MS-900 Exam Questions and Answers

A company is evaluating moving its on-premises infrastructure to a cloud environment. They want a service that provides virtual machines, storage, and networking capabilities while retaining full control over the operating system and applications. Which cloud service model best meets this requirement?

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

IaaS offers virtualized infrastructure like VMs and storage with full user control over OS and applications.

Private Cloud

Why: Infrastructure as a Service (IaaS) provides virtualized computing resources over the internet, including VMs, storage, and networking. Users have full control over the OS and applications, making it the correct choice. SaaS offers ready-to-use software, PaaS provides a platform for developing applications, and Private Cloud refers to deployment models, not service models.

Which characteristic of cloud computing allows a user to provision resources automatically without requiring human interaction with the service provider?

Rapid elasticity

Resource pooling

On-demand self-service

On-demand self-service allows users to automatically get resources as needed without manual intervention.

Measured service

Why: On-demand self-service is a key cloud characteristic defined by NIST – users can provision computing capabilities automatically. Rapid elasticity refers to scaling, resource pooling to multi-tenancy, and measured service to metering and billing.

A company runs a critical application on-premises but wants to extend capacity to the cloud during peak demand without purchasing additional hardware. Which cloud deployment model best describes this strategy?

Public cloud

Private cloud

Hybrid cloud

Hybrid cloud connects on-premises with public cloud, enabling cloud bursting during peak loads.

Multi-cloud

Why: Hybrid cloud combines on-premises (private) with public cloud, allowing for burst capacity. Public cloud alone would not include on-premises, private cloud is on-premises, and multi-cloud uses multiple public providers.

A company's CFO is pleased that they only pay for the compute and storage resources consumed each month, with no upfront hardware costs. This billing model is a direct result of which cloud computing characteristic?

On-demand self-service

Broad network access

Measured service

Measured service is the cloud characteristic that provides metering and billing based on usage. This allows customers to pay only for what they consume, with no upfront costs.

Resource pooling

Why: Measured service means cloud providers meter resource usage and charge based on consumption (pay-as-you-go). On-demand self-service allows users to provision resources without manual intervention. Broad network access enables access via standard network protocols. Resource pooling refers to serving multiple customers from shared resources.

A startup wants to focus only on developing and deploying its application code without managing underlying servers or operating systems. Which cloud service model best fits this need?

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

PaaS provides a complete platform including OS, runtime, and tools, so the startup can deploy and manage applications without server-level maintenance.

Software as a Service (SaaS)

On-premises deployment

Why: Platform as a Service (PaaS) provides a managed platform that includes runtime, middleware, and development tools, allowing developers to focus on code without worrying about infrastructure. Infrastructure as a Service (IaaS) would still require OS management, and Software as a Service (SaaS) provides ready-to-use software rather than a platform for custom applications.

An e-commerce application runs in the cloud and automatically adjusts the number of virtual machines based on real-time traffic. When traffic spikes, more VMs are added; when traffic drops, VMs are removed. Which cloud computing characteristic does this behavior exemplify?

Rapid elasticity

Elasticity allows resources to be automatically scaled out (added) and scaled in (removed) to match workload changes.

Measured service

Resource pooling

On-demand self-service

Why: Rapid elasticity is the ability to automatically scale resources up or down quickly in response to demand, often without manual intervention. Measured service relates to metering and billing, resource pooling refers to multi-tenant shared infrastructure, and on-demand self-service is about provisioning without human interaction – but elasticity specifically addresses dynamic scaling.

Want more Describe cloud concepts practice?

All Describe Microsoft 365 apps and services questions

Domain 2: Describe Microsoft 365 apps and services

A marketing team needs to collaboratively create and edit documents in real time, share files securely, and track version history. Which Microsoft 365 service should they primarily use?

Microsoft Teams

OneDrive for Business

SharePoint Online

SharePoint provides team sites, document libraries, versioning, and co-authoring for collaborative work.

Microsoft Viva Engage

Why: Microsoft SharePoint Online enables collaborative document management with version history, secure sharing, and real-time co-authoring when combined with Office Online. OneDrive is for individual storage, Teams is for chat and meetings, and Microsoft Viva Engage is for enterprise social networking.

A global sales team uses Microsoft Teams for communication. They need to automate business workflows such as sending approval requests when a new lead is created in Dynamics 365. Which Microsoft 365 service should they integrate with Teams?

Power Apps

Power Automate

Power Automate allows you to create automated workflows that integrate Dynamics 365 with Teams for approvals.

Power BI

Power Virtual Agents

Why: Power Automate (formerly Power Automate) enables creation of automated workflows between apps and services. It can trigger actions in Teams based on events in Dynamics 365. Power Apps builds custom apps, Power BI is for analytics, and Power Virtual Agents creates chatbots.

A multinational organization wants a central hub for employee communication that includes company-wide announcements, topic-based communities, and the ability to integrate with SharePoint and Power BI dashboards. Which Microsoft 365 service is designed specifically for this purpose?

Microsoft Teams

Microsoft Viva Engage

Microsoft Viva Engage is an enterprise social network that allows organizations to create company-wide announcements, topic-based communities, and integrate with other apps like SharePoint and Power BI. It is the intended service for broad employee communication.

SharePoint Online

Outlook

Why: Microsoft Viva Engage is an enterprise social network that enables company-wide conversations, communities, and integration with other Microsoft 365 services. Microsoft Teams is focused on real-time team collaboration and meetings, not broad organizational announcements. SharePoint Online is primarily for content management and intranet sites. Outlook is an email client and does not provide community features.

A sales manager wants to track customer interactions, manage leads, and automate follow-up emails from a single platform. Which Microsoft 365 service is specifically designed for customer relationship management (CRM)?

Microsoft Bookings

Microsoft Dynamics 365 Sales

Dynamics 365 Sales provides a comprehensive CRM platform for tracking interactions, managing leads, and automating sales processes including follow-up emails. It meets the manager's requirements.

Microsoft Power Automate

Microsoft To Do

Why: Microsoft Dynamics 365 Sales is a CRM application that helps sales teams manage customer data, leads, opportunities, and automate communications. Microsoft Bookings is an appointment scheduling tool. Power Automate is for workflow automation across apps. Microsoft To Do is a personal task management app.

A project manager wants a shared workspace where team members can create and track tasks, set deadlines, and collaborate on documents. This workspace should integrate with Microsoft Teams for quick access. Which Microsoft 365 service is best suited for this purpose?

Microsoft Lists

Microsoft Planner

Planner offers a visual task board with assignments, due dates, and file attachments, and it integrates natively with Microsoft Teams.

Microsoft To Do

Microsoft Project Online

Why: Microsoft Planner provides Kanban-style task boards that are easy to share, assign tasks, set due dates, and track progress. It integrates directly with Microsoft Teams via the Planner tab. Microsoft Lists is for tracking information in list form, Microsoft To Do is personal task management, and Project Online is a full project management tool that may be overkill for lightweight team task tracking.

A company uses a third-party Human Resources (HR) system. Whenever a new employee is added to the HR system, they want to automatically create a user account in Microsoft 365, assign the appropriate license, and send a welcome email. Which Microsoft 365 service should be used to orchestrate this automation?

Microsoft Power Automate

Power Automate provides triggers and actions to automate workflows across services, perfect for HR-driven user provisioning.

Microsoft Identity Manager

Microsoft Entra ID Connect

Microsoft Graph API

Why: Microsoft Power Automate (formerly Flow) is a workflow automation service that can connect to hundreds of apps and services, including HR systems (e.g., Workday, SAP SuccessFactors) and Microsoft 365. It can be triggered by events in the HR system and then perform actions such as creating a user, assigning a license, and sending email. Microsoft Identity Manager is a legacy on-premises tool, Microsoft Entra ID Connect is for hybrid identity sync only, and Microsoft Graph API is a programming interface, not an out-of-the-box workflow tool.

Want more Describe Microsoft 365 apps and services practice?

All Describe security, compliance, privacy, and trust in Microsoft 365 questions

Domain 3: Describe security, compliance, privacy, and trust in Microsoft 365

An organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?

Data Loss Prevention (DLP) policies

Microsoft Purview Message Encryption

Message Encryption uses rules to encrypt emails based on conditions like sensitive content.

Microsoft Purview Information Protection (Microsoft Purview Information Protection)

Exchange Online Protection (EOP)

Why: Microsoft Purview Message Encryption enables automatic encryption of emails based on policies and sensitive data detection. Data Loss Prevention policies prevent sharing, but the encryption is applied via Message Encryption. Microsoft Purview Information Protection is about classification, and Exchange Online Protection is anti-spam.

A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?

Sensitivity labels and Microsoft Purview Information Protection (Microsoft Purview Information Protection)

Data Loss Prevention (DLP) policies

DLP policies detect sensitive data and block sharing actions automatically across services.

Microsoft Purview Compliance Manager

Exchange Online Protection (EOP) and Microsoft Defender for Microsoft 365

Why: Data Loss Prevention (DLP) policies can detect sensitive information like credit card numbers and block sharing across Exchange, SharePoint, and OneDrive. Sensitivity labels classify and protect content, but DLP enforces actions. Microsoft Purview Information Protection can label, but DLP is the enforcement mechanism. This question requires understanding that DLP is the primary tool for preventing accidental sharing. Sensitivity labels alone won't block sharing without DLP policies.

A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?

Retention policy

Litigation hold

Litigation hold preserves all data indefinitely (or until the hold is removed) even if users delete items. It is the correct feature for legal preservation requirements.

eDiscovery

Data Loss Prevention (DLP)

Why: Litigation hold (also known as legal hold) preserves all content in place, preventing deletion and ensuring data is retained for legal or compliance requirements. Retention policies can preserve or delete content after a specified period but are not designed for indefinite preservation triggered by legal action. eDiscovery is used to search and export content, not to preserve. Data Loss Prevention is for preventing accidental sharing, not preservation.

A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)

Microsoft Purview Data Loss Prevention (DLP)

DLP policies can scan emails and documents for sensitive data (e.g., medical record numbers) and automatically block sharing or show policy tips. This is the correct solution for blocking external sharing of PHI.

Microsoft Purview eDiscovery

Microsoft Purview Message Encryption

Message Encryption (OME) allows users to send encrypted emails, and can be automatically applied through DLP rules. When an email contains PHI, encryption ensures the content is protected in transit and at rest.

Microsoft Purview Audit (Standard)

Why: Data Loss Prevention (DLP) policies can detect sensitive information like medical record numbers and block external sharing. Message Encryption ensures that emails containing sensitive data are encrypted before delivery. eDiscovery is used for content search and holds, not prevention. Audit logs track activities but do not prevent or encrypt.

A healthcare organization stores patient records in SharePoint Online. They need to ensure that the data is encrypted at rest and in transit. Which statement is true regarding Microsoft 365 encryption?

Microsoft provides default encryption for data at rest and in transit.

Microsoft 365 encrypts all data at rest using disk and file encryption, and all data in transit using industry-standard protocols like TLS.

Customers must enable encryption at rest manually for each workload.

Encryption only applies to Exchange Online, not SharePoint or OneDrive.

Encryption is optional and can be turned off if a customer chooses.

Why: Microsoft 365 uses service-side encryption to protect data at rest (using BitLocker for disks and per-file encryption) and encrypts data in transit using TLS/SSL. These protections are enabled by default for all customers without any additional configuration. Customers cannot opt out of encryption in transit, and encryption at rest is also applied automatically. Some services allow customer-managed keys for added control, but the baseline encryption is always enabled.

A company uses Microsoft Purview to monitor for potential data security incidents. They want to automatically detect and remediate activities like downloading large amounts of data to a personal device. Which solution should they configure?

Data Loss Prevention (DLP)

Insider Risk Management

Insider Risk Management uses risk indicators to identify and automatically respond to risky user actions such as unusual data downloads.

Audit

eDiscovery

Why: Insider Risk Management (IRM) uses risk indicators to identify and automatically respond to risky user actions such as unusual data downloads. DLP prevents sharing but does not detect mass downloads to personal devices. Audit logs record activities without automatic response, and eDiscovery is for legal content searches. Thus, IRM is correct.

Want more Describe security, compliance, privacy, and trust in Microsoft 365 practice?

All Describe Microsoft 365 pricing and support questions

Domain 4: Describe Microsoft 365 pricing and support

A non-profit organization with 250 employees is considering Microsoft 365. They want the most cost-effective plan that includes business-class email, web and mobile versions of Office apps, and 1 TB of cloud storage per user. Which subscription should they choose?

Microsoft 365 Business Premium

Microsoft 365 Business Basic

Business Basic provides email, web/mobile Office, and 1 TB storage at the lowest price point.

Microsoft 365 E1

Microsoft 365 Apps for Business

Why: Microsoft 365 Business Basic includes Exchange Online (email), web and mobile Office apps, and 1 TB OneDrive storage. It is the lowest-priced business plan with these features. Business Premium adds desktop apps. Non-profits can get significantly discounted pricing. Microsoft 365 E1 is similar but targeted at enterprises; Business Basic is the standard small/medium business offering.

A company with 100 users currently has Microsoft 365 Business Standard. The IT department wants to add governance-level security features, including conditional access policies, Microsoft Defender for Microsoft 365, and compliance tools like litigation hold and eDiscovery. Which licensing upgrade should they consider?

Microsoft 365 Business Premium

Business Premium is the direct upgrade from Business Standard that adds the required security and compliance features while maintaining the same business-oriented licensing model. It is the most cost-effective choice for this scenario.

Microsoft 365 E3

Microsoft 365 F3

Microsoft 365 E1

Why: Microsoft 365 Business Premium includes all features of Business Standard plus advanced security and compliance capabilities such as conditional access, Defender for Microsoft 365 (Plan 1), and compliance tools. Microsoft 365 E3 offers similar features but is intended for larger enterprises and may be more expensive. F3 and Microsoft 365 E1 do not include these advanced security features.

A company is planning to purchase Microsoft 365 subscriptions. They want to follow the recommended process. Which of the following sequences correctly represents the order of steps from start to finish?

Choose subscription, Assess needs, Assign licenses, Add licenses

Assess needs, Choose subscription, Add licenses, Assign licenses

This order reflects the logical process: understand requirements, select a plan, purchase licenses, then allocate them to users.

Add licenses, Assign licenses, Assess needs, Choose subscription

Assess needs, Add licenses, Choose subscription, Assign licenses

Why: The recommended process begins with assessing organizational needs (e.g., number of users, required features), then choosing the appropriate subscription plan, adding the required number of licenses to the tenant, assigning those licenses to individual users, and finally provisioning the services (which happens automatically after license assignment). The correct order is: Assess needs, Choose subscription, Add licenses, Assign licenses.

A company with 1,000 users has Microsoft 365 E3 subscriptions. They are experiencing a major outage affecting all users and need guaranteed 1-hour response time for a critical support issue. What should they purchase?

Standard Support (included)

Professional Direct Support

Professional Direct is a paid support plan that offers a guaranteed 1-hour response for critical severity issues, along with proactive services.

Azure Support Basic

Partner support via a Microsoft CSP

Why: Professional Direct is a paid support plan that guarantees a 1-hour response for critical severity issues and includes proactive services. Standard support included with E3 does not guarantee response times. Azure Support Basic is not for Microsoft 365, and partner support does not inherently provide a 1-hour guarantee. Therefore, Professional Direct is the correct choice.

A company with 500 Microsoft 365 E3 users wants to add the highest level of threat protection and advanced investigation capabilities for their security team. Which licensing add-on should they purchase?

Microsoft 365 E5 Security

Microsoft 365 E5 Security is an add-on for E3 that includes advanced security features such as Microsoft 365 Defender, Defender for Microsoft 365 Plan 2, Defender for Identity, and more, providing the highest threat protection and investigation.

Microsoft 365 E5 Compliance

Microsoft 365 E5

Microsoft Defender for Microsoft 365 Plan 2 only

Why: Microsoft 365 E3 includes security features like Defender for Microsoft 365 Plan 1 and basic compliance. To get the highest security capabilities, including Defender for Microsoft 365 Plan 2, Defender for Identity, and advanced threat analytics, the Microsoft 365 E5 Security add-on is designed as an upgrade. The full Microsoft 365 E5 suite includes both security and compliance, but as an add-on to E3, E5 Security provides the required security features. A standalone add-on of only Defender for Microsoft 365 Plan 2 is insufficient for advanced investigation like Microsoft 365 Defender.

A company with 250 users has Microsoft 365 E3 licenses. They want to add advanced anti-phishing and anti-malware protection for email and also deploy endpoint detection and response (EDR) for all devices. What is the most cost-effective licensing add-on?

Microsoft 365 E5 Security add-on

This add-on bundles Defender for Microsoft 365 Plan 2 and Defender for Endpoint Plan 1 at a lower combined price than purchasing them individually.

Microsoft Defender for Microsoft 365 Plan 1 and Microsoft Defender for Endpoint Plan 1 add-ons

Microsoft 365 E5 Compliance add-on

Upgrade all users to Microsoft 365 E5

Why: Microsoft 365 E5 Security add-on includes Microsoft Defender for Microsoft 365 Plan 2 (which provides advanced anti-phishing, automated investigation, etc.) and Microsoft Defender for Endpoint Plan 1 (which includes EDR). Purchasing the E5 Security add-on is more cost-effective than buying these two add-ons separately. Upgrading to E5 would also add compliance features, increasing cost unnecessarily.

Want more Describe Microsoft 365 pricing and support practice?