type of information?

Accepted Answer

A Sensitive Information Type (SIT)

Answer

Sensitive Information Types (SITs) are pattern-based classifiers designed to detect specific, well-defined data like credit card numbers, social security numbers, or in this case, EU Debit Card Numbers. [8, 14] DLP policies use SITs as conditions to identify sensitive content. [5] Trainable classifiers are for complex data types that aren't easily identified by patterns, retention labels manage data lifecycle, and adaptive scopes define the users/groups/sites a policy applies to.

Question 3

An administrator is configuring a 'Highly Confidential' sensitivity label. The requirement is that any email with this label applied must be encrypted and recipients must be prevented from forwarding, printing, or copying the content. Which setting within the sensitivity label configuration directly provides this 'Do Not Forward' functionality?

Accepted Answer

Encryption

Answer

The 'Do Not Forward' option is a pre-defined set of permissions available within the Encryption settings of a sensitivity label. [9, 23] When you configure encryption, you can assign permissions, and 'Do Not Forward' is a convenient option that restricts actions like forwarding, printing, and copying for all recipients. [25] Content marking applies visual headers/footers, auto-labeling is for automatic application, and site/group settings apply to containers, not email content directly.

Question 4

A financial services company needs to discover, classify, and apply protection to sensitive client files stored on a large on-premises Windows Server file share. The company has no immediate plans to migrate this data to Microsoft 365. Which Microsoft Purview tool should be deployed to meet this requirement?

Accepted Answer

Microsoft Purview Information Protection scanner

Answer

The Microsoft Purview Information Protection scanner is designed specifically to run on-premises to discover, classify, and protect files on local data stores like Windows Server file shares and on-premises SharePoint Servers. [2, 4, 6] It extends the same sensitivity labels and data classification capabilities used in the cloud to on-premises repositories. [7]

Question 5

You are configuring a Data Loss Prevention (DLP) policy to monitor for the sharing of project codenames. Your goal is to educate users without blocking their actions. When a user attempts to send an email containing a project codename, you want a small notification to appear in Outlook informing them of a potential policy violation. Which DLP policy setting should you configure?

Accepted Answer

Enable user notifications and show policy tips

Answer

Policy tips are the in-context notifications that appear in Office applications like Outlook to warn users that they may be about to violate a DLP policy. [11] Configuring 'User notifications' and enabling 'Policy tips' is the specific action to achieve this educational goal without blocking the user. [1, 15] The other options relate to incident management or restrictive actions.

(MS-102) Microsoft 365 Administrator Expert Practice Test

(MS-102) Microsoft 365 Administrator Expert Practice Test

MS-102 - Microsoft 365 Administrator Expert Configuring Information Protection Questions and Answers