Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›MS-900›Objectives›Describe security, compliance, privacy, and trust in Microsoft 365
Objective 3.0

Describe security, compliance, privacy, and trust in Microsoft 365

MS-900 Practice Questions

Use this page to practise Describe security, compliance, privacy, and trust in Microsoft 365 questions for this certification. Focus on how the exam tests describe security, compliance, privacy, and trust in microsoft 365 in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

MS-900 Describe security, compliance, privacy, and trust in Microsoft 365 — Key Topics

Describe security, compliance, privacy, and trust in Microsoft 365 questions on this certification test your ability to deploy and manage describe security, compliance, privacy, and trust in microsoft 365 concepts in scenario-based situations.

  • Core Describe security, compliance, privacy, and trust in Microsoft 365 concepts and how they apply in real-world cloud scenarios.
  • How to deploy describe security, compliance, privacy, and trust in microsoft 365 correctly and verify the outcome.
  • Troubleshooting describe security, compliance, privacy, and trust in microsoft 365 issues by interpreting error output and system state.
  • Cloud best practices and Describe security, compliance, privacy, and trust in Microsoft 365 design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Describe security, compliance, privacy, and trust in Microsoft 365

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

MS-900 Describe security, compliance, privacy, and trust in Microsoft 365 — Practice Questions

30 questions from this objective

Question 2mediummultiple choice
Full question →

An organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?

Question 3hardmultiple choice
Read the full NAT/PAT explanation →

A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?

Question 4easymultiple choice
Full question →

A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?

Question 5hardmulti select
Read the full NAT/PAT explanation →

A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)

Question 6easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization stores patient records in SharePoint Online. They need to ensure that the data is encrypted at rest and in transit. Which statement is true regarding Microsoft 365 encryption?

Question 7mediummultiple choice
Full question →

A company uses Microsoft Purview to monitor for potential data security incidents. They want to automatically detect and remediate activities like downloading large amounts of data to a personal device. Which solution should they configure?

Question 8mediummultiple choice
Full question →

A company wants to ensure that only IT administrators can install browser extensions in Microsoft Edge. Which Microsoft 365 security feature should be used?

Question 9mediummultiple choice
Read the full NAT/PAT explanation →

An administrator needs to monitor and investigate potential data breaches by reviewing detailed records of file access and sharing activities across Microsoft 365. They require a centralized report showing who accessed what, from where, and any unusual patterns. Which tool should they use?

Question 10hardmultiple choice
Full question →

A compliance officer wants to ensure that all data in Microsoft 365 is encrypted using a key that the organization manages and stores in their own Azure Key Vault. Microsoft will not have access to the key. Which solution should they implement?

Question 11mediummultiple choice
Full question →

A security administrator needs to ensure that all users accessing Microsoft 365 resources from unmanaged devices are prompted to sign in using multi-factor authentication (MFA) and are blocked from downloading sensitive files. Which conditional access policy should be configured?

Question 12mediummultiple choice
Full question →

A security administrator needs to ensure that all guest users who access Microsoft Teams are required to accept a terms of use agreement before accessing any company resources. Which Microsoft 365 identity protection feature should they configure?

Question 13mediummultiple choice
Full question →

A company wants to ensure that all administrative actions in Microsoft 365 are logged and that any changes to roles and permissions are reviewed on a monthly basis. Which Microsoft Purview solution should the compliance team use?

Question 14hardmultiple choice
Full question →

A security administrator needs to audit all activities related to a specific user in Exchange Online, SharePoint Online, and Microsoft Entra ID for the past 90 days. They also need to export the audit log as a CSV file. Which Microsoft Purview solution provides this capability without additional licensing beyond Microsoft 365 E3?

Question 15hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation must ensure that all Microsoft 365 admin actions—such as adding a new user or changing a role—are recorded and searchable for at least 90 days. They also need to create custom alert rules to notify the security team when critical events occur, like disabling multi-factor authentication. Which Microsoft Purview solution should they use to meet both requirements?

Question 16hardmultiple choice
Full question →

A company uses Microsoft 365 (a SaaS offering). A security incident occurs where an employee's account is compromised because the employee reused their corporate password on a personal website. According to the shared responsibility model, who is primarily responsible for this security failure?

Question 17mediummultiple choice
Full question →

A security analyst receives an alert about a user who downloaded a large number of files from a SharePoint document library in a short period. The analyst needs to investigate the user's activities across Exchange, SharePoint, and Teams to determine if data exfiltration is occurring. Which Microsoft Purview solution should the analyst use to review detailed activity logs?

Question 18hardmultiple choice
Full question →

A security team needs to ensure that all Microsoft 365 administrative actions—such as creating user accounts or resetting passwords—are logged and searchable for at least 90 days. They also need to create custom alert rules for suspicious admin activity. Which Microsoft Purview solution should they use?

Question 19easymultiple choice
Read the full NAT/PAT explanation →

A security administrator needs to review all sign-in attempts and identify suspicious login patterns for the past 30 days. Which Microsoft 365 portal should they use to access this information?

Question 20hardmultiple choice
Full question →

A security team needs to monitor all administrative activities in Microsoft 365, including creating users, resetting passwords, and modifying policies. They require that logs be retained for at least 90 days and want to create custom alerts for suspicious admin actions (e.g., multiple password resets in a short time). Which Microsoft Purview solution should they use?

Question 21mediummultiple choice
Full question →

A legal firm needs to send a confidential document to a client via email. The firm requires that the client cannot forward or print the email and that the email expires after seven days. Which Microsoft Purview solution should they use?

Question 22mediummultiple choice
Full question →

A help desk lead is documenting the correct Microsoft 365 approach to require users to approve sign-ins with a mobile app after entering a password. Microsoft security, identity, or compliance capability should it use?

Question 23mediummultiple choice
Full question →

A compliance-aware administrator is selecting the right Microsoft 365 capability to require MFA only for sign-ins from outside trusted locations. Microsoft security, identity, or compliance capability should it use?

Question 24mediummultiple choice
Full question →

A department head asks which Microsoft 365 option should be used to provide a cloud identity platform for Microsoft 365 and approved SaaS applications. Microsoft security, identity, or compliance capability should it use?

Question 25mediummultiple choice
Full question →

An administrator is reviewing a request from users who need to detect risky users and suspicious sign-ins. Microsoft security, identity, or compliance capability should it use?

Question 26mediummultiple choice
Full question →

During a Microsoft 365 planning workshop, let users reset forgotten passwords without calling the help desk. Microsoft security, identity, or compliance capability should it use?

Question 27mediummultiple choice
Full question →

A tenant administrator is advising a department that wants to grant temporary, approved privileged administrator access. Microsoft security, identity, or compliance capability should it use?

Question 28mediummultiple choice
Full question →

A business stakeholder asks how Microsoft 365 can help them manage laptops and mobile devices with compliance policies and app protection. Microsoft security, identity, or compliance capability should it use?

Question 29mediummultiple choice
Full question →

While preparing a Microsoft 365 adoption plan, a consultant is asked to protect corporate data inside mobile apps without enrolling the whole personal device. Microsoft security, identity, or compliance capability should it use?

Question 30mediummultiple choice
Full question →

A service owner is comparing Microsoft 365 capabilities and needs to block emails containing credit card numbers from being sent externally. Microsoft security, identity, or compliance capability should it use?

Question 31mediummultiple choice
Full question →

During requirements gathering, an IT manager says the organization must classify files as Confidential and apply encryption to the most sensitive content. Microsoft security, identity, or compliance capability should it use?

More Describe security, compliance, privacy, and trust in Microsoft 365 questions available in the full practice test.

Continue Practising →
←

Previous objective

Describe cloud concepts

Next objective

Describe Microsoft 365 pricing and support

→

All MS-900 Objectives

  • 1.Describe cloud concepts
  • 3.Describe security, compliance, privacy, and trust in Microsoft 365
  • 4.Describe Microsoft 365 pricing and support