20+ practice questions focused on Describe security, compliance, privacy, and trust in Microsoft 365 — one of the most tested topics on the Microsoft 365 Fundamentals MS-900 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Describe security, compliance, privacy, and trust in Microsoft 365 PracticeAn organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?
Explanation: Microsoft Purview Message Encryption (Option B) is the correct solution because it enables organizations to send and receive encrypted email messages, and it can be configured with mail flow rules to automatically encrypt emails containing sensitive financial information. This service leverages Azure Rights Management (Azure RMS) to provide persistent protection that follows the email, ensuring only authorized recipients can decrypt and read the content.
A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?
Explanation: Data Loss Prevention (DLP) policies in Microsoft Purview are specifically designed to detect and block the sharing of sensitive information, such as credit card numbers, across email (Exchange Online) and SharePoint. By scanning content for predefined sensitive info types (e.g., credit card numbers using regex patterns from the DLP engine), DLP can automatically block or warn users before external sharing occurs, meeting the company's requirement.
A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?
Explanation: Litigation hold is the correct feature because it preserves all mailbox and document content in its original state indefinitely until the hold is explicitly released. Unlike a retention policy, which can delete content after a specified period, Litigation hold ensures that even permanently deleted items are retained in the Recoverable Items folder, meeting the legal preservation requirement.
A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)
Explanation: Microsoft Purview Data Loss Prevention (DLP) is correct because it can automatically detect sensitive data, such as medical record numbers (PHI), in emails and apply policy actions like blocking external transmission. This directly addresses the requirement to prevent accidental sharing of PHI via email.
A healthcare organization stores patient records in SharePoint Online. They need to ensure that the data is encrypted at rest and in transit. Which statement is true regarding Microsoft 365 encryption?
Explanation: Microsoft 365 provides default encryption for data at rest and in transit across all workloads, including SharePoint Online, Exchange Online, and OneDrive for Business. For data at rest, Microsoft uses BitLocker Drive Encryption and service-side encryption with per-file keys, while data in transit is secured using TLS 1.2+ and IPSec. This means the healthcare organization's patient records in SharePoint Online are automatically encrypted without any manual configuration.
+15 more Describe security, compliance, privacy, and trust in Microsoft 365 questions available
Practice all Describe security, compliance, privacy, and trust in Microsoft 365 questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Describe security, compliance, privacy, and trust in Microsoft 365. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Describe security, compliance, privacy, and trust in Microsoft 365 questions on the MS-900 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Describe security, compliance, privacy, and trust in Microsoft 365 is tested as part of the Microsoft 365 Fundamentals MS-900 blueprint. Practicing with targeted Describe security, compliance, privacy, and trust in Microsoft 365 questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free MS-900 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Describe security, compliance, privacy, and trust in Microsoft 365 is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Describe security, compliance, privacy, and trust in Microsoft 365 practice session with instant scoring and detailed explanations.
Start Describe security, compliance, privacy, and trust in Microsoft 365 Practice →