Microsoft 365 Fundamentals MS-900 (MS-900) — Questions 901975

985 questions total · 14pages · All types, answers revealed

Page 12

Page 13 of 14

Page 14
901
MCQmedium

A marketing team needs to create a short promotional video that includes screen recordings, webcam footage, and text overlays. Which Microsoft 365 app should they use to create this video?

A.Microsoft Stream
B.Microsoft Clipchamp
C.Microsoft PowerPoint
D.Microsoft Sway
AnswerB

Clipchamp is a built-in video editor in Microsoft 365 that can create videos from screen recordings, webcam, and adds text overlays.

Why this answer

Microsoft Clipchamp is the correct app because it is a built-in video editor in Microsoft 365 designed for creating and editing videos with features like screen recording, webcam capture, and text overlays. It provides a timeline-based editing interface that allows users to combine multiple media sources into a single promotional video, making it the ideal tool for this task.

Exam trap

The trap here is that candidates often confuse Microsoft Stream (a video hosting service) with a video creation tool, or assume PowerPoint's basic video insertion capabilities are sufficient for multi-track editing, leading them to overlook Clipchamp's dedicated video editing functionality.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video hosting and sharing platform, not a video creation or editing tool; it lacks native editing capabilities for combining screen recordings, webcam footage, and text overlays. Option C is wrong because Microsoft PowerPoint is a presentation application that can insert videos but does not offer a timeline-based video editor with multi-track support for screen recordings and webcam footage simultaneously. Option D is wrong because Microsoft Sway is a digital storytelling and presentation tool focused on interactive web-based content, not a video editor with screen recording or webcam integration.

902
Multi-Selectmedium

Which three of the following are characteristics of Microsoft 365 subscription plans? (Choose three.)

Select 3 answers
.Subscription plans are available in monthly and annual commitment terms.
.All subscription plans include the full desktop version of Office applications.
.Plans can be upgraded or downgraded at any time without any restrictions.
.Business plans include Microsoft 365 Business Basic, Business Standard, and Business Premium.
.Enterprise plans are licensed on a per-user basis with a minimum of 5 seats.
.Add-on services, such as Microsoft 365 Copilot, can be purchased to supplement existing plans.

Why this answer

Microsoft 365 subscription plans offer monthly and annual commitment terms, giving customers flexibility in billing. Business plans are specifically categorized as Business Basic, Business Standard, and Business Premium, each with different feature sets. Add-on services like Microsoft 365 Copilot can be purchased to enhance existing subscriptions, allowing organizations to scale capabilities without changing their base plan.

Exam trap

The trap here is that candidates assume all subscription plans include full desktop Office apps, but Microsoft deliberately excludes them from lower-tier plans (e.g., Business Basic) to drive upsell to higher SKUs.

903
MCQhard

A healthcare organization must ensure that all outgoing emails containing protected health information (PHI) are automatically encrypted. External recipients must be able to read the encrypted messages without installing any software or signing up for a service. Which Microsoft Purview solution should be configured?

A.Data Loss Prevention (DLP)
B.Sensitivity labels
C.Microsoft Purview Message Encryption
D.Information protection policies
AnswerC

Message Encryption provides the ability to encrypt emails and allow external recipients to read them securely. It integrates with DLP for automatic encryption.

Why this answer

Microsoft Purview Message Encryption (C) is the correct solution because it enables automatic encryption of outgoing emails based on rules (e.g., detecting PHI) and allows external recipients to read encrypted messages via a secure web portal or inline rendering in supported email clients, without requiring any software installation or account sign-up. This directly meets the requirement for seamless, no-friction decryption by external parties.

Exam trap

The trap here is that candidates often confuse Data Loss Prevention (DLP) with encryption, assuming DLP automatically encrypts outgoing emails, when in fact DLP only detects and blocks or alerts, while Microsoft Purview Message Encryption is the specific service that provides automatic encryption with external-reader access.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) policies can detect and block or warn about sensitive data like PHI in emails, but they do not natively encrypt the message content for external recipients; DLP alone cannot provide the required encryption and seamless reading experience. Option B is wrong because Sensitivity labels can apply encryption to emails, but they require the recipient to have an Azure AD account or use a Microsoft account to decrypt the message, which violates the requirement that external recipients must read without signing up for a service. Option D is wrong because Information protection policies are a broad category that includes sensitivity labels and DLP, but they do not directly provide the specific automatic encryption and external-reader experience that Microsoft Purview Message Encryption offers.

904
Multi-Selecthard

A healthcare organization is adopting Microsoft 365 and must meet compliance requirements: retain all communications for 7 years, prevent accidental deletion of documents, and classify sensitive data automatically. Which THREE Microsoft Purview features should the organization use?

Select 3 answers
A.Data loss prevention (DLP) policies
B.eDiscovery
C.Auto-labeling
D.Preservation hold lock
E.Retention policies
AnswersC, D, E

Correct: Automatically classifies sensitive data based on conditions.

Why this answer

Auto-labeling (Option C) is correct because it enables the organization to automatically classify sensitive data based on content patterns (e.g., healthcare records, PII) without manual intervention. This aligns directly with the requirement to classify sensitive data automatically, using trainable classifiers or sensitive info types in Microsoft Purview.

Exam trap

The trap here is that candidates often confuse DLP policies with auto-labeling, but DLP is about preventing data loss after classification, not the classification itself.

905
MCQhard

A company with 100 Microsoft 365 Business Premium users needs to add advanced compliance features: eDiscovery (Premium) and Communication Compliance. They want to keep their existing Business Premium subscriptions to retain current capabilities. What is the most cost-effective licensing approach?

A.Upgrade all 100 users from Business Premium to Microsoft 365 E5
B.Purchase Microsoft 365 E5 Compliance add-on for all 100 users
C.Purchase Microsoft 365 E5 eDiscovery and Audit add-on
D.Purchase Microsoft 365 E5 Compliance and Information Protection add-on
AnswerB

The E5 Compliance add-on provides eDiscovery (Premium) and Communication Compliance, and it can be subscribed to on top of Business Premium, making it the most cost-effective option.

Why this answer

Option B is correct because Microsoft 365 Business Premium already includes the base compliance features, and the Microsoft 365 E5 Compliance add-on provides the advanced capabilities (eDiscovery Premium and Communication Compliance) without requiring a full license upgrade. This add-on is the most cost-effective approach as it adds only the needed compliance features to existing Business Premium subscriptions.

Exam trap

The trap here is that candidates often assume they must upgrade to a full E5 license to get advanced compliance features, overlooking the existence of targeted add-ons like Microsoft 365 E5 Compliance that can be layered onto existing Business Premium subscriptions.

How to eliminate wrong answers

Option A is wrong because upgrading all 100 users from Business Premium to Microsoft 365 E5 is significantly more expensive than adding the E5 Compliance add-on, and it provides many extra features (e.g., advanced analytics, advanced threat protection) that are not required, making it not cost-effective. Option C is wrong because there is no standalone 'Microsoft 365 E5 eDiscovery and Audit add-on'; eDiscovery (Premium) and Communication Compliance are part of the Microsoft 365 E5 Compliance suite, not a separate eDiscovery-only add-on. Option D is wrong because 'Microsoft 365 E5 Compliance and Information Protection add-on' is not a valid SKU name; the correct add-on is simply 'Microsoft 365 E5 Compliance', which includes both eDiscovery Premium and Communication Compliance, and the mention of 'Information Protection' is redundant or misleading.

906
Multi-Selecthard

A multinational organization uses Microsoft 365 E5 and needs to ensure compliance with data residency requirements for email and documents stored in Exchange Online and SharePoint Online. Which THREE services or features can help administrators enforce data location policies?

Select 3 answers
A.Multi-Geo Capabilities for SharePoint and OneDrive
B.Data Location for Exchange Online
C.Microsoft Bookings
D.Microsoft Purview Data Lifecycle Management
E.Microsoft Entra ID
AnswersA, B, D

Multi-Geo allows data to be stored in chosen geographic locations.

Why this answer

Multi-Geo Capabilities for SharePoint and OneDrive (Option A) allows administrators to provision and store data at rest in specified geographic locations, ensuring compliance with data residency requirements. This feature enables a tenant to have multiple satellite geographies where content is stored, while the central location remains the primary data residency.

Exam trap

The trap here is that candidates may confuse data lifecycle management (retention/deletion) with data residency (geographic storage location), leading them to incorrectly select Microsoft Purview Data Lifecycle Management as a data location enforcement tool.

907
MCQhard

A company uses Microsoft Intune to manage devices. They want to deploy a custom line-of-business (LOB) app to Windows 10 devices that are not enrolled in Intune but are joined to Azure AD. Which deployment method should they use?

A.Deploy the app as a Microsoft Store for Business app and assign to Azure AD-joined devices.
B.Use sideloading by enabling developer mode on each device.
C.Use Intune to deploy the app as a line-of-business app.
D.Use Group Policy to deploy the app via Active Directory.
AnswerA

Store for Business can deploy to Azure AD-joined devices without Intune enrollment.

Why this answer

Option A is correct because Microsoft Store for Business allows you to deploy apps to Azure AD-joined devices that are not enrolled in Intune. The app can be assigned directly to Azure AD-joined devices via the Store for Business portal, which uses the Azure AD identity to push the app without requiring Intune enrollment.

Exam trap

The trap here is that candidates assume Intune is required for any app deployment to Azure AD-joined devices, but Microsoft Store for Business can deploy apps directly to Azure AD-joined devices without Intune enrollment.

How to eliminate wrong answers

Option B is wrong because sideloading via developer mode is a manual, per-device process that does not scale for enterprise deployment and does not leverage Azure AD or Intune. Option C is wrong because Intune can only deploy LOB apps to devices that are enrolled in Intune management; the scenario specifies devices are not enrolled in Intune. Option D is wrong because Group Policy requires devices to be domain-joined to an on-premises Active Directory, but the devices are Azure AD-joined only, not domain-joined.

908
MCQeasy

A compliance-aware administrator is selecting the right Microsoft 365 capability to add and remove capacity quickly when demand changes. Cloud concept or benefit best matches this requirement?

A.Rapid elasticity
B.Microsoft Planner
C.Data Loss Prevention (DLP)
D.Sensitivity labels
AnswerA

Rapid elasticity is the cloud characteristic that allows resources to scale quickly in response to demand.

Why this answer

Rapid elasticity is a core cloud computing concept defined by NIST (SP 800-145) that allows resources to be provisioned and released automatically in response to demand. In Microsoft 365, this is demonstrated by the ability to add or remove user licenses (e.g., via the Microsoft 365 admin center or PowerShell) on a per-seat basis, scaling capacity up or down almost instantly without manual infrastructure changes.

Exam trap

The trap here is that candidates confuse a cloud concept (rapid elasticity) with a specific Microsoft 365 feature (Planner, DLP, sensitivity labels), failing to recognize that the question asks for the cloud concept or benefit, not a product or feature name.

How to eliminate wrong answers

Option B is wrong because Microsoft Planner is a task management and project planning tool, not a cloud concept or benefit for scaling capacity. Option C is wrong because Data Loss Prevention (DLP) is a security policy feature that prevents sensitive data from being shared inappropriately, not a mechanism for adding or removing capacity. Option D is wrong because sensitivity labels are used to classify and protect data (e.g., encryption, marking), not to scale cloud resources dynamically.

909
MCQeasy

A user receives an error message when trying to activate Microsoft 365 Apps for enterprise. The administrator checks the license assignment and confirms the user has a Microsoft 365 E3 license. What is the most likely cause of the activation failure?

A.The Microsoft 365 trial period has expired
B.The license is not yet assigned to the user
C.The user is signed in with a personal Microsoft account instead of a work or school account
D.The device does not meet the minimum system requirements for Office
AnswerC

Microsoft 365 Apps require a work or school account to activate with an organizational license.

Why this answer

If the user has not signed in with their work or school account, activation will fail. The license may not be assigned yet, but the scenario says it is assigned. The trial may have expired, but if the subscription is active, that's not the issue.

The device might not meet requirements, but typical activation failures are due to sign-in issues.

910
MCQmedium

A non-profit organization with 100 users needs business-grade email, desktop versions of Office apps (Word, Excel, PowerPoint), and 1 TB of cloud storage per user. They are eligible for non-profit pricing. Which Microsoft 365 plan meets these requirements at the lowest cost?

A.Microsoft 365 Business Basic (Nonprofit)
B.Microsoft 365 Business Standard (Nonprofit)
C.Microsoft 365 Business Premium (Nonprofit)
D.Microsoft 365 E3 (Nonprofit)
AnswerB

Correct. This plan includes desktop Office apps, business email, and 1 TB storage per user at a lower cost than Premium or E3.

Why this answer

Microsoft 365 Business Standard (Nonprofit) is the lowest-cost plan that includes business-grade email (Exchange Online), desktop versions of Office apps (Word, Excel, PowerPoint), and 1 TB of cloud storage per user (OneDrive for Business). Microsoft 365 Business Basic (Nonprofit) lacks the desktop Office apps, while Business Premium and E3 include additional security and compliance features that increase cost beyond the stated requirements.

Exam trap

The trap here is that candidates often confuse 'Business Basic' as sufficient because it includes email and cloud storage, forgetting that desktop Office apps are a separate, higher-tier requirement, or they over-select 'Business Premium' or 'E3' thinking more features are always better for nonprofits.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Basic (Nonprofit) provides only web and mobile versions of Office apps, not the full desktop versions required by the question. Option C is wrong because Microsoft 365 Business Premium (Nonprofit) includes all the required features but adds advanced security and device management capabilities (e.g., Microsoft Defender for Business, Intune) that raise the cost unnecessarily. Option D is wrong because Microsoft 365 E3 (Nonprofit) is an enterprise-grade plan with additional compliance, analytics, and advanced security features (e.g., eDiscovery, Advanced Audit) that far exceed the stated needs and come at a higher price point.

911
MCQhard

A company is deploying Microsoft 365 Copilot and wants to ensure that only users with the appropriate sensitivity labels can access Copilot-generated content. What should the administrator configure to enforce this requirement?

A.Create a retention label policy in Microsoft Purview
B.Create a Conditional Access policy in Microsoft Entra ID
C.Configure a data loss prevention (DLP) policy in Microsoft Purview
D.Enable auto-labeling for sensitivity labels in Microsoft Purview Information Protection
AnswerD

Auto-labeling can apply sensitivity labels to Copilot-generated content, and Copilot respects these labels for access control.

Why this answer

Option C is correct. Microsoft Purview Information Protection sensitivity labels can be automatically applied to content based on classification, and Copilot respects these labels. Option A is wrong because data loss prevention policies prevent sharing but do not automatically label content.

Option B is wrong because retention labels manage retention, not access. Option D is wrong because Conditional Access controls access to apps, not labeling.

912
MCQmedium

A compliance administrator needs to investigate emails that may be part of a phishing campaign. Which Microsoft 365 capability is the best fit?

A.Microsoft Bookings
B.Microsoft Teams live events
C.OneDrive sync client
D.Threat Explorer in Microsoft Defender for Office 365
AnswerD

Threat Explorer supports investigation of email threats, campaigns, and delivery actions.

Why this answer

Threat Explorer in Microsoft Defender for Office 365 is the correct tool because it provides security teams with a powerful, real-time investigation interface to search, filter, and analyze email threats, including phishing campaigns. It allows administrators to view detailed email metadata, delivery actions, and threat types (e.g., phishing, malware) across the organization, making it the best fit for investigating suspected phishing emails.

Exam trap

The trap here is that candidates may confuse general Microsoft 365 admin tools (like Bookings or Teams) with security-specific capabilities, failing to recognize that only Threat Explorer provides the granular email investigation features required for phishing analysis.

How to eliminate wrong answers

Option A is wrong because Microsoft Bookings is a scheduling and appointment management tool, not a security or email investigation capability. Option B is wrong because Microsoft Teams live events is a broadcast and meeting feature for large audiences, with no email threat analysis or phishing investigation functionality. Option C is wrong because the OneDrive sync client is designed for file synchronization and offline access, and it cannot be used to investigate email threats or phishing campaigns.

913
MCQmedium

A compliance-aware administrator is selecting the right Microsoft 365 capability to delete content automatically after a defined retention period. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Forms
B.Microsoft Planner
C.Microsoft Stream
D.Retention policy or retention label
AnswerD

Retention policies and labels can retain content and then delete it according to policy.

Why this answer

Retention policies and retention labels are the Microsoft 365 compliance capabilities designed to automatically delete content after a defined retention period. They enforce data lifecycle management by applying rules to content in Exchange, SharePoint, OneDrive, and Teams, ensuring compliance with regulatory requirements. Microsoft Forms, Planner, and Stream are productivity or collaboration tools, not compliance capabilities for automated deletion.

Exam trap

The trap here is that candidates may confuse productivity tools (Forms, Planner, Stream) with compliance capabilities, assuming they have built-in retention features, when in fact only retention policies and labels provide automated deletion based on a defined period.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a survey and quiz creation tool, not a compliance capability; it lacks native features to automatically delete content after a retention period. Option B is wrong because Microsoft Planner is a task management and project planning tool, not a compliance capability; it does not provide retention or deletion policies for content. Option C is wrong because Microsoft Stream is a video hosting and sharing service, not a compliance capability; while it integrates with retention policies, it is not the tool used to define or manage retention periods.

914
MCQmedium

A charitable organization with 25 employees is eligible for Microsoft's non-profit licensing program. They need business-grade email, online versions of Office apps, and 50 GB of cloud storage per user. Their budget is very limited. Which plan should they choose?

A.Microsoft 365 Nonprofit Business Essential
B.Microsoft 365 Nonprofit Business Standard
C.Microsoft 365 Enterprise E1
D.Microsoft 365 Government G1
AnswerA

Correct. This plan offers the required services (email, online apps, 50 GB storage) at a low cost for eligible non-profits.

Why this answer

Microsoft 365 Nonprofit Business Essentials provides business-grade email (Exchange Online), online versions of Office apps (Office for the web), and 50 GB of cloud storage per user (OneDrive for Business) at the lowest cost for nonprofits. This plan meets all stated requirements while respecting the organization's very limited budget, as it is the entry-level subscription for eligible nonprofit entities.

Exam trap

The trap here is that candidates often confuse the Nonprofit Business Essentials plan with the Nonprofit Business Standard plan, mistakenly believing that desktop Office apps are required for business-grade email and online apps, when the Essentials plan fully satisfies the stated needs at a lower cost.

How to eliminate wrong answers

Option B is wrong because Microsoft 365 Nonprofit Business Standard includes desktop versions of Office apps, which the question does not require, and is more expensive than Business Essentials, exceeding the very limited budget. Option C is wrong because Microsoft 365 Enterprise E1 is a commercial plan not available under the nonprofit licensing program; nonprofits must use the dedicated Nonprofit Business or Nonprofit Enterprise plans. Option D is wrong because Microsoft 365 Government G1 is restricted to US government entities and is not available to charitable organizations, even if they are nonprofits.

915
MCQhard

A security team needs to monitor all administrative activities in Microsoft 365, including creating users, resetting passwords, and modifying policies. They require that logs be retained for at least 90 days and want to create custom alerts for suspicious admin actions (e.g., multiple password resets in a short time). Which Microsoft Purview solution should they use?

A.Microsoft Purview Audit (Premium)
B.Microsoft Purview Audit (Standard)
C.Microsoft Defender for Cloud Apps
D.Microsoft Entra ID reporting
AnswerA

Audit (Premium) offers up to 1 year log retention and allows creation of custom alert policies for specific admin activities, meeting both requirements.

Why this answer

Microsoft Purview Audit (Premium) is the correct solution because it provides extended log retention of up to one year (or more with add-ons), which meets the 90-day requirement, and it supports custom alert policies via the Microsoft 365 Defender portal to detect suspicious admin activities like multiple password resets. Standard Audit only retains logs for 90 days but lacks the advanced alerting and investigation capabilities needed for custom alerts on admin actions.

Exam trap

The trap here is that candidates often confuse Audit (Standard) with Audit (Premium) because both provide logging, but they overlook that only Premium supports custom alert policies and extended retention beyond 90 days, which is explicitly required for monitoring suspicious admin actions.

How to eliminate wrong answers

Option B (Microsoft Purview Audit (Standard)) is wrong because while it retains logs for 90 days, it does not support custom alert policies for suspicious admin actions; it only provides basic log search and export. Option C (Microsoft Defender for Cloud Apps) is wrong because it focuses on cloud app discovery, session controls, and anomaly detection for SaaS apps, not on auditing and alerting for Microsoft 365 administrative activities like user creation or password resets. Option D (Microsoft Entra ID reporting) is wrong because it provides sign-in and audit logs for Azure AD objects but lacks the 90-day retention guarantee (default is 30 days for free tier) and does not offer custom alerting for admin actions within Microsoft 365; it is limited to directory-level events.

916
MCQeasy

A small business uses Microsoft 365 Business Premium. They want to ensure that company data on lost or stolen mobile devices is automatically removed. Which Microsoft Intune policy should they configure?

A.Conditional Access
B.Remote wipe
C.App protection policies
D.Compliance policies
AnswerB

Correct. Remote wipe removes all data from a device.

Why this answer

Remote wipe (option B) is the correct Intune policy for automatically removing company data from lost or stolen mobile devices. When configured, Remote wipe sends a command to the device that performs a factory reset, erasing all data including corporate information. This is specifically designed for device-level data removal scenarios, unlike other policies that manage access or app-level data.

Exam trap

The trap here is that candidates confuse 'Remote wipe' with 'Conditional Access' or 'Compliance policies', thinking access control or compliance checks automatically remove data, but only Remote wipe actually erases device data.

How to eliminate wrong answers

Option A (Conditional Access) is wrong because it controls access to resources based on conditions like device compliance or location, but does not remove data from devices. Option C (App protection policies) is wrong because they manage how data is handled within specific apps (e.g., preventing copy-paste or requiring PIN), but do not wipe entire devices or remove all company data automatically upon loss or theft. Option D (Compliance policies) is wrong because they define rules for device health (e.g., requiring encryption or jailbreak detection) and trigger actions like blocking access, but do not perform data removal or wipe operations.

917
MCQmedium

A company uses Microsoft 365 and wants to automatically classify documents containing credit card numbers as 'Highly Confidential' and apply encryption when shared externally. Which solution should they use?

A.Microsoft Intune
B.Microsoft Sentinel
C.Microsoft Purview Information Protection with auto-labeling
D.Microsoft Defender for Cloud Apps
AnswerC

Auto-labeling can classify and protect sensitive data automatically.

Why this answer

Microsoft Purview Information Protection with auto-labeling is the correct solution because it uses trainable classifiers or exact data match (EDM) to detect sensitive data types like credit card numbers, automatically apply a 'Highly Confidential' sensitivity label, and enforce encryption when the document is shared externally. This capability is built into Microsoft 365 compliance center and integrates with sensitivity labels to protect data at rest and in transit.

Exam trap

The trap here is that candidates confuse Microsoft Defender for Cloud Apps (a CASB) with Purview's auto-labeling, assuming a CASB can classify and encrypt content natively, when in fact it only applies labels that are already defined and managed by Purview Information Protection.

How to eliminate wrong answers

Option A is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) solution that manages devices and apps, not content classification or encryption based on sensitive data patterns. Option B is wrong because Microsoft Sentinel is a cloud-native SIEM/SOAR solution for security analytics and threat detection, not for automatic content classification or labeling of documents. Option D is wrong because Microsoft Defender for Cloud Apps is a CASB that provides visibility and control over cloud app usage, but it does not natively perform automatic classification and encryption of documents based on sensitive data types like credit card numbers; it can apply labels only after they are created by Purview.

918
MCQmedium

An IT administrator needs to ensure that all company-issued Windows 11 devices are configured with the latest security policies and that applications are deployed automatically. Which Microsoft 365 service should they use?

A.Microsoft Intune
B.Microsoft Microsoft Entra ID
C.Microsoft Defender for Endpoint
D.Microsoft 365 Apps for enterprise
AnswerA

Correct. Intune provides device configuration, policy enforcement, and app deployment for managed devices.

Why this answer

Microsoft Intune is the correct choice because it is a cloud-based endpoint management solution that provides mobile device management (MDM) and mobile application management (MAM). It allows IT administrators to enforce security policies (e.g., BitLocker, Windows Defender Firewall, compliance rules) and automate application deployment to Windows 11 devices without requiring on-premises infrastructure. Intune integrates with Microsoft Entra ID for identity-based conditional access but is the primary service for device configuration and app deployment.

Exam trap

The trap here is that candidates often confuse Microsoft Entra ID (identity management) with device management, assuming it can enforce device policies, when in fact Entra ID only provides conditional access policies that rely on Intune compliance data.

How to eliminate wrong answers

Option B is wrong because Microsoft Entra ID is an identity and access management service that handles authentication, single sign-on, and conditional access policies, but it does not manage device configuration or deploy applications directly. Option C is wrong because Microsoft Defender for Endpoint is a security solution focused on endpoint detection and response (EDR), vulnerability management, and threat protection, not device policy enforcement or automated app deployment. Option D is wrong because Microsoft 365 Apps for enterprise is a suite of productivity applications (e.g., Word, Excel, Teams) and does not provide device management or policy configuration capabilities.

919
MCQhard

A company with 200 users currently has Microsoft 365 Business Premium licenses. They need to implement advanced compliance features, including communication compliance and eDiscovery (Premium). They want to keep their existing Business Premium licenses to avoid losing other features. What is the most cost-effective licensing strategy to add these capabilities?

A.Upgrade all users to Microsoft 365 E5
B.Purchase the Microsoft 365 E5 Security add-on for all users
C.Purchase the Microsoft 365 E5 Compliance add-on for all users
D.Purchase the Microsoft 365 E5 suite for all users
AnswerC

This add-on provides the advanced compliance tools needed and is designed as an add-on for Business Premium.

Why this answer

Option C is correct because the Microsoft 365 E5 Compliance add-on provides the advanced compliance features (communication compliance and eDiscovery Premium) required, while allowing the company to retain their existing Business Premium licenses. This is the most cost-effective approach, as it adds only the needed compliance capabilities without upgrading the entire suite or purchasing unnecessary security add-ons.

Exam trap

The trap here is that candidates often confuse the E5 Security add-on with the E5 Compliance add-on, mistakenly thinking that security add-ons include compliance features, when in fact they are separate licensing components with distinct feature sets.

How to eliminate wrong answers

Option A is wrong because upgrading all users to Microsoft 365 E5 would be significantly more expensive and includes many features (e.g., advanced security, analytics) that are not required, resulting in unnecessary cost. Option B is wrong because the Microsoft 365 E5 Security add-on provides advanced security features (e.g., Microsoft Defender for Office 365, Microsoft 365 Defender) but does not include the advanced compliance features like communication compliance or eDiscovery Premium. Option D is wrong because purchasing the full Microsoft 365 E5 suite for all users is essentially the same as upgrading to E5, which is not cost-effective when only compliance capabilities are needed.

920
Matchingmedium

Match each Microsoft 365 license type to its typical audience.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Large organizations with 500+ users

Organizations buying through a partner

Small and medium businesses up to 300 users

Individual users or teams buying directly

Why these pairings

Licensing options vary by organization size and purchasing method.

921
MCQmedium

Contoso Ltd. is a global consulting firm with 5,000 employees. They use Microsoft 365 E5 and have recently deployed Microsoft Copilot for Microsoft 365 to enhance productivity. The IT team wants to ensure that users' interactions with Copilot are compliant with the company's data retention policies. They need to retain all Copilot interactions for 7 years for legal reasons. Which Microsoft Purview solution should the IT team implement?

A.Apply sensitivity labels to Copilot data
B.Create retention policies for Copilot interactions
C.Set up eDiscovery cases for Copilot data
D.Configure Data Loss Prevention (DLP) policies
AnswerB

Retention policies in Microsoft Purview allow you to retain data for a specified period, such as 7 years.

Why this answer

Option C is correct because retention policies in Microsoft Purview can be applied to Copilot interactions stored in Exchange Online and SharePoint Online. Option A is wrong because sensitivity labels classify data but do not enforce retention. Option B is wrong because DLP prevents data loss but does not retain data.

Option D is wrong because eDiscovery is for searching content, not setting retention.

922
Multi-Selecteasy

Which TWO Microsoft 365 subscription plans include the Microsoft 365 Copilot add-on as an optional purchase?

Select 2 answers
A.Microsoft 365 Education A1
B.Microsoft 365 E3
C.Microsoft 365 Business Basic
D.Microsoft 365 F3
E.Microsoft 365 E5
AnswersB, E

E3 supports Copilot as an add-on.

Why this answer

Microsoft 365 Copilot is an AI-powered productivity add-on that requires a qualifying base subscription. Microsoft 365 E3 and E5 are enterprise-grade plans that include the necessary security, compliance, and identity features to support Copilot, making them eligible for the optional Copilot add-on purchase.

Exam trap

The trap here is that candidates often assume any paid Microsoft 365 plan, including Business Basic or F3, can add Copilot, but Microsoft restricts Copilot to plans with full desktop Office apps and advanced security features like Azure AD P1/P2.

923
Matchingmedium

Match each Microsoft 365 support channel to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Web portal for managing users, billing, and support requests

Assisted onboarding and deployment service

Peer-to-peer forums and knowledge base

Direct voice assistance for critical issues

Why these pairings

Multiple support options are available depending on severity and need.

924
MCQeasy

A company wants to move its IT infrastructure to the cloud but must keep all customer data within a specific geographic region due to data residency laws. They also want to avoid paying for large upfront hardware costs. Which cloud characteristic best supports this need?

A.Geographic distribution (regional data centers)
B.Elasticity
C.High availability
D.Self-service
AnswerA

Cloud providers offer data centers in multiple regions, allowing customers to select where data is stored to comply with residency laws.

Why this answer

Option A is correct because geographic distribution refers to cloud providers operating multiple data centers across different regions, enabling customers to choose a specific region to store data and comply with data residency laws. This characteristic directly addresses the requirement to keep customer data within a specific geographic region while avoiding upfront hardware costs, as the cloud provider owns and manages the infrastructure.

Exam trap

The trap here is that candidates often confuse geographic distribution with high availability or elasticity, mistakenly thinking that scaling or redundancy can satisfy data residency requirements, when only region-specific data centers can enforce legal data boundaries.

How to eliminate wrong answers

Option B (Elasticity) is wrong because elasticity refers to the ability to automatically scale resources up or down based on demand, not to the geographic placement of data. Option C (High availability) is wrong because high availability ensures that services remain operational despite failures through redundancy within or across data centers, but it does not guarantee data residency in a specific region. Option D (Self-service) is wrong because self-service allows users to provision resources on demand without manual intervention from the provider, but it has no relation to geographic data placement or compliance with data residency laws.

925
MCQhard

A company with 1,000 users has Microsoft 365 E3 subscriptions. They are experiencing a major outage affecting all users and need guaranteed 1-hour response time for a critical support issue. What should they purchase?

A.Standard Support (included)
B.Professional Direct Support
C.Azure Support Basic
D.Partner support via a Microsoft CSP
AnswerB

Professional Direct is a paid support plan that offers a guaranteed 1-hour response for critical severity issues, along with proactive services.

Why this answer

Professional Direct Support provides a guaranteed 1-hour response time for critical severity issues, which is required for the company's major outage affecting all 1,000 users. Standard Support, included with Microsoft 365 E3, offers a 1-hour response for critical issues only for Business-level subscriptions; for Enterprise subscriptions like E3, the critical response time is 2 hours. Professional Direct Support also includes proactive guidance and a named support engineer, making it the correct choice for guaranteed 1-hour response.

Exam trap

The trap here is that candidates assume Standard Support (included) always provides a 1-hour critical response, but Microsoft differentiates response times by subscription type (Business vs. Enterprise), and for E3 (Enterprise), the critical response is 2 hours, not 1.

How to eliminate wrong answers

Option A is wrong because Standard Support (included with Microsoft 365 E3) provides a 2-hour response time for critical severity issues for Enterprise subscriptions, not the guaranteed 1-hour response required. Option C is wrong because Azure Support Basic is a free tier for Azure services only, not for Microsoft 365, and it does not include any guaranteed response times or technical support for M365 issues. Option D is wrong because partner support via a Microsoft CSP may offer varying response times depending on the partner's service level agreement, but it does not guarantee a 1-hour response time from Microsoft directly, and the question specifies a guaranteed 1-hour response for a critical issue.

926
MCQmedium

A compliance-aware administrator is selecting the right Microsoft 365 capability to delegate Exchange Online mailbox and mail flow administration. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Forms
B.Exchange Administrator
C.Microsoft Stream
D.Microsoft Whiteboard
AnswerB

Exchange Administrator manages Exchange Online settings and recipients.

Why this answer

The Exchange Administrator role in Microsoft 365 is specifically designed to delegate management of Exchange Online mailboxes, mail flow rules, and related settings. This built-in admin role provides granular permissions for tasks like creating shared mailboxes, configuring transport rules, and managing message trace, without granting broader tenant-wide access. It directly addresses the compliance-aware administrator's need to delegate Exchange-specific administration securely.

Exam trap

The trap here is that candidates may confuse Microsoft 365 service applications (like Forms, Stream, or Whiteboard) with built-in administrative roles, failing to recognize that only specific Azure AD admin roles (e.g., Exchange Administrator) provide delegated access to manage Exchange Online mailboxes and mail flow.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a survey and data collection tool, not an administrative role or capability for managing Exchange Online mailboxes or mail flow. Option C is wrong because Microsoft Stream is a video hosting and sharing service, unrelated to email administration or mail flow delegation. Option D is wrong because Microsoft Whiteboard is a digital canvas for collaboration, with no role in Exchange Online mailbox or mail flow management.

927
Multi-Selectmedium

You are responsible for securing identities in Microsoft 365. Which THREE actions should you take to improve the security posture of user accounts? (Choose three.)

Select 3 answers
A.Enable multifactor authentication (MFA) for all users
B.Require complex passwords with a minimum length of 16 characters
C.Disable legacy authentication protocols
D.Enable self-service password reset (SSPR)
E.Configure Conditional Access policies to block risky sign-ins
AnswersA, D, E

MFA significantly reduces the risk of account compromise.

Why this answer

Options A, B, and E are correct. Enforcing MFA, enabling self-service password reset (SSPR), and using Conditional Access policies are key identity security measures. Requiring strong passwords (C) is basic but less effective than MFA.

Disabling legacy authentication (D) is also a good practice, but the correct three are A, B, and E.

928
MCQhard

A non-profit organization with 250 employees is considering Microsoft 365. They want the most cost-effective plan that includes business-class email, web and mobile versions of Office apps, and 1 TB of cloud storage per user. Which subscription should they choose?

A.Microsoft 365 Business Premium
B.Microsoft 365 Business Basic
C.Microsoft 365 E1
D.Microsoft 365 Apps for Business
AnswerB

Business Basic provides email, web/mobile Office, and 1 TB storage at the lowest price point.

Why this answer

Microsoft 365 Business Basic is the most cost-effective plan that includes business-class email (Exchange Online), web and mobile versions of Office apps, and 1 TB of OneDrive cloud storage per user. It meets all stated requirements without the higher cost of desktop app licenses or advanced security features found in other plans.

Exam trap

The trap here is that candidates often assume 'Business Basic' lacks email or cloud storage because of the word 'Basic', but it actually includes Exchange Online and 1 TB OneDrive, while 'Apps for Business' (which sounds more complete) omits email entirely.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Premium includes desktop versions of Office apps and advanced security/compliance features (e.g., Microsoft Defender for Office 365, Intune), which are not required and increase cost unnecessarily. Option C is wrong because Microsoft 365 E1 is an enterprise plan designed for larger organizations, lacks desktop Office apps, and is typically more expensive than Business Basic for a 250-employee non-profit. Option D is wrong because Microsoft 365 Apps for Business includes desktop Office apps but does not include business-class email (Exchange Online) or 1 TB of cloud storage per user, failing the core requirement.

929
Multi-Selectmedium

Which three options describe features or capabilities of Microsoft Viva? (Choose three.)

Select 3 answers
.Provides personalized learning and training resources through Viva Learning
.Integrates employee communications and company news in Viva Connections
.Offers insights into work patterns and well-being in Viva Insights
.Delivers advanced threat protection for email and documents
.Functions as a cloud-based customer relationship management (CRM) system
.Automates complex business workflows using Power Automate

Why this answer

Microsoft Viva is an employee experience platform (EXP) that brings together communications, knowledge, learning, resources, and insights. Viva Learning provides a centralized hub for learning and training resources from LinkedIn Learning, Microsoft Learn, and third-party content providers. Viva Connections delivers a personalized dashboard that integrates company news, conversations, and resources from SharePoint and Yammer.

Viva Insights uses Microsoft Graph data to provide analytics on work patterns, such as meeting time, focus hours, and well-being trends, helping individuals and managers improve productivity and work-life balance.

Exam trap

The trap here is that candidates confuse Microsoft Viva's employee experience features with other Microsoft 365 security, CRM, or automation services, mistakenly selecting options that describe Defender, Dynamics 365, or Power Automate instead of recognizing Viva's specific focus on employee engagement, learning, and insights.

930
MCQmedium

A business stakeholder asks how Microsoft 365 can help them periodically review group memberships and application access. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Planner
B.Access reviews
C.Microsoft Stream
D.Microsoft Forms
AnswerB

Access reviews help remove unnecessary access.

Why this answer

Access reviews in Microsoft Entra ID (formerly Azure AD) allow administrators to periodically review and certify group memberships and application access. This capability directly addresses the stakeholder's requirement by automating recurring attestation workflows, ensuring that only authorized users retain access. It is part of Microsoft's identity governance framework, not a general productivity or media tool.

Exam trap

The trap here is confusing general productivity tools (Planner, Stream, Forms) with identity governance capabilities, leading candidates to pick a familiar-sounding option instead of recognizing Access Reviews as the specific Entra ID feature for periodic access certification.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management and collaboration tool for organizing work, not an identity governance or access review feature. Option C is wrong because Microsoft Stream is a video hosting and sharing service for enterprise content, with no capability to review group memberships or application access. Option D is wrong because Microsoft Forms is a survey and quiz creation tool, lacking any identity or access review functionality.

931
Matchingmedium

Match each Microsoft 365 deployment model to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

All users and data are managed in the cloud

Some services on-premises, some in the cloud

All services run on local servers

Cloud services designed for US government agencies

Why these pairings

Deployment models affect where data resides and how it's managed.

932
MCQmedium

A project manager needs a centralized location to store all project documents, assign tasks to team members, and track project milestones. The solution must integrate with Microsoft Teams and allow real-time co-authoring. Which Microsoft 365 service should they use?

A.Microsoft Planner
B.Microsoft Project Online
C.Microsoft SharePoint Online
D.Microsoft To Do
AnswerC

SharePoint offers document management with co-authoring, and can be used with task lists and milestone tracking via lists or integration with Planner. It meets all the stated requirements.

Why this answer

SharePoint Online provides document libraries for storing files with real-time co-authoring, plus lists for tracking tasks and milestones. It integrates deeply with Teams through tabs. Microsoft Planner is task-focused but does not natively store documents.

Project Online is more complex and expensive. To Do is for personal tasks.

933
MCQmedium

Your company is deploying Microsoft Purview to manage data subject requests (DSRs) under GDPR. Users need to submit requests to access or delete their personal data. Which Microsoft Purview solution should you use?

A.Microsoft Purview Data Subject Requests
B.Microsoft Purview Records Management
C.Microsoft Purview Audit (Premium)
D.Microsoft Purview Data Loss Prevention (DLP)
AnswerA

Data Subject Requests solution is designed to manage GDPR DSRs.

Why this answer

Microsoft Purview eDiscovery (Standard) is used for content searches and exports, but for managing DSRs, the Data Subject Requests solution is part of Microsoft Purview Compliance Manager or specifically the Privacy Management module. However, note that as of 2025, Microsoft Purview includes a dedicated DSR management tool. Option D is the correct answer.

Option A (DLP) is for prevention, Option B (Audit) is for logging, and Option C (Records Management) is for retention.

934
MCQhard

A multinational corporation uses Microsoft 365 E5. They need to enforce that all documents marked as 'Confidential' are encrypted and cannot be printed or forwarded. Which Microsoft Purview Information Protection capability should they configure?

A.Sensitivity labels with encryption
B.Data Loss Prevention (DLP) policies
C.Retention policies
D.Azure Information Protection (AIP) client
AnswerA

Correct. Sensitivity labels can enforce encryption and usage restrictions.

Why this answer

Sensitivity labels with encryption are the correct choice because they allow you to classify and protect documents at the file level, applying encryption that restricts actions such as printing and forwarding. This is a core capability of Microsoft Purview Information Protection, enabling persistent protection that travels with the document regardless of where it is stored or shared.

Exam trap

The trap here is that candidates often confuse DLP policies with sensitivity labels, thinking DLP can enforce encryption and restrict actions like printing, but DLP only monitors and alerts on content in transit or at rest, while sensitivity labels provide persistent, user-enforced protection at the file level.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies are designed to detect and prevent accidental sharing of sensitive information based on rules, but they do not enforce persistent encryption or restrict printing/forwarding at the file level. Option C is wrong because retention policies are used to retain or delete content for compliance or legal reasons, not to apply encryption or restrict user actions like printing or forwarding. Option D is wrong because the Azure Information Protection (AIP) client is a legacy tool that has been deprecated in favor of built-in sensitivity labels in Microsoft 365 Apps; the modern approach uses sensitivity labels with encryption directly in Purview, not the AIP client.

935
MCQmedium

During a Microsoft 365 planning workshop, show security recommendations and a score for Microsoft 365 posture. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Secure Score
B.Microsoft Forms
C.Microsoft Planner
D.Microsoft Stream
AnswerA

Secure Score provides recommendations and a score reflecting security posture.

Why this answer

Microsoft Secure Score is the correct tool because it provides a numerical score and actionable security recommendations based on your tenant's security posture. It analyzes configurations across Microsoft 365 services (e.g., Exchange Online, Azure AD, Intune) and suggests improvements to reduce risk, directly matching the workshop requirement for showing recommendations and a score.

Exam trap

The trap here is that candidates may confuse Microsoft Secure Score with other Microsoft 365 tools that have 'score' or 'recommendations' in their names, but only Secure Score is specifically designed for security posture assessment and scoring.

How to eliminate wrong answers

Option B (Microsoft Forms) is wrong because it is a survey and data collection tool, not a security posture assessment tool. Option C (Microsoft Planner) is wrong because it is a task management and project planning application, unrelated to security scoring. Option D (Microsoft Stream) is wrong because it is a video hosting and sharing service, with no capability to evaluate security configurations or generate a posture score.

936
MCQmedium

A non-profit organization with 300 users needs to deploy Microsoft 365 Business Basic for all users. They also require device management via Microsoft Intune for 50 users who use company-owned mobile devices. The organization is eligible for non-profit pricing. What is the most cost-effective licensing approach?

A.Assign Microsoft 365 Business Premium to all 300 users
B.Purchase Microsoft Intune Plan 1 add-on licenses for the 50 users who need device management
C.Create a separate Microsoft 365 Business Basic tenant for the 50 users and include Intune
D.Purchase Microsoft 365 E3 licenses for the 50 users
AnswerB

Add-ons can be assigned to a subset of users, providing Intune only for those who need it, at the lowest cost.

Why this answer

Microsoft 365 Business Basic provides the core productivity and collaboration tools (Exchange Online, Teams, SharePoint) needed by all 300 users. For the 50 users requiring device management, purchasing Microsoft Intune Plan 1 as an add-on license is the most cost-effective approach because it adds mobile device management (MDM) capabilities to their existing Business Basic subscription without upgrading the entire tenant or purchasing more expensive suites. Non-profit pricing applies to both the base license and the add-on, minimizing costs.

Exam trap

The trap here is that candidates often assume device management requires an entire suite upgrade (e.g., Business Premium or E3) rather than recognizing that Intune Plan 1 can be purchased as a cost-effective standalone add-on for specific users, leveraging the existing base license.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Premium includes advanced security and device management features (e.g., Intune, Azure AD P1, Microsoft Defender for Office 365) that are not needed for all 300 users, resulting in unnecessary cost for the 250 users who only require basic productivity tools. Option C is wrong because creating a separate tenant for 50 users introduces administrative overhead, breaks single-tenant management, and prevents unified collaboration (e.g., cross-tenant sharing complexities), while still requiring Intune licenses for those 50 users. Option D is wrong because Microsoft 365 E3 licenses are significantly more expensive than Business Basic plus Intune Plan 1 add-on, and they include many enterprise features (e.g., eDiscovery, advanced compliance) that are not required for device management alone.

937
MCQmedium

A legal team needs to preserve all data related to a specific user involved in litigation, including Exchange emails, SharePoint documents, OneDrive files, and Teams chats. They require a hold that cannot be removed by the user and must allow for later searching and export. Which Microsoft Purview solution should they use?

A.eDiscovery (Standard)
B.Retention policies
C.Communication Compliance
D.Data Loss Prevention (DLP)
AnswerA

eDiscovery (Standard) places legal holds on mailboxes and sites, preserving content from deletion, and allows search and export.

Why this answer

eDiscovery (Standard) is the correct solution because it allows legal teams to place a hold on all content relevant to a specific user, including Exchange emails, SharePoint documents, OneDrive files, and Teams chats. This hold is enforced at the service level, preventing the user from deleting or modifying the data, and it preserves the content in its original location for later searching and export via Content Search or eDiscovery export tools.

Exam trap

The trap here is that candidates often confuse retention policies with litigation holds, not realizing that retention policies are scheduled and policy-based, whereas eDiscovery holds are user-specific, immediate, and designed for legal preservation with full search and export capabilities.

How to eliminate wrong answers

Option B is wrong because retention policies are designed to retain or delete data based on a fixed schedule, not to place a litigation hold on a specific user's content; they cannot be applied ad hoc for a single user in a legal case and do not provide the same search and export capabilities. Option C is wrong because Communication Compliance is focused on detecting and remediating policy violations (e.g., inappropriate language or sensitive information) in communications, not on preserving all data for litigation; it does not offer a hold mechanism or export for legal discovery. Option D is wrong because Data Loss Prevention (DLP) is used to prevent unauthorized sharing or leakage of sensitive data through policies and alerts, not to preserve data for legal holds; it cannot place a hold on content or allow for later searching and export of all user data.

938
MCQeasy

A marketing team needs to temporarily increase their cloud storage capacity from 5 TB to 10 TB for a product launch. They can perform this change themselves through a web portal without contacting the cloud provider. Which cloud characteristic does this scenario demonstrate?

A.On-demand self-service
B.Rapid elasticity
C.Measured service
D.Resource pooling
AnswerA

Correct. The user can provision storage capacity themselves via the web portal without provider involvement.

Why this answer

This scenario demonstrates on-demand self-service because the marketing team can provision and manage their own cloud storage capacity increase from 5 TB to 10 TB through a web portal without any human interaction with the cloud provider. This is a core NIST-defined characteristic where users can unilaterally provision computing resources as needed automatically, requiring no service provider intervention.

Exam trap

The trap here is confusing 'on-demand self-service' with 'rapid elasticity' because both involve scaling, but on-demand self-service focuses on the user's ability to provision resources without provider interaction, while rapid elasticity focuses on automatic, dynamic scaling in response to load changes.

How to eliminate wrong answers

Option B (Rapid elasticity) is wrong because rapid elasticity refers to the ability to automatically scale resources up or down in response to demand, often dynamically and programmatically, not a manual one-time increase via a portal. Option C (Measured service) is wrong because measured service involves metering and billing for resource usage (pay-per-use), not the ability to self-provision capacity. Option D (Resource pooling) is wrong because resource pooling describes the provider's multi-tenant model where physical and virtual resources are dynamically assigned to multiple customers, not the customer's ability to adjust their own allocation.

939
MCQeasy

A user accidentally deletes a critical file from their OneDrive for Business. The IT admin needs to restore the file. What is the maximum number of days that OneDrive for Business retains deleted files by default for users without a retention policy?

A.30 days
B.60 days
C.183 days
D.93 days
AnswerD

OneDrive retains deleted files for 93 days in the recycle bin by default.

Why this answer

By default, OneDrive for Business retains deleted files in the recycle bin for 93 days. This includes both the first-stage recycle bin (30 days) and the second-stage recycle bin (an additional 63 days), totaling 93 days before permanent deletion. This default retention applies when no specific retention policy or legal hold is configured.

Exam trap

The trap here is that candidates often confuse the 30-day first-stage recycle bin retention with the total retention period, or mistakenly apply Exchange Online's 183-day deleted item retention to OneDrive for Business.

How to eliminate wrong answers

Option A is wrong because 30 days is only the retention period for the first-stage recycle bin, not the total retention for deleted files. Option B is wrong because 60 days is not a standard default retention period for OneDrive for Business; it may be confused with SharePoint Online's default retention for deleted items in some contexts. Option C is wrong because 183 days (approximately 6 months) is the default retention period for deleted items in the Microsoft 365 Exchange Online mailbox, not for OneDrive for Business.

940
MCQmedium

A tenant administrator is advising a department that wants to view usage reports without changing configuration. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Whiteboard
B.Microsoft Stream
C.Microsoft Forms
D.Reports Reader
AnswerD

Reports Reader can view reporting data while maintaining limited permissions.

Why this answer

The Reports Reader role in Microsoft 365 is specifically designed to allow users to view usage reports and activity logs without needing any administrative permissions to change configurations. This role provides read-only access to reporting data, making it the most relevant concept for a department that wants to monitor usage without altering settings.

Exam trap

The trap here is that candidates often confuse product features (like Whiteboard, Stream, or Forms) with administrative roles or permissions, assuming any Microsoft 365 service can provide report access, when in fact only specific roles like Reports Reader or Global Reader grant such read-only reporting capabilities.

How to eliminate wrong answers

Option A is wrong because Microsoft Whiteboard is a collaborative digital canvas tool, not a role or feature for viewing usage reports. Option B is wrong because Microsoft Stream is a video service for recording and sharing videos, unrelated to report viewing permissions. Option C is wrong because Microsoft Forms is a survey and quiz creation tool, not a mechanism for accessing usage analytics.

941
MCQmedium

A department asks for the Microsoft 365 service best suited for department document libraries with version history. Which service should they use? The design must avoid adding custom operational scripts.

A.Microsoft Purview Compliance Manager
B.SharePoint Online
C.Microsoft Entra Privileged Identity Management
D.Microsoft Defender for Endpoint
AnswerB

SharePoint provides team sites, document libraries, metadata, permissions, and versioning.

Why this answer

SharePoint Online is the correct choice because it provides document libraries with built-in version history, allowing users to track, restore, and manage previous versions of documents without any custom scripting. This service is designed for collaborative document management and meets the requirement of avoiding custom operational scripts.

Exam trap

The trap here is that candidates may confuse Microsoft Purview Compliance Manager with document management features due to its 'compliance' name, but it lacks document library and versioning capabilities.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Compliance Manager is a compliance management solution for assessing and managing regulatory risks, not a document library service with version history. Option C is wrong because Microsoft Entra Privileged Identity Management is an identity governance tool for managing, controlling, and monitoring access to privileged roles, not for document storage or versioning. Option D is wrong because Microsoft Defender for Endpoint is a security solution for endpoint protection, detection, and response, not a document management service with version history.

942
MCQeasy

A sales team wants to use an AI-powered assistant that can draft email replies directly in Outlook using customer data from Dynamics 365. Which Microsoft 365 capability should the admin enable?

A.Microsoft 365 Copilot
B.Microsoft Viva Insights
C.Microsoft Editor
D.Microsoft Power Automate
AnswerA

Copilot uses AI to draft emails in Outlook using Dynamics 365 data.

Why this answer

Microsoft 365 Copilot is the correct answer because it integrates AI-powered assistance directly into Outlook, using data from Dynamics 365 to draft email replies. This capability leverages large language models and the Microsoft Graph to access customer context, enabling personalized and context-aware email composition without leaving the Outlook interface.

Exam trap

The trap here is that candidates may confuse Microsoft Editor's grammar and style suggestions with AI-powered content generation, or assume Power Automate can handle the drafting task, but neither provides the integrated, context-aware email drafting from Dynamics 365 data that Copilot uniquely offers.

How to eliminate wrong answers

Option B is wrong because Microsoft Viva Insights focuses on workplace analytics and productivity insights, such as focus time and wellbeing, not on drafting emails with customer data. Option C is wrong because Microsoft Editor provides grammar, spelling, and style suggestions in documents and emails, but it does not use AI to generate replies based on external data sources like Dynamics 365. Option D is wrong because Microsoft Power Automate is a workflow automation tool that can trigger actions based on events, but it does not natively provide an AI-powered assistant for drafting email replies within Outlook.

943
MCQhard

A global organization with 20,000 users is running Microsoft 365 E5 licenses. Due to budget cuts, the CIO wants to reduce licensing costs by 20% while ensuring that all users still have access to Exchange Online, SharePoint, Teams, and OneDrive. The organization also needs to maintain compliance with industry regulations that require eDiscovery and retention policies. The security team is willing to give up advanced threat protection features like Microsoft Defender for Office 365 P2 and Microsoft Purview Data Loss Prevention. Which licensing strategy should the organization adopt?

A.Downgrade all users to Microsoft 365 E3
B.Switch to Microsoft 365 F3 for all users
C.Keep E5 but remove all add-on licenses
D.Switch to Microsoft 365 Business Premium for all users
AnswerA

E3 includes Exchange, SharePoint, Teams, OneDrive, eDiscovery, and retention, at a lower cost than E5.

Why this answer

Microsoft 365 E3 includes Exchange Online, SharePoint, Teams, and OneDrive, and provides eDiscovery and retention policies via Microsoft Purview compliance features. Downgrading from E5 to E3 reduces licensing costs by approximately 20-30% per user while retaining the required core productivity and compliance capabilities, and removes advanced threat protection (Defender for Office 365 P2, DLP) that the security team is willing to give up.

Exam trap

The trap here is that candidates may assume E5 is required for compliance features, but Microsoft 365 E3 includes the necessary eDiscovery and retention policies, and the question explicitly states the security team is willing to give up advanced threat protection, making E3 the correct cost-saving choice.

How to eliminate wrong answers

Option B is wrong because Microsoft 365 F3 is a frontline worker plan that lacks full desktop versions of Office apps and has limited compliance features (e.g., no eDiscovery or retention policies at the same level as E3/E5), and it does not include Exchange Online with full mailbox capabilities for all 20,000 users. Option C is wrong because E5 licenses inherently include all E5 features; removing add-on licenses does not change the base E5 license cost, so it would not achieve the 20% cost reduction. Option D is wrong because Microsoft 365 Business Premium is designed for organizations with up to 300 users, not 20,000 users, and it lacks the enterprise-level compliance and eDiscovery capabilities required for industry regulations.

944
MCQhard

You are a Microsoft 365 administrator. You run the Get-MsolAccountSku cmdlet and see the output. Which statement accurately describes the licensing situation?

A.All E3 licenses are currently assigned to users
B.There are 10 unused Microsoft 365 F3 licenses
C.There are 5 unused Microsoft 365 E3 licenses
D.There are 200 unused Microsoft Power Automate Free licenses
AnswerC

ENTERPRISEPACK (E3) has 100 active and 95 consumed, leaving 5 available.

Why this answer

The Get-MsolAccountSku cmdlet displays the number of licenses purchased, consumed, and remaining for each subscription. The output shows that Microsoft 365 E3 has 15 licenses purchased and 10 assigned, leaving 5 unused. Option C correctly identifies these 5 unused E3 licenses.

Exam trap

The trap here is that candidates may misinterpret the 'ConsumedUnits' column as total purchased or overlook the 'ActiveUnits' value, leading them to incorrectly assume all licenses are assigned or that unused licenses exist for a different SKU.

How to eliminate wrong answers

Option A is wrong because the output shows 10 E3 licenses assigned out of 15 purchased, not all 15. Option B is wrong because the output shows 0 Microsoft 365 F3 licenses purchased, so there are no unused F3 licenses. Option D is wrong because the output shows 200 Microsoft Power Automate Free licenses purchased and 200 assigned, meaning all are used, not unused.

945
MCQmedium

A charitable organization with 50 employees wants to use Microsoft 365 for email and collaboration but has a very limited budget. What should they do first to obtain licenses at a reduced cost?

A.Purchase Microsoft 365 Business Basic licenses
B.Apply for Microsoft 365 Nonprofit eligibility
C.Use the free web versions of Office apps
D.Purchase Microsoft 365 E3 licenses
AnswerB

Correct. This is the necessary first step to qualify for donated or discounted plans.

Why this answer

Microsoft offers discounted and donated Microsoft 365 plans for eligible nonprofit organizations. The first step is to apply for nonprofit eligibility through the Microsoft nonprofit portal. Once approved, the organization can purchase Microsoft 365 Nonprofit plans at a significantly reduced cost or even receive donations.

Simply purchasing Business Basic or other plans without nonprofit status would not provide the discount.

Exam trap

Candidates might be tempted by 'Purchase Microsoft 365 Business Basic licenses' as it's a common entry-level plan, but it misses the critical 'reduced cost' requirement.

946
Multi-Selecthard

Which TWO Microsoft 365 services can be used to create and manage custom business applications without writing code?

Select 2 answers
A.Microsoft Power Apps
B.Microsoft SharePoint
C.Microsoft Power Automate
D.Microsoft Power BI
E.Microsoft Lists
AnswersA, B

Power Apps is a low-code platform for building custom business applications.

Why this answer

Microsoft Power Apps is a low-code platform that enables users to build custom business applications through a visual designer with drag-and-drop components, requiring no traditional coding. It integrates seamlessly with Microsoft Dataverse and other data sources, allowing rapid creation of apps for mobile and web. This makes it a correct answer for creating and managing custom business applications without code.

Exam trap

The trap here is that candidates often confuse Microsoft Power Automate (workflow automation) with Power Apps (application creation), or mistakenly think SharePoint's list customization qualifies as building custom applications, when it only provides basic data storage and forms.

947
MCQhard

A global organization uses Microsoft 365 E5 and needs to securely share sensitive documents with external partners. The compliance officer requires that external users can view but not edit, print, or forward the documents, and access must expire after 30 days. Which combination of services should the admin use?

A.SharePoint Online External Sharing and Microsoft Entra B2B
B.Microsoft Purview Information Protection with sensitivity labels and SharePoint Online
C.Microsoft Entra B2B collaboration with Conditional Access
D.Microsoft Teams with guest access and sharing permissions
AnswerB

Sensitivity labels enforce view-only and expiration; SharePoint hosts the documents.

Why this answer

Option B is correct because Microsoft Purview Information Protection with sensitivity labels can enforce 'View Only' permissions that prevent editing, printing, and forwarding, while SharePoint Online allows setting an expiration date for external access via sharing links. Together, they meet the compliance officer's requirements for granular document-level restrictions and time-bound access.

Exam trap

The trap here is that candidates confuse external sharing controls (like B2B or guest access) with document-level protection, assuming that any external sharing mechanism can enforce granular usage restrictions, but only sensitivity labels with Azure RMS can apply 'View Only' and expiration at the file level.

How to eliminate wrong answers

Option A is wrong because SharePoint Online External Sharing and Microsoft Entra B2B control access at the site or folder level, not at the document level, and cannot enforce 'View Only' restrictions that block printing or forwarding. Option C is wrong because Microsoft Entra B2B collaboration with Conditional Access controls authentication and device compliance but does not apply document-level usage restrictions like preventing print or forward. Option D is wrong because Microsoft Teams with guest access and sharing permissions provides only coarse-grained controls (e.g., read/write) and lacks the ability to set document-level 'View Only' permissions or an expiration date on individual files.

948
MCQmedium

Your organization is deploying Microsoft 365 and needs to ensure that data stored in Exchange Online is protected against accidental deletion. You need to implement a solution that allows users to recover deleted emails for up to 30 days, but also enables administrators to recover items for up to 90 days. Which feature should you configure?

A.In-Place Hold
B.Single Item Recovery
C.Retention Policy
D.Litigation Hold
AnswerD

Litigation Hold preserves all mailbox content indefinitely or for a specified period, enabling recovery for up to 90 days.

Why this answer

Option B is correct because the Litigation Hold feature allows administrators to preserve mailbox items for a specified period, enabling recovery for up to 90 days. Single Item Recovery (A) only allows recovery within the deleted item retention period (default 14 days). In-Place Hold (C) is for eDiscovery holds, not general recovery.

Retention Policy (D) manages retention but not recovery.

949
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to preserve relevant mailboxes and SharePoint content during a legal case. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Stream
B.Microsoft Forms
C.Microsoft Planner
D.Microsoft Purview eDiscovery hold
AnswerD

eDiscovery holds preserve relevant content for legal investigations.

Why this answer

Microsoft Purview eDiscovery hold is the correct capability because it allows organizations to place legal holds on mailboxes, SharePoint sites, and other content sources to preserve data relevant to a legal case. This ensures that content cannot be altered or deleted until the hold is released, meeting compliance and eDiscovery requirements.

Exam trap

The trap here is that candidates may confuse general productivity tools like Stream, Forms, or Planner with compliance capabilities, mistakenly thinking they can be used for legal preservation when they lack the necessary retention and hold features.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video hosting and sharing service, not designed for legal hold or content preservation. Option B is wrong because Microsoft Forms is used for creating surveys and quizzes, with no capability to place holds on mailboxes or SharePoint content. Option C is wrong because Microsoft Planner is a task management tool for organizing work, lacking any compliance or eDiscovery hold functionality.

950
MCQhard

During requirements gathering, an IT manager says the organization must compare service models and identify where the customer manages the most layers. Cloud concept or benefit best matches this requirement?

A.Platform as a Service (PaaS)
B.Software as a Service (SaaS)
C.Infrastructure as a Service (IaaS)
D.Hybrid cloud
AnswerC

Customers generally manage more layers in IaaS than in PaaS or SaaS.

Why this answer

The IT manager's requirement is to identify the service model where the customer manages the most layers. In Infrastructure as a Service (IaaS), the cloud provider manages only the physical infrastructure (servers, storage, networking), while the customer is responsible for managing the operating system, middleware, runtime, data, and applications. This gives the customer the highest degree of control and management responsibility compared to PaaS or SaaS.

Exam trap

The trap here is that candidates often confuse 'most management' with 'most convenience,' incorrectly selecting PaaS or SaaS because they assume more provider management is the goal, whereas the question explicitly asks for the model where the customer manages the most layers.

How to eliminate wrong answers

Option A is wrong because Platform as a Service (PaaS) offloads management of the operating system, middleware, and runtime to the provider, leaving the customer to manage only applications and data — fewer layers than IaaS. Option B is wrong because Software as a Service (SaaS) shifts nearly all management to the provider, with the customer typically only managing user access and data — the fewest layers of any cloud service model. Option D is wrong because hybrid cloud is a deployment model (combining public and private cloud), not a service model, and does not define which layers the customer manages; it is irrelevant to the specific requirement of comparing service models by management responsibility.

951
MCQmedium

An administrator is reviewing a request from users who need to create a team site with document libraries, version history, permissions, and news pages. Microsoft 365 app or service is the best fit?

A.SharePoint Online
B.Microsoft Forms
C.Microsoft Planner
D.Microsoft Purview Audit
AnswerA

SharePoint Online provides team sites, document libraries, pages, permissions, and version history.

Why this answer

SharePoint Online is the correct choice because it provides team sites with document libraries, version history, granular permissions, and news pages as core features. These capabilities are built into SharePoint's site architecture, allowing administrators to create collaboration spaces with full control over content management and access.

Exam trap

The trap here is that candidates may confuse Microsoft Planner's task boards with a team site's document management features, or assume Microsoft Forms can create news pages, when in fact only SharePoint Online provides the full suite of document libraries, versioning, permissions, and news pages required for this scenario.

How to eliminate wrong answers

Option B is wrong because Microsoft Forms is a survey and quiz tool that collects responses via forms, not a platform for creating team sites with document libraries, version history, permissions, or news pages. Option C is wrong because Microsoft Planner is a task management application for organizing work with boards and buckets, lacking document libraries, version history, and news page capabilities. Option D is wrong because Microsoft Purview Audit is a compliance and auditing solution for tracking user and admin activities across Microsoft 365, not a service for building collaborative team sites or managing content.

952
Drag & Dropmedium

Drag and drop the steps to reset a user's password in Microsoft 365 admin center into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Password reset is done from the user's properties in the admin center.

953
MCQmedium

A compliance-aware administrator is selecting the right Microsoft 365 capability to encrypt email messages sent to internal or external recipients. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Stream
B.Microsoft Purview Message Encryption
C.Microsoft Planner
D.Microsoft Forms
AnswerB

Message Encryption protects email content.

Why this answer

Microsoft Purview Message Encryption (B) is the correct choice because it is the dedicated Microsoft 365 service that provides encryption for email messages sent to both internal and external recipients. It leverages Azure Rights Management (Azure RMS) to protect messages, ensuring only intended recipients can decrypt and read them, which directly meets the compliance requirement for email encryption.

Exam trap

The trap here is that candidates might confuse Microsoft Purview Message Encryption with other Microsoft 365 security features like Microsoft Defender for Office 365 or Azure Information Protection, but the question specifically asks for an email encryption capability, not a broader security or compliance tool.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video sharing and management service, not an email encryption capability. Option C is wrong because Microsoft Planner is a task management and collaboration tool, unrelated to email security or encryption. Option D is wrong because Microsoft Forms is used for creating surveys and quizzes, and does not provide any email encryption functionality.

954
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to give different departments different Microsoft 365 features without wasting licenses. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Assign plans based on user role and requirements
B.Microsoft Whiteboard
C.Microsoft Forms
D.Microsoft Stream
AnswerA

Licensing should match the features each user group actually needs.

Why this answer

The service owner needs to assign Microsoft 365 licenses efficiently by matching features to departmental roles. The concept of assigning plans based on user role and requirements (Option A) directly addresses this by using Azure AD group-based licensing or direct assignment to ensure each user gets only the necessary SKU (e.g., E3 for knowledge workers, F3 for frontline), avoiding waste. This is the core licensing principle for cost optimization in Microsoft 365.

Exam trap

The trap here is that candidates confuse specific Microsoft 365 applications (like Whiteboard, Forms, or Stream) with licensing concepts, failing to recognize that the question asks for the most relevant licensing, admin, or support concept, not a feature.

How to eliminate wrong answers

Option B (Microsoft Whiteboard) is wrong because it is a specific application, not a licensing, admin, or support concept; it cannot address the strategic need to allocate different features across departments. Option C (Microsoft Forms) is wrong because it is a survey tool, not a licensing or administration concept; it does not help in assigning or managing license plans. Option D (Microsoft Stream) is wrong because it is a video service, not a licensing or support concept; it is irrelevant to the task of matching features to user roles without wasting licenses.

955
MCQhard

An organization with 2,000 users currently has Microsoft 365 E3 licenses. They need to implement a policy that automatically deletes all Microsoft Teams chat messages older than 90 days. They also need to retain all Yammer messages for 10 years for legal purposes. Which licensing add-ons are minimally required to achieve both requirements?

A.Microsoft 365 E5 Compliance add-on for all users
B.Microsoft 365 E5 Information Protection and Governance add-on
C.Microsoft 365 E5 eDiscovery and Audit add-on
D.Microsoft 365 E5 Compliance add-on for all users and E5 eDiscovery add-on for a subset
AnswerA

This add-on enables advanced compliance features including retention policies for Teams and Yammer, meeting both requirements without additional licensing.

Why this answer

Option A is correct because the Microsoft 365 E5 Compliance add-on includes both Microsoft Purview Communication Compliance for Teams chat retention policies and the necessary data lifecycle management capabilities to retain Yammer messages for 10 years. This add-on provides the required features without needing additional licenses, making it the minimal licensing solution for both requirements.

Exam trap

The trap here is that candidates often confuse the E5 Compliance add-on with the E5 Information Protection and Governance add-on, mistakenly thinking the latter handles retention policies, when in fact retention and deletion policies for Teams and Yammer are part of the Compliance add-on's data lifecycle management features.

How to eliminate wrong answers

Option B is wrong because the Microsoft 365 E5 Information Protection and Governance add-on focuses on sensitivity labels and data classification, not on the specific retention and deletion policies for Teams chat and Yammer messages required here. Option C is wrong because the Microsoft 365 E5 eDiscovery and Audit add-on provides search and audit capabilities but does not include the retention or deletion policy features needed for Teams chat or Yammer message lifecycle management. Option D is wrong because it unnecessarily combines the E5 Compliance add-on with the E5 eDiscovery add-on for a subset of users, which is not minimal; the E5 Compliance add-on alone suffices for both requirements, and eDiscovery is not required for the stated policies.

956
MCQmedium

A company currently has Microsoft 365 E5 licenses for all users. They need to perform advanced threat hunting using queries across email, endpoints, and identities to investigate a potential security incident. Which of the following capabilities is already included in their existing license?

A.Microsoft Defender for Microsoft 365 Plan 1
B.Microsoft Entra ID Premium P1
C.Microsoft 365 Defender (including advanced hunting)
D.Microsoft Cloud App Security
AnswerC

E5 includes Microsoft 365 Defender, which provides advanced hunting across emails, endpoints, identities, and apps, enabling queries to investigate incidents.

Why this answer

Microsoft 365 Defender (formerly Microsoft Threat Protection) includes advanced hunting capabilities that allow security teams to run Kusto Query Language (KQL) queries across email, endpoints, identities, and cloud apps. Since the company already has Microsoft 365 E5 licenses, this capability is included without any additional purchase.

Exam trap

The trap here is that candidates often confuse Microsoft 365 Defender (the unified security suite) with its individual component plans (e.g., Defender for Office 365 Plan 1 or Plan 2), not realizing that advanced hunting is a feature of the full Microsoft 365 Defender included in E5, not a separate add-on.

How to eliminate wrong answers

Option A is wrong because Microsoft Defender for Microsoft 365 Plan 1 is a subset of the full Microsoft 365 Defender and does not include advanced hunting; advanced hunting is only available in Plan 2 or the full Microsoft 365 Defender included in E5. Option B is wrong because Microsoft Entra ID Premium P1 provides identity and access management features like Conditional Access but does not include advanced threat hunting across email, endpoints, and identities. Option D is wrong because Microsoft Cloud App Security (now part of Microsoft Defender for Cloud Apps) provides cloud app discovery and data protection but does not include the unified advanced hunting query capability across email and endpoints that Microsoft 365 Defender provides.

957
Multi-Selectmedium

Which TWO of the following are key capabilities of Microsoft Purview Communication Compliance? (Choose two.)

Select 2 answers
A.Detect and respond to inappropriate messages
B.Enforce multifactor authentication
C.Configure retention labels
D.Monitor communications for regulatory compliance
E.Block external email forwarding
AnswersA, D

Communication Compliance can detect offensive language.

Why this answer

Communication Compliance helps detect policy violations in communications, such as inappropriate content and regulatory compliance. Options B and C are correct.

958
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to detect exact customer records rather than only generic data patterns. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Stream
B.Microsoft Planner
C.Exact Data Match sensitive information type
D.Microsoft Forms
AnswerC

Exact Data Match detects sensitive data by matching against uploaded structured values.

Why this answer

Exact Data Match (EDM) sensitive information types allow a service owner to define custom sensitive information types based on exact database records, such as customer names or account numbers, rather than relying on generic pattern matching like regular expressions. This capability is part of Microsoft Purview compliance and enables precise detection of specific customer data in Microsoft 365 environments.

Exam trap

The trap here is that candidates may confuse generic data classification (e.g., built-in sensitive info types like Social Security numbers) with the need for exact record matching, leading them to overlook EDM as the precise solution for custom, database-driven detection.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video sharing and management service, not a security, identity, or compliance capability for detecting exact customer records. Option B is wrong because Microsoft Planner is a project management and task tracking tool, lacking any data classification or exact match detection features. Option D is wrong because Microsoft Forms is a survey and form creation tool, not designed for sensitive information detection or exact data matching.

959
Multi-Selectmedium

Which THREE Microsoft 365 apps are included in Microsoft 365 Business Basic?

Select 3 answers
A.Microsoft Excel (desktop)
B.Microsoft Teams
C.Microsoft Visio
D.Microsoft SharePoint
E.Microsoft Word (web)
AnswersB, D, E

Teams is included in Business Basic.

Why this answer

Microsoft 365 Business Basic is a cloud-only subscription that includes web and mobile versions of Office apps, not desktop clients. Microsoft Teams is included as the core collaboration hub, providing chat, video conferencing, and file sharing. SharePoint is also included for document management and intranet sites, and Word (web) is available as a browser-based word processor.

Exam trap

The trap here is that candidates often assume 'Business Basic' includes desktop Office apps because they conflate it with 'Business Standard' or 'Business Premium,' but Microsoft explicitly reserves desktop clients for higher-tier subscriptions.

960
Multi-Selectmedium

A project team needs to collaborate on personal work files that follow a user across devices and co-author related Office files. Which two Microsoft 365 capabilities are most relevant?

Select 2 answers
A.Microsoft Purview eDiscovery case
B.OneDrive for Business
C.SharePoint Online document storage
D.Exchange anti-malware policy
AnswersB, C

OneDrive is intended for individual file storage and sync.

Why this answer

OneDrive for Business is designed for personal work files that follow a user across devices, providing sync capabilities and per-user storage. It also supports real-time co-authoring of Office files (e.g., Word, Excel, PowerPoint) when files are stored in OneDrive and shared with collaborators, making it the primary solution for user-centric file collaboration.

Exam trap

The trap here is that candidates may confuse SharePoint Online document storage as only for team sites, but it is also the underlying storage for OneDrive for Business, making both B and C correct for personal files that follow a user and co-authoring, as OneDrive provides the user-specific sync and SharePoint provides the backend storage and sharing infrastructure.

961
Multi-Selecteasy

Which TWO Microsoft 365 apps include AI-powered features that can summarize email threads and documents? (Select two.)

Select 2 answers
A.Microsoft Outlook
B.Microsoft Excel
C.Microsoft OneNote
D.Microsoft PowerPoint
E.Microsoft Word
AnswersA, E

Outlook Copilot can summarize email threads.

Why this answer

Option A (Microsoft Outlook) is correct because Outlook has Copilot to summarize email threads. Option D (Microsoft Word) is correct because Word has Copilot to summarize documents. Option B is wrong because Excel Copilot analyzes data, not summarization.

Option C is wrong because PowerPoint Copilot creates presentations. Option E is wrong because OneNote Copilot helps with notes.

962
MCQeasy

A company runs its customer relationship management (CRM) system using a cloud provider's SaaS offering. They also use virtual machines (IaaS) from the same provider to host a legacy application. In this scenario, who is responsible for patching the operating system of the virtual machines?

A.The cloud provider is fully responsible for patching all components.
B.The customer is responsible for patching the operating system of the virtual machines.
C.The cloud provider patches the OS for all services equally.
D.No patching is needed because the cloud handles everything.
AnswerB

In the IaaS model, the customer manages the OS and applications on the VM, including applying security patches. The provider manages the underlying physical infrastructure.

Why this answer

In an IaaS model, the cloud provider is responsible for the security of the physical infrastructure, hypervisor, and network, but the customer retains responsibility for the guest operating system and applications. Since the virtual machines are IaaS resources, the customer must manage OS patches, updates, and configuration. This follows the shared responsibility model, where the customer is accountable for anything they configure or deploy within the virtual machine.

Exam trap

The trap here is that candidates confuse the IaaS model with SaaS, assuming the cloud provider patches everything, but Microsoft explicitly tests the shared responsibility model where the customer patches the OS in IaaS.

How to eliminate wrong answers

Option A is wrong because the cloud provider is not fully responsible for patching all components; in IaaS, the customer patches the OS and applications. Option C is wrong because the cloud provider does not patch the OS for all services equally; for SaaS, the provider patches the OS, but for IaaS, the customer does. Option D is wrong because patching is absolutely needed; the cloud does not handle OS-level patching for IaaS resources, and unpatched systems are vulnerable to exploits.

963
MCQmedium

During a Microsoft 365 planning workshop, view service health and create support requests without broad user management. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Stream
B.Microsoft Forms
C.Microsoft Whiteboard
D.Service Support Administrator
AnswerD

Service Support Administrator can manage support-related tasks.

Why this answer

The Service Support Administrator role in Microsoft 365 is specifically designed to allow users to view service health and create support requests without granting broader user management permissions. This role is part of the least-privilege administrative model, enabling helpdesk or support staff to monitor service incidents and open tickets via the Microsoft 365 admin center or the Microsoft 365 admin mobile app, while being restricted from modifying users, licenses, or other administrative settings.

Exam trap

The trap here is that candidates often confuse the Service Support Administrator role with the Helpdesk Administrator role, which also can create support requests but additionally has broader user management capabilities (e.g., resetting passwords), leading to an incorrect choice if they don't carefully read the requirement for 'without broad user management.'

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video service for uploading, sharing, and managing enterprise videos; it does not provide any administrative capabilities for viewing service health or creating support requests. Option B is wrong because Microsoft Forms is a survey and quiz creation tool; it has no role in service health monitoring or support ticket management. Option C is wrong because Microsoft Whiteboard is a digital canvas for collaboration; it lacks any administrative or support functionality related to service health or support requests.

964
MCQeasy

A small business with 25 employees is starting to use Microsoft 365. The owner purchased Microsoft 365 Business Basic licenses for everyone. After a month, employees report that they need the desktop versions of Word, Excel, and PowerPoint. The owner wants to upgrade the licenses but does not want to pay for features they don't need, such as advanced security. They also want to ensure that all users can continue using email, Teams, and SharePoint. Which licensing change should the owner make?

A.Upgrade to Microsoft 365 E3
B.Upgrade to Microsoft 365 F3
C.Purchase Exchange Online Plan 1 add-on
D.Upgrade to Microsoft 365 Business Premium
AnswerD

Includes desktop Office apps, email, Teams, SharePoint, and is priced for small businesses.

Why this answer

Option A is correct because Microsoft 365 Business Premium includes desktop Office apps plus all the services they already have. Option B is wrong because E3 is more expensive and designed for larger organizations. Option C is wrong because F3 does not include desktop Office apps.

Option D is wrong because Exchange Online Plan 1 does not include desktop apps.

965
MCQmedium

Your organization uses Microsoft Purview to manage data governance. A data owner needs to classify sensitive data across SharePoint, OneDrive, and Exchange automatically based on content patterns. Which Microsoft Purview feature should they use?

A.Sensitivity labels with auto-labeling
B.eDiscovery (Premium)
C.Data Loss Prevention (DLP) policies
D.Audit (Standard)
AnswerA

Auto-labeling can apply sensitivity labels based on pattern matching.

Why this answer

Sensitivity labels with auto-labeling policies can automatically classify data based on patterns. Option B is correct. Option A (DLP) prevents sharing but does not classify.

Option C (eDiscovery) is for search and legal hold. Option D (Audit) is for logging.

966
Multi-Selectmedium

A project manager wants to automate the process of sending a welcome email to new team members when they are added to a SharePoint site. Which two Microsoft 365 technologies should they use? (Choose two.)

Select 2 answers
A.Microsoft Power Automate
B.Microsoft SharePoint
C.Microsoft Power Apps
D.Microsoft Outlook
AnswersA, B

Correct. Power Automate can create a flow that triggers when a new member is added to a SharePoint site and sends an email.

Why this answer

Microsoft Power Automate is correct because it provides the workflow automation capabilities needed to trigger a welcome email when a new member is added to a SharePoint site. It integrates directly with SharePoint's 'When an item is created or modified' trigger to initiate the automated email action.

Exam trap

The trap here is that candidates often confuse the tool that sends the email (Outlook) with the tool that automates the process (Power Automate), or they mistakenly think Power Apps can handle workflow automation because it is part of the Power Platform.

967
MCQeasy

Your organization uses Microsoft 365 and wants to automatically scale resources based on demand, paying only for what is used. Which cloud characteristic does this describe?

A.Fault tolerance
B.Disaster recovery
C.High availability
D.Elasticity
AnswerD

Elasticity allows resources to scale automatically based on demand.

Why this answer

Option C is correct because elasticity allows resources to scale up/down automatically. Option A is wrong because high availability focuses on uptime. Option B is wrong because disaster recovery is about restoring after failure.

Option D is wrong because fault tolerance is about continued operation despite failures.

968
MCQmedium

A hospital uses Microsoft 365 E5 and needs to ensure that patient health information (PHI) is not accidentally shared externally. They want to block sharing of emails containing credit card numbers or medical record numbers. Which Microsoft Purview feature should they configure?

A.Microsoft Purview Privileged Access Management
B.Microsoft Purview Data Loss Prevention (DLP)
C.Microsoft Purview Sensitivity Labels
D.Microsoft Purview Information Barriers
AnswerB

DLP policies can automatically detect and block sharing of sensitive information.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) is the correct feature because it is specifically designed to detect and block the accidental sharing of sensitive data, such as credit card numbers and medical record numbers, via email. DLP uses deep content analysis with built-in sensitive information types (e.g., Credit Card Number, U.S. Medical Record Number) to scan emails and enforce policies that prevent external sharing.

This directly addresses the hospital's requirement to protect PHI from being leaked externally.

Exam trap

The trap here is that candidates often confuse Sensitivity Labels with DLP, not realizing that labels are for classification and protection (e.g., encryption), while DLP is the enforcement engine that scans content and blocks sharing based on those labels or built-in sensitive data types.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Privileged Access Management (PAM) provides just-in-time access control for elevated administrative tasks, not content inspection or blocking of sensitive data in emails. Option C is wrong because Sensitivity Labels are used to classify and protect data with encryption and visual markings, but they do not automatically scan and block sharing of specific data patterns like credit card numbers or medical record numbers without a DLP policy to enforce actions. Option D is wrong because Information Barriers are designed to restrict communication and collaboration between specific groups (e.g., to prevent conflicts of interest), not to scan email content for sensitive data patterns or block external sharing.

969
MCQeasy

A compliance officer needs to automatically retain all emails in Exchange Online for exactly 7 years, and then permanently delete them. Which Microsoft Purview solution should they configure?

A.Data Loss Prevention (DLP) policy
B.Retention policy
C.Sensitivity label
D.eDiscovery case
AnswerB

Retention policies allow you to define retention rules that can automatically retain data for a specified period and then delete it, meeting the requirement.

Why this answer

A retention policy in Microsoft Purview is designed to retain data for a specified period and then automatically delete it. By configuring a retention policy with a retention period of 7 years and an action to permanently delete the content at the end of that period, the compliance officer can meet the requirement for Exchange Online emails. This policy applies at the mailbox level and ensures that all emails are retained for exactly 7 years before being irreversibly removed.

Exam trap

The trap here is that candidates often confuse retention policies (which automate lifecycle management) with DLP policies (which prevent data leaks) or sensitivity labels (which classify data), leading them to select an option that addresses a different compliance goal.

How to eliminate wrong answers

Option A is wrong because a Data Loss Prevention (DLP) policy is used to detect and prevent the sharing of sensitive information (e.g., credit card numbers) via rules and actions like blocking or warning, not to enforce time-based retention and deletion. Option C is wrong because a sensitivity label is used to classify and protect data based on sensitivity (e.g., encryption, visual markings), and while it can be part of a retention label, it does not independently enforce a fixed retention and deletion schedule without being published as a retention label policy. Option D is wrong because an eDiscovery case is used for legal holds and content searches for litigation or investigation purposes, not for automated, scheduled retention and deletion of all emails.

970
Multi-Selectmedium

An organization wants to investigate emails that may be part of a phishing campaign. Which two statements are accurate about the Microsoft 365 capability involved?

Select 2 answers
A.Threat Explorer in Microsoft Defender for Office 365
B.It replaces the need for identity and access management
C.It requires every document to be made public
D.The policy should be tested with a limited group before broad rollout
AnswersA, D

Threat Explorer supports investigation of email threats, campaigns, and delivery actions.

Why this answer

Threat Explorer in Microsoft Defender for Office 365 is a powerful tool for investigating phishing campaigns. It allows security analysts to view and filter email threat data, including malware, phishing, and spam, in near real-time. This enables the organization to identify, analyze, and remediate malicious emails that are part of a phishing campaign, making option A correct.

Exam trap

The trap here is that candidates may confuse Threat Explorer with a general security solution that replaces IAM, or assume it requires public document access, when in fact it is a specialized email threat investigation tool that operates within the existing security boundaries.

971
Multi-Selecthard

Which THREE of the following are included in Microsoft 365 E5 compliance features?

Select 3 answers
A.Microsoft Purview Audit (Premium)
B.Microsoft Purview eDiscovery (Premium)
C.Microsoft Purview Data Loss Prevention (DLP)
D.Microsoft Purview Records Management
E.Microsoft Purview Communication Compliance
AnswersA, B, E

Advanced Audit is an E5 feature.

Why this answer

E5 includes Advanced Audit, eDiscovery Premium, and Microsoft Purview Communication Compliance. DLP is in E3, and Records Management is in E3.

972
MCQmedium

An organization uses Microsoft 365 and wants to automatically classify and protect sensitive data in SharePoint Online based on content patterns. Which Microsoft Purview solution should they implement?

A.Auto-labeling policies
B.Retention policies
C.Data Loss Prevention (DLP) policies
D.Trainable classifiers
AnswerA

Auto-labeling can automatically apply labels based on content patterns.

Why this answer

Option C is correct because auto-labeling policies in Microsoft Purview can automatically apply sensitivity labels based on sensitive information types or patterns. Option A is incorrect because trainable classifiers require training, not automatic pattern detection. Option B is incorrect because DLP policies prevent data loss but do not automatically classify.

Option D is incorrect because retention policies are for retention, not classification.

973
MCQeasy

A marketing team needs to collaboratively create and edit documents in real time, share files securely, and track version history. Which Microsoft 365 service should they primarily use?

A.Microsoft Teams
B.OneDrive for Business
C.SharePoint Online
D.Microsoft Viva Engage
AnswerC

SharePoint provides team sites, document libraries, versioning, and co-authoring for collaborative work.

Why this answer

SharePoint Online is the correct choice because it is designed for team collaboration with real-time co-authoring, granular permission-based file sharing, and built-in version history that tracks every change. Unlike OneDrive, which is optimized for individual file storage and sharing, SharePoint provides a centralized team site where multiple users can simultaneously edit documents and manage versions at the site or library level.

Exam trap

The trap here is that candidates often confuse OneDrive for Business with SharePoint Online because both offer real-time co-authoring and version history, but the question specifies a team needing collaborative creation and secure sharing, which is the defining use case for SharePoint's team sites rather than OneDrive's personal storage.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams is a chat-based collaboration hub that integrates with SharePoint for file storage, but its primary function is communication and meetings, not native document co-authoring and version history management. Option B is wrong because OneDrive for Business is a personal cloud storage service that supports real-time co-authoring and version history for individual files, but it lacks the team-centric site structure, metadata, and permission inheritance needed for a marketing team to collaboratively manage documents as a group. Option D is wrong because Microsoft Viva Engage (formerly Yammer) is an enterprise social networking tool focused on community discussions and knowledge sharing, not document creation, real-time editing, or version control.

974
MCQmedium

A company with 50 users currently has Microsoft 365 Business Standard licenses. They face new compliance regulations that require automatic data classification and retention policies across all Microsoft 365 workloads. They want to add these capabilities without replacing their existing licenses, and they want to minimize costs. What is the most cost-effective licensing strategy?

A.Add Microsoft 365 E5 Compliance add-on for all users
B.Upgrade all users to Microsoft 365 E5
C.Upgrade all users to Microsoft 365 Business Premium
D.Add Microsoft 365 E5 Security add-on for all users
AnswerA

This add-on provides the required advanced compliance features (auto-classification, retention, etc.) and can be purchased as an add-on to Business Standard without upgrading the base plan.

Why this answer

Microsoft 365 E5 Compliance is an add-on that provides advanced compliance features like automatic data classification and retention policies across all Microsoft 365 workloads. Since the company already has Microsoft 365 Business Standard licenses, adding this add-on is the most cost-effective way to meet the new regulatory requirements without replacing existing licenses.

Exam trap

The trap here is that candidates may confuse the E5 Security add-on with the E5 Compliance add-on, assuming security features automatically include compliance capabilities, but they are separate add-ons with distinct feature sets.

How to eliminate wrong answers

Option B is wrong because upgrading all users to Microsoft 365 E5 is significantly more expensive than adding the E5 Compliance add-on, and it includes many features (like advanced security and analytics) that are not required by the compliance regulations. Option C is wrong because Microsoft 365 Business Premium does not include automatic data classification and retention policies across all workloads; it focuses on security and device management, not the advanced compliance capabilities needed. Option D is wrong because Microsoft 365 E5 Security add-on provides security features (e.g., threat protection, identity management) but does not include the compliance-specific capabilities like data classification and retention policies required by the regulations.

975
MCQeasy

Your organization wants to ensure that users can only access Microsoft 365 resources from compliant devices. Which security feature should you implement?

A.Microsoft Entra Conditional Access
B.Microsoft Purview Data Loss Prevention
C.Microsoft Defender for Cloud Apps
D.Microsoft Intune
AnswerA

Conditional Access policies can require compliant devices.

Why this answer

Conditional Access in Microsoft Entra ID allows you to enforce policies that require devices to be compliant (e.g., managed by Intune) before granting access. Option B is correct. Options A, C, and D are not primarily for device compliance enforcement.

Page 12

Page 13 of 14

Page 14