Microsoft Compliance Solutions for Microsoft (SCI) Fundamentals

Sample Practice Questions

1. Question 1

   Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
   1. A. Microsoft Service Trust Portal
   2. B. Compliance Manager
   3. C. Microsoft 365 compliance center
   4. D. Microsoft Support
   Explanation

   The correct answer is: A. Microsoft Service Trust Portal.

   The Microsoft Service Trust Portal (STP) is the official Microsoft portal that provides documentation and resources about how Microsoft manages privacy, compliance, and security for its cloud services. It includes audit reports, compliance offerings (e.g., ISO, SOC, FedRAMP), privacy documentation, and security whitepapers. Compliance Manager (B) is a tool inside the compliance portal for managing your organization--s compliance actions. The Microsoft 365 compliance center (C) is where you configure and run compliance features (DLP, eDiscovery, etc.), not where Microsoft publishes its own trust and compliance information. Microsoft Support (D) is for support requests, not for general trust and compliance documentation.

2. Question 2

   What can you protect by using the information protection solution in the Microsoft 365 compliance center?
   1. A. computers from zero-day exploits
   2. B. users from phishing attempts
   3. C. files from malware and viruses
   4. D. sensitive data from being exposed to unauthorized users
   Explanation

   The correct answer is: D. sensitive data from being exposed to unauthorized users.

   The information protection solution in the Microsoft 365 compliance center (sensitivity labels, DLP, etc.) is focused on protecting sensitive data--ensuring it is classified, labeled, and (when configured) encrypted or access-restricted so it is not exposed to unauthorized users. Protecting computers from zero-day exploits (A) and users from phishing (B) are security and threat protection concerns (e.g., Microsoft Defender). Protecting files from malware and viruses (C) is also part of Defender and security, not the compliance-focused information protection solution, which is about data classification, labeling, and access control.

3. Question 3

   What can you specify in Microsoft 365 sensitivity labels?
   1. A. how long files must be preserved
   2. B. when to archive an email message
   3. C. which watermark to add to files
   4. D. where to store files
   Explanation

   The correct answer is: C. which watermark to add to files.

   Sensitivity labels in Microsoft 365 can specify visual markings (headers, footers, watermarks) that are applied to documents and emails when the label is applied. You configure these in the label policy so that, for example, --Confidential-- content gets a --Confidential-- watermark. How long files must be preserved (A) and when to archive email (B) are controlled by retention policies, not sensitivity labels. Where to store files (D) is governed by lifecycle and storage policies or site/configurations, not by the label definition itself; labels focus on classification and protection (including encryption and visual markings), not storage location.

4. Question 4

   Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete solution.
   1. A. Display policy tips to users who are about to violate your organization's policies.
   2. B. Enable disk encryption on endpoints.
   3. C. Protect documents in Microsoft OneDrive that contain sensitive information.
   4. D. Apply security baselines to devices.
   Explanation

   The correct answers are: A. Display policy tips to users who are about to violate your organization's policies., C. Protect documents in Microsoft OneDrive that contain sensitive information..

   Two tasks DLP policies can perform are displaying policy tips to warn users when an action is about to violate a rule (for example, when an email contains a credit-card number and is being sent externally) and protecting documents in Microsoft OneDrive (and SharePoint and Exchange) that contain sensitive information by blocking sharing, requiring business justification, or encrypting on access. Enabling disk encryption on endpoints is BitLocker — handled through Microsoft Intune device configuration, not DLP. Applying security baselines to devices is also done through Intune (Endpoint Manager), again outside the scope of DLP policies.

5. Question 5

   Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
   1. A. Content Search
   2. B. sensitivity labels
   3. C. retention policies
   4. D. eDiscovery
   Explanation

   The correct answer is: B. sensitivity labels.

   Sensitivity labels can be configured to automatically apply encryption to content based on conditions (e.g., when a label is applied, or when content is classified as sensitive). You can tie encryption to the label and set conditions so that only certain users or groups can decrypt the content. Content Search (A) is for finding content; it does not encrypt. Retention policies (C) control how long content is kept or deleted; they do not encrypt. eDiscovery (D) is for identifying, holding, and exporting content for legal or internal investigations; it does not perform automatic encryption based on conditions.

Other Microsoft (SCI) Fundamentals domains

• Microsoft Entra (75 questions)
• Microsoft Security Solutions (76 questions)
• Security, Compliance, and Identity (62 questions)