You use Microsoft 365 Copilot.
What does Copilot use to generate responses based on corporate data stored in Microsoft SharePoint?
Your organization has a Microsoft 365 subscription.
A user named John is assigned an admin role as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes the statement based on the information presented in the graphic.


Explanation:

The correct answer is View all the users in the Microsoft Entra tenant . In the exhibit, John is assigned the Global Reader role. Microsoft documents that the Global Reader role is intended for users who need to view administrator features and settings in admin centers that a Global Administrator can view, but without edit permissions. That makes it appropriate for read-only visibility into tenant-wide directory and admin information, including users in Microsoft Entra.
The other answer choices are not supported by the Global Reader role. Microsoft distinguishes admin-center visibility from access to content in workloads such as SharePoint sites and Exchange mailboxes . Global Reader is a read-only administrative role, not a content access role for reading all documents or mailbox items. Likewise, performing eDiscovery of Microsoft 365 Copilot prompts requires Purview eDiscovery permissions or role group membership, not merely the Global Reader role. Microsoft documents eDiscovery permissions separately in Purview role groups.
Therefore, based on the assigned role shown, the valid completion is that John can view all the users in the Microsoft Entra tenant .
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.


Explanation:

The correct selections are No, No, Yes . Microsoft states that in Microsoft 365 Copilot and Microsoft 365 Copilot Chat, prompts and responses aren't used to train the underlying foundation models . Microsoft also documents that Copilot works within the Microsoft 365 service boundary and that data accessed through Microsoft Graph isn't used to train foundation models . That makes statements 1 and 2 No .
Statement 3 is Yes because Microsoft documents that Microsoft 365 Copilot honors the same data protection, access control, and compliance capabilities that apply across Microsoft 365. Microsoft also states that Copilot only surfaces organizational data that users already have permission to access, including content retrieved through Microsoft Graph in services such as SharePoint, OneDrive, Exchange, and Teams.
Your organization has a Microsoft 365 E5 subscription. You create a Microsoft Purview sensitivity label named Label1. You need to ensure that users can apply Label1 to files in Microsoft 365. What should you use?
Your company requires that all Microsoft SharePoint sites have a minimum of two owners.
You need to ensure that sites that have less than two owners are marked as read-only if the sites are NOT remediated.
What should you configure in the SharePoint admin center?
Select the answer that correctly completes the sentence.
Microsoft Entra Privileged Identity Management (PIM) provides time-bound role activation .


Explanation:
time-bound role activation
The correct answer is time-bound role activation . Microsoft Learn explains that Microsoft Entra Privileged Identity Management (PIM) allows users to be made eligible for privileged roles and then activate those roles only when needed. Microsoft also states that once activated, the role is active for a preconfigured period of time , after which the privileged access expires automatically. This is the core just- in-time and time-limited access model that PIM is designed to provide. ( learn.microsoft.com ) The other options do not match Microsoft's definition of PIM. It is not primarily described as providing restricted access to Microsoft 365 services , the lifecycle management of users , or the management of enterprise applications . Those areas relate more closely to other Microsoft Entra and Microsoft 365 governance capabilities. Microsoft specifically positions PIM as a service to manage, control, and monitor access to important resources by using eligible assignments , approval workflows , MFA if required , and temporary role activation . Therefore, the phrase that correctly completes the sentence is time-bound role activation . ( learn.microsoft.com )
You have a Microsoft SharePoint site named Site1 and a security group named Group1.
You need to prevent all users that currently have access to Site1 from accessing the site content unless the user is also a member of Group1.
Which settings should you configure? To answer, select the appropriate settings in the answer area.


Explanation:

The correct setting is Restricted site access configured with Group1 . Microsoft Learn states that you can restrict access to a SharePoint site by specifying Microsoft Entra security groups or Microsoft 365 groups as the Restricted Access Control group . Microsoft also states that, after the policy is applied, a user can access the site content only if the user both already has permission to the site or content and is a member of the specified restricted access group. This exactly matches the requirement: users who currently have access to Site1 must also be members of Group1 to continue accessing the content.
The Restrict content from Microsoft 365 Copilot setting is unrelated to direct user access to the SharePoint site. That control limits whether Copilot can use site content, but it does not block users from opening the site themselves. Microsoft separately explains that Restricted SharePoint Search and Copilot restrictions are not the same as changing actual SharePoint permissions or access boundaries. So for this scenario, keep the Copilot restriction Off and configure Restricted site access with Group1 .