Microsoft 365 Fundamentals MS-900 (MS-900) — Questions 376450

985 questions total · 14pages · All types, answers revealed

Page 5

Page 6 of 14

Page 7
376
MCQmedium

A company with 500 users currently has Microsoft 365 Business Premium licenses. They need to add advanced eDiscovery features (including predictive coding and legal hold) and the ability to retain all communications for 10 years. What is the most cost-effective licensing addition?

A.Microsoft 365 E5 Compliance add-on
B.Microsoft 365 E5 add-on
C.Office 365 E5
D.Microsoft 365 Business Standard
AnswerA

This add-on provides advanced eDiscovery, legal hold, and unlimited retention policies at a lower cost than full E5.

Why this answer

Microsoft 365 E5 Compliance add-on provides advanced eDiscovery features like predictive coding and legal hold, plus the 10-year retention required via litigation hold and retention policies. It is the most cost-effective addition because it adds these capabilities to existing Business Premium licenses without upgrading the entire suite to E5.

Exam trap

The trap here is that candidates often confuse the Microsoft 365 E5 add-on (which includes all E5 features) with the more targeted E5 Compliance add-on, leading them to choose a more expensive option than necessary.

How to eliminate wrong answers

Option B is wrong because Microsoft 365 E5 add-on includes the full E5 security and compliance suite, which is more expensive than the Compliance add-on alone and includes unnecessary features like advanced threat analytics. Option C is wrong because Office 365 E5 is a full suite license that replaces Business Premium, not an add-on, and costs significantly more while providing overlapping productivity tools. Option D is wrong because Microsoft 365 Business Standard lacks advanced eDiscovery, predictive coding, and 10-year retention capabilities, and is a downgrade from Business Premium.

377
MCQmedium

You need to ensure that only authorized users from your tenant can access a SharePoint site. Which setting should you configure?

A.External sharing settings
B.Sensitivity labels
C.Conditional Access policy
D.Sharing links expiration
AnswerA

External sharing settings control whether external users can access the site.

Why this answer

External sharing settings control who outside your tenant can access SharePoint sites, files, and folders. By configuring these settings at the tenant or site level, you can restrict access to only authorized users from your tenant, blocking external users entirely. This is the direct mechanism for limiting access to internal users only.

Exam trap

The trap here is that candidates confuse external sharing settings with Conditional Access policies, thinking that CA policies can block external users from accessing SharePoint, when in fact CA policies apply to all users (including internal) and do not control the sharing invitation process.

How to eliminate wrong answers

Option B is wrong because sensitivity labels enforce classification and protection (encryption, watermarking) on content, not access control for external users. Option C is wrong because Conditional Access policies govern authentication and device compliance for all users, but they do not specifically block or allow external sharing of SharePoint sites. Option D is wrong because sharing links expiration controls how long a shared link is valid, not who can access the site; it does not prevent external users from being invited.

378
MCQmedium

A business stakeholder asks how Microsoft 365 can help them manage laptops and mobile devices with compliance policies and app protection. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Stream
B.Microsoft Planner
C.Microsoft Forms
D.Microsoft Intune
AnswerD

Intune manages devices and apps, including compliance and app protection policies.

Why this answer

Microsoft Intune is the correct answer because it is a cloud-based endpoint management solution that provides mobile device management (MDM) and mobile application management (MAM) capabilities. It allows administrators to enforce compliance policies (e.g., require PIN, encrypt device) and app protection policies (e.g., restrict copy/paste, prevent data leakage) on laptops and mobile devices, directly addressing the stakeholder's request.

Exam trap

The trap here is that candidates may confuse productivity tools (Stream, Planner, Forms) with security and management services, but Microsoft 365 separates collaboration features from endpoint management, which is exclusively handled by Intune in this context.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video-sharing and management service, not an endpoint management or compliance tool. Option B is wrong because Microsoft Planner is a task management and collaboration tool for organizing work, not for managing device compliance or app protection. Option C is wrong because Microsoft Forms is a survey and data collection tool, with no capabilities for device management or policy enforcement.

379
MCQmedium

Your organization is deploying Microsoft 365 and wants to ensure data is stored within a specific geographic region to comply with regulatory requirements. Which concept describes the ability to choose data residency?

A.Latency
B.Data sovereignty
C.Compliance
D.Data residency
AnswerD

Data residency is the physical location where data is stored.

Why this answer

Option D is correct because data residency refers to the physical location of data storage. Option A is wrong because sovereignty is about legal jurisdiction. Option B is wrong because compliance is about meeting standards.

Option C is wrong because latency is about network delay.

380
MCQmedium

A compliance administrator needs to apply encryption and usage restrictions to confidential documents. Which Microsoft 365 capability is the best fit? The design must avoid adding custom operational scripts.

A.OneDrive sync client
B.Sensitivity labels
C.Microsoft Bookings
D.Microsoft Teams live events
AnswerB

Sensitivity labels classify and protect content, including encryption and access restrictions.

Why this answer

Sensitivity labels are the correct choice because they allow the compliance administrator to apply encryption and usage restrictions (such as 'Do Not Forward' or 'View Only') directly to confidential documents without writing any custom scripts. This capability is built into Microsoft 365 and integrates with Azure Information Protection to enforce protection policies at the file level, meeting the requirement for a no-code solution.

Exam trap

The trap here is that candidates may confuse the OneDrive sync client with a security tool, mistakenly thinking it can enforce encryption or restrictions, when in fact it only synchronizes files without applying any protection policies.

How to eliminate wrong answers

Option A is wrong because the OneDrive sync client is a file synchronization tool that syncs files between local devices and the cloud; it does not natively apply encryption or usage restrictions to documents. Option C is wrong because Microsoft Bookings is a scheduling and appointment management application, not a data protection or compliance tool. Option D is wrong because Microsoft Teams live events is a broadcast feature for streaming video to large audiences; it lacks the ability to apply encryption or usage restrictions to individual documents.

381
Multi-Selectmedium

A project team needs to collaborate on Teams channel conversations and meetings and co-author related Office files. Which two Microsoft 365 capabilities are most relevant?

Select 2 answers
A.Microsoft Teams
B.SharePoint Online document storage
C.Microsoft Purview eDiscovery case
D.Exchange anti-malware policy
AnswersA, B

Teams is the hub for chat, meetings, calls, and team collaboration.

Why this answer

Microsoft Teams is the correct answer because it provides the central hub for channel conversations, meetings, and real-time collaboration. SharePoint Online document storage is also correct because Teams channels use SharePoint as the underlying storage for all shared files, enabling co-authoring of Office documents directly within the Teams interface.

Exam trap

The trap here is that candidates may think Microsoft Teams alone covers all collaboration needs, forgetting that SharePoint Online is the underlying file storage and co-authoring engine for Teams channel files.

382
MCQmedium

A business stakeholder asks how Microsoft 365 can help them check known incidents affecting Microsoft 365 services. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Forms
B.Microsoft Whiteboard
C.Microsoft Stream
D.Service health
AnswerD

Service health shows incidents and advisories for Microsoft 365 services.

Why this answer

Service health in the Microsoft 365 admin center provides real-time status and incident information for all Microsoft 365 services. It allows administrators and stakeholders to check known incidents, advisories, and historical uptime data, directly addressing the need to monitor service availability.

Exam trap

The trap here is that candidates may confuse productivity tools (Forms, Whiteboard, Stream) with administrative or support features, failing to recognize that Service health is the dedicated console for incident monitoring within the Microsoft 365 admin center.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a survey and data collection tool, not a service monitoring or incident reporting feature. Option B is wrong because Microsoft Whiteboard is a digital canvas for collaboration, unrelated to checking service health or incidents. Option C is wrong because Microsoft Stream is a video management and sharing service, not a dashboard for service status or incident tracking.

383
Multi-Selecthard

Which THREE Microsoft 365 services can be used to store and manage files in the cloud?

Select 3 answers
A.OneDrive for Business
B.Microsoft Teams
C.Power BI
D.SharePoint
E.Exchange Online
AnswersA, B, D

OneDrive stores personal files in the cloud.

Why this answer

OneDrive for Business is a cloud storage service that allows users to store, sync, and share files individually. It is part of Microsoft 365 and provides personal storage with up to 1 TB per user, integrating with Office apps for real-time co-authoring.

Exam trap

The trap here is that Microsoft Teams is listed as a correct answer because it can store files via its Files tab (which actually uses SharePoint or OneDrive under the hood), but candidates often confuse Teams as a primary storage service rather than a collaboration hub that relies on underlying storage services.

384
Multi-Selecteasy

Which TWO are true about Microsoft's data residency commitments in the Microsoft 365 Trust Center?

Select 2 answers
A.Customers can choose where their data is stored at rest
B.Data never leaves the selected geographic region
C.All customer data is encrypted in transit only
D.Customer data is always stored in the customer's country only
E.Microsoft provides data residency options for customer data
AnswersA, E

Customers can select the region for data storage.

Why this answer

Options B and D are correct. Microsoft offers data residency options, and customers can choose the region. Option A is wrong because data is stored at rest in the chosen region, not all regions.

Option C is wrong because data may move for disaster recovery. Option E is wrong because data can be stored at rest in the selected region.

385
Multi-Selectmedium

Which TWO Microsoft 365 services can be used to create and manage business process automation workflows?

Select 2 answers
A.Power Automate
B.Microsoft Forms
C.Microsoft Stream
D.Power BI
E.Microsoft Lists
AnswersA, E

Power Automate is designed for workflow automation.

Why this answer

Options B and D are correct: Power Automate is the primary workflow automation tool, and Microsoft Lists can be used with Power Automate to create approval workflows. Option A is incorrect because Power BI is for analytics. Option C is incorrect because Forms is for surveys.

Option E is incorrect because Stream is for video.

386
MCQhard

Refer to the exhibit. A Microsoft Purview sensitivity label policy is defined as shown. A user applies this label to a document in Microsoft 365. Which action will occur automatically?

A.The document will be encrypted.
B.The document will be automatically deleted after 30 days.
C.A watermark will be added.
D.The document will be blocked from external sharing.
AnswerA

The label has encryption enabled, so the document is encrypted.

Why this answer

Option A is correct because the settings show encryptionenabled: true, so the document will be encrypted. Option B is incorrect because the markinginfo includes header and footer, not a watermark. Option C is incorrect because there is no DLP policy referenced.

Option D is incorrect because there is no retention setting in the label.

387
MCQeasy

A company uses a cloud provider that offers compute power as a service. The provider manages the physical servers, storage, and networking, but the company has full control over the operating system, applications, and configurations. Which cloud service model is being used?

A.Software as a Service (SaaS)
B.Platform as a Service (PaaS)
C.Infrastructure as a Service (IaaS)
D.Function as a Service (FaaS)
AnswerC

IaaS provides virtual machines and storage; the customer manages the OS, applications, and configurations while the provider handles the physical infrastructure.

Why this answer

The scenario describes Infrastructure as a Service (IaaS), where the cloud provider manages the underlying physical infrastructure (servers, storage, networking), but the customer retains full control over the operating system, applications, and configurations. This aligns with the IaaS model as defined by NIST SP 800-145, which provides virtualized computing resources over the internet.

Exam trap

The trap here is that candidates often confuse PaaS with IaaS because both involve deploying applications, but PaaS removes OS control, while IaaS explicitly grants it, and the question's phrase 'full control over the operating system' is the critical differentiator.

How to eliminate wrong answers

Option A is wrong because Software as a Service (SaaS) provides a complete application managed by the provider, where the customer has no control over the operating system or underlying infrastructure, only the application data. Option B is wrong because Platform as a Service (PaaS) abstracts the operating system and runtime environment, giving the customer control only over deployed applications and configuration settings, not the OS itself. Option D is wrong because Function as a Service (FaaS) is a serverless computing model where the provider manages all infrastructure and the customer only deploys individual functions, with no control over the OS or runtime environment.

388
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to increase from 100 to 2,000 users without buying new mail servers. Cloud concept or benefit best matches this requirement?

A.Data Loss Prevention (DLP)
B.Sensitivity labels
C.Microsoft Planner
D.Scalability
AnswerD

Scalability allows services to grow or shrink as requirements change.

Why this answer

Scalability is the correct answer because it refers to the ability of a cloud service like Microsoft 365 to dynamically allocate resources to accommodate growth from 100 to 2,000 users without requiring the purchase or provisioning of additional on-premises mail servers. Microsoft 365's multi-tenant architecture and elastic infrastructure automatically handle user load increases, making scalability the cloud concept that directly matches this requirement.

Exam trap

The trap here is that candidates may confuse operational features like DLP or Sensitivity labels with cloud benefits, failing to recognize that scalability is the specific cloud concept that directly addresses the ability to grow user counts without hardware investment.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) is a security feature that helps prevent sensitive information from being shared or leaked, not a mechanism for scaling user capacity. Option B is wrong because Sensitivity labels are classification and protection tools for data governance, not related to increasing user counts or infrastructure scaling. Option C is wrong because Microsoft Planner is a task management and collaboration tool, not a cloud concept or benefit that addresses user capacity growth.

389
Multi-Selectmedium

Which three of the following are characteristics of cloud computing as defined by the National Institute of Standards and Technology (NIST)? (Choose three.)

Select 3 answers
.On-demand self-service
.Broad network access
.Resource pooling
.Dedicated hardware per tenant
.Fixed pricing models
.Limited scalability

Why this answer

NIST SP 800-145 defines cloud computing by five essential characteristics. On-demand self-service allows a consumer to provision computing capabilities automatically without requiring human interaction with each service provider. Broad network access means capabilities are available over the network and accessed through standard mechanisms (e.g., mobile phones, tablets, laptops, and workstations).

Resource pooling enables the provider's computing resources to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

Exam trap

Microsoft often tests the exact NIST definition by including plausible-sounding but non-NIST characteristics like 'dedicated hardware per tenant' or 'fixed pricing models,' which candidates mistakenly associate with cloud computing because they are common in traditional on-premises or managed hosting environments.

390
MCQmedium

A company wants to replace its on-premises Exchange Server with a cloud-based email solution that integrates with Microsoft Teams and SharePoint Online. Which Microsoft 365 service should they subscribe to?

A.Microsoft 365 Business Basic
B.Exchange Online
C.Microsoft 365 Apps
D.Microsoft Outlook desktop app
AnswerB

Exchange Online provides cloud-based email with integration to Teams and SharePoint.

Why this answer

Exchange Online is the cloud-based email solution that integrates with Teams and SharePoint. Option A is correct. Options B, C, and D are incorrect because they are not email services.

391
MCQhard

Your organization uses Microsoft 365 and wants to ensure that only managed devices can access corporate email in Exchange Online. Which conditional access policy setting should you configure?

A.Require device to be marked as compliant
B.Require approved client app
C.Require device to be joined to Azure AD
D.Require multi-factor authentication
AnswerA

This ensures only Intune-managed compliant devices can access email.

Why this answer

Option A is correct because the 'Require device to be marked as compliant' setting in a Conditional Access policy integrates with Microsoft Intune to enforce that only devices meeting compliance policies (e.g., encryption, OS version, jailbreak detection) can access Exchange Online. This ensures corporate email is accessible only from managed, trusted devices, directly addressing the requirement.

Exam trap

The trap here is that candidates often confuse 'device compliance' with 'device join status' or 'app protection,' mistakenly selecting Azure AD join or approved client app when the question specifically targets managed device enforcement via compliance policies.

How to eliminate wrong answers

Option B is wrong because 'Require approved client app' controls which applications (e.g., Outlook mobile) can access data, not the device's management state; a device could be unmanaged but still use an approved app. Option C is wrong because 'Require device to be joined to Azure AD' enforces that the device is registered in Azure AD, but it does not verify compliance with security policies like encryption or patch levels. Option D is wrong because 'Require multi-factor authentication' adds an identity verification layer but does not restrict access based on device management or compliance status.

392
MCQeasy

A company uses a cloud service where they can rent virtual machines and storage. They have full control over the operating system and applications, while the provider manages the physical hardware. Which cloud service model is being used?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.On-premises deployment
AnswerA

IaaS offers virtual machines, storage, and networking; the user controls the OS and apps, the provider manages the physical hardware.

Why this answer

This scenario describes Infrastructure as a Service (IaaS) because the company rents virtual machines and storage, retains full control over the operating system and applications, while the cloud provider manages the underlying physical hardware. In IaaS, the provider abstracts the physical infrastructure (servers, networking, storage) and delivers it as on-demand virtualized resources, which aligns with the customer's responsibility for OS and app configuration.

Exam trap

The trap here is that candidates confuse IaaS with PaaS because both involve cloud-hosted resources, but the key differentiator is control over the operating system—IaaS gives OS control, PaaS does not.

How to eliminate wrong answers

Option B (PaaS) is wrong because PaaS abstracts the operating system and runtime environment, providing a platform for application development and deployment where the customer does not manage the OS or middleware; here the customer has full OS control. Option C (SaaS) is wrong because SaaS delivers fully functional applications over the internet, with no customer control over the underlying OS or infrastructure—the customer only uses the software. Option D (On-premises deployment) is wrong because on-premises means the company owns and manages all hardware and software locally, not renting virtualized resources from a cloud provider.

393
Multi-Selecteasy

Which TWO are characteristics of the public cloud deployment model?

Select 2 answers
A.Services are owned by a third-party provider
B.Services are used by a single organization
C.Scalability is limited to existing hardware
D.Infrastructure is located on-premises
E.Multiple organizations share the same infrastructure
AnswersA, E

Public cloud is owned by a third-party cloud service provider.

Why this answer

Options B and E are correct. Public cloud is owned by a third-party provider and shared among multiple organizations. Option A (Single organization) describes private cloud.

Option C (On-premises) describes private cloud. Option D (Limited scalability) is incorrect; public cloud offers high scalability.

394
MCQmedium

An administrator is reviewing a request from users who need to discover cloud apps being used by employees and assess their risk. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Planner
B.Microsoft Defender for Cloud Apps
C.Microsoft Stream
D.Microsoft Forms
AnswerB

Defender for Cloud Apps provides cloud app discovery and risk assessment.

Why this answer

Microsoft Defender for Cloud Apps is the correct choice because it is a Cloud Access Security Broker (CASB) that provides visibility into cloud app usage, shadow IT discovery, and risk assessment. It integrates with Microsoft 365 to monitor user activities and apply data loss prevention (DLP) policies across sanctioned and unsanctioned cloud apps.

Exam trap

The trap here is that candidates may confuse productivity tools like Planner or Forms with security capabilities, or assume Stream has monitoring features due to its 'cloud' nature, but only Defender for Cloud Apps provides dedicated cloud app discovery and risk assessment.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management and collaboration tool, not a security or compliance capability for discovering cloud apps or assessing risk. Option C is wrong because Microsoft Stream is a video hosting and sharing service within Microsoft 365, with no functionality for cloud app discovery or risk assessment. Option D is wrong because Microsoft Forms is a survey and quiz creation tool, lacking any security, identity, or compliance features for monitoring cloud app usage.

395
MCQmedium

Wide World Importers is a financial services company that must comply with GDPR. They use Microsoft 365 E5 and have enabled audit logging. The Data Protection Officer (DPO) needs to be able to search and export all audit records related to a specific user's activities for the past 90 days. The DPO is not a global admin and should only have permissions to view and export audit logs. You need to provide the DPO with the appropriate access. What should you do?

A.Add the DPO to the 'Audit Logs' role in the Microsoft Purview compliance portal.
B.Add the DPO to the Global Administrator role.
C.Assign the Security Reader role in Microsoft Entra ID.
D.Assign the Compliance Administrator role in Microsoft Entra ID.
AnswerA

This role provides read and export permissions for audit logs only.

Why this answer

Option B is correct. The 'Audit Logs' role in the Microsoft Purview compliance portal allows read and export access to audit logs. Option A (global admin) gives too many permissions.

Option C (Security Reader) in Microsoft Entra ID does not include Purview audit log access. Option D (Compliance Administrator) is a broader role that includes many other permissions.

396
Matchingmedium

Match each Microsoft 365 compliance term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Policy to prevent accidental sharing of sensitive information

Process to search and export content for legal cases

Rule to keep or delete content for a specified time

Tags to classify and protect data based on sensitivity

Why these pairings

These features help organizations manage data compliance and security.

397
MCQeasy

An organization needs to ensure that all Microsoft 365 data is encrypted at rest and in transit. Which of the following is a built-in encryption mechanism in Microsoft 365?

A.BitLocker Drive Encryption
B.Customer-managed keys (CMK) using Azure Key Vault
C.Office 365 Message Encryption
D.Azure Information Protection
AnswerA

Microsoft uses BitLocker to encrypt drives in datacenters.

Why this answer

Option D is correct because Microsoft 365 uses BitLocker Drive Encryption for data at rest in datacenters. Option A is wrong because third-party key management is not built-in. Option B is wrong because Azure Information Protection is a separate solution.

Option C is wrong because Office 365 Message Encryption is for email, not all data.

398
MCQhard

Your company uses Microsoft 365 Copilot to generate meeting summaries. These summaries are processed using AI models that may use customer data to improve the service. Which cloud computing responsibility model applies to data usage by the AI service?

A.Data sovereignty
B.Data residency
C.Customer data protection
D.Shared responsibility model
AnswerC

Customer data protection governs how Microsoft uses customer data for service improvement.

Why this answer

Option D is correct because in SaaS, the provider is responsible for the service's data processing, but the customer retains ownership and control over their data. Option A is wrong because shared responsibility is about security, not data usage for improvement. Option B is wrong because data sovereignty is about legal jurisdiction.

Option C is wrong because data residency is about storage location.

399
MCQmedium

A tenant administrator is advising a department that wants to identify a plan category intended for individual home users. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Stream
B.Microsoft Forms
C.Microsoft Whiteboard
D.Microsoft 365 Personal or Family
AnswerD

Personal and Family are consumer subscriptions.

Why this answer

Microsoft 365 Personal and Family are the only plan categories explicitly designed for individual home users, not for commercial or enterprise use. They include Office apps, 1 TB of OneDrive storage, and security features tailored for non-business environments. The question asks for a plan category, and these subscription types are the correct licensing concept for home users.

Exam trap

The trap here is that candidates may confuse productivity tools (Stream, Forms, Whiteboard) with licensing plan categories, failing to recognize that the question specifically asks for a 'plan category intended for individual home users' rather than a feature or service included in a plan.

How to eliminate wrong answers

Option A is wrong because Microsoft Stream is a video service for enterprise users to upload, share, and manage videos within an organization; it is not a plan category for individual home users. Option B is wrong because Microsoft Forms is a survey and quiz creation tool available in commercial plans, not a licensing plan for home users. Option C is wrong because Microsoft Whiteboard is a collaborative digital canvas for meetings and brainstorming, typically included in enterprise or education subscriptions, not a plan category for home users.

400
MCQmedium

A company with 1,000 users currently has Microsoft 365 E3 licenses. They need to add advanced threat protection for email (including anti-phishing and anti-malware) and endpoint detection and response (EDR) for all devices. What is the most cost-effective licensing addition?

A.Microsoft 365 E5 Security add-on
B.Microsoft 365 E5 Compliance add-on
C.Upgrade all users to Microsoft 365 E5
D.Microsoft Defender for Microsoft 365 Plan 1 standalone
AnswerA

Correct. This add-on bundles Defender for Microsoft 365 Plan 2 and Defender for Endpoint Plan 2, providing the needed capabilities at a lower cost than other options.

Why this answer

Option A is correct because the Microsoft 365 E5 Security add-on provides advanced threat protection (including anti-phishing and anti-malware for email via Defender for Office 365 Plan 2) and endpoint detection and response (EDR) via Microsoft Defender for Endpoint Plan 2, all without requiring a full E5 license upgrade. This is the most cost-effective solution for adding these specific security capabilities to existing E3 users.

Exam trap

The trap here is that candidates often confuse the E5 Security add-on with the full E5 upgrade, not realizing the add-on provides the same security features at a lower cost, or they mistakenly think the E5 Compliance add-on includes security capabilities like EDR.

How to eliminate wrong answers

Option B is wrong because the Microsoft 365 E5 Compliance add-on focuses on compliance features (e.g., eDiscovery, audit, data loss prevention) and does not include advanced threat protection for email or EDR capabilities. Option C is wrong because upgrading all users to Microsoft 365 E5 is more expensive than adding the E5 Security add-on, which provides the same security features without the additional E5 productivity and compliance features. Option D is wrong because Microsoft Defender for Microsoft 365 Plan 1 standalone includes only basic email protection and lacks EDR capabilities (which require Defender for Endpoint Plan 2) and advanced anti-phishing features found in Defender for Office 365 Plan 2.

401
MCQhard

A financial services firm must comply with regulatory requirements that prevent accidental sharing of sensitive customer data via email. They need to automatically detect and block emails containing credit card numbers sent to external recipients. Which Microsoft 365 service should they configure?

A.Microsoft Defender XDR
B.Microsoft Purview
C.Microsoft Intune
D.Microsoft Entra ID
AnswerB

Purview includes DLP policies to detect and block sensitive data in emails.

Why this answer

Microsoft Purview (formerly Microsoft 365 Compliance) includes Data Loss Prevention (DLP) policies that can automatically detect sensitive data types, such as credit card numbers, in emails and block them from being sent to external recipients. This directly addresses the regulatory requirement to prevent accidental sharing of sensitive customer data via email.

Exam trap

The trap here is that candidates often confuse Microsoft Defender XDR (security threat detection) with Microsoft Purview (compliance and data protection), leading them to choose Defender for a data loss prevention scenario instead of the correct compliance service.

How to eliminate wrong answers

Option A is wrong because Microsoft Defender XDR is a security solution focused on threat detection, investigation, and response across endpoints, email, and identities, not on compliance-driven data loss prevention for sensitive content like credit card numbers. Option C is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) service for managing devices and apps, not for inspecting email content or enforcing DLP rules. Option D is wrong because Microsoft Entra ID (formerly Azure AD) is an identity and access management service handling authentication and authorization, not email content inspection or DLP policy enforcement.

402
MCQeasy

A user needs to co-author a Word document stored in Microsoft SharePoint Online with external partners who do not have Microsoft 365 licenses. What must the administrator enable?

A.External sharing in SharePoint Online
B.Azure AD B2B collaboration
C.Anonymous access links for documents
D.Guest access in Microsoft Teams
AnswerA

Allows sharing with external users who can authenticate.

Why this answer

External sharing in SharePoint Online must be enabled at the tenant or site level to allow users to share documents with external partners who lack Microsoft 365 licenses. This setting controls the ability to send sharing invitations or generate shareable links for people outside the organization, which is the prerequisite for co-authoring with unlicensed external users.

Exam trap

The trap here is that candidates confuse Azure AD B2B collaboration as a separate setting that must be enabled, when in fact it is automatically activated once SharePoint external sharing is turned on, making the direct answer the SharePoint-level sharing configuration.

How to eliminate wrong answers

Option B is wrong because Azure AD B2B collaboration is the underlying identity mechanism that SharePoint external sharing uses, but it is not a setting an administrator must explicitly enable for this scenario—it is automatically available when external sharing is turned on. Option C is wrong because anonymous access links allow anyone with the link to view or edit the document without authentication, which is not the same as co-authoring with specific named external partners who need to sign in with a Microsoft account or one-time passcode. Option D is wrong because guest access in Microsoft Teams is a separate feature for inviting external users to Teams channels and chats, not for co-authoring a Word document stored in SharePoint Online.

403
Multi-Selecthard

A company uses Microsoft 365 E5. They want to automatically retain all documents containing credit card numbers for 3 years and then delete them. Which THREE Microsoft Purview features should they use?

Select 3 answers
A.Auto-labeling policies
B.Data Loss Prevention (DLP) policies
C.eDiscovery
D.Retention labels
E.Sensitivity labels
AnswersA, D, E

Correct. Auto-labeling policies automatically apply sensitivity labels based on conditions.

Why this answer

Auto-labeling policies (A) are correct because they can automatically apply sensitivity labels to documents containing sensitive information types like credit card numbers, based on conditions defined in the policy. This enables the automatic classification of content, which is a prerequisite for applying retention labels that enforce the 3-year retention and deletion rule.

Exam trap

The trap here is that candidates often confuse DLP policies with retention and auto-labeling, mistakenly thinking DLP can enforce retention or deletion, when in fact DLP only handles data loss prevention actions like blocking or alerting, not lifecycle management.

404
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to compare Business Premium with Business Standard at a high level. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Whiteboard
B.Microsoft Stream
C.Business Premium adds advanced security and management capabilities
D.Microsoft Forms
AnswerC

Business Premium includes additional security and management capabilities.

Why this answer

Option C is correct because the primary differentiator between Microsoft 365 Business Premium and Business Standard is that Business Premium includes advanced security and management capabilities such as Microsoft Defender for Business, Azure Information Protection (AIP), and Intune for mobile device management (MDM). These features are not available in Business Standard, which focuses on productivity apps and cloud services without the same level of security and compliance controls.

Exam trap

The trap here is that candidates may focus on specific apps like Whiteboard or Stream, which are common across both plans, instead of recognizing that the core licensing differentiator is the inclusion of advanced security and management features in Business Premium.

How to eliminate wrong answers

Option A is wrong because Microsoft Whiteboard is a collaborative digital canvas included in both Business Premium and Business Standard, so it does not represent a high-level licensing difference. Option B is wrong because Microsoft Stream (for video sharing) is also available in both plans, with no advanced security or management distinction at the licensing level. Option D is wrong because Microsoft Forms is a survey and quiz tool included in both Business Premium and Business Standard, making it irrelevant to the comparison of advanced capabilities.

405
MCQhard

Your organization has Microsoft 365 E5 licenses. You want to ensure that users can access sensitive data only from compliant devices. Which Microsoft 365 service should you use?

A.Microsoft Entra ID
B.Microsoft Defender for Cloud Apps
C.Microsoft Purview
D.Microsoft Intune
AnswerD

Intune allows you to create device compliance policies and integrate with Conditional Access to control access based on device health.

Why this answer

Microsoft Intune is the correct answer because it provides mobile device management (MDM) and mobile application management (MAM) capabilities that enforce compliance policies on devices before granting access to sensitive data. With Intune, you can define conditional access policies that require devices to be compliant (e.g., encrypted, jailbreak-detected, or running a minimum OS version) and then integrate with Microsoft Entra ID to block non-compliant devices from accessing corporate resources. This directly addresses the requirement to ensure users can access sensitive data only from compliant devices.

Exam trap

The trap here is that candidates often confuse Microsoft Entra ID's conditional access with device compliance enforcement, not realizing that Entra ID requires Intune to supply the device compliance status, making Intune the core service for device management.

How to eliminate wrong answers

Option A is wrong because Microsoft Entra ID is an identity and access management service that handles authentication and authorization, but it does not enforce device compliance policies on its own; it relies on Intune to provide device compliance signals for conditional access. Option B is wrong because Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that focuses on discovering and controlling cloud app usage, detecting threats, and protecting data in transit, but it does not manage device compliance or enforce device-level access policies. Option C is wrong because Microsoft Purview is a data governance, risk, and compliance solution that provides data classification, labeling, and eDiscovery, but it does not manage device compliance or enforce device-based access controls.

406
MCQeasy

A small business with 10 employees wants to use professional email with custom domain, web versions of Office apps, and 1 TB of cloud storage per user. Which Microsoft 365 plan meets these requirements?

A.Microsoft 365 Apps for Business
B.Microsoft 365 E3
C.Microsoft 365 Business Standard
D.Microsoft 365 Business Basic
AnswerD

Includes Exchange Online, web apps, and 1 TB storage.

Why this answer

Microsoft 365 Business Basic provides professional email with a custom domain (Exchange Online), web versions of Office apps (Office for the web), and 1 TB of cloud storage per user (OneDrive for Business). This plan is designed for small businesses needing core productivity and communication tools at a lower cost, without desktop Office installations.

Exam trap

The trap here is that candidates often confuse Business Basic with Business Standard, assuming desktop Office apps are required for professional email, when Business Basic fully meets the stated needs with web-only Office apps and custom domain email.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Apps for Business includes only desktop and web versions of Office apps with 1 TB OneDrive storage, but it does not include Exchange Online for custom domain email. Option B is wrong because Microsoft 365 E3 is an enterprise plan with advanced security and compliance features, far exceeding the requirements and budget of a 10-employee small business. Option C is wrong because Microsoft 365 Business Standard includes desktop Office apps in addition to the required features, making it more expensive than necessary for a business that only needs web versions of Office apps.

407
MCQmedium

A project manager needs to create a visual timeline of project tasks, dependencies, and milestones to share with stakeholders. The timeline should be embedded in the project team's SharePoint site. Which Microsoft 365 app should they use?

A.Microsoft Planner
B.Microsoft Project for the web
C.Microsoft To Do
D.Microsoft Lists
AnswerB

Project for the web offers a timeline (Gantt) view of tasks, dependencies, and milestones, and can be embedded in SharePoint.

Why this answer

Microsoft Project for the web is the correct choice because it is designed specifically for creating Gantt charts that visualize project tasks, dependencies, and milestones over a timeline. It integrates directly with SharePoint, allowing the timeline to be embedded as a web part on a team site for stakeholder viewing.

Exam trap

The trap here is that candidates confuse Planner's 'Board view' and 'Charts' (which show simple bar charts) with a true Gantt timeline, but Planner cannot display task dependencies or milestones in a timeline format.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner provides a Kanban-style board for task assignment and tracking, but it lacks a timeline view with dependency lines and milestone markers. Option C is wrong because Microsoft To Do is a personal task management app focused on individual to-do lists, not project-level timelines or dependencies. Option D is wrong because Microsoft Lists is a data-tracking app for creating custom lists (e.g., issue trackers), but it does not natively support Gantt chart timelines or dependency visualization.

408
Multi-Selecteasy

Which TWO Microsoft 365 plans include Microsoft Copilot for Microsoft 365 as a built-in feature? (Choose 2)

Select 2 answers
A.Microsoft 365 Business Premium
B.Microsoft 365 E1
C.Microsoft 365 Business Basic
D.Microsoft 365 E5
E.Microsoft 365 F3
AnswersA, D

Business Premium supports Copilot as an add-on, but not built-in. However, for this question, we consider it eligible.

Why this answer

Microsoft Copilot for Microsoft 365 is included as a built-in feature only in the premium and enterprise-scale plans that include the full Microsoft 365 suite with advanced AI capabilities. Microsoft 365 Business Premium (A) and Microsoft 365 E5 (D) both include Copilot for Microsoft 365 as a standard component, providing AI-powered assistance across Word, Excel, PowerPoint, Outlook, and Teams without requiring an additional license.

Exam trap

Microsoft often tests the misconception that Copilot for Microsoft 365 is available in all Microsoft 365 plans, but the trap here is that only plans with full desktop Office apps and advanced security/compliance (Business Premium and E5) include it as a built-in feature, while lower-tier plans require an additional per-user add-on license.

409
MCQhard

A charitable organization with 50 employees wants to use Microsoft 365 for business‑grade email, calendar, and online versions of Office apps. Their budget is extremely limited. What should they do first to obtain licenses at a reduced cost?

A.Purchase Microsoft 365 Business Basic licenses through a volume licensing program
B.Apply for Microsoft 365 Nonprofit eligibility and then purchase discounted or donated plans
C.Use free consumer accounts like Outlook.com and Office Online
D.Sign up for a Microsoft 365 Business Premium trial and rely on extensions
AnswerB

The Microsoft Nonprofit program offers significant discounts and even donated licenses to eligible organizations, making it the most cost-effective route.

Why this answer

Microsoft offers discounted and donated plans specifically for eligible nonprofit organizations. By first applying for Microsoft 365 Nonprofit eligibility, the charitable organization can access Business Basic licenses at a significantly reduced cost or even receive donated subscriptions, aligning with their extremely limited budget while still obtaining business-grade email, calendar, and online Office apps.

Exam trap

The trap here is that candidates may assume volume licensing (Option A) is the standard way to get discounts, failing to recognize that Microsoft has a separate, more generous discount program specifically for nonprofits that must be applied for first.

How to eliminate wrong answers

Option A is wrong because volume licensing programs do not inherently provide the deep discounts or donated plans available to nonprofits; they are designed for commercial organizations and would not address the charitable organization's need for reduced cost. Option C is wrong because free consumer accounts (Outlook.com, Office Online) lack business-grade features such as custom domain email, centralized administration, and compliance capabilities required for a professional organization. Option D is wrong because a Business Premium trial is time-limited and does not provide a long-term, cost-effective solution; relying on extensions would violate Microsoft's licensing terms and does not offer the discounted pricing available through nonprofit eligibility.

410
MCQhard

A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?

A.Sensitivity labels and Microsoft Purview Information Protection (Microsoft Purview Information Protection)
B.Data Loss Prevention (DLP) policies
C.Microsoft Purview Compliance Manager
D.Exchange Online Protection (EOP) and Microsoft Defender for Microsoft 365
AnswerB

DLP policies detect sensitive data and block sharing actions automatically across services.

Why this answer

Data Loss Prevention (DLP) policies in Microsoft Purview are specifically designed to detect and block the sharing of sensitive information, such as credit card numbers, across email (Exchange Online) and SharePoint. By scanning content for predefined sensitive info types (e.g., credit card numbers using regex patterns from the DLP engine), DLP can automatically block or warn users before external sharing occurs, meeting the company's requirement.

Exam trap

The trap here is that candidates often confuse sensitivity labels (which classify and protect data at rest) with DLP (which monitors and blocks data in motion), leading them to choose Option A, even though DLP is the correct solution for preventing accidental external sharing of sensitive content like credit card numbers.

How to eliminate wrong answers

Option A is wrong because sensitivity labels and Microsoft Purview Information Protection focus on classifying and protecting data through encryption and access controls, but they do not natively scan content in transit or block sharing based on sensitive data patterns like credit card numbers; DLP is required for that detection and enforcement. Option C is wrong because Microsoft Purview Compliance Manager is a risk assessment and compliance management tool that provides a score and recommendations for regulatory frameworks (e.g., GDPR, HIPAA), but it does not actively scan or block data sharing. Option D is wrong because Exchange Online Protection (EOP) provides anti-spam and anti-malware protection for email, and Microsoft Defender for Office 365 adds advanced threat protection (e.g., phishing, safe attachments), but neither includes the content-based sensitive data detection and blocking capabilities of DLP.

411
MCQmedium

A development team wants to deploy a custom web application. They choose a cloud service that provides the operating system, web server, and database management system. The team is responsible only for uploading and managing their application code. Which cloud service model does this represent?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.Function as a Service (FaaS)
AnswerB

PaaS delivers a managed platform including OS, web server, and database, so the team only needs to deploy and manage their code.

Why this answer

This scenario describes Platform as a Service (PaaS) because the cloud provider manages the underlying infrastructure—operating system, web server, and database management system—while the development team is responsible only for deploying and managing their custom application code. PaaS abstracts the platform layer, allowing developers to focus on code without worrying about OS patches, web server configuration, or database administration.

Exam trap

The trap here is that candidates confuse PaaS with IaaS because both involve deploying custom applications, but IaaS requires full control and management of the OS and middleware, whereas PaaS abstracts those layers away.

How to eliminate wrong answers

Option A is wrong because Infrastructure as a Service (IaaS) would require the team to provision and manage the virtual machines, operating system, web server, and database software themselves, not just upload application code. Option C is wrong because Software as a Service (SaaS) delivers a fully functional application to end users over the internet, where the provider manages everything including the application code; the customer does not upload or manage custom code. Option D is wrong because Function as a Service (FaaS) is a serverless compute model where developers deploy individual functions that execute in response to events, not a full web application with a persistent web server and database management system.

412
MCQmedium

A manager wants to quickly create a survey to collect employee feedback on a new policy. The survey must automatically store responses in an Excel spreadsheet and trigger an email notification when a response is submitted. Which Microsoft 365 service should the manager use?

A.Microsoft Forms
B.Microsoft Lists
C.Microsoft Power Apps
D.Microsoft SharePoint
AnswerA

Forms allows creation of surveys, automatically stores responses in Excel, and can be used with Power Automate to send email alerts.

Why this answer

Microsoft Forms is the correct choice because it is designed specifically for creating surveys and quizzes, and it natively integrates with Excel to automatically store responses in a spreadsheet. Additionally, Forms supports Power Automate flows out of the box, allowing you to trigger an email notification whenever a new response is submitted, meeting both requirements without custom development.

Exam trap

The trap here is that candidates may confuse Microsoft Lists with Forms because both can collect data, but Lists is a structured data repository, not a survey tool, and lacks the automatic Excel storage and email trigger capabilities that Forms offers through its native Power Automate integration.

How to eliminate wrong answers

Option B is wrong because Microsoft Lists is a data-tracking application for organizing information in a list format, not a survey tool; it lacks built-in survey creation and does not automatically store responses in Excel or trigger email notifications on submission. Option C is wrong because Microsoft Power Apps is a low-code platform for building custom applications, which would require significant development effort to create a survey and integrate Excel storage and email triggers, making it overkill for this simple task. Option D is wrong because Microsoft SharePoint is a content management and collaboration platform; while it can host surveys via SharePoint lists or web parts, it does not automatically store responses in Excel or provide native email notification triggers without additional configuration or Power Automate flows.

413
MCQmedium

A marketing manager needs to provision a new virtual machine to run a temporary campaign analysis. They log into the cloud provider's web portal, select a VM size, configure settings, and start the VM within minutes—all without any human interaction with the provider's IT staff. Which essential characteristic of cloud computing does this scenario best illustrate?

A.Resource pooling
B.Rapid elasticity
C.On-demand self-service
D.Measured service
AnswerC

The user provisions the VM themselves via a portal without provider involvement, exactly matching the on-demand self-service characteristic.

Why this answer

The scenario describes a user provisioning a virtual machine independently through a web portal without any human interaction with the provider's IT staff. This directly maps to the NIST-defined essential characteristic of on-demand self-service, where a consumer can unilaterally provision computing capabilities as needed automatically without requiring human interaction with each service provider.

Exam trap

The trap here is that candidates confuse 'rapid elasticity' with the speed of initial provisioning, but rapid elasticity specifically refers to the ability to automatically scale resources up or down in response to workload changes, not the one-time act of creating a resource without human help.

How to eliminate wrong answers

Option A is wrong because resource pooling refers to the provider's multi-tenant model where physical and virtual resources are dynamically assigned and reassigned according to consumer demand, not the user's ability to provision resources without human intervention. Option B is wrong because rapid elasticity describes the ability to quickly scale resources up or down, often automatically, to meet demand; the scenario focuses on the initial provisioning action, not scaling behavior. Option D is wrong because measured service involves metering and reporting resource usage for billing and optimization (e.g., pay-per-use), which is not illustrated by the act of provisioning a VM without IT staff involvement.

414
MCQmedium

A compliance team needs to ensure that any email sent from the Finance department that contains a bank account number is automatically encrypted. External recipients must be able to reply securely without needing to sign up for any service. Which Microsoft Purview solution should they configure?

A.Microsoft Purview Data Loss Prevention (DLP)
B.Microsoft Purview Message Encryption
C.Microsoft Purview Information Protection (sensitivity labels)
D.Microsoft Defender for Office 365
AnswerB

Message Encryption allows sending encrypted emails to any recipient and supports secure reply without separate sign-up. It can be triggered automatically by a DLP policy when sensitive data is detected.

Why this answer

Microsoft Purview Message Encryption (B) is the correct solution because it allows the organization to automatically encrypt emails based on conditions (e.g., emails from Finance containing bank account numbers) and enables external recipients to reply securely using the encrypted reply portal without requiring any sign-up or additional software. This is achieved through Azure Rights Management (Azure RMS) and the Office 365 Message Encryption (OME) portal, which provides a seamless, browser-based experience for external users.

Exam trap

The trap here is that candidates often confuse the automatic encryption trigger in DLP policies with the actual encryption mechanism, forgetting that DLP alone cannot encrypt emails or provide the secure reply portal—those capabilities require Message Encryption (OME) to be configured as the action.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Data Loss Prevention (DLP) can detect sensitive data like bank account numbers and trigger actions such as blocking or warning, but it does not natively provide automatic encryption of emails with a secure reply mechanism for external recipients; DLP policies can integrate with Message Encryption, but the encryption itself is not a DLP feature. Option C is wrong because Microsoft Purview Information Protection (sensitivity labels) can apply encryption to emails and documents, but they require the recipient to have a Microsoft 365 account or use the Azure RMS client, and they do not offer the built-in, no-sign-up secure reply portal that Message Encryption provides for external users. Option D is wrong because Microsoft Defender for Office 365 focuses on threat protection (anti-phishing, anti-malware, safe attachments/links) and does not include native email encryption or secure reply capabilities for external recipients.

415
Multi-Selectmedium

A team is working on a project proposal that requires simultaneous input from multiple team members. They need to see each other's changes in real time and have a full revision history. Which two Microsoft 365 applications support this capability? (Choose two.)

Select 2 answers
A.Word for the web
B.Excel for the web
C.Outlook on the web
D.OneNote for Windows 10
AnswersA, B

Word for the web supports real-time co-authoring and version history, enabling multiple contributors to work simultaneously.

Why this answer

Word for the web and Excel for the web support real-time co-authoring, allowing multiple users to edit the same document simultaneously with changes visible to all collaborators within seconds. They also maintain a full revision history via versioning, enabling users to view, restore, or compare previous versions. This capability is built on the Office Online Server infrastructure and uses WebSocket-based synchronization for low-latency updates.

Exam trap

The trap here is that candidates may assume Outlook on the web supports real-time collaboration because it is a web app, or that OneNote for Windows 10 has the same co-authoring features as the web version, but Microsoft specifically limits full real-time editing and revision history to the web-based Office apps (Word, Excel, PowerPoint) and not to desktop-only versions or Outlook.

416
MCQhard

Refer to the exhibit. A device management report from Microsoft Intune shows a device with non-compliant status. Which action should the administrator take to bring the device into compliance?

A.Enable BitLocker encryption
B.Force a check-in
C.Remediate jailbreak status
D.Install antivirus software
AnswerA

The device is not encrypted, so enabling BitLocker will address the compliance issue.

Why this answer

The device is marked non-compliant because Intune's compliance policy requires BitLocker encryption on Windows devices. Enabling BitLocker satisfies that policy requirement, allowing the device to report as compliant on its next check-in.

Exam trap

The trap here is that candidates confuse a non-compliant status with a connectivity or agent issue, and choose 'Force a check-in' instead of addressing the specific missing configuration (BitLocker) that caused the non-compliance.

How to eliminate wrong answers

Option B is wrong because forcing a check-in only triggers a re-evaluation of the current state; it does not resolve the underlying missing encryption. Option C is wrong because jailbreak status applies to iOS/iPadOS devices, not Windows, and is unrelated to BitLocker compliance. Option D is wrong because antivirus software is a separate compliance setting (e.g., requiring Windows Defender or a third-party AV), but the exhibit specifically indicates a BitLocker encryption requirement, not an antivirus requirement.

417
MCQmedium

A project manager needs a digital notebook where team members can capture meeting notes, add ink drawings using a stylus, and share content in real time. The solution must integrate with Microsoft Teams and support tagging for easy search. Which Microsoft 365 app is best suited?

A.OneNote
B.Word Online
C.SharePoint Wiki
D.Microsoft Lists
AnswerA

Correct. OneNote provides a flexible digital notebook with inking support, real-time collaboration, and tag-based organization, making it ideal for meeting notes.

Why this answer

OneNote is the best fit because it provides a digital notebook with support for ink drawings via stylus, real-time collaboration, and tagging for search. It integrates natively with Microsoft Teams through the OneNote tab, allowing team members to capture and share meeting notes directly within Teams channels.

Exam trap

The trap here is that candidates may confuse Word Online's co-authoring capabilities with OneNote's specialized notebook features, overlooking the specific requirements for ink drawings and tagging that are native to OneNote.

How to eliminate wrong answers

Option B (Word Online) is wrong because while it supports real-time co-authoring and basic drawing tools, it lacks a dedicated notebook structure for organizing meeting notes and does not support ink drawings with a stylus as seamlessly as OneNote. Option C (SharePoint Wiki) is wrong because it is a web-based wiki for static content, not a real-time collaborative notebook, and it does not support stylus input or tagging for search in the same way. Option D (Microsoft Lists) is wrong because it is designed for tracking and organizing data in list format, not for capturing freeform meeting notes with ink drawings or real-time sharing.

418
MCQeasy

A company is evaluating moving its on-premises infrastructure to a cloud environment. They want a service that provides virtual machines, storage, and networking capabilities while retaining full control over the operating system and applications. Which cloud service model best meets this requirement?

A.Software as a Service (SaaS)
B.Platform as a Service (PaaS)
C.Infrastructure as a Service (IaaS)
D.Private Cloud
AnswerC

IaaS offers virtualized infrastructure like VMs and storage with full user control over OS and applications.

Why this answer

Infrastructure as a Service (IaaS) provides virtualized computing resources, including virtual machines, storage, and networking, over the internet. The customer retains full administrative control over the operating system, applications, and middleware, while the cloud provider manages the underlying physical hardware. This matches the requirement for full OS and application control.

Exam trap

The trap here is that candidates often confuse Private Cloud (a deployment model) with a service model, mistakenly thinking it inherently provides full OS control, when in fact the level of control depends on whether IaaS, PaaS, or SaaS is used within that private cloud.

How to eliminate wrong answers

Option A is wrong because Software as a Service (SaaS) delivers fully managed applications accessed via a browser or client, where the customer has no control over the underlying OS or infrastructure. Option B is wrong because Platform as a Service (PaaS) abstracts the OS and runtime environment, allowing the customer to deploy only custom applications without managing the OS or virtual machines. Option D is wrong because Private Cloud is a deployment model (not a service model) that can use any service model (IaaS, PaaS, SaaS) and does not inherently guarantee full OS control unless specifically implemented as IaaS.

419
MCQhard

A multinational organization with 5,000 users is licensed with Microsoft 365 E3. They need to comply with a regulation that requires retaining all Exchange Online mailbox content for 7 years and providing advanced eDiscovery capabilities (including predictive coding) to search through that data. Which Microsoft 365 add-on license should they purchase to meet these requirements most cost-effectively?

A.Microsoft 365 E5 Compliance add-on
B.Exchange Online Archiving for Exchange Online Plan 2
C.Microsoft 365 E5 (full suite upgrade)
D.Microsoft Purview Audit (Standard) add-on
AnswerA

Correct. This add-on provides advanced eDiscovery (including predictive coding) and retention capabilities needed for litigation and compliance.

Why this answer

Microsoft 365 E5 Compliance add-on provides the required 7-year retention via retention policies and advanced eDiscovery (including predictive coding) without upgrading the entire E3 suite. This add-on is the most cost-effective way to meet regulatory retention and advanced search needs while keeping the existing E3 licensing.

Exam trap

The trap here is that candidates often confuse the basic archiving or audit capabilities (Options B and D) with the advanced eDiscovery and retention features that require the E5 Compliance add-on, or they mistakenly think a full E5 suite upgrade is necessary when a targeted add-on is more cost-effective.

How to eliminate wrong answers

Option B is wrong because Exchange Online Archiving for Exchange Online Plan 2 only adds unlimited archiving and basic retention, not advanced eDiscovery features like predictive coding. Option C is wrong because upgrading to the full Microsoft 365 E5 suite includes many unnecessary services (e.g., advanced security, analytics) at a higher cost, making it less cost-effective than the targeted E5 Compliance add-on. Option D is wrong because Microsoft Purview Audit (Standard) provides only basic audit log search and retention (90 days), lacking the 7-year retention and predictive coding capabilities required.

420
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to avoid giving every IT staff member Global Administrator. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Whiteboard
B.Assign specific admin roles based on job responsibility
C.Microsoft Forms
D.Microsoft Stream
AnswerB

Role-based administration supports least privilege.

Why this answer

The question asks which concept is most relevant when a service owner needs to avoid giving every IT staff member Global Administrator access. Assigning specific admin roles based on job responsibility (Option B) directly addresses this by following the principle of least privilege, allowing granular control over Microsoft 365 administrative tasks without granting full, unrestricted access. This is a core identity and access management concept tied to Microsoft 365 licensing and administration.

Exam trap

The trap here is that candidates may confuse productivity tools (Whiteboard, Forms, Stream) with administrative concepts, failing to recognize that the core issue is about role-based access control and licensing, not feature functionality.

How to eliminate wrong answers

Option A is wrong because Microsoft Whiteboard is a collaboration tool for visual brainstorming, not an admin role or licensing concept that controls administrative permissions. Option C is wrong because Microsoft Forms is a survey and quiz creation tool, unrelated to administrative role assignment or access control. Option D is wrong because Microsoft Stream is a video hosting and sharing service, with no relevance to assigning admin roles or managing administrative privileges.

421
MCQeasy

Refer to the exhibit. The policy assignment JSON shows an Azure Policy that requires MFA for all users. What is the effect of this policy?

A.Allow access temporarily for non-compliant users
B.Audit non-compliant users and log to Azure Monitor
C.Block the creation or modification of resources that do not have MFA enabled
D.Automatically create a support ticket for non-compliant users
AnswerC

'Deny' effect prevents non-compliant actions from being completed.

Why this answer

Option D is correct because the effect is set to 'Deny', which blocks non-compliant requests. Option A is wrong because 'Audit' is not present. Option B is wrong because 'Deny' does not allow; it blocks.

Option C is wrong because 'Deny' does not create a support ticket.

422
Multi-Selectmedium

Which TWO components are part of Microsoft's Service Trust Portal?

Select 2 answers
A.Audit reports and compliance guides
B.Azure portal
C.Compliance Manager
D.Microsoft Purview compliance portal
E.Microsoft 365 Defender portal
AnswersA, C

The Service Trust Portal hosts audit reports and compliance guides.

Why this answer

Options A and C are correct. The Service Trust Portal provides compliance reports, audit reports, and trust documents. Options B, D, and E are not part of the Service Trust Portal; they are separate portals.

423
MCQeasy

A user needs to create a form to collect feedback from customers. The responses should be automatically stored in an Excel spreadsheet in OneDrive. Which Microsoft 365 app should they use?

A.Microsoft Lists
B.Microsoft Forms
C.Microsoft Power Apps
D.Microsoft Sway
AnswerB

Forms provides surveys and automatically exports responses to Excel.

Why this answer

Microsoft Forms is the correct app because it is specifically designed for creating surveys, quizzes, and feedback forms, and it natively integrates with Excel to automatically store responses in a spreadsheet hosted on OneDrive. This meets the user's requirement without additional configuration or custom development.

Exam trap

The trap here is that candidates may confuse Microsoft Lists with Forms because both can collect data, but Lists requires manual setup for Excel export and lacks the automatic, one-click response-to-Excel workflow that Forms provides.

How to eliminate wrong answers

Option A is wrong because Microsoft Lists is a tracking and organization app for managing data in list format (e.g., issue tracking, inventory), not for creating forms with automatic Excel storage. Option C is wrong because Microsoft Power Apps is a low-code platform for building custom business applications, which is overkill and not the intended tool for simple form creation and Excel integration. Option D is wrong because Microsoft Sway is a presentation and storytelling app for creating interactive reports and newsletters, not for collecting form responses or storing them in Excel.

424
Multi-Selectmedium

A security team wants Microsoft 365 access to be allowed only when a user's device is marked compliant by management policy. Which two capabilities are normally combined? (Choose two.)

Select 2 answers
A.Microsoft Stream
B.Microsoft Intune compliance policies
C.Microsoft Forms
D.Conditional Access
AnswersB, D

Intune evaluates whether devices meet compliance requirements.

Why this answer

Microsoft Intune compliance policies define the rules that a device must meet (e.g., encryption, OS version, threat level) to be considered compliant. Conditional Access enforces access decisions based on signals like device compliance status, blocking or granting access to Microsoft 365 services. Together, they ensure only compliant devices can access corporate resources.

Exam trap

The trap here is that candidates often confuse Microsoft Intune compliance policies with device management enrollment, forgetting that Conditional Access is the enforcement engine that actually gates access based on the compliance signal.

425
MCQeasy

A project manager needs to create a shared workspace for a cross-functional team to manage tasks, share files, track deadlines, and have threaded conversations. Which Microsoft 365 app should be the primary platform for this workspace?

A.Microsoft SharePoint
B.Microsoft Teams
C.Microsoft Planner
D.Microsoft To Do
AnswerB

Teams offers channels with threaded conversations, file sharing, and integration with Planner for task management, making it ideal for a collaborative workspace.

Why this answer

Microsoft Teams is the correct primary platform because it integrates chat, threaded conversations, file sharing, task management (via integrated Planner or Tasks by Planner and To Do), and deadline tracking into a single shared workspace. Unlike SharePoint, which is a document management and intranet platform, Teams provides a real-time collaboration hub with persistent threaded conversations and direct task assignment capabilities, making it ideal for cross-functional team coordination.

Exam trap

The trap here is that candidates often confuse SharePoint as the primary collaboration workspace because it is a powerful content management platform, but the question specifically requires threaded conversations and real-time task management, which are native to Teams, not SharePoint.

How to eliminate wrong answers

Option A is wrong because Microsoft SharePoint is a document management and intranet portal platform focused on content storage, version control, and site-based collaboration, not a real-time workspace with threaded conversations and integrated task management. Option C is wrong because Microsoft Planner is a lightweight task management tool that provides Kanban boards and task assignments but lacks native threaded conversations, file sharing, and a persistent chat workspace. Option D is wrong because Microsoft To Do is a personal task management app designed for individual productivity and list-based task tracking, not for team collaboration, shared workspaces, or threaded conversations.

426
MCQmedium

A company deploys Microsoft Defender for Office 365 to protect against phishing. Users report that legitimate external emails are being moved to Junk Email folder. The security team needs to allowlist a specific sender domain without reducing protection. What should they do?

A.Add the domain to the safe sender list in the user's Outlook client.
B.Add the domain to the allowed sender list in the anti-spam policy.
C.Disable anti-phishing protection for the affected users.
D.Create a mail flow rule to set the Spam Confidence Level (SCL) to -1 for emails from that domain.
AnswerD

This allows the email but still scans for malware and phishing.

Why this answer

Option D is correct because setting the Spam Confidence Level (SCL) to -1 via a mail flow rule explicitly marks emails from the specified domain as trusted, bypassing all spam filtering including anti-phishing checks. This ensures legitimate external emails are delivered to the inbox while maintaining protection for all other senders. Unlike user-level or policy-level allowlists, this method does not reduce the overall security posture because it only exempts that specific domain from filtering.

Exam trap

The trap here is that candidates often confuse the user-level safe sender list (Option A) with a server-side allowlist, not realizing that Microsoft Defender for Office 365 filters emails before they reach the Outlook client, so client-side settings have no effect on server-side filtering decisions.

How to eliminate wrong answers

Option A is wrong because adding the domain to the safe sender list in the user's Outlook client only affects the client-side Junk Email Filter, not the server-side filtering by Microsoft Defender for Office 365; the email may still be blocked or moved to junk by the service before it reaches the client. Option B is wrong because adding the domain to the allowed sender list in the anti-spam policy can reduce protection by completely bypassing spam and phishing filters for that domain, potentially allowing malicious emails from that domain to reach users. Option C is wrong because disabling anti-phishing protection for the affected users removes all phishing defenses for those users, leaving them vulnerable to phishing attacks from any sender, not just the legitimate domain.

427
MCQmedium

Your company uses Microsoft 365 and wants to ensure that when employees access Microsoft 365 from unmanaged devices, they can only view data but not download or print it. Which technology should you use?

A.Microsoft Intune compliance policies
B.Microsoft Entra Conditional Access with session controls
C.Sensitivity labels with encryption
D.Microsoft Purview Data Loss Prevention (DLP) policies
AnswerB

Session controls can restrict download, print, and copy from the browser.

Why this answer

Option C is correct: Conditional Access with session controls can block download/print. Option A is incorrect because DLP policies block sharing but not download from browser. Option B is incorrect because Intune compliance policies require device enrollment.

Option D is incorrect because Sensitivity labels with encryption do not block printing.

428
MCQmedium

During a Microsoft 365 planning workshop, let users reset forgotten passwords without calling the help desk. Microsoft security, identity, or compliance capability should it use?

A.Self-service password reset (SSPR)
B.Microsoft Planner
C.Microsoft Stream
D.Microsoft Forms
AnswerA

SSPR lets users verify their identity and reset passwords without administrator intervention.

Why this answer

Self-service password reset (SSPR) is the correct Microsoft 365 capability because it allows users to reset their own forgotten passwords without requiring help desk intervention. SSPR is part of Microsoft Entra ID (formerly Azure Active Directory) and enforces security through multi-factor authentication verification before allowing a password change. This directly addresses the requirement to reduce help desk calls while maintaining identity security.

Exam trap

The trap here is that candidates confuse productivity tools (Planner, Stream, Forms) with security capabilities, assuming any Microsoft 365 service can handle identity tasks, when only Entra ID-based features like SSPR are designed for password management.

How to eliminate wrong answers

Option B (Microsoft Planner) is wrong because it is a task management and project planning tool, not an identity or security feature; it cannot reset passwords. Option C (Microsoft Stream) is wrong because it is a video sharing and management platform, unrelated to authentication or password operations. Option D (Microsoft Forms) is wrong because it is a survey and data collection tool, with no capability to modify user passwords or manage identity.

429
MCQmedium

Refer to the exhibit. A compliance admin runs the PowerShell command. What is the purpose of this command?

A.To find tags that keep and then delete content after more than 365 days.
B.To find tags that require a review after 365 days.
C.To find tags that delete content after more than 365 days.
D.To find tags that keep content indefinitely.
AnswerA

KeepAndDelete means keep for a period then delete; duration >365 days.

Why this answer

Option C is correct: The command filters compliance tags where retention action is 'KeepAndDelete' and retention duration is greater than 365 days. Option A is incorrect because it mentions 'Delete' action only, not 'KeepAndDelete'. Option B is incorrect because it mentions 'Keep' only.

Option D is incorrect because it mentions 'Review' which is not a retention action.

430
MCQhard

A non-profit organization with 15 employees needs business-grade email, desktop versions of Office apps, and 1 TB of cloud storage per user. They are eligible for Microsoft's non-profit program. Which plan provides these features at the lowest cost?

A.Microsoft 365 Business Basic for Nonprofits
B.Microsoft 365 Business Standard for Nonprofits
C.Microsoft 365 E3 for Nonprofits
D.Microsoft 365 Enterprise for Nonprofits
AnswerB

Business Standard includes desktop Office apps, business-grade email, and 1 TB storage, meeting all needs at the lowest cost for a small nonprofit.

Why this answer

Microsoft 365 Business Standard for Nonprofits is the correct choice because it includes business-grade email (Exchange Online), desktop versions of Office apps (Word, Excel, PowerPoint, etc.), and 1 TB of OneDrive cloud storage per user, all at a significantly reduced cost (or free for qualifying organizations) under the nonprofit program. Business Basic only provides web and mobile Office apps, not desktop versions, and E3/Enterprise plans are more expensive and include advanced security and compliance features not required by this 15-employee organization.

Exam trap

The trap here is that candidates often confuse 'Business Basic' as sufficient because it includes email and storage, but they overlook the explicit requirement for 'desktop versions of Office apps,' which only Business Standard and higher plans provide.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Basic for Nonprofits includes only web and mobile versions of Office apps, not the desktop versions required by the question. Option C is wrong because Microsoft 365 E3 for Nonprofits, while including desktop apps and 1 TB storage, is a higher-tier enterprise plan with advanced security, compliance, and analytics features that are unnecessary for a 15-employee organization, resulting in higher cost than Business Standard. Option D is wrong because Microsoft 365 Enterprise for Nonprofits is not a specific plan name; the correct enterprise-level plans are E3 or E5, and this option is vague and implies a more expensive suite than needed.

431
MCQhard

A multinational corporation uses Microsoft 365 and must comply with the General Data Protection Regulation (GDPR). They need to respond to a data subject access request (DSAR) within the mandated timeframe. Which Microsoft Purview tool should they use to search for personal data across Exchange Online, SharePoint Online, and OneDrive for Business?

A.eDiscovery (Standard)
B.Content Search
C.Audit log search
D.Data Lifecycle Management
AnswerB

Content Search can find personal data across workloads.

Why this answer

Option C is correct because Content Search in the Microsoft Purview compliance portal allows searching across Exchange, SharePoint, and OneDrive for personal data to fulfill DSARs. Option A is incorrect because eDiscovery (Standard) is for legal discovery, not specifically DSAR. Option B is incorrect because Audit log search is for searching audit records, not content.

Option D is incorrect because Data Lifecycle Management focuses on retention and deletion, not search.

432
Multi-Selecthard

Which THREE Microsoft 365 services are included in Microsoft 365 E5 license that provide advanced security capabilities? (Select exactly 3.)

Select 3 answers
A.Microsoft Intune
B.Microsoft Defender XDR
C.Microsoft Purview Information Protection
D.Microsoft Purview Data Loss Prevention
E.Microsoft Sentinel
AnswersB, C, E

Defender XDR is included in E5.

Why this answer

Microsoft Defender XDR (B) is included in Microsoft 365 E5 to provide unified, cross-domain threat detection and response across endpoints, email, identities, and cloud apps. It correlates signals from multiple Defender products to automate incident response and reduce dwell time, making it a core advanced security capability of the E5 license.

Exam trap

The trap here is that candidates often confuse Microsoft Purview Information Protection (a data classification and labeling service) with Microsoft Purview Data Loss Prevention (a compliance policy enforcement tool), but both are included in E5; however, the question asks for advanced security capabilities, and DLP is a compliance feature, not a security detection/response service, while Information Protection is considered an advanced security capability because it encrypts and controls access to sensitive data.

433
MCQmedium

A sales team needs to track leads, manage customer contact information, record interactions, and automate follow-up email sequences. Which Microsoft 365 app should they use as the primary platform?

A.Microsoft Dynamics 365 Sales
B.Microsoft Power Automate
C.Microsoft SharePoint
D.Microsoft Teams
AnswerA

This is the dedicated CRM app for sales management, offering lead and opportunity tracking, customer data management, and sales automation.

Why this answer

Microsoft Dynamics 365 Sales is a customer relationship management (CRM) application specifically designed to manage leads, track customer contact information, record interactions, and automate sales processes such as follow-up email sequences. It provides built-in lead scoring, opportunity management, and workflow automation that directly match the sales team's requirements, making it the correct primary platform.

Exam trap

The trap here is that candidates often confuse Microsoft Power Automate as the primary tool for automation, overlooking that Dynamics 365 Sales provides the CRM foundation needed to manage leads and contacts, while Power Automate is only an add-on for extending workflows.

How to eliminate wrong answers

Option B is wrong because Microsoft Power Automate is a workflow automation tool that can create flows to trigger actions, but it is not a primary platform for managing leads, contacts, or interactions; it lacks native CRM data models and lead management features. Option C is wrong because Microsoft SharePoint is a document management and collaboration platform focused on content storage, sharing, and intranet sites, not designed for tracking sales leads or automating email sequences. Option D is wrong because Microsoft Teams is a chat-based collaboration workspace for real-time communication and meetings, not a CRM system capable of managing customer relationships or automating sales workflows.

434
MCQhard

An administrator creates a new team using the above JSON template via Microsoft Graph. Which statement accurately describes the team?

A.Only team owners can add new members to the team.
B.The team is a specialized team for sales data analysis.
C.The team's classification is automatically applied based on content.
D.The team is public and anyone in the organization can join.
AnswerA

isMembershipLimitedToOwners restricts member addition to owners.

Why this answer

Option A is correct because the JSON template used to create the team via Microsoft Graph includes the 'memberSettings' property with 'allowCreateUpdateChannels' and 'allowDeleteChannels' set to false, but it does not include any setting that overrides the default member permission to add members. By default in Microsoft Teams, only team owners can add new members unless the 'allowAddRemoveApps' or similar tenant-level settings are explicitly configured. The template shown does not modify the 'memberSettings' for adding members, so the default behavior applies, making A accurate.

Exam trap

The trap here is that candidates assume all teams created via Graph are public by default, but the JSON template explicitly sets 'visibility' to 'private', and the default member permissions do not include adding members unless overridden.

How to eliminate wrong answers

Option B is wrong because the JSON template does not contain any reference to a specialized template for sales data analysis, such as 'com.microsoft.teams.templates.sales' or any data-specific configuration; it is a standard team template with no industry-specific specialization. Option C is wrong because the team's classification is not automatically applied based on content; classification labels are defined in Azure AD and must be explicitly set in the JSON template using the 'classification' property, which is absent here. Option D is wrong because the template sets 'visibility' to 'private' (as shown in the JSON snippet), meaning the team is not public and cannot be joined by anyone in the organization without an invitation from an owner.

435
Multi-Selecteasy

Which TWO are features of Microsoft Entra ID? (Choose two.)

Select 2 answers
A.Mobile device management
B.Identity and access management
C.Data Loss Prevention policies
D.Multi-Factor Authentication
E.Sensitivity labels
AnswersB, D

Core feature of Entra ID.

Why this answer

Option A is correct because Microsoft Entra ID provides identity and access management. Option B is correct because it supports Multi-Factor Authentication. Option C is incorrect because DLP is a Purview feature.

Option D is incorrect because device management is Intune. Option E is incorrect because sensitivity labels are Purview.

436
MCQmedium

Your organization is planning to migrate on-premises workloads to Microsoft 365. Which cloud deployment model describes using both on-premises infrastructure and Microsoft 365 services?

A.Private cloud
B.Community cloud
C.Public cloud
D.Hybrid cloud
AnswerD

Hybrid cloud combines on-premises infrastructure with public cloud services.

Why this answer

Option B is correct because a hybrid cloud combines on-premises and cloud services. Option A is wrong because public cloud uses only third-party provider services. Option C is wrong because private cloud is dedicated to a single organization.

Option D is wrong because community cloud is shared by several organizations.

437
Multi-Selectmedium

Which TWO Microsoft 365 support plans include 24/7 phone support? (Choose 2)

Select 2 answers
A.Microsoft 365 E3
B.Microsoft 365 Business Basic
C.Microsoft 365 E5
D.Microsoft 365 F3
E.Microsoft 365 Business Premium
AnswersC, E

E5 includes 24/7 phone support.

Why this answer

Microsoft 365 E5 and Microsoft 365 Business Premium are the only two plans listed that include 24/7 phone support as part of their subscription. E5 is a high-end enterprise plan with advanced security and analytics, while Business Premium is a small-to-medium business plan that bundles productivity apps with device management and phone support. Both plans explicitly offer round-the-clock phone assistance for technical issues.

Exam trap

The trap here is that candidates often assume all paid Microsoft 365 plans include phone support, but Microsoft reserves 24/7 phone support only for specific premium plans (E5 and Business Premium), while plans like E3 and Business Basic rely on online-only support.

438
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to create a quick survey and export responses to Excel. Microsoft 365 app or service is the best fit?

A.Microsoft Purview Audit
C.Microsoft Forms
D.Microsoft Planner
AnswerC

Forms is designed for surveys, quizzes, and response collection.

Why this answer

Microsoft Forms is the correct choice because it is specifically designed for creating quick surveys, quizzes, and polls with automatic response collection and native export to Excel. The consultant needs a lightweight, no-code tool that integrates directly with Excel Online for real-time data analysis, which Forms provides out of the box.

Exam trap

The trap here is that candidates confuse Microsoft Planner's task assignment features with survey functionality, or mistakenly think Purview Audit can generate user-facing surveys because of its 'audit log' name, when in fact only Forms provides the direct survey-to-Excel export workflow.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Audit is a compliance and auditing solution for tracking user and admin activities across Microsoft 365, not a survey creation tool; it cannot generate surveys or export responses to Excel. Option D is wrong because Microsoft Planner is a task management and project planning tool based on Kanban boards, lacking any survey or form-building capabilities, and cannot export structured survey responses to Excel.

439
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to give external partners controlled access to Teams and SharePoint resources. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Entra External ID / B2B collaboration
B.Microsoft Stream
C.Microsoft Forms
D.Microsoft Planner
AnswerA

External collaboration allows controlled guest or external identity access.

Why this answer

Microsoft Entra External ID (formerly Azure AD B2B collaboration) is the correct capability because it enables organizations to securely share Teams and SharePoint resources with external partners by inviting them as guest users. This feature uses identity federation to allow partners to authenticate with their own credentials, while enforcing conditional access policies and compliance controls. It directly addresses the requirement for controlled, compliant external access without exposing internal directories or requiring additional licenses for partners.

Exam trap

The trap here is that candidates may confuse collaboration tools (Stream, Forms, Planner) with identity and access management capabilities, failing to recognize that only Microsoft Entra External ID (B2B collaboration) provides the necessary security and compliance controls for external partner access.

How to eliminate wrong answers

Option B (Microsoft Stream) is wrong because it is a video management and sharing service, not an identity or access management tool; it cannot control external partner access to Teams or SharePoint. Option C (Microsoft Forms) is wrong because it is a survey and data collection tool, lacking any capability to manage external identities or access permissions. Option D (Microsoft Planner) is wrong because it is a task management and planning application, with no functionality for identity federation, guest user management, or access control to external partners.

440
MCQhard

A security administrator needs to audit all activities related to a specific user in Exchange Online, SharePoint Online, and Microsoft Entra ID for the past 90 days. They also need to export the audit log as a CSV file. Which Microsoft Purview solution provides this capability without additional licensing beyond Microsoft 365 E3?

A.Microsoft Purview Audit (Standard)
B.Microsoft Purview Audit (Premium)
C.Microsoft Purview eDiscovery (Standard)
D.Microsoft Purview Content Search
AnswerA

Correct. Audit (Standard) is included with E3, retains logs for 90 days, covers the required services, and allows export to CSV.

Why this answer

Microsoft Purview Audit (Standard) is included with Microsoft 365 E3 and provides the ability to search and export audit logs for user activities across Exchange Online, SharePoint Online, and Microsoft Entra ID for up to 90 days. This meets the administrator's requirement without needing additional licensing.

Exam trap

The trap here is that candidates confuse 'auditing user activities' with 'searching for content' and pick Content Search or eDiscovery, not realizing that audit logs track actions (like 'User logged in' or 'Deleted file') while Content Search finds the actual data files.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Audit (Premium) offers extended retention (up to 1 year) and intelligent insights, but it requires an E5 or add-on license, not E3. Option C is wrong because Microsoft Purview eDiscovery (Standard) is designed for legal holds and case-based content searches, not for exporting a raw audit log of user activities as a CSV. Option D is wrong because Microsoft Purview Content Search is used to find and export content (emails, documents) from mailboxes and sites, not to audit administrative or user actions in the audit log.

441
MCQhard

Your company uses Microsoft 365 E5 and has enabled Microsoft Purview Audit (Premium). The security team needs to investigate a potential data breach by searching for all activities related to a specific user in the last 90 days. Which tool should they use?

A.Microsoft Purview Compliance Manager
B.Microsoft Purview Content Search
C.Microsoft Purview Audit (Premium) log search
D.Microsoft Purview eDiscovery (Premium)
AnswerD

eDiscovery Premium can search across mailboxes, SharePoint, etc., for a user.

Why this answer

Option B is correct because Microsoft Purview eDiscovery (Premium) allows searching across content locations for specific users and time frames. Option A is wrong because Audit (Premium) provides audit logs but not a consolidated search across all data. Option C is wrong because Content Search is a more basic tool.

Option D is wrong because Compliance Manager is for assessing compliance posture.

442
MCQeasy

In a Software as a Service (SaaS) model, which of the following responsibilities is typically handled by the cloud provider?

A.Managing user passwords and accounts
B.Patching the underlying operating system and application
C.Configuring application settings for the organization
D.Backing up customer data
AnswerB

The provider is responsible for all infrastructure and application maintenance, including patching the OS and the application, ensuring security and stability.

Why this answer

In a SaaS model, the cloud provider is responsible for managing the underlying infrastructure, including patching the operating system and the application itself. This is a core tenet of the shared responsibility model, where the provider handles the security and maintenance of the software stack, while the customer is responsible for data and user access. For example, in Microsoft 365, Microsoft automatically applies security updates to Exchange Online and SharePoint without customer intervention.

Exam trap

The trap here is that candidates often confuse 'backing up customer data' (Option D) as a provider responsibility, but in SaaS, the provider ensures infrastructure redundancy, while the customer must configure and verify their own backup and recovery policies, such as using Microsoft 365 Backup or third-party tools.

How to eliminate wrong answers

Option A is wrong because managing user passwords and accounts is a customer responsibility, as the customer controls identity and access management (IAM) within their tenant, such as configuring Azure AD password policies or self-service password reset. Option C is wrong because configuring application settings for the organization, like setting up email retention policies or SharePoint site permissions, is performed by the customer's administrators, not the provider. Option D is wrong because while the provider may offer backup infrastructure, the customer is typically responsible for ensuring their data is backed up according to their own compliance needs; for instance, in Microsoft 365, customers must enable and manage retention policies and backup configurations.

443
MCQmedium

A company uses Microsoft 365 and wants to create a custom app to automate expense report approvals without writing code. Which service should they use?

A.SharePoint Designer
B.Azure Logic Apps
C.Power Automate
D.Power Apps
AnswerD

Low-code app platform.

Why this answer

Power Apps is the correct choice because it enables users to build custom business applications with a low-code or no-code approach, integrating directly with Microsoft 365 data sources like SharePoint and Outlook. For automating expense report approvals, Power Apps can create a custom app that triggers approval workflows via Power Automate, all without writing traditional code.

Exam trap

The trap here is confusing Power Automate (which automates workflows) with Power Apps (which builds custom apps), as both are part of the Power Platform and often used together, but only Power Apps provides the user interface for a custom app.

How to eliminate wrong answers

Option A is wrong because SharePoint Designer is a legacy tool for customizing SharePoint workflows and forms, but it requires code-like actions and is deprecated for new development. Option B is wrong because Azure Logic Apps is a cloud-based integration service for automating workflows across enterprise systems, but it is more complex and code-oriented than needed for a simple no-code custom app. Option C is wrong because Power Automate is a workflow automation service that can handle approval processes, but it does not create custom apps with user interfaces; it focuses on automating flows between services.

444
MCQmedium

A sales manager wants to create a visual representation of the sales pipeline, including stages, deal values, and win probability. They want to share this interactive chart with the team via a web link that updates automatically from the underlying data in Microsoft Lists. Which Microsoft 365 app should they use?

A.Microsoft Power BI
B.Microsoft Excel
C.Microsoft Forms
D.Microsoft SharePoint
AnswerA

Power BI connects to Microsoft Lists, creates interactive visualizations, and can be shared via a web link with automatic data refresh.

Why this answer

Microsoft Power BI allows creation of interactive dashboards and reports that can connect to various data sources, including Microsoft Lists. It can publish a web-accessible interactive report that automatically refreshes. Excel charts are static unless published as a web workbook, but they lack interactivity and automatic refresh from Lists without complex setup.

SharePoint lists display data in tabular format, not interactive charts. Forms is for surveys.

445
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to host custom applications on virtual machines while managing the operating system. Cloud concept or benefit best matches this requirement?

A.Platform as a Service (PaaS)
B.Infrastructure as a Service (IaaS)
C.Hybrid cloud
D.Software as a Service (SaaS)
AnswerB

IaaS provides virtual machines, storage, and networking while customers manage the operating system and applications.

Why this answer

Infrastructure as a Service (IaaS) provides virtualized computing resources over the internet, including virtual machines where the user manages the operating system and can host custom applications. This matches the requirement because the service owner needs full control over the OS and the ability to deploy custom applications without managing physical hardware.

Exam trap

The trap here is that candidates often confuse PaaS with IaaS because both involve hosting applications, but PaaS removes OS management responsibility, which is explicitly required in the question.

How to eliminate wrong answers

Option A is wrong because Platform as a Service (PaaS) abstracts the underlying infrastructure, including the operating system, so the user does not manage the OS or virtual machines; instead, they deploy applications to a managed runtime environment. Option C is wrong because Hybrid cloud is a deployment model that combines public and private clouds, not a service model that provides virtual machines with OS management. Option D is wrong because Software as a Service (SaaS) delivers fully managed applications accessed via a browser or client, with no user control over the underlying OS or virtual machines.

446
MCQmedium

You are reviewing a JSON policy for group-based licensing in Microsoft Entra ID. The policy assigns Microsoft 365 E3 licenses to the Sales group but disables the Teams service plan. What is the most likely reason for disabling Teams?

A.The organization has a limited number of Teams licenses
B.The Sales department does not need collaboration features
C.The users in Sales are external contractors
D.The organization uses a third-party telephony system and wants to avoid paying for Teams Phone System
AnswerD

Disabling Teams can avoid confusion and potential costs if the organization uses a different telephony system.

Why this answer

The correct answer is D: The organization may have an existing third-party telephony system and wants to avoid duplicate costs. Option A is unlikely because Teams is included in E3. Option B is not a typical reason.

Option C is not related to licensing.

447
MCQmedium

A project manager wants to create a collaborative workspace that includes a shared calendar, a document library, and a task list. The workspace should be accessible from within Microsoft Teams and allow team members to discuss topics in a threaded conversation. Which Microsoft 365 service should they use as the foundation?

A.Microsoft Teams with a channel
B.SharePoint Team Site
C.Microsoft Planner
D.Microsoft Viva Engage Community
AnswerB

A SharePoint team site includes a document library, a calendar list, a task list (or planner integration), and can be connected to Microsoft Teams for threaded conversations.

Why this answer

A SharePoint Team Site provides the foundational structure for a collaborative workspace with a shared calendar, document library, and task list. It integrates natively with Microsoft Teams, allowing the workspace to be accessed via a Teams channel, and supports threaded conversations through the connected Teams channel or Yammer web parts. This makes it the correct choice for the described requirements.

Exam trap

The trap here is that candidates often confuse a Microsoft Teams channel (Option A) as the workspace itself, not realizing that the channel is merely a collaboration layer that depends on SharePoint for persistent storage and structured components like calendars and document libraries.

How to eliminate wrong answers

Option A is wrong because a Microsoft Teams channel is a communication interface within a team, not a standalone workspace; it relies on an underlying SharePoint site for document libraries, calendars, and task lists. Option C is wrong because Microsoft Planner is a task management tool that provides task lists and boards but lacks a shared calendar and document library, and it does not serve as a full collaborative workspace foundation. Option D is wrong because Microsoft Viva Engage Community is designed for broad organizational discussions and social networking, not for structured collaboration with a shared calendar, document library, and task list within a Teams channel.

448
MCQeasy

An administrator is reviewing a request from users who need to let users provision resources from a portal without provider interaction. Cloud concept or benefit best matches this requirement?

A.On-demand self-service
B.Data Loss Prevention (DLP)
C.Microsoft Planner
D.Sensitivity labels
AnswerA

On-demand self-service allows consumers to provision resources automatically when needed.

Why this answer

The requirement describes users provisioning resources from a portal without provider interaction, which is the core definition of on-demand self-service as defined by NIST SP 800-145. In Microsoft 365, this maps to capabilities like users creating Teams, SharePoint sites, or Azure resources via self-service portals without IT intervention.

Exam trap

The trap here is that candidates confuse 'self-service' with any user-facing feature (like Planner or DLP policies), but the question specifically tests the NIST cloud characteristic of on-demand self-service, not a specific Microsoft tool.

How to eliminate wrong answers

Option B is wrong because Data Loss Prevention (DLP) is a security policy feature that prevents sensitive data from being shared or leaked, not a provisioning mechanism. Option C is wrong because Microsoft Planner is a task management tool for organizing work, not a cloud concept for resource provisioning. Option D is wrong because sensitivity labels are classification and protection controls applied to data (e.g., encryption, marking), not a method for users to provision resources.

449
MCQmedium

A multinational organization wants a central hub for employee communication that includes company-wide announcements, topic-based communities, and the ability to integrate with SharePoint and Power BI dashboards. Which Microsoft 365 service is designed specifically for this purpose?

A.Microsoft Teams
B.Microsoft Viva Engage
C.SharePoint Online
D.Outlook
AnswerB

Microsoft Viva Engage is an enterprise social network that allows organizations to create company-wide announcements, topic-based communities, and integrate with other apps like SharePoint and Power BI. It is the intended service for broad employee communication.

Why this answer

Microsoft Viva Engage (formerly Yammer) is designed as a social networking and employee communication hub that provides company-wide announcements, topic-based communities, and seamless integration with SharePoint and Power BI dashboards. It focuses on fostering open communication across the organization, unlike collaboration tools that are team-centric.

Exam trap

The trap here is that candidates often confuse Microsoft Teams' 'general' channel or SharePoint's news web part with a true company-wide social hub, but Viva Engage is the only service purpose-built for open, topic-based communities and organization-wide announcements with native integration to SharePoint and Power BI.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams is primarily a chat-based collaboration workspace for teams and channels, not a central hub for company-wide announcements and topic-based communities; it lacks the enterprise social network features like broadcast announcements to the entire organization. Option C is wrong because SharePoint Online is a document management and intranet platform that can host announcements and dashboards but is not specifically designed as a social communication hub with topic-based communities and company-wide feeds. Option D is wrong because Outlook is an email and calendar client, not a platform for topic-based communities or integrated social networking; it cannot replace the community-driven, announcement-focused functionality of Viva Engage.

450
Multi-Selectmedium

Which TWO Microsoft 365 tools can help an organization detect and respond to insider data theft?

Select 2 answers
A.Microsoft Intune
B.Microsoft Entra ID Identity Protection
C.Microsoft Sentinel
D.Microsoft Defender for Cloud Apps
E.Microsoft Purview Insider Risk Management
AnswersD, E

Can detect unusual data downloads or sharing.

Why this answer

Insider Risk Management in Microsoft Purview detects insider threats, and Microsoft Defender for Cloud Apps can detect anomalous data exfiltration. The other options are less relevant.

Page 5

Page 6 of 14

Page 7