Microsoft 365 Fundamentals MS-900 (MS-900) — Questions 976985

985 questions total · 14pages · All types, answers revealed

Page 13

Page 14 of 14

976
MCQmedium

During requirements gathering, an IT manager says the organization must deploy application code without maintaining the operating system or runtime platform. Cloud concept or benefit best matches this requirement?

A.Private cloud
B.Platform as a Service (PaaS)
C.Infrastructure as a Service (IaaS)
D.Software as a Service (SaaS)
AnswerB

PaaS lets developers focus on code while the provider manages the platform, runtime, and underlying infrastructure.

Why this answer

Platform as a Service (PaaS) is the correct choice because it provides a managed hosting environment where you can deploy your own application code without needing to manage the underlying operating system or runtime platform. The IT manager's requirement explicitly states they want to avoid maintaining the OS and runtime, which is the core value proposition of PaaS. In contrast, IaaS would require them to manage the OS and runtime themselves.

Exam trap

The trap here is that candidates often confuse PaaS with IaaS because both allow custom code deployment, but IaaS requires full OS and runtime management, which directly contradicts the requirement to avoid maintaining those layers.

How to eliminate wrong answers

Option A is wrong because private cloud describes a deployment model (single-tenant, on-premises or hosted) rather than a service model; it does not inherently relieve the organization from managing the OS or runtime. Option C is wrong because Infrastructure as a Service (IaaS) provides virtualized compute, storage, and networking resources, but the customer remains responsible for patching, configuring, and maintaining the operating system and runtime environment. Option D is wrong because Software as a Service (SaaS) delivers fully managed applications to end users, not a platform for deploying custom application code.

977
MCQmedium

A marketing team needs to create a shared workspace to manage projects, store documents, and track tasks. Which Microsoft 365 service should the administrator recommend?

A.SharePoint Online
B.Microsoft Sway
C.Microsoft Bookings
D.Microsoft Stream
AnswerA

SharePoint Online provides team sites with document libraries, lists for task tracking, and integration with Planner and Lists.

Why this answer

SharePoint Online is the correct recommendation because it provides a centralized platform for creating team sites that serve as shared workspaces. It includes document libraries for storing and co-authoring files, lists for tracking tasks, and integration with Microsoft Teams and Planner for project management, directly meeting all the stated requirements.

Exam trap

The trap here is that candidates may confuse SharePoint Online with other Microsoft 365 apps like Teams or Planner, but the question specifically asks for a service that combines document storage, task tracking, and a shared workspace, which is the core function of SharePoint Online.

How to eliminate wrong answers

Option B is wrong because Microsoft Sway is a presentation and storytelling app for creating interactive reports and newsletters, not a shared workspace for project management or task tracking. Option C is wrong because Microsoft Bookings is a scheduling tool for managing customer appointments, lacking document storage and task management capabilities. Option D is wrong because Microsoft Stream is a video hosting and sharing service for enterprise video content, not designed for project collaboration or task tracking.

978
MCQhard

A compliance officer needs to ensure that all outgoing emails containing a customer's credit card number are automatically encrypted before delivery. External recipients must be able to reply with the same level of encryption without a separate signing-up process. Which Microsoft Purview solution should be configured?

A.Office 365 Message Encryption (OME) with a DLP policy
B.Sensitivity labels with automatic marking
C.Azure Information Protection (AIP)
D.Microsoft Defender for Office 365
AnswerA

DLP policies can detect credit card numbers and trigger OME encryption automatically. OME allows external recipients to reply encrypted via a secure portal.

Why this answer

Office 365 Message Encryption (OME) with a Data Loss Prevention (DLP) policy is the correct solution because OME provides automatic encryption for emails based on sensitive information types (e.g., credit card numbers) detected by DLP rules. It also supports the 'encrypt-only' option, which allows external recipients to reply with the same level of encryption without requiring a separate sign-up or certificate exchange, leveraging the Microsoft 365 message encryption infrastructure.

Exam trap

The trap here is that candidates often confuse sensitivity labels (Option B) with DLP-based encryption, not realizing that sensitivity labels require explicit configuration for automatic encryption and do not inherently handle reply encryption without additional setup, whereas OME with DLP provides the seamless, policy-driven encryption and reply capability described.

How to eliminate wrong answers

Option B is wrong because sensitivity labels with automatic marking can apply visual markings or encryption, but they do not natively trigger encryption based on DLP-sensitive information types like credit card numbers; they require manual or policy-based labeling and do not inherently enable seamless encrypted replies without recipient sign-up. Option C is wrong because Azure Information Protection (AIP) is a classification and labeling solution that can apply encryption via rights management, but it is not primarily designed for automatic email encryption based on DLP policies and often requires the recipient to have an Azure RMS-enabled client or sign in for decryption. Option D is wrong because Microsoft Defender for Office 365 focuses on threat protection (e.g., anti-phishing, anti-malware, safe attachments) and does not provide automatic email encryption based on content inspection for compliance purposes.

979
MCQeasy

A user reports that they cannot access Microsoft 365 services. You check the Microsoft 365 admin center and see that their license is expired. What is the most likely result of an expired license?

A.Microsoft automatically purchases a new license
B.The user's data is immediately deleted
C.The user loses access to Microsoft 365 services after a grace period
D.The user's account is automatically deleted
AnswerC

After the grace period, the account is disabled and the user cannot access services.

Why this answer

When a Microsoft 365 license expires, Microsoft does not immediately revoke access. Instead, the user enters a grace period (typically 30 days) during which they retain access but may see warnings. After the grace period ends, the user loses access to Microsoft 365 services, and their data is preserved for a further period (usually 90 days) before being deleted.

This aligns with Microsoft's licensing and data retention policies.

Exam trap

The trap here is that candidates often assume license expiration leads to immediate data deletion or account removal, but Microsoft's phased approach (grace period followed by retention) is designed to prevent accidental data loss and give administrators time to renew or reassign licenses.

How to eliminate wrong answers

Option A is wrong because Microsoft does not automatically purchase new licenses; license renewal or purchase requires explicit action by the tenant administrator. Option B is wrong because user data is not immediately deleted upon license expiration; it is preserved through the grace period and a subsequent data retention period (typically 90 days) before deletion. Option D is wrong because the user's account is not automatically deleted; the account remains disabled but intact until the tenant administrator takes action or the retention period expires.

980
Drag & Dropmedium

Drag and drop the steps to deploy Microsoft 365 Apps for enterprise to a Windows device using the Microsoft 365 Apps admin center into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Deploying Office uses the admin center to create a config, then ODT to install based on that config.

981
MCQmedium

A compliance officer needs to ensure that all emails and documents in Exchange Online and SharePoint are automatically retained for five years. After five years, the data should be automatically deleted. Which Microsoft Purview solution should they configure?

A.Retention policies
B.Data loss prevention (DLP) policies
C.Sensitivity labels
D.eDiscovery (Standard)
AnswerA

Correct. Retention policies are the appropriate solution to automatically retain and then delete content based on a defined schedule.

Why this answer

Retention policies in Microsoft Purview are designed to automatically retain data for a specified period and then delete it, meeting the compliance officer's requirement for Exchange Online and SharePoint. This solution applies at the container level (e.g., mailboxes, sites) and can enforce a five-year retention followed by automatic deletion without user intervention.

Exam trap

The trap here is that candidates often confuse retention policies with DLP policies, mistakenly thinking DLP can enforce time-based retention and deletion, when DLP is solely focused on preventing data loss through content inspection and action rules.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) policies focus on preventing unauthorized sharing or leakage of sensitive data through rules and actions (e.g., blocking emails), not on automated retention and deletion schedules. Option C is wrong because Sensitivity labels classify and protect data with encryption or visual markings, but they do not inherently enforce time-based retention or deletion; they can be used with retention policies but are not the primary solution for automated lifecycle management. Option D is wrong because eDiscovery (Standard) is used for searching and exporting content for legal or investigative purposes, not for configuring automatic retention and deletion policies.

982
MCQeasy

Your company, Contoso Ltd., has a Microsoft 365 E5 subscription with 500 users. The IT department recently discovered that some employees are sharing sensitive customer data via email with external parties. You need to implement a solution that automatically detects and prevents the sharing of credit card numbers and social security numbers in emails. The solution should notify the sender when a potential violation occurs and allow them to override the block by providing a business justification. The compliance team must be able to review these overrides. What should you configure?

A.Enable Microsoft Defender for Office 365 Safe Attachments and Safe Links.
B.Create a Microsoft Purview Data Loss Prevention (DLP) policy in the Microsoft Purview compliance portal.
C.Create a sensitivity label with auto-labeling for emails containing sensitive data.
D.Create an Exchange mail flow rule to block emails containing sensitive data and send a non-delivery report.
AnswerB

DLP policies can detect sensitive data, block transmission, notify users, and allow overrides with justification.

Why this answer

Option B is correct. A Microsoft Purview Data Loss Prevention (DLP) policy can be configured to detect sensitive info types like credit card numbers and SSNs, with actions to block and notify the sender with an override option. Option A (Exchange mail flow rules) is less flexible and doesn't provide the override with justification.

Option C (sensitivity labels) is for classification, not blocking. Option D (Microsoft Defender for Office 365) focuses on threats, not data protection.

983
MCQmedium

During requirements gathering, an IT manager says the organization must discover where sensitive information is stored across Microsoft 365. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Planner
B.Microsoft Stream
C.Microsoft Forms
D.Data classification / Content explorer
AnswerD

Data classification and content explorer help identify sensitive information across locations.

Why this answer

Data classification and Content explorer in Microsoft 365 Purview allow organizations to discover, classify, and monitor sensitive information across Exchange, SharePoint, OneDrive, and Teams. This capability uses trainable classifiers and sensitive information types to identify data like credit card numbers or PII, providing a unified view in Content explorer for compliance administrators. It directly meets the requirement to discover where sensitive information is stored.

Exam trap

The trap here is that candidates may confuse productivity tools (Planner, Stream, Forms) with compliance capabilities, assuming any Microsoft 365 app can discover sensitive data, when only Purview features like Data classification and Content explorer are designed for this purpose.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management tool for organizing work, not a security or compliance discovery tool. Option B is wrong because Microsoft Stream is a video hosting and sharing service, with no native capability to scan or classify sensitive data. Option C is wrong because Microsoft Forms is used to create surveys and quizzes, and lacks any data classification or content scanning features.

984
MCQhard

A compliance officer wants to ensure that all data in Microsoft 365 is encrypted using a key that the organization manages and stores in their own Azure Key Vault. Microsoft will not have access to the key. Which solution should they implement?

A.Customer Lockbox
B.Double Key Encryption (DKE)
C.Information Rights Management (IRM)
D.Microsoft Purview Data Lifecycle Management
AnswerB

DKE enables customers to provide a second encryption key that Microsoft does not possess, ensuring that no one (including Microsoft) can access the protected data without both keys.

Why this answer

Double Key Encryption (DKE) is the correct solution because it allows an organization to use their own key stored in Azure Key Vault for encrypting sensitive Microsoft 365 data, while ensuring that Microsoft cannot access the key. With DKE, the encryption key is split into two parts: one managed by Microsoft and one managed by the customer in their own Azure Key Vault, so both parties must be compromised to decrypt the data. This meets the compliance officer's requirement for exclusive control over the encryption key.

Exam trap

The trap here is that candidates often confuse Customer Lockbox with encryption key control, but Customer Lockbox only controls access requests, not the encryption keys themselves.

How to eliminate wrong answers

Option A is wrong because Customer Lockbox provides a process for approving or denying Microsoft support access to your data during service requests, but it does not involve managing encryption keys or encrypting data with a customer-controlled key. Option C is wrong because Information Rights Management (IRM) uses Azure Rights Management (Azure RMS) to protect files and emails by restricting actions like copying or forwarding, but the encryption keys are managed by Microsoft by default, not by the customer in their own Azure Key Vault. Option D is wrong because Microsoft Purview Data Lifecycle Management focuses on data retention, deletion, and classification policies, not on encryption key management or customer-controlled encryption.

985
MCQmedium

A mid-size company with 300 users currently has Microsoft 365 Business Basic licenses. They need to add desktop versions of Office apps (Word, Excel, PowerPoint) and advanced security features such as Microsoft Defender for Office 365. What is the most cost-effective licensing upgrade?

A.Microsoft 365 Business Standard
B.Microsoft 365 Business Premium
C.Microsoft 365 E3
D.Microsoft 365 E5
AnswerB

Business Premium includes desktop Office apps and advanced security such as Microsoft Defender for Office 365, making it the most cost-effective upgrade for these needs.

Why this answer

Microsoft 365 Business Premium includes both the desktop versions of Office apps (Word, Excel, PowerPoint) and Microsoft Defender for Office 365 (Plan 1) in a single license. This makes it the most cost-effective upgrade from Business Basic because it bundles the required productivity and security features without the higher per-user cost of E3 or E5.

Exam trap

The trap here is that candidates often assume Microsoft 365 Business Standard is sufficient because it includes desktop Office apps, overlooking that Microsoft Defender for Office 365 is a separate security feature not included in that plan, and that Business Premium is the most cost-effective bundle for both requirements.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Standard adds desktop Office apps but does not include Microsoft Defender for Office 365 or any advanced security features. Option C is wrong because Microsoft 365 E3 includes desktop Office apps and basic security but lacks Microsoft Defender for Office 365 (Plan 1) unless an additional add-on is purchased, making it less cost-effective than Business Premium. Option D is wrong because Microsoft 365 E5 includes all required features but at a significantly higher per-user cost than Business Premium, making it overkill for a 300-user company that only needs Defender for Office 365 and desktop apps.

Page 13

Page 14 of 14