- (Topic 2)
You have a Microsoft 365 E5 tenant.
You need to add a new keyword dictionary. What should you create?

1. A. a trainable classifier
2. B. a retention policy
3. C. a sensitivity label
4. D. a sensitive info type

Correct Answer: D
To add a new keyword dictionary in Microsoft Purview Data Loss Prevention (DLP), you must create a Sensitive Information Type (SIT).
Sensitive Info Types (SITs) allow you to define custom detection rules, including keyword dictionaries, regular expressions, and functions for identifying sensitive content in emails, documents, and other Microsoft 365 locations. A keyword dictionary is a list of predefined words/phrases that Microsoft Purview can use to identify and classify content for DLP policies.
Steps to add a keyword dictionary:
* 1. Go to Microsoft Purview compliance portal
* 2. Navigate to Data classification > Sensitive info types
* 3. Create a new sensitive info type
* 4. Add a keyword dictionary
* 5. Save and use it in a DLP policy

HOTSPOT - (Topic 2)
You have a Microsoft 365 subscription.
You plan to deploy an audit log retention policy.
You need to perform a search to validate whether the policy will be applied to the intended entries.
Which two fields should you configure for the search? To answer, select the appropriate fields in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
To validate whether an audit log retention policy will apply to the intended entries, you should configure the following fields:
Date and time range (UTC) ensures that you are searching for audit logs within the time period when the policy should be applied. Audit logs are time-sensitive, and policies affect logs based on their timestamp.
Record types allows you to filter and search for specific audit log categories (e.g., Exchange, SharePoint, Teams, etc.) that are affected by the retention policy. Selecting the correct record type ensures that the policy is evaluated against the relevant data.

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 2)
You have a Microsoft 365 E5 subscription that uses Microsoft Purview. You are creating an exact data match (EDM) classifier named EDM1.
For EDM1, you upload a schema file that contains the fields shown in the following table.

What is the maximum number of primary elements that EDM1 can have?

1. A. 1
2. B. 2
3. C. 3
4. D. 4

Correct Answer: B
In Microsoft Purview Exact Data Match (EDM) classifiers, a primary element is a unique, identifying field used for data matching. EDM allows up to two primary elements per schema.
From the provided table, the Match mode indicates how data is analyzed: PP (EU Passport Number) Likely a primary element because it's unique.
Name (All Full Names) Typically not a primary element as names are common.
DateOfBirth (Single-token) Usually a secondary element, not unique. AccountNumber (Multi-token) Can be a primary element, as it's a unique identifier.
Since EDM supports a maximum of two primary elements, the correct answer is 2.

- (Topic 2)
You have a data loss prevention (DLP) policy configured for endpoints as shown in the following exhibit.

From a computer named Computer1, a user can sometimes upload files to cloud services and sometimes cannot. Other users experience the same issue.
What are two possible causes of the issue? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

1. A. The unallowed browsers in the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings are NOT configured.
2. B. There are file path exclusions in the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings.
3. C. The Access by restricted apps action is set to Audit only.
4. D. The Copy to clipboard action is set to Audit only.
5. E. The computers are NOT onboarded to Microsoft Purview.

Correct Answer: AB
The issue where users sometimes can upload files to cloud services and sometimes cannot suggests inconsistent enforcement of Endpoint DLP policies. This can be caused by the unallowed browsers in the Microsoft 365 Endpoint DLP settings are NOT configured. Also, there are file path exclusions in the Microsoft 365 Endpoint DLP settings.
Endpoint DLP can block uploads only when using unallowed browsers. If unallowed browsers are not configured, users might be able to bypass restrictions by switching to a different browser. This could explain why uploads sometimes work and sometimes don??t, depending on which browser is used.
File path exclusions allow certain files or folders to be exempt from DLP restrictions. If a specific file location is excluded, files stored there won??t trigger DLP policies, leading to inconsistent behavior. This could result in some uploads being blocked while others are allowed.

- (Topic 2)
You have a Microsoft 365 E5 subscription.
You need to enable support for sensitivity labels in Microsoft SharePoint Online. What should you use?

1. A. the Microsoft Purview portal
2. B. the Microsoft Entra admin center
3. C. the SharePoint admin center
4. D. the Microsoft 365 admin center

Correct Answer: C
To enable support for sensitivity labels in Microsoft SharePoint Online, you must configure the setting in the SharePoint admin center.
Sensitivity labels in SharePoint Online allow labeling and protection of files stored in SharePoint and OneDrive. This feature must be enabled in the SharePoint admin center Settings Information protection to allow sensitivity labels to apply encryption and protection to stored documents.