By default, self-service password reset is enabled for Directory writers and Security administrator but not for Azure Information Protection administrators and Cloud application administrators.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-reset-policy-differences

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results

Explanation
YES, YES, NO.
Named locations can't have a private IP range, look at
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
"User IP address The IP address that is used in policy evaluation is the public IP address of the user. For devices on a private network, this IP address is not the client IP of the user's device on the intranet, it is the address used by the network to connect to the public internet."

Task1
You need to ensure that a user named Allan Deyoung uses multi-factor authentication (MFA) for all authentication requests.
Task2
You need to ensure that a user named Allan Deyoung can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must be principle of leaf privilibe.
Task3
You need to ensure that all the messages in the mailbox of a user named Allan Deyoung are retained for a period of 90 days, even if the messages are deleted.
Task4
You need to ensure that all links to malware.contoso.com within documents stored in Microsoft Office 365 are blocked when the documents are accessed from Office 365 Proplus applications.
Task5
You need to project against phishing attacks. The solution must me the following requirements:
* Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
* As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
Task6
You need to create an Azure information Protection label to meet the following requirements:
* Content must expire after 21 days.
* Offline access must be allowed for 21 days only.
* Documents access protected by using a cloud key.
* Authenticated users must be able to view content only
Task7
You need to prevent any email messages that contain data covered by the U.K data protection Act from being sent to recipients outside of your organization, unless the messages are sent to an external domain named adatum.com.
Task8
You need to ensure that a user named Allan Deyoung receives incident reports when email messages that contain data covered by the U.K Data Protection Act are sent outside of your organization.
Task9
You need to create a retention policy that contains a data a label. The policy must delete all Microsoft Office 265 content that is older than six months.
Task10
You need to create an eDiscovery case that places a hold on the mailbox of a user named Allan Deyoung. The hold must retain email messages that have a subject containing the word merger or the word Contoso.
Task11
You plan to create a script to automate user mailbox searches. The script will search the mailbox of a user named Allan Deyoung for messages that contain the word injunction.
You need to create the search that will be included in the script.