You have a Microsoft 365 E5 subscription that uses Microsoft Purview insider risk management and contains three users named User1, User2, and User3.

All insider risk management policies have adaptive protection enabled and the default conditions for insider risk levels configured.

The users perform the following activities, which trigger insider risk policy alerts:

User1 performs at least one data exfiltration activity that results in a high severity risk score.

User2 performs at least three risky user activities within seven days, that each results in a high severity risk score.

User3 performs at least bwo data exfiltration activities within seven days, that each results in a high severity risk score.

Which insider risk level is assigned to each user? To answer, drag the appropriate levels to the correct users. Each level may be used once, more than once, or not at all. You may need to drag the split bar between panes or seroll to view content.

NOTE: Each correct selection is worth one point.