Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant and 500 computers that run Windows 11. The computers are onboarded to Microsoft Purview.
You discover that a third-party application named Tailspin_scanner.exe accessed protected sensitive information on multiple computers.
Tailspin_scanner.exe is installed locally on the computers.
You need to block Tailspin_scanner.exe from accessing sensitive documents without preventing the application from accessing other documents.
Solution: From Microsoft Defender for Cloud Apps, you create an app discovery policy.
Does this meet the goal?

Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Purview.
You need to perform a content search for email messages that meet the following requirements:
- Are delivered to both [email protected] and [email protected]
- Are sent from a user account that has a name that starts with the
word Compliance
How should you complete the query in the KQL editor? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains the users shown in the following table.

You review the audit retention period of each user.
Which users' audit logs are retained for nine months?