CCNA Implement an agentic solution Questions

61 questions · Implement an agentic solution · All types, answers revealed

1
MCQhard

Refer to the exhibit. You deploy this ARM template to create an agent. The agent uses a user-assigned managed identity to call an external weather API. The deployment succeeds but the agent fails to authenticate to the weather API. What is the most likely reason?

A.The resourceId for the managed identity is incorrect.
B.The model provider 'AzureAI' should be 'AzureOpenAI'.
C.The URL parameter is missing the API version.
D.The external weather API is not configured to accept tokens from the managed identity's tenant.
AnswerD

The API must trust the identity's token.

Why this answer

Option D is correct because the weather API needs to trust the managed identity's token, which requires configuring the API as a federated identity credential or using an app registration. Option A is wrong because the resourceId is correctly formatted. Option B is wrong because the model provider is valid.

Option C is wrong because the endpoint is not necessarily incorrect.

2
MCQmedium

A developer is building a custom agent using the Microsoft Bot Framework SDK. The agent must be able to handle multiple turns and maintain context across the conversation. The agent uses dialogs to guide the user through a multi-step process. Which component is responsible for managing the dialog stack and persisting state between turns?

A.The ActivityHandler class that processes incoming activities.
B.The IBot interface implementation.
C.The StateMiddleware component.
D.The DialogSet object that contains dialogs and manages the stack.
AnswerD

DialogSet manages the dialog stack and uses state to persist the stack between turns.

Why this answer

Option C is correct because the DialogSet manages the dialog stack and uses state to persist between turns. Option A is wrong because IBot is the main interface but does not manage dialogs directly. Option B is wrong because StateMiddleware is part of the Bot Framework but not dialog-specific.

Option D is wrong because ActivityHandler handles activities but not dialog management.

3
MCQmedium

You are developing an agentic solution that requires the agent to maintain context across multiple turns in a conversation. Which feature should you use to store and retrieve conversation history?

A.Sessions
B.Threads
C.Vector store
D.Memory
AnswerB

Threads automatically store messages and context across turns.

Why this answer

Threads in Azure AI Agent Service are designed to store conversation history and maintain context. Memory is a generic term, not specific to the service. Vector stores are for embeddings.

Sessions are for containerized apps.

4
MCQhard

You are developing an agentic solution that uses Azure AI Agent Service with a custom function calling tool. The agent needs to call a function that requires authentication to an external API. How should you securely pass the API key to the function?

A.Hardcode the API key in the function code
B.Use Azure Key Vault to store the API key and reference it in the function
C.Store the API key in an environment variable
D.Pass the API key as part of the agent's system prompt
AnswerB

Key Vault provides secure secret storage and retrieval.

Why this answer

Using Azure Key Vault references in the function code is the secure way to retrieve secrets at runtime without exposing them. Hardcoding is insecure. Environment variables may be exposed.

Passing in the prompt leaks credentials.

5
MCQeasy

A company is building an agentic solution using Azure AI Agent Service. The agent needs to execute a Power Automate flow when a user requests a vacation approval. Which action type should the developer add to the agent's action definition?

A.httpRequest
B.powerAutomateFlow
C.openApi
D.function
AnswerB

Correct action type for Power Automate flows.

Why this answer

Option D is correct because 'powerAutomateFlow' is the action type for executing Power Automate flows. Option A is wrong because 'openApi' is for REST APIs. Option B is wrong because 'httpRequest' is for direct HTTP calls.

Option C is wrong because 'function' is for custom code functions.

6
MCQmedium

Refer to the exhibit. You deploy this ARM template to create an agent in Microsoft Foundry. The agent uses an Azure Function as an action. The deployment succeeds but when the agent calls the function, it gets a 401 Unauthorized error. What is the most likely cause?

A.The authentication type should be ManagedIdentity instead of ApiKey.
B.The model provider is AzureOpenAI but should be AzureAI.
C.The URL parameter is missing the function name in the path.
D.The listKeys function returns the host key, but the function requires a function-level key.
AnswerD

The function may be configured with function-level authorization requiring a specific key.

Why this answer

Option A is correct because the function key is retrieved from the default key, but the function might require a specific key. Option B is wrong because the function key is correctly passed as a header. Option C is wrong because the endpoint is valid.

Option D is wrong because the model name is valid.

7
MCQeasy

Your organization is deploying an agentic solution using Microsoft Copilot Studio. The agent must be able to escalate to a human agent when it cannot resolve a user's request. You need to ensure that the escalation includes the full conversation history. What should you configure?

A.Add an 'End conversation' action and configure a fallback
B.Add a 'Create a ticket' action in the topic
C.Add a 'Start a new topic' action with context variables
D.Add a 'Transfer conversation' action and set it to include the full transcript
AnswerD

Transfer conversation sends history to human agent.

Why this answer

Option C is correct because 'Transfer conversation' automatically passes the full transcript to the human agent. Option A is incorrect because 'Create a ticket' does not transfer the conversation. Option B is incorrect because 'End conversation' terminates without escalation.

Option D is incorrect because 'Start a new topic' does not include history.

8
Multi-Selectmedium

You are developing an agentic solution that uses multiple agents to handle customer inquiries. You need to ensure that agents can hand off to each other with full context. Which THREE features should you use?

Select 3 answers
A.KQL
B.Shared Memory
C.Agent Handoff
D.Threads
E.Function calling
AnswersB, C, D

Shared Memory allows agents to persist and share state across handoffs.

Why this answer

Agent Handoff, Threads, and Shared Memory are key features for context preservation and handoff. Function calling is for tool integration, not handoff. KQL is for queries.

9
MCQhard

You are building an agentic solution that needs to perform actions on behalf of the user, such as sending emails and updating calendars. Which authentication approach should you use for the agent to access Microsoft Graph API with delegated permissions?

A.OAuth 2.0 client credentials flow
B.OAuth 2.0 authorization code flow with PKCE
C.OAuth 2.0 implicit flow
D.OAuth 2.0 device code flow
AnswerB

This flow is secure and allows delegated permissions.

Why this answer

OAuth 2.0 authorization code flow with PKCE is the recommended approach for delegated permissions in native apps that need to act on behalf of a user. Client credentials flow is for app-only access. Implicit flow is deprecated.

Device code flow is for devices without a browser.

10
Multi-Selectmedium

You are designing an agentic solution using Azure AI Agent Service. The agent needs to be able to both read and write data to an Azure SQL database. Which TWO tools should you configure?

Select 2 answers
A.Function calling
B.KQL
C.Grounding with Bing
D.Code Interpreter
E.Knowledge base
AnswersA, D

Function calling can be used to define custom functions that interact with the database.

Why this answer

Code Interpreter can execute SQL queries via Python. Function calling can be used to invoke custom database operations. Knowledge base is for search, not write.

KQL is for Azure Data Explorer.

11
MCQhard

You are a Microsoft AI engineer for a multinational retail company. The company uses Microsoft Copilot Studio to build an agent for employee self-service. The agent must handle three main tasks: (1) look up employee information from an on-premises HR database, (2) submit expense reports, and (3) answer questions about company policies stored in SharePoint Online. The HR database can only be accessed via a REST API that requires NTLM authentication. The expense report submission must be routed to a third-party system that uses OAuth 2.0. The policy documents are in multiple languages and the agent must provide answers in the user's language. The agent is published to Microsoft Teams and must support single sign-on (SSO) for authenticated users. The company has strict security requirements: all backend calls must use the user's identity, not a generic service account. The agent must also log all interactions for audit purposes. You need to design the solution architecture. Which combination of Azure services and configurations should you use?

A.Use Azure Functions to wrap the on-premises API and the expense system, connect via hybrid connections, and use the Bot Framework SDK to handle multi-language.
B.Use Power Automate flows for all backend calls, configure SharePoint as a knowledge source, and enable SSO with Microsoft Entra ID.
C.Use Azure Logic Apps with on-premises data gateway for the HR API, custom connector for expense system, and enable generative answers with SharePoint.
D.Use an on-premises data gateway with a custom connector for the HR API, a custom connector for the expense system with OAuth 2.0, enable generative answers with SharePoint, and configure SSO with Microsoft Entra ID.
AnswerD

This architecture meets all requirements: on-premises gateway for NTLM, custom connectors for authentication, generative answers for multi-language, and SSO for Teams.

Why this answer

Option D is correct because it addresses all requirements: on-premises data gateway for NTLM-secured API, custom connector for OAuth 2.0, generative answers with SharePoint for multi-language policies, and SSO with Microsoft Entra ID. Option A is wrong because Power Automate flows cannot directly use NTLM without a gateway. Option B is wrong because Azure Functions cannot directly access on-premises without a gateway.

Option C is wrong because Logic Apps need a gateway and custom connectors are better for OAuth 2.0.

12
MCQmedium

You are building an agentic solution using Microsoft Semantic Kernel. The agent needs to orchestrate multiple plugins. One plugin returns a large dataset that exceeds the model's context window. What is the best way to handle this?

A.Split the data into multiple smaller API calls and combine results
B.Truncate the data to fit the context window
C.Configure the plugin to return only a subset of the data and mark the rest as sensitive
D.Use a summarization plugin to condense the data before passing it to the model
AnswerD

Summarization preserves key info and reduces size.

Why this answer

Option B is correct because summarizing the data reduces its size while preserving key information. Option A is incorrect because truncation may lose critical data. Option C is incorrect because splitting into multiple calls increases latency and tokens.

Option D is incorrect because marking as sensitive does not solve the size issue.

13
MCQhard

Refer to the exhibit. You have created an assistant with the above configuration. When you send a message 'What is the weather in Seattle?', the assistant responds without calling the function. What is the most likely cause?

A.The 'instructions' are not being followed
B.The 'strict' parameter is set to true
C.The function is missing the 'description' property
D.The 'tool_resources' code_interpreter has empty file_ids
AnswerC

The description helps the model decide to call the function.

Why this answer

The function definition is missing the 'description' field, which is required for the model to understand when to call the function. The instructions say to call the function, but the model relies on the function's description. The other settings are correct.

14
MCQeasy

A company wants to build a customer support agent using Microsoft Copilot Studio. The agent needs to understand natural language and handle complex queries beyond simple keyword matching. The agent should be able to escalate to a human agent when it cannot resolve the issue. Which feature should the agent use to understand natural language?

A.Create a Power Automate flow to process queries.
B.Enable generative answers and configure a knowledge source.
C.Create topics with trigger phrases.
D.Use entities to extract key information.
AnswerB

Generative answers use AI to understand natural language and provide responses from knowledge sources.

Why this answer

Option C is correct because generative answers use large language models to understand natural language and handle complex queries. Option A is wrong because topics are for structured conversations. Option B is wrong because entities extract specific data but not understand intent.

Option D is wrong because Power Automate flows are for backend actions, not understanding.

15
MCQmedium

A company uses Microsoft Copilot Studio to create an agent that books meetings. The agent calls an external API to check room availability. The API requires a client certificate for authentication. Which authentication method should the developer configure in the custom connector?

A.OAuth 2.0
B.Windows Authentication
C.API Key
D.Client Certificate
AnswerD

Correct for certificate-based authentication.

Why this answer

Option C is correct because client certificate authentication is used for certificate-based auth. Option A is wrong because OAuth 2.0 is token-based. Option B is wrong because API Key is key-based.

Option D is wrong because Windows Authentication is for on-premises.

16
MCQmedium

You are building an agentic solution using Azure AI Agent Service. The agent needs to retrieve information from a SQL database dynamically based on user input. Which tool should you configure within the agent to execute SQL queries?

A.Function calling
B.Code Interpreter
C.Grounding with Bing
D.Kusto Query Language (KQL)
AnswerB

Code Interpreter can run Python code that executes SQL queries against a database.

Why this answer

The Code Interpreter tool allows the agent to execute code, including SQL queries, against data sources. Function calling is for invoking custom APIs, not direct SQL execution. Grounding with Bing is for web search.

KQL is for Azure Data Explorer.

17
MCQeasy

You are building an agent using Microsoft Copilot Studio to handle customer returns. The agent must collect the order ID, reason for return, and then provide a return shipping label. The process requires the user to provide information step-by-step. Which type of conversation flow should you implement?

A.Use an adaptive card to collect all inputs in one step.
B.Use multiple question nodes in a sequential flow.
C.Use a single question node to collect all information at once.
D.Use a generative answers node to parse the user's intent.
AnswerB

Multiple question nodes allow step-by-step collection of order ID, reason, and confirmation.

Why this answer

Option C is correct because a sequential flow with multiple question nodes ensures the user provides information step-by-step. Option A is wrong because a single question node will not handle multiple pieces of information. Option B is wrong because adaptive cards are for rich interactions, not step-by-step data collection.

Option D is wrong because generative answers are for free-form text, not structured collection.

18
MCQmedium

A company plans to deploy a Copilot Studio agent to Microsoft Teams. The agent should be available to all employees in the company. The security team requires that only authenticated users from the company's Microsoft Entra ID tenant can access the agent. Which channel configuration should be used?

A.Publish the agent to the Direct Line channel and embed it in a Teams tab.
B.Publish the agent to the Web channel and share the link in Teams.
C.Publish the agent to the Teams channel and turn off authentication.
D.Publish the agent to the Teams channel and configure authentication to require Microsoft Entra ID with the company's tenant ID.
AnswerD

This ensures only users from the company's tenant can access the agent via Teams.

Why this answer

Option A is correct because the Teams channel in Copilot Studio allows authentication configuration to restrict access to specific tenants. Option B is wrong because turning off authentication would allow anyone. Option C is wrong because the Direct Line channel is for custom apps, not Teams.

Option D is wrong because the Web channel would not enforce Teams-specific authentication.

19
MCQhard

You are designing an agentic solution in Microsoft Foundry that uses a custom agent to answer questions about internal policies. The agent uses GPT-4o with retrieval augmented generation (RAG) on documents stored in Azure AI Search. Users report that the agent sometimes provides answers that contradict the retrieved documents. Which two actions should you take to improve response fidelity?

A.Increase the temperature parameter to 0.9.
B.Increase the chunk size in Azure AI Search to 2000 tokens.
C.Set the 'strict grounding' parameter to true and limit the number of source documents to 3.
D.Configure the agent to include the retrieved text in the prompt and set temperature to 0.
E.Add a system message instructing the model to only use provided context.
AnswerC, D

Grounding and limiting sources reduces contradictions.

Why this answer

Option D is correct because grounding with retrieved documents reduces hallucination. Option B is correct because limiting source documents reduces noise. Option A is wrong because increasing temperature increases randomness.

Option C is wrong because system message alone doesn't guarantee fidelity. Option E is wrong because chunk size optimization is about performance, not contradiction.

20
MCQhard

A company wants to integrate their Copilot Studio agent with an on-premises ERP system using an API. The on-premises API requires Windows Authentication. The agent must call the API securely without exposing credentials. Which Azure service should be used to enable this integration?

A.Azure Functions with HTTP trigger.
B.Azure VPN Gateway to connect to the on-premises network.
C.Azure Logic Apps with a connector.
D.Azure API Management with on-premises data gateway.
AnswerD

API Management can use an on-premises data gateway to securely connect to on-premises APIs and handle Windows Authentication.

Why this answer

Option C is correct because Azure API Management with on-premises data gateway can securely expose on-premises APIs to the cloud and handle Windows Authentication. Option A is wrong because Azure Functions would need a gateway to connect to on-premises. Option B is wrong because Logic Apps also need a gateway.

Option D is wrong because VPN is not a service for API management.

21
MCQhard

You are designing an agent using Microsoft Copilot Studio that must handle sensitive employee data such as salaries and performance reviews. The agent should only allow HR managers to access these topics. The solution must comply with data privacy regulations. Which two actions should you take? (Select two.)

A.Set bot-level authentication to require a specific role.
B.Configure authentication in Copilot Studio to require Microsoft Entra ID sign-in.
C.Enable detailed audit logging in Microsoft Purview.
D.Apply data loss prevention policies in Microsoft Purview.
E.Configure topic-level security to restrict access to HR managers.
AnswerB, E

Authentication verifies the user's identity.

Why this answer

Options A and D are correct. Authentication ensures the user's identity is verified. Topic-level security restricts access to specific topics based on user roles.

Option B is wrong because audit logs are for monitoring, not access control. Option C is wrong because bot-level authentication does not restrict topics. Option E is wrong because data loss prevention does not control access within the agent.

22
MCQhard

You are troubleshooting a Copilot Studio agent that uses a Power Automate flow to look up customer information from a CRM system. The flow runs successfully when tested manually, but when the agent triggers it, the flow fails with an authentication error. What is the most likely cause?

A.The flow connection was deleted after the manual test.
B.The flow uses the agent's identity instead of the user's identity, and the agent lacks CRM access.
C.The user must sign in again before triggering the flow.
D.The CRM connector requires additional permissions that were not granted.
AnswerB

Copilot Studio flows can run as the bot or the user; if configured as bot, the bot's identity may not have access.

Why this answer

Option B is correct because when the agent triggers the flow, it uses the agent's identity, which may not have permissions to the CRM. Option A is wrong because connector permissions are typically configured once. Option C is wrong because the flow runs at runtime, not after sign-in.

Option D is wrong because the flow works manually, so the connection is valid.

23
MCQmedium

You are designing an agent that uses Azure AI Search as a knowledge store. The agent must handle multiple languages. Which feature should you configure in Azure AI Search to ensure the agent retrieves relevant results for queries in different languages?

A.Scoring profiles
B.Language analyzers
C.Semantic search
D.Synonym maps
AnswerB

Handle language-specific text analysis.

Why this answer

Option D is correct because language analyzers in Azure AI Search handle language-specific text processing. Option A is wrong because semantic search improves relevance, not language handling. Option B is wrong because scoring profiles rank results.

Option C is wrong because synonyms expand queries, not handle languages.

24
MCQeasy

You are using Microsoft Copilot Studio to create an agent that handles customer support. The agent needs to understand the user's intent from free-text input. Which feature should you use to map user utterances to specific topics?

A.Configure variables to capture user input
B.Add actions to process the input
C.Create custom entities to extract key phrases
D.Define trigger phrases for each topic
AnswerD

Trigger phrases match user utterances to topics.

Why this answer

Option D is correct because 'Trigger phrases' in Copilot Studio are used to match user utterances to topics. Option A is incorrect because 'Entities' extract specific information, not intent. Option B is incorrect because 'Variables' store data.

Option C is incorrect because 'Actions' perform operations.

25
Multi-Selecteasy

You are using Microsoft Copilot Studio to create an agent that handles product returns. The agent needs to collect the user's order number and reason for return. Which TWO features should you use to capture this information?

Select 2 answers
A.Use Power Automate flows to parse the user's input
B.Define trigger phrases for each topic
C.Use variables to store the order number and reason
D.Create custom entities to extract the order number and return reason
E.Create separate topics for each type of return
AnswersC, D

Variables store captured data.

Why this answer

Options A and D are correct. A: Entities allow extraction of specific data like order numbers. D: Variables store the collected information for later use.

Option B is incorrect because trigger phrases map intent, not capture data. Option C is incorrect because Power Automate flows process data but are not for initial capture. Option E is incorrect because topics handle conversation flows, not data capture.

26
MCQeasy

You are building an agentic solution that needs to process large documents uploaded by users. The agent should extract key information and summarize the content. Which tool should you enable?

A.Function calling
B.KQL
C.Code Interpreter
D.Knowledge base
AnswerC

Code Interpreter can execute Python scripts for document processing.

Why this answer

Code Interpreter (now called 'Code Interpreter' in Azure AI Studio/Assistants API) provides a sandboxed Python environment that can execute code to process uploaded files, including parsing large documents, extracting key information, and generating summaries. It handles file I/O, data manipulation, and natural language processing libraries, making it the correct tool for this agentic document-processing task.

Exam trap

Microsoft often tests the distinction between tools that execute code (Code Interpreter) versus tools that retrieve or query static data (Function calling, KQL, Knowledge base), leading candidates to mistakenly choose Function calling for any 'processing' task.

How to eliminate wrong answers

Option A is wrong because Function calling is designed for structured API interactions (e.g., calling external services or databases) and does not directly process uploaded file contents or execute arbitrary code. Option B is wrong because KQL (Kusto Query Language) is used for querying Azure Data Explorer and log analytics data, not for document extraction or summarization. Option D is wrong because a Knowledge base stores pre-indexed information for retrieval-augmented generation (RAG) but does not dynamically execute code to process newly uploaded documents or extract content on the fly.

27
MCQmedium

Refer to the exhibit. You are deploying an agent in Microsoft Foundry using the ARM template snippet above. The agent needs to call Microsoft Graph API to reset a user's password. However, the deployment fails with an authorization error. What is the most likely cause?

A.The Graph API endpoint URL is incorrect.
B.The apiVersion '2025-01-01-preview' is not supported for agent deployments.
C.The managed identity does not have the 'User.ReadWrite.All' delegated permission for Microsoft Graph.
D.The resourceId for managed identity is missing the 'Microsoft.ManagedIdentity/userAssignedIdentities' resource type.
AnswerC

The identity must be granted Graph API permissions.

Why this answer

Option B is correct because the managed identity needs Graph API permissions assigned. Option A is wrong because the endpoint is valid. Option C is wrong because the resourceId is correctly specified.

Option D is wrong because the apiVersion is a preview version but that doesn't cause authorization errors.

28
MCQmedium

A company uses Microsoft Copilot Studio to create an agent that helps employees schedule meetings. The agent must access the user's calendar to find free time slots and book meetings. The agent should only work for users who have granted consent. Which authentication and authorization approach should be used?

A.Configure OAuth 2.0 authentication with Microsoft Entra ID and request delegated permissions for Microsoft Graph.
B.Use certificate-based authentication for the agent.
C.Use API key authentication to call Microsoft Graph.
D.Use OAuth 2.0 client credentials flow with application permissions.
AnswerA

Delegated permissions allow the agent to act as the user, and consent ensures user authorization.

Why this answer

Option A is correct because OAuth 2.0 with delegated permissions allows the agent to act on behalf of the user after consent. Option B is wrong because application permissions are for app-only access, not user delegation. Option C is wrong because API key does not support user context.

Option D is wrong because certificate-based auth is also app-only.

29
MCQhard

A developer is building an agent using the Microsoft Bot Framework SDK in C#. The agent must authenticate users via Microsoft Entra ID and maintain state across conversations. The solution must store user preferences (e.g., language, timezone) in Azure Cosmos DB. Which state management approach should the developer use?

A.Use the Bot State Service (deprecated).
B.Use UserState with Blob Storage.
C.Use ConversationState with Memory Storage.
D.Use UserState with Cosmos DB Storage.
AnswerD

UserState persists user-specific data across conversations, and Cosmos DB is a scalable storage option.

Why this answer

Option D is correct because UserState with Cosmos DB storage provides a scalable solution for storing user preferences across conversations. Option A is wrong because ConversationState is scoped to a single conversation. Option B is wrong because Blob Storage is for large objects, not key-value state.

Option C is wrong because Bot State Service is deprecated.

30
MCQhard

You are developing an agentic solution that uses multiple AI agents to collaborate on a complex task. To ensure the agents work together effectively, you need to define a clear handoff protocol. Which approach should you use in Microsoft Foundry to enable agent-to-agent communication?

A.Configure a shared memory store
B.Implement a custom API for agent communication
C.Orchestrate agents sequentially using a script
D.Use Agent Handoff feature
AnswerD

Agent Handoff is designed for seamless context transfer between agents.

Why this answer

Agent Handoff is a built-in feature in Microsoft Foundry that allows one agent to pass control to another agent along with context. Custom API integration is possible but not the designed approach. Shared memory is for state management, not handoff.

Sequential orchestration is manual.

31
MCQhard

You are troubleshooting an agent built with Microsoft Copilot Studio. The agent uses a custom topic to check inventory levels. The topic calls a Power Automate flow that returns JSON with 'inStock' boolean. The agent sometimes says 'Item is in stock' even when the flow returns false. What is the most likely cause?

A.The Power Automate flow has a timeout and returns default true.
B.The topic's condition is using a variable that is not being updated with the flow output.
C.The agent's response is based on a different variable that defaults to true.
D.The agent's topic is not parsing the JSON output correctly.
AnswerB

The variable might be stale or not set correctly.

Why this answer

Option C is correct because the agent's response might be based on the topic's condition, not the flow output. Option A is wrong because if the flow fails, the agent wouldn't get a response. Option B is wrong because parsing JSON is standard.

Option D is wrong because the agent doesn't require a specific variable type.

32
MCQmedium

You are developing an agentic solution that uses Azure AI Search as a knowledge base. The agent needs to retrieve the most relevant documents based on a user query. You notice that the agent sometimes returns irrelevant results. Which configuration should you adjust?

A.Change the language analyzer to a different language
B.Increase the 'top' parameter to retrieve more candidate documents
C.Disable semantic ranking
D.Decrease the minimum search score threshold
AnswerB

More candidates increase chance of relevant results.

Why this answer

Option B is correct because increasing the number of results gives the agent more context to choose from, reducing irrelevant returns. Option A is incorrect because decreasing the search score threshold may include more irrelevant results. Option C is incorrect because semantic ranking improves relevance but may not help if the initial retrieval is poor.

Option D is incorrect because changing the analyzer affects tokenization, not relevance directly.

33
MCQhard

You are reviewing the configuration of an agent deployed via Azure AI Agent Service, as shown. The agent fails to authenticate when calling the reset_password function, which requires a token from Microsoft Entra ID. What is the most likely issue?

A.The conversation_starters are preventing the agent from calling functions
B.The agent's authentication is set to api_key instead of managed identity or OAuth
C.The reset_password function is missing required parameters
D.The model version is outdated and does not support function calling
AnswerB

API key cannot authenticate to Microsoft Entra ID.

Why this answer

Option C is correct because the security section uses api_key authentication, which is not suitable for calling Microsoft Entra ID-protected functions. Option A is incorrect because the model is supported. Option B is incorrect because the functions are properly defined.

Option D is incorrect because conversation_starters do not affect authentication.

34
MCQhard

You are building an agent using Azure AI Agent Service that must execute code in a sandbox environment. The code should be able to install Python packages. Which action type should you use?

A.function
B.code_interpreter
C.openApi
D.httpRequest
AnswerB

Allows code execution in a sandbox.

Why this answer

Option D is correct because 'code_interpreter' action type allows executing Python code in a sandbox with package installation. Option A is wrong because 'function' is for calling Azure Functions. Option B is wrong because 'httpRequest' is for HTTP calls.

Option C is wrong because 'openApi' is for REST APIs.

35
MCQhard

You are designing an agentic solution using Azure AI Agent Service with a custom skill that calls an external REST API. The API has rate limits: 100 requests per minute per client. You need to ensure the agent respects this limit without degrading user experience. Which approach should you take?

A.Use a token bucket rate limiter with a shared counter stored in Azure Cache for Redis
B.Set a fixed delay of 600ms between each API call
C.Configure the skill to handle HTTP 429 responses with retry-after logic
D.Implement exponential backoff in the skill code
AnswerA

Token bucket allows burst and respects limits globally.

Why this answer

Option D is correct because a token bucket with a shared counter across all agent instances ensures global rate limiting without dropping requests unexpectedly. Option A is incorrect because 'retry-after' headers require the agent to handle 429 responses, which can degrade UX. Option B is incorrect because exponential backoff can cause delays.

Option C is incorrect because a fixed delay per request does not adapt to varying traffic.

36
MCQeasy

You are building an agent in Microsoft Copilot Studio that needs to send a confirmation email after a user completes a survey. The email should be sent using the user's email address collected during the conversation. Which feature should you use to send the email?

A.Create a Power Automate flow that sends an email and call it from the topic.
B.Use the Send an email action directly in Copilot Studio.
C.Use an adaptive card with an email button.
D.Use the email channel to send a response.
AnswerA

Power Automate flows can send emails via connectors like Outlook.

Why this answer

Option A is correct because a Power Automate flow can be triggered from a topic and send an email using the user's email address. Option B is wrong because the email channel is for receiving emails. Option C is wrong because Copilot Studio does not have a native email action.

Option D is wrong because adaptive cards are for in-chat interactions, not sending emails.

37
MCQeasy

You have created a Copilot Studio agent that uses a Power Automate flow to send an email when a user requests a password reset. The flow works correctly in test mode, but when the agent is published, the flow does not run. What should you check first?

A.Check if the flow is shared with the Copilot Studio agent.
B.Check if the user has permission to run the flow.
C.Check if the trigger condition is correct.
D.Check if the flow is turned on.
AnswerA

Flows used in Copilot Studio must be shared with the agent's owner or the bot application.

Why this answer

Option B is correct because if the flow runs in test but not in published mode, the most common issue is that the flow connection is not shared with the agent. Option A is wrong because permissions are likely correct if test works. Option C is wrong because the flow is already created.

Option D is wrong because the trigger is correct if test works.

38
MCQmedium

You are troubleshooting an agentic solution where the agent is not returning responses within acceptable time limits. You suspect the agent is making too many sequential calls to external tools. Which strategy should you recommend to reduce latency?

A.Increase the max token limit
B.Enable parallel tool execution
C.Add more tools to distribute the load
D.Reduce the thread history length
AnswerB

Parallel execution allows the agent to invoke multiple tools simultaneously.

Why this answer

Parallel tool execution reduces latency by running independent tool calls concurrently. Adding more tools increases load. Increasing token limit does not help with tool call latency.

Reducing thread history might affect context but not tool call speed.

39
MCQmedium

An organization uses Microsoft Copilot Studio to create an agent for IT support. The agent should be able to reset passwords, unlock accounts, and look up user information by connecting to on-premises Active Directory via Microsoft Entra ID. Which type of authentication should be used for the agent to access these actions?

A.Basic authentication with username and password.
B.API key authentication to the on-premises API.
C.Certificate-based authentication for the agent's identity.
D.OAuth 2.0 authentication with Microsoft Entra ID using on-behalf-of flow.
AnswerD

On-behalf-of flow allows the agent to obtain tokens to call downstream APIs on behalf of the user.

Why this answer

Option A is correct because OAuth 2.0 with on-behalf-of flow allows the agent to authenticate to Microsoft Entra ID and then access on-premises resources via an API. Option B is wrong because API key is not suitable for user-specific actions. Option C is wrong because certificate-based authentication is not typical for this scenario.

Option D is wrong because basic authentication is insecure and deprecated.

40
Multi-Selecthard

You are designing an agentic solution using Azure AI Agent Service. The agent needs to perform actions on behalf of users, such as sending emails and updating databases. The solution must use managed identities for authentication to Azure resources. Which TWO configurations are required?

Select 2 answers
A.Store connection strings in Azure Key Vault and reference them in the agent's configuration
B.Create a service principal in Microsoft Entra ID and assign RBAC roles to the agent's resource
C.Use DefaultAzureCredential in the agent's code to authenticate to Azure services
D.Configure the agent to use an API key for each external service
E.Assign a system-assigned managed identity to the Azure resource hosting the agent
AnswersC, E

DefaultAzureCredential uses managed identity.

Why this answer

Options B and D are correct. B: The agent must have a managed identity assigned to authenticate to resources like Microsoft Graph and Azure SQL Database. D: The agent's code must use the managed identity to acquire tokens, typically via DefaultAzureCredential.

Option A is incorrect because connection strings expose secrets. Option C is incorrect because RBAC permissions are assigned to the managed identity, not the agent's service principal directly. Option E is incorrect because connection strings are not used with managed identities.

41
MCQhard

You deploy an agent in Microsoft Foundry that uses a custom skill in Azure AI Search. The skill calls an Azure Function to enrich documents. The function uses an API key. The deployment succeeds but the skill returns an error when processing documents. The function logs show the request is received but the API key is missing. What is the most likely cause?

A.The Azure Function is not running.
B.The skill definition does not include the apiKey in the header.
C.The API key stored in Azure Key Vault is expired.
D.The custom skill's URI is incorrect.
AnswerB

The skill must pass the key as a header.

Why this answer

Option B is correct because the skill might not be passing the API key as a header. Option A is wrong because the function is reachable. Option C is wrong because the key might be correct but not passed.

Option D is wrong because the function URL might be correct.

42
MCQeasy

You run the PowerShell script shown to audit your Azure AI Agent Service agents. The script outputs that several agents have no tools configured. What is the impact on those agents?

A.The agents cannot be deployed until tools are added
B.The agents can only respond to queries using the model's built-in knowledge, without ability to perform actions
C.The agents cannot start conversations with users
D.The agents will use default tools provided by Azure
AnswerB

No tools means no external actions.

Why this answer

Option A is correct because without tools, the agent can only respond based on its instructions and model, limiting its capabilities. Option B is incorrect because the agent can still start conversations. Option C is incorrect because the agent can still be deployed.

Option D is incorrect because the agent can still be invoked.

43
MCQmedium

You are creating an agent in Microsoft Copilot Studio that needs to escalate to a human agent when it cannot resolve a query. Which feature should you use?

A.Add a 'Transfer to agent' topic.
B.Add an 'Escalate' system topic.
C.Configure the 'Fallback' topic to call a Power Automate flow.
D.Use the 'End conversation' node.
AnswerA

Transfers to human agent.

Why this answer

In Microsoft Copilot Studio, the 'Transfer to agent' topic is the correct feature to escalate unresolved queries to a human agent. This topic is specifically designed to hand off the conversation to a live agent, often by triggering a handoff mechanism such as a Dynamics 365 Customer Service queue or a custom integration. It ensures that the bot gracefully transfers context and conversation history, maintaining a seamless user experience.

Exam trap

The trap here is that candidates confuse the 'Escalate' system topic (which does not exist) with the 'Transfer to agent' topic, or they mistakenly think the 'Fallback' topic can handle escalation, when in fact it is only for unrecognized input and not for intentional handoffs.

How to eliminate wrong answers

Option B is wrong because the 'Escalate' system topic does not exist in Copilot Studio; the correct system topic for escalation is the 'Transfer to agent' topic, which is a built-in topic that can be customized. Option C is wrong because the 'Fallback' topic is used to handle unrecognized user input, not to escalate to a human agent; calling a Power Automate flow from it could trigger external actions but does not inherently provide a human handoff mechanism. Option D is wrong because the 'End conversation' node simply terminates the bot session without any escalation, leaving the user without assistance.

44
MCQeasy

You are using Microsoft Copilot Studio to create an agent that helps users reset their passwords. The agent should first verify the user's identity using multi-factor authentication (MFA) before proceeding. Which feature should you configure?

A.Add a variable to store the user's identity status
B.Configure Authentication settings to require Microsoft Entra ID authentication with MFA policy
C.Add a Power Automate flow that calls Microsoft Entra ID MFA
D.Use a 'Sign in' topic trigger from the customer channel
AnswerB

Authentication settings enforce sign-in with MFA.

Why this answer

Option C is correct because 'Authentication' in Copilot Studio allows you to require Microsoft Entra ID sign-in with MFA. Option A is incorrect because 'Power Automate flow' can call MFA but is not the primary configuration. Option B is incorrect because 'Variable' does not enforce authentication.

Option D is incorrect because 'Topic trigger' initiates the topic but does not enforce authentication.

45
MCQmedium

Refer to the exhibit. You are sending a request to an agent using the Chat Completions API. The agent should decide whether to call the 'get_weather' function or not. What is missing from the request to enable the agent to properly use the function?

A.The 'messages' array should include a system prompt
B.The 'tool_choice' should be 'required'
C.The 'model' should be 'gpt-4o-mini'
D.The 'strict' parameter in the function definition
AnswerD

The 'strict' parameter is required for function calling.

Why this answer

The function definition is missing the 'strict' parameter, which is required for the model to understand the function schema correctly. The other fields are present. The tool_choice is set to auto, which is correct.

46
MCQmedium

A company uses Microsoft Copilot Studio to build an agent that helps employees find policy documents. The agent needs to answer questions about the employee handbook, which is stored in SharePoint Online. The agent should only respond to queries about the handbook and ignore unrelated questions. Which configuration should the agent designer apply?

A.Create a topic for handbook queries and configure authentication and security to restrict access.
B.Disable fallback responses and add a condition to the existing topic.
C.Enable generative answers and add the SharePoint site as a data source.
D.Set bot-level authentication to require Microsoft Entra ID sign-in.
AnswerA

Topic-level security ensures only authenticated users can trigger the topic and the agent ignores unrelated queries.

Why this answer

Option B is correct because topic-level security with authentication is required to restrict access to the handbook content and ensure the agent only responds to relevant queries. Option A is wrong because generative answers alone may pick up unrelated content. Option C is wrong because bot-level security does not restrict topics.

Option D is wrong because disabling fallback does not prevent the agent from answering unrelated queries using generative answers.

47
MCQeasy

You are deploying an agentic solution using Azure AI Agent Service. The agent needs to be invoked from a custom application using REST API calls. Which endpoint should you use to send a message to the agent?

A.POST /threads/{thread_id}/runs
B.POST /threads
C.POST /threads/{thread_id}/messages
D.GET /agents
AnswerC

This endpoint adds a message to an existing thread.

Why this answer

The correct endpoint is /threads/{thread_id}/messages to send a message. /threads creates a thread, /runs executes the agent, and /agents is for management.

48
Multi-Selecthard

You are deploying an agentic solution that must comply with data residency requirements. The agent processes personal data from users in the European Union. Which THREE actions should you take to ensure compliance?

Select 3 answers
A.Deploy the agent service in an Azure region within the European Union
B.Disable logging for the agent to avoid storing personal data
C.Enable data encryption at rest using customer-managed keys
D.Configure the agent's data storage to use a globally redundant storage account
E.Store all agent data in an Azure SQL Database located in the EU region
AnswersA, C, E

Deploying in EU regions ensures data stays within the EU.

Why this answer

Data residency requires storing and processing data within the EU region. Using Azure regions in the EU, configuring data storage in those regions, and enabling data encryption at rest are key compliance measures. Global regions may violate residency.

Disabling logging may hinder auditing.

49
MCQhard

An organization uses Microsoft Copilot Studio to build an agent that handles customer inquiries. The agent uses a custom topic with a Power Automate flow to check order status. The flow returns a JSON object with order details. The agent needs to display the order status and estimated delivery date in a formatted message. How should the agent parse the JSON response?

A.Write a custom code action in C# to parse the JSON.
B.Use the built-in JSON parser in Copilot Studio.
C.Modify the Power Automate flow to return individual variables instead of JSON.
D.Use the ParseJSON Power Fx function to convert the JSON string to a record.
AnswerD

ParseJSON in Copilot Studio converts a JSON string to a record that can be accessed with dot notation.

Why this answer

Option D is correct because the ParseJSON function in Copilot Studio converts a JSON string into a Power Fx record that can be used to access properties. Option A is wrong because the agent does not have a generic JSON parser built-in. Option B is wrong because Power Automate can parse JSON, but the agent needs to parse it in Copilot Studio.

Option C is wrong because the agent cannot use C# directly.

50
MCQhard

Refer to the exhibit. You are configuring an agent in Azure AI Agent Service. You want the agent to be able to execute Python code and call a custom function to get weather data. What is the issue with the JSON configuration?

A.The function definition is missing the 'strict' parameter
B.The 'code_interpreter' tool type should be 'code_interpreter' not 'code_interpreter'
C.The model 'gpt-4o' is not supported
D.The 'assistant_id' should be a thread ID
AnswerA

The 'strict' parameter is required for function definitions.

Why this answer

The function definition is missing the 'strict' parameter, which is required for function calling in the current API. The other parameters are correct. The model name is valid, and the code_interpreter tool is correctly enabled.

51
MCQhard

You are developing a custom agent using the Microsoft Bot Framework SDK. The agent must handle multiple languages and use the Azure AI Translator service to translate user messages to English before processing. The solution should minimize latency. Where should the translation logic be implemented?

A.As a custom middleware component that intercepts incoming activities and translates them.
B.In the OnMessageActivityAsync method after receiving the user's message.
C.By using the Bot Framework's built-in language detection feature.
D.By sending the user's message to a separate translation endpoint from the client application.
AnswerA

Middleware runs before the bot logic, translating messages efficiently without affecting the rest of the code.

Why this answer

Option C is correct because middleware runs on every incoming message and can translate before the bot logic runs, minimizing latency by avoiding multiple round trips. Option A is wrong because translating in the activity handler would still be in the pipeline but more coupled. Option B is wrong because the language detection API is separate.

Option D is wrong because client-side translation is not possible in this scenario.

52
MCQhard

You are building an agentic solution using Microsoft Semantic Kernel. The agent must autonomously decide when to call an external API to fetch real-time data. You want to minimize token usage and avoid unnecessary API calls. Which planner configuration should you use?

A.Use a SequentialPlanner with a stepwise strategy and explicit function parameter constraints
B.Use a ManualInvoke kernel with a sequential planner
C.Use a ParallelPlanner with a function-calling model
D.Use an AutoInvoke kernel with a greedy action planner
AnswerA

Stepwise strategy ensures API is called only when needed.

Why this answer

Option D is correct because a SequentialPlanner combined with a stepwise strategy ensures the agent only invokes the API when the context explicitly requires it, reducing token waste. Option A is incorrect because AutoInvoke with greedy planning may over-call APIs. Option B is incorrect because ManualInvoke requires user intervention, defeating autonomy.

Option C is incorrect because ParallelPlanner may invoke multiple APIs concurrently, increasing token usage.

53
MCQmedium

You are implementing an agentic solution using Azure AI Agent Service. The agent needs to maintain conversation context across multiple turns. You configure the agent with a custom prompt that includes a 'system message' and 'few-shot examples'. However, after a few turns, the agent starts repeating the same responses. What is the most likely cause?

A.The 'max_tokens' parameter is set too low for the response
B.The 'max_context_length' is set too low, causing earlier turns to be truncated
C.The agent is using a 'context recycling' feature that resets after each turn
D.The temperature is set too high, causing the model to become deterministic
AnswerB

Truncation loses context, leading to repetition.

Why this answer

Option B is correct because a low maximum context length truncates earlier conversation turns, causing the agent to lose context and repeat responses. Option A is incorrect because the token limit per request affects the length of individual responses, not repetition. Option C is incorrect because the Azure OpenAI API does not recycle context unless explicitly configured.

Option D is incorrect because changing temperature affects randomness, not repetition due to context loss.

54
Multi-Selectmedium

You are building an agentic solution using Microsoft Semantic Kernel. The agent uses a planner to orchestrate multiple functions. You want to improve the planner's ability to handle complex user requests that involve multiple steps. Which THREE strategies should you implement?

Select 3 answers
A.Limit the number of available functions to reduce planning overhead
B.Enable the planner to ask the user for clarification when the request is ambiguous
C.Create composite functions that encapsulate common multi-step sub-tasks
D.Use a simple, generic prompt to avoid overfitting
E.Provide few-shot examples of multi-step workflows in the planner prompt
AnswersB, C, E

Clarification improves accuracy.

Why this answer

Options B, C, and E are correct. B: Providing few-shot examples helps the planner understand complex tasks. C: Creating higher-level composite functions reduces the number of steps the planner needs to orchestrate.

E: Allowing the planner to ask clarifying questions improves accuracy. Option A is incorrect because a simple prompt reduces capability. Option D is incorrect because limiting functions restricts the planner.

55
MCQhard

You are implementing an agentic solution using Azure AI Agent Service with multiple agents that need to collaborate. Each agent has access to different knowledge bases. You want to ensure that the agents can share context and hand off tasks to each other seamlessly. Which architecture should you use?

A.Create a single monolithic agent that includes all knowledge bases
B.Deploy each agent independently and configure them to call each other via HTTP
C.Use a supervisor agent that delegates to specialized agents, with a shared context store in Azure Cosmos DB
D.Chain the agents sequentially, passing output from one to the next
AnswerC

Supervisor pattern with shared context enables seamless handoff.

Why this answer

Option A is correct because a supervisor agent with a shared context store allows coordination and handoff. Option B is incorrect because separate independent agents lack coordination. Option C is incorrect because sequential chaining limits flexibility.

Option D is incorrect because a single monolithic agent defeats the purpose of specialization.

56
MCQmedium

You deploy an agent using the ARM template shown. Users report that the agent cannot answer questions about uploaded documents. What is the most likely cause?

A.The function tool is missing required parameters
B.The model specified is not supported for file operations
C.The file_search tool is disabled in the agent configuration
D.The code_interpreter tool is enabled, which conflicts with file_search
AnswerC

Disabled file_search prevents document search.

Why this answer

Option B is correct because 'file_search' is disabled in the template, so the agent cannot search uploaded documents. Option A is incorrect because code_interpreter is enabled. Option C is incorrect because the function is correctly defined.

Option D is incorrect because the model is valid.

57
MCQeasy

You are designing an agentic solution that uses Azure AI Agent Service to answer customer support queries. The agent needs to retrieve information from a knowledge base stored in Azure AI Search. Which tool should you enable for the agent?

A.Code Interpreter
B.Function calling
C.KQL
D.Knowledge base
AnswerD

Knowledge base tool allows the agent to query Azure AI Search indexes.

Why this answer

Knowledge base tool (or file search / grounding) is used to connect to Azure AI Search index. Code Interpreter is for code execution. Function calling is for APIs.

KQL is for Azure Data Explorer.

58
MCQeasy

You are building an agentic solution using Azure AI Agent Service. The agent needs to send an email via Microsoft Graph API. Which authentication method should you use for the action?

A.Client Certificate
B.API Key
C.OAuth 2.0
D.Basic Authentication
AnswerC

Standard for Microsoft Graph.

Why this answer

Option C is correct because Microsoft Graph API requires OAuth 2.0 tokens. Option A is wrong because API Key is not supported. Option B is wrong because Basic auth is deprecated.

Option D is wrong because client certificates are for server-to-server but OAuth is standard.

59
MCQeasy

You need to monitor an agent deployed in Microsoft Foundry. Which Azure service should you use to collect and analyze logs and metrics from the agent?

A.Application Insights
B.Azure Log Analytics
C.Microsoft Sentinel
D.Azure Monitor
AnswerD

Collects logs and metrics.

Why this answer

Option B is correct because Azure Monitor collects telemetry from Azure resources. Option A is wrong because Azure Log Analytics is part of Azure Monitor, not a separate service for monitoring. Option C is wrong because Application Insights is for application performance, not infrastructure monitoring.

Option D is wrong because Microsoft Sentinel is a SIEM, not general monitoring.

60
MCQeasy

You are designing an agentic solution that uses Microsoft Copilot Studio and Azure AI Search. The agent needs to answer questions based on confidential documents. Which security measure should you implement to ensure the agent only accesses documents the user has permission to read?

A.Disable public network access on the Azure AI Search service.
B.Implement document-level security using security filters in the search index.
C.Use a managed identity for the agent to access the search index.
D.Require multi-factor authentication for all users.
AnswerB

Security filters enforce permissions at the document level.

Why this answer

Option D is correct because document-level security filters in Azure AI Search enforce permissions. Option A is wrong because disabling public access is not granular. Option B is wrong because managed identity alone doesn't filter documents.

Option C is wrong because MFA is authentication, not authorization.

61
MCQmedium

A company is building an agentic solution using Microsoft Copilot Studio. The agent needs to retrieve customer order status from an external CRM API. The API requires OAuth 2.0 authentication with client credentials. Which connector configuration should the developer use?

A.Use a custom connector with API Key authentication.
B.Use the HTTP connector with OAuth2 client credentials grant type.
C.Use a Power Automate flow with a CRM connector that uses service principal.
D.Use an AI Builder model to call the API.
AnswerB

Correct for OAuth 2.0 client credentials flow.

Why this answer

Option A is correct because HTTP with OAuth2 client credentials is the appropriate way to authenticate with an external API that uses OAuth 2.0. Option B is wrong because API Key is not OAuth. Option C is wrong because Power Automate with native CRM connector might not support OAuth client credentials.

Option D is wrong because AI Builder is not for API authentication.

Ready to test yourself?

Try a timed practice session using only Implement an agentic solution questions.