Microsoft 365 Fundamentals MS-900 (MS-900) — Questions 601675

985 questions total · 14pages · All types, answers revealed

Page 8

Page 9 of 14

Page 10
601
MCQmedium

During a Microsoft 365 planning workshop, provide business-class email, calendars, contacts, and mailboxes. Microsoft 365 app or service is the best fit?

A.Exchange Online
B.Microsoft Purview Audit
C.Microsoft Forms
D.Microsoft Planner
AnswerA

Exchange Online provides hosted email, calendar, contacts, and mailbox services.

Why this answer

Exchange Online is the correct choice because it is Microsoft's cloud-hosted messaging platform that provides business-class email, shared calendars, contact management, and mailbox services. It is the core service within Microsoft 365 designed specifically for these communication and collaboration needs, supporting features like shared mailboxes, resource mailboxes, and calendar sharing via Exchange Web Services (EWS) and MAPI over HTTP.

Exam trap

The trap here is that candidates may confuse Microsoft Purview Audit (a compliance tool) with Exchange Online's mailbox auditing or confuse Planner or Forms as capable of handling email and calendar functions, when in fact only Exchange Online provides the core messaging infrastructure.

How to eliminate wrong answers

Option B (Microsoft Purview Audit) is wrong because it is a compliance and auditing solution that logs user and admin activities across Microsoft 365 services; it does not provide email, calendar, or mailbox functionality. Option C (Microsoft Forms) is wrong because it is a survey and quiz creation tool that collects responses via web forms; it lacks any email hosting, calendar, or contact management capabilities. Option D (Microsoft Planner) is wrong because it is a task management and project planning application integrated with Microsoft Teams and SharePoint; it does not handle email, calendars, or mailboxes.

602
MCQeasy

A user receives a phishing email that bypasses the spam filter. The security team wants to report the email to Microsoft for analysis. Which Microsoft 365 Defender portal should they use?

A.Microsoft 365 Defender portal
B.Exchange admin center
C.Azure portal
D.Microsoft Purview compliance portal
AnswerA

Correct. The Defender portal allows reporting phishing attempts.

Why this answer

The Microsoft 365 Defender portal (security.microsoft.com) is the correct destination for submitting user-reported phishing emails for analysis. It provides the Submissions page under Email & collaboration, where security teams can send suspicious messages directly to Microsoft for review, bypassing the spam filter's failure. This portal consolidates threat intelligence and automated investigation capabilities for email threats.

Exam trap

The trap here is that candidates often confuse the Microsoft 365 Defender portal with the Exchange admin center, thinking email-related tasks must be done in EAC, but Microsoft 365 Defender is the dedicated security hub for threat submission and analysis.

How to eliminate wrong answers

Option B (Exchange admin center) is wrong because it is used for managing Exchange Online mail flow, transport rules, and mailbox settings, not for submitting phishing samples to Microsoft for analysis. Option C (Azure portal) is wrong because it manages Azure infrastructure, subscriptions, and resources, not Microsoft 365 security operations like email threat submissions. Option D (Microsoft Purview compliance portal) is wrong because it focuses on data governance, compliance, eDiscovery, and retention policies, not on reporting phishing emails for security analysis.

603
MCQmedium

An organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?

A.Data Loss Prevention (DLP) policies
B.Microsoft Purview Message Encryption
C.Microsoft Purview Information Protection (Microsoft Purview Information Protection)
D.Exchange Online Protection (EOP)
AnswerB

Message Encryption uses rules to encrypt emails based on conditions like sensitive content.

Why this answer

Microsoft Purview Message Encryption (Option B) is the correct solution because it enables organizations to send and receive encrypted email messages, and it can be configured with mail flow rules to automatically encrypt emails containing sensitive financial information. This service leverages Azure Rights Management (Azure RMS) to provide persistent protection that follows the email, ensuring only authorized recipients can decrypt and read the content.

Exam trap

The trap here is that candidates often confuse Data Loss Prevention (DLP) policies with encryption capabilities, assuming DLP can automatically encrypt emails, when in fact DLP only detects and blocks or warns, while Message Encryption is the service that actually applies encryption to outbound emails.

How to eliminate wrong answers

Option A is wrong because Data Loss Prevention (DLP) policies detect and prevent accidental sharing of sensitive data but do not enforce encryption on emails; they can trigger actions like blocking or warning, but encryption is not a native DLP action. Option C is wrong because Microsoft Purview Information Protection (formerly Azure Information Protection) classifies and labels content but does not automatically encrypt emails in transit; it applies labels that can include encryption, but the automatic encryption of outbound emails based on content is handled by Message Encryption policies. Option D is wrong because Exchange Online Protection (EOP) provides anti-spam, anti-malware, and message hygiene but does not offer encryption capabilities; it focuses on protecting the email infrastructure, not the confidentiality of message content.

604
MCQhard

A compliance officer wants to automatically encrypt outgoing emails containing credit card numbers and also prevent recipients from forwarding or copying the content. Which Microsoft Purview solution should be applied?

A.Data Loss Prevention (DLP) policy with encryption
B.Sensitivity label with encryption and rights management
C.Microsoft Information Bar
D.Azure Information Protection unified labeling client
AnswerB

Sensitivity labels can automatically apply encryption and set usage rights such as 'view only' or 'do not forward', meeting the requirement.

Why this answer

Sensitivity labels with encryption and rights management (Azure Rights Management) allow you to apply persistent protection that encrypts the email and restricts actions like forwarding, copying, or printing. This meets both requirements: automatic detection of credit card numbers via auto-labeling policies and enforcement of usage restrictions through Rights Management templates (e.g., Do Not Forward).

Exam trap

The trap here is that candidates confuse DLP policies with sensitivity labels, thinking DLP alone can enforce usage restrictions like 'prevent forwarding,' when in fact DLP only detects and optionally triggers a label that provides the encryption and rights management.

How to eliminate wrong answers

Option A is wrong because a Data Loss Prevention (DLP) policy can detect credit card numbers and trigger encryption via a sensitivity label, but DLP itself does not apply rights management restrictions (e.g., prevent forwarding or copying); it relies on an associated sensitivity label for that protection. Option C is wrong because Microsoft Information Bar is a deprecated feature that only displayed a visual banner in Office apps; it does not enforce encryption or rights restrictions on outgoing emails. Option D is wrong because the Azure Information Protection unified labeling client is a legacy client-side tool for labeling files and emails on Windows, not a cloud-based policy that automatically encrypts and restricts outgoing emails in Exchange Online.

605
MCQeasy

A marketing manager can access the company's cloud resources from her laptop at home, her tablet while traveling, and her smartphone. Which essential characteristic of cloud computing does this describe?

A.Resource pooling
B.Scalability
C.Broad network access
D.Measured service
AnswerC

Broad network access allows users to connect from various devices (laptops, tablets, phones) over the network, which matches the marketing manager's ability to use multiple devices.

Why this answer

Broad network access means cloud resources can be accessed over standard network protocols (e.g., HTTPS, TLS) from a wide range of client devices, such as laptops, tablets, and smartphones. The scenario explicitly describes access from multiple device types and locations, which is the defining characteristic of broad network access as per NIST SP 800-145.

Exam trap

The trap here is that candidates confuse 'broad network access' with 'resource pooling' because both involve multiple users or devices, but resource pooling is about the provider's shared infrastructure, not the consumer's ability to use different device types.

How to eliminate wrong answers

Option A is wrong because resource pooling refers to the provider's multi-tenant model where physical and virtual resources are dynamically assigned and reassigned according to consumer demand, not to the ability to access resources from various devices. Option B is wrong because scalability (or rapid elasticity) is the capability to automatically scale resources up or down based on demand, not the cross-device access described. Option D is wrong because measured service involves metering and billing for resource usage (e.g., pay-per-use), not the device-agnostic access pattern.

606
Multi-Selecteasy

Which TWO Microsoft 365 compliance centers provide tools for managing compliance requirements?

Select 2 answers
A.Microsoft Purview compliance portal
B.Microsoft Entra admin center
C.Microsoft Defender XDR portal
D.Microsoft Intune admin center
E.Microsoft 365 admin center
AnswersA, E

Central hub for compliance solutions.

Why this answer

Microsoft Purview compliance portal is the main compliance center; Microsoft 365 admin center includes compliance management features. Defender XDR is security, Intune is device management, Entra ID is identity.

607
MCQmedium

You have the above Microsoft Purview DLP policy JSON. What will this policy do?

A.Block internal sharing of documents labeled Confidential
B.Alert when Confidential documents are shared externally
C.Block external sharing of documents labeled Confidential
D.Apply encryption to documents labeled Confidential when shared externally
AnswerC

Condition matches sensitivity label and external sharing, action is blockAccess.

Why this answer

The policy blocks access when a document with sensitivity label 'Confidential' is shared externally. Option B is correct. It does not block internal sharing, apply encryption, or trigger alert.

608
MCQeasy

A company needs to ensure that sensitive documents stored in SharePoint Online are automatically encrypted and cannot be shared with external users. Which Microsoft Purview feature should they use?

A.Communication compliance
B.Data Loss Prevention (DLP) policies
C.Retention labels
D.Sensitivity labels
AnswerD

Sensitivity labels can apply encryption and restrict external sharing.

Why this answer

Sensitivity labels are the correct choice because they enforce encryption and access restrictions directly on documents, including blocking external sharing. Unlike DLP policies, which detect and prevent sharing after the fact, sensitivity labels apply persistent protection that travels with the file, ensuring it remains encrypted even if downloaded or shared outside SharePoint Online.

Exam trap

The trap here is that candidates often confuse DLP policies with sensitivity labels, assuming DLP can both detect and encrypt content, but DLP only monitors and blocks sharing actions—it does not apply persistent encryption to the files themselves.

How to eliminate wrong answers

Option A is wrong because Communication compliance is designed to monitor and detect inappropriate communications (e.g., offensive language or regulatory violations) in Exchange Online, Teams, and Yammer, not to encrypt or restrict sharing of documents. Option B is wrong because Data Loss Prevention (DLP) policies can block external sharing of sensitive content, but they do not automatically encrypt the documents themselves; encryption requires a sensitivity label or Azure Information Protection. Option C is wrong because Retention labels are used to manage data lifecycle (retain or delete content) and do not provide encryption or access controls; they are unrelated to preventing external sharing.

609
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to understand the impact of removing a user's license. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Forms
B.Microsoft Whiteboard
C.The user may lose access to services included in that license
D.Microsoft Stream
AnswerC

Licenses provide entitlement to use included services.

Why this answer

When a user's Microsoft 365 license is removed, the tenant-level service remains active, but the user loses access to all services included in that specific license. This is because Microsoft 365 licensing is user-based: each license grants a set of service plans (e.g., Exchange Online, SharePoint, Teams), and removing the license revokes those entitlements. The consultant must understand this fundamental licensing concept to assess the operational impact on the user's productivity and data accessibility.

Exam trap

The trap here is that candidates may confuse individual Microsoft 365 services (like Forms, Whiteboard, or Stream) with the overarching licensing concept, leading them to pick a specific app name instead of recognizing that license removal impacts all services included in that license.

How to eliminate wrong answers

Option A is wrong because Microsoft Forms is a specific application within Microsoft 365, not a licensing or support concept; it is irrelevant to understanding the impact of license removal. Option B is wrong because Microsoft Whiteboard is another individual service, not a licensing principle; it does not explain how license removal affects user access. Option D is wrong because Microsoft Stream is a video service, not a licensing or admin concept; it does not address the core licensing mechanism of service plan revocation upon license removal.

610
MCQhard

An organization must comply with GDPR and needs to respond to a data subject access request (DSAR) within 30 days. Which Microsoft Purview solution helps search for personal data across Microsoft 365?

A.Data Loss Prevention (DLP)
B.Records Management
C.Audit (Premium)
D.eDiscovery (Premium)
AnswerD

eDiscovery can search for and export personal data to fulfill DSARs.

Why this answer

eDiscovery (Premium) allows searching across content locations for specific data, including personal data. Option C is correct. DLP and Records Management do not search, and Audit logs only track activities.

611
Multi-Selectmedium

A company uses Microsoft 365 E5. They want to implement a solution to automatically classify and protect sensitive data in emails and documents. Which THREE Microsoft Purview features should they use?

Select 3 answers
A.Sensitivity labels
B.Auto-labeling policies
C.Retention policies
D.eDiscovery
E.Data Loss Prevention (DLP) policies
AnswersA, B, E

Correct. Sensitivity labels classify and protect data.

Why this answer

Sensitivity labels are correct because they allow organizations to classify and protect sensitive data by applying encryption, markings, and access restrictions directly to emails and documents. Auto-labeling policies extend this by automatically applying sensitivity labels based on conditions like sensitive information types or patterns, ensuring consistent protection without manual user intervention. Data Loss Prevention (DLP) policies are correct because they detect and prevent accidental sharing of sensitive data by enforcing rules on email and document transmission, such as blocking or warning when sensitive content is detected.

Exam trap

The trap here is that candidates often confuse retention policies (which manage data retention and deletion) with data classification and protection features, leading them to incorrectly select retention policies as a solution for automatically classifying and protecting sensitive data.

612
MCQhard

A compliance administrator needs to ensure that any document containing a patient's health information (e.g., medical record number) is automatically encrypted and restricted to authorized users. The encryption should be enforced regardless of where the document is saved (SharePoint, OneDrive, or email). Which Microsoft Purview feature should they configure?

A.Information Rights Management (IRM)
B.Auto-labeling policies with sensitivity labels
C.Data Loss Prevention (DLP) policies
D.Retention labels
AnswerB

Auto-labeling can automatically detect sensitive data (like health info) and apply a sensitivity label that enforces encryption and access restrictions.

Why this answer

Auto-labeling policies with sensitivity labels are the correct choice because they can automatically apply encryption and access restrictions to documents containing sensitive data like medical record numbers, regardless of where the document is saved (SharePoint, OneDrive, or email). Sensitivity labels support persistent protection that travels with the file, enforcing encryption and authorized user restrictions even when the file is moved or copied. This meets the requirement for automatic, location-independent encryption and access control.

Exam trap

The trap here is that candidates often confuse DLP policies with sensitivity labels, thinking DLP can enforce encryption, but DLP only monitors and blocks actions—it does not apply persistent protection like sensitivity labels do.

How to eliminate wrong answers

Option A is wrong because Information Rights Management (IRM) applies encryption and permissions only at the file level within a specific application (e.g., Word, Outlook) and does not automatically scan for content patterns like medical record numbers; it requires manual or rule-based application and does not integrate with auto-labeling for content-based classification. Option C is wrong because Data Loss Prevention (DLP) policies can detect sensitive information and block or alert on actions, but they do not natively encrypt or restrict access to documents; DLP is about preventing data exfiltration, not applying persistent protection. Option D is wrong because retention labels are designed for managing data lifecycle (retention and deletion), not for encryption or access control; they do not enforce encryption or restrict user access based on content.

613
MCQhard

Your organization has a Microsoft 365 E5 subscription and wants to centrally manage security incidents across identities, endpoints, and cloud apps. Which Microsoft solution provides this capability?

A.Microsoft Entra ID Protection
B.Microsoft Sentinel
C.Microsoft Defender XDR
D.Microsoft Defender for Endpoint
AnswerC

Defender XDR provides a unified incident dashboard across identities, endpoints, and apps.

Why this answer

Microsoft Defender XDR (formerly Microsoft 365 Defender) correlates signals from across the Microsoft 365 ecosystem into a unified incident view. Option A is correct. Option B is SIEM, Option C is for identity, Option D is for endpoints only.

614
MCQmedium

A healthcare organization needs to automatically apply a sensitivity label to any document stored in a SharePoint document library that contains patient diagnosis codes. The label should prevent the document from being shared externally. The classification must happen after the document is saved, not during creation. Which Microsoft Purview solution should be configured?

A.Auto-labeling with sensitivity labels in Microsoft Purview
B.Microsoft Purview Data Loss Prevention (DLP) policies
C.Microsoft Purview retention labels
D.Microsoft Purview Information Barriers
AnswerA

Correct. Auto-labeling can scan SharePoint libraries and apply sensitivity labels based on content, enforcing protection like external sharing restrictions.

Why this answer

Auto-labeling with sensitivity labels in Microsoft Purview is correct because it automatically applies a sensitivity label to documents containing sensitive content (like patient diagnosis codes) after they are saved to SharePoint. This label can enforce protection actions such as preventing external sharing, meeting the requirement for post-save classification.

Exam trap

The trap here is confusing auto-labeling (which applies labels after save) with manual or default labeling (which applies during creation), or mistaking DLP policies for labeling solutions when DLP only detects and blocks sharing without applying persistent labels.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) policies detect and prevent sharing of sensitive data in transit or at rest but do not automatically apply sensitivity labels to documents. Option C is wrong because retention labels manage data lifecycle (retention and deletion) and do not enforce protection actions like blocking external sharing. Option D is wrong because Information Barriers restrict communication between specific groups but do not classify documents or control external sharing based on content.

615
MCQmedium

A department asks for the Microsoft 365 service best suited for department document libraries with version history. Which service should they use?

A.Microsoft Purview Compliance Manager
B.SharePoint Online
C.Microsoft Entra Privileged Identity Management
D.Microsoft Defender for Endpoint
AnswerB

SharePoint provides team sites, document libraries, metadata, permissions, and versioning.

Why this answer

SharePoint Online is the correct answer because it provides document libraries with built-in version history, allowing users to track, restore, and manage previous versions of documents. This feature is essential for collaboration and compliance, as it enables rollback to earlier versions and audit trails without additional configuration.

Exam trap

The trap here is that candidates may confuse Microsoft Purview Compliance Manager's compliance features with document version history, but version history is a core SharePoint Online capability, not a compliance or security tool.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Compliance Manager is a compliance management tool that helps assess and manage regulatory compliance risks, not a service for document storage or version history. Option C is wrong because Microsoft Entra Privileged Identity Management is an identity governance service for managing, controlling, and monitoring privileged access to Azure AD and other Microsoft Online Services, not for document libraries. Option D is wrong because Microsoft Defender for Endpoint is a security solution for endpoint protection, detection, and response, not a document management service with version history capabilities.

616
MCQmedium

A company uses Microsoft 365 and wants to ensure that sensitive customer data in emails and documents is automatically classified and protected based on content. Which service should they implement?

A.Microsoft Entra ID
B.Microsoft Intune
C.Microsoft Defender for Cloud Apps
D.Microsoft Purview Information Protection
AnswerD

Purview Information Protection uses sensitivity labels to automatically classify and protect data.

Why this answer

Microsoft Purview Information Protection (formerly Azure Information Protection) is the correct service because it provides automated classification, labeling, and protection of sensitive data based on content inspection, such as credit card numbers or social security numbers, using trainable classifiers and sensitivity labels. This directly addresses the requirement to automatically classify and protect sensitive customer data in emails and documents within Microsoft 365.

Exam trap

Microsoft often tests the distinction between Microsoft Purview Information Protection (content classification and labeling) and Microsoft Defender for Cloud Apps (cloud app security and DLP), leading candidates to mistakenly choose Defender for Cloud Apps because they associate 'protection' with security monitoring rather than content-based classification.

How to eliminate wrong answers

Option A is wrong because Microsoft Entra ID is an identity and access management service that handles authentication and authorization, not content-based data classification or protection. Option B is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) service for managing devices and apps, not for classifying or protecting data within emails and documents. Option C is wrong because Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that provides visibility and control over cloud app usage, including threat detection and data loss prevention (DLP) policies, but it does not natively perform automatic content-based classification and labeling of emails and documents; that is the role of Purview Information Protection.

617
MCQhard

A legal team at a company needs to preserve all data belonging to a user who is involved in litigation. The preservation must cover Exchange Online email, SharePoint sites, OneDrive for Business files, and Teams chat messages. They also need to be able to search the preserved content and export it. Which Microsoft Purview solution should they use?

A.eDiscovery (Standard) case hold
B.Litigation Hold
C.Auto-apply retention labels
D.Data Loss Prevention (DLP) policy
AnswerA

eDiscovery (Standard) cases can place holds on all Microsoft 365 data sources for a user, including Exchange, SharePoint, OneDrive, and Teams, and provide search and export capabilities.

Why this answer

eDiscovery (Standard) allows you to create a case, place a hold on user mailboxes, SharePoint sites, OneDrive accounts, and Teams chat messages to preserve content relevant to litigation. It also provides built-in search and export capabilities, making it the correct solution for the legal team's requirements.

Exam trap

The trap here is that candidates often confuse Litigation Hold with eDiscovery holds, assuming Litigation Hold covers all data sources, when in reality it only applies to Exchange mailboxes and lacks the search and export features needed for comprehensive eDiscovery.

How to eliminate wrong answers

Option B (Litigation Hold) is wrong because it only preserves mailbox content (Exchange Online) and does not cover SharePoint, OneDrive, or Teams chat messages, nor does it provide search and export functionality. Option C (Auto-apply retention labels) is wrong because it automates retention and deletion policies based on conditions, but it does not create a litigation-specific hold with search and export capabilities. Option D (Data Loss Prevention (DLP) policy) is wrong because it is designed to prevent data leakage by monitoring and blocking sensitive information, not to preserve data for legal discovery.

618
MCQmedium

Your organization is adopting Microsoft 365 Copilot and wants to ensure that Copilot responses are based only on organizational data that the user has permission to access. Which Microsoft 365 feature ensures this?

A.Microsoft Purview Compliance Manager
B.Microsoft Entra ID
C.Microsoft Intune
D.Microsoft Graph permissions
AnswerD

Copilot uses Microsoft Graph to access only the data the user has permissions to.

Why this answer

Microsoft Graph permissions are the correct answer because Copilot uses Microsoft Graph to access organizational data. When a user asks a question, Copilot queries the Microsoft Graph API, which enforces the user's existing permissions (e.g., from Entra ID and SharePoint) to ensure responses are based only on data the user is authorized to see. This is the core mechanism that ties Copilot's responses to the user's access rights.

Exam trap

The trap here is that candidates often confuse identity management (Entra ID) with data-level permission enforcement (Microsoft Graph permissions), assuming that because Entra ID handles authentication, it also controls what data Copilot can access, but the actual data access control is delegated to Graph's permission model.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Compliance Manager is a tool for assessing and managing compliance posture (e.g., against regulations like GDPR), not for controlling real-time data access permissions for Copilot. Option B is wrong because Microsoft Entra ID (formerly Azure AD) is the identity and authentication service that defines user accounts and groups, but it does not directly enforce data-level permissions within Microsoft Graph queries; it provides the identity token that Graph uses, but the actual permission check is done via Graph permissions. Option C is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) service for managing devices and apps, not for controlling data access permissions within Microsoft 365 services like Copilot.

619
MCQeasy

A company wants to use a cloud service that provides ready-to-use business applications such as email, collaboration, and customer relationship management without managing the underlying infrastructure. Which cloud service model is this?

A.Infrastructure as a Service (IaaS)
B.Platform as a Service (PaaS)
C.Software as a Service (SaaS)
D.Private cloud
AnswerC

Correct. SaaS delivers applications like email (Exchange Online) and CRM (Dynamics 365) that are managed completely by the provider.

Why this answer

Option C (SaaS) is correct because Software as a Service delivers ready-to-use business applications like Microsoft 365 (Exchange Online for email, Teams for collaboration, Dynamics 365 for CRM) over the internet, with the provider managing all underlying infrastructure, including servers, storage, and networking. The customer simply accesses the software via a web browser or client app without any responsibility for patching, scaling, or hardware maintenance.

Exam trap

The trap here is that candidates often confuse PaaS with SaaS because both abstract infrastructure, but PaaS requires the customer to develop and manage the application code, whereas SaaS provides fully functional, ready-to-use applications—a distinction Microsoft emphasizes in the MS-900 by focusing on the 'what you manage' vs. 'what the provider manages' model.

How to eliminate wrong answers

Option A (IaaS) is wrong because it provides virtualized computing resources (e.g., virtual machines, storage, networks) but requires the customer to deploy and manage their own operating systems, middleware, and applications—not ready-to-use business apps. Option B (PaaS) is wrong because it offers a platform for developing, testing, and deploying custom applications (e.g., Azure App Services) but does not include pre-built business applications like email or CRM; the customer still writes and manages the application code. Option D (Private cloud) is wrong because it refers to a deployment model where cloud resources are used exclusively by a single organization, either on-premises or hosted, and does not inherently provide ready-to-use business applications; it still requires the organization to manage or procure the software layer.

620
MCQmedium

A sales team needs to track customer interactions, manage leads, and automate follow-up emails. Which Microsoft 365 app is specifically designed for this customer relationship management (CRM) purpose?

A.Microsoft Dynamics 365 Sales
B.Microsoft Outlook
C.Microsoft SharePoint
D.Microsoft Power Automate
AnswerA

Correct. This is a dedicated CRM app for managing sales processes, leads, and customer interactions.

Why this answer

Microsoft Dynamics 365 Sales is a dedicated customer relationship management (CRM) application within the Dynamics 365 suite, purpose-built for tracking customer interactions, managing leads, and automating follow-up emails. Unlike general productivity tools, it provides structured pipelines, lead scoring, and workflow automation specifically for sales processes.

Exam trap

The trap here is that candidates confuse a general productivity tool (Outlook) or a workflow engine (Power Automate) with a full CRM solution, overlooking that Dynamics 365 Sales is the only option specifically architected for end-to-end customer relationship management.

How to eliminate wrong answers

Option B is wrong because Microsoft Outlook is an email and calendar client, not a CRM system; it lacks lead management, pipeline tracking, and automated follow-up workflows. Option C is wrong because Microsoft SharePoint is a document management and collaboration platform, not designed for CRM functions like lead scoring or interaction tracking. Option D is wrong because Microsoft Power Automate is a workflow automation tool that can integrate with CRM systems but is not a CRM application itself; it has no native lead or customer interaction management capabilities.

621
MCQmedium

Your organization uses Microsoft 365 E5 and wants to automatically classify emails containing credit card numbers as 'Sensitive' and apply encryption when sent externally. Which Microsoft Purview feature should you use?

A.Sensitivity labels
B.Retention policies
C.Microsoft Purview Data Loss Prevention (DLP)
D.Microsoft Purview Information Protection
AnswerC

DLP policies can detect sensitive info and apply encryption.

Why this answer

Option D is correct because Microsoft Purview Data Loss Prevention (DLP) can detect sensitive data like credit card numbers and automatically apply actions such as encryption. Option A is wrong because Sensitivity labels are manually applied or auto-classified, but DLP handles the automatic protection. Option B is wrong because Retention policies are for retention, not classification.

Option C is wrong because Information Protection policies include sensitivity labels, but the automatic encryption action is typically configured via DLP.

622
Multi-Selecteasy

Which THREE of the following are key pillars of the Microsoft Trusted Cloud? (Choose three.)

Select 3 answers
A.Cost optimization
B.Performance
C.Security
D.Privacy
E.Compliance
AnswersC, D, E

Security is a core pillar.

Why this answer

Microsoft's Trusted Cloud is built on security, privacy, and compliance. Options A, C, and D are correct.

623
MCQmedium

A company with 300 users currently has Microsoft 365 Business Premium licenses. They want to add the highest level of automated threat investigation and response capabilities for all users. Which licensing option should they purchase?

A.Upgrade all users to Microsoft 365 E5
B.Add the Microsoft 365 E5 Security add-on for each user
C.Add the Microsoft 365 Defender for Office 365 Plan 2 add-on for each user
D.Add the Microsoft 365 Business Premium Threat Protection add-on
AnswerC

This add-on directly upgrades the existing Defender for Office 365 Plan 1 included in Business Premium to Plan 2, providing advanced investigation and response.

Why this answer

Microsoft 365 Defender for Office 365 Plan 2 provides the highest level of automated investigation and response (AIR) capabilities, including threat hunting, automated remediation, and simulation training. Since the company already has Microsoft 365 Business Premium, which includes Defender for Office 365 Plan 1, adding Plan 2 as an add-on is the most cost-effective way to achieve the desired capabilities without upgrading to E5.

Exam trap

The trap here is that candidates often confuse the Microsoft 365 E5 Security add-on (Option B) with the more targeted Defender for Office 365 Plan 2 add-on, not realizing that the E5 Security add-on includes additional, unnecessary features and costs more, while the question specifically asks for the highest level of automated threat investigation and response for all users, which is exactly what Defender for Office 365 Plan 2 provides.

How to eliminate wrong answers

Option A is wrong because upgrading all users to Microsoft 365 E5 would provide the same capabilities but at a significantly higher cost per user, and the question asks for an add-on to the existing Business Premium licenses, not a full upgrade. Option B is wrong because the Microsoft 365 E5 Security add-on includes Defender for Office 365 Plan 2, but it also bundles other security features (e.g., Microsoft Defender for Identity, Defender for Cloud Apps) that are not required, making it more expensive than the targeted Plan 2 add-on. Option D is wrong because there is no official 'Microsoft 365 Business Premium Threat Protection add-on'—this is a fictitious option that does not exist in Microsoft's licensing catalog.

624
MCQmedium

A sales manager needs a visual tool to track the sales pipeline with stages, deal values, and assigned team members. The team should be able to update the board in real time and see changes instantly. Which Microsoft 365 app is most suitable?

A.Microsoft Lists
B.Microsoft Dynamics 365 Sales
C.Microsoft Planner
D.Microsoft Excel
AnswerA

Lists allows creation of a visual board (using the Gallery or Board view) that can track stages, values, and assignments with real-time updates across the team.

Why this answer

Microsoft Lists is the most suitable app because it provides a customizable, real-time collaborative board view that can track sales pipeline stages, deal values, and assigned team members. Lists supports real-time co-authoring and instant updates via SharePoint, making it ideal for a visual, always-current sales tracking tool without requiring a full CRM system.

Exam trap

The trap here is that candidates often confuse Microsoft Planner's task board with a sales pipeline tool, but Planner lacks custom fields for deal values and real-time data updates across multiple users, making Lists the correct choice for this specific requirement.

How to eliminate wrong answers

Option B (Microsoft Dynamics 365 Sales) is wrong because it is a full-featured CRM platform designed for complex sales processes, not a simple visual board tool; it requires licensing and setup beyond the scope of a lightweight team tracking need. Option C (Microsoft Planner) is wrong because it is task-oriented with Kanban boards but lacks native fields for deal values and pipeline stages, and its real-time sync is limited to task status, not custom data like monetary amounts. Option D (Microsoft Excel) is wrong because while it can track data, it does not support real-time collaborative board views with instant updates; changes require manual refresh or sharing, and it lacks the visual pipeline stage representation needed.

625
MCQmedium

A manager wants to create a team site to collaborate with external partners on a project. They need to share documents with external users and control permissions. Which Microsoft 365 service should they use?

A.Microsoft Viva Connections
B.Microsoft Teams
C.OneDrive for Business
D.SharePoint Online
AnswerD

SharePoint team sites allow external sharing and granular permissions.

Why this answer

SharePoint Online is the correct choice because it provides team sites with granular permission controls, including the ability to share documents with external users via secure links or direct invitations. It supports external sharing at the site level, allowing the manager to collaborate with partners while maintaining control over permissions and document access.

Exam trap

The trap here is that candidates often confuse Microsoft Teams as the primary collaboration tool for external sharing, but Teams relies on SharePoint for file storage and permission management, making SharePoint the correct answer when the question emphasizes creating a team site and controlling permissions.

How to eliminate wrong answers

Option A is wrong because Microsoft Viva Connections is a personalized employee experience app within Teams and SharePoint, not designed for external collaboration or document sharing with partners. Option B is wrong because Microsoft Teams is primarily a chat-based collaboration platform that relies on SharePoint for file storage; while it can share with external users, the question specifically asks for a service to create a team site and control permissions, which is SharePoint's core function. Option C is wrong because OneDrive for Business is a personal storage service for individual users, not designed for creating team sites or managing external partner collaboration with granular permissions.

626
MCQmedium

A company needs a dedicated, private network connection between its on-premises data center and Microsoft's cloud infrastructure to support a hybrid deployment with low latency and high reliability. The connection must not traverse the public internet. Which service should they use?

A.Azure ExpressRoute
B.Azure VPN Gateway
C.Azure Virtual WAN
D.Microsoft Entra ID Application Proxy
AnswerA

ExpressRoute creates a private, dedicated connection from the customer's network to Microsoft's cloud, ensuring traffic does not go over the public internet. It is ideal for hybrid deployments requiring low latency and reliability.

Why this answer

Azure ExpressRoute is the correct choice because it provides a dedicated, private network connection from an on-premises data center directly into Microsoft's cloud infrastructure, bypassing the public internet entirely. This ensures low latency, high reliability, and consistent performance for hybrid deployments, as the traffic traverses a private MPLS or Ethernet link rather than the unpredictable internet.

Exam trap

The trap here is that candidates often confuse Azure VPN Gateway with a private connection because it uses encryption, but the key differentiator is that VPN traffic still traverses the public internet, whereas ExpressRoute bypasses it entirely for a truly private, dedicated link.

How to eliminate wrong answers

Option B (Azure VPN Gateway) is wrong because it creates an encrypted tunnel over the public internet, which means traffic traverses the internet and cannot guarantee the low latency, high reliability, or complete privacy required by the scenario. Option C (Azure Virtual WAN) is wrong because it is a networking service that aggregates branch connectivity and can use ExpressRoute or VPN, but by itself it does not provide a dedicated private connection; it is a management and routing overlay, not a direct private link. Option D (Microsoft Entra ID Application Proxy) is wrong because it is an identity and access proxy for publishing on-premises web applications to external users via the internet, not a private network connection between data centers and Azure.

627
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to use a dedicated environment controlled by one organization. Cloud concept or benefit best matches this requirement?

A.Microsoft Planner
B.Private cloud
C.Data Loss Prevention (DLP)
D.Sensitivity labels
AnswerB

A private cloud is dedicated to one organization, whether hosted on-premises or by a provider.

Why this answer

A private cloud is a dedicated environment controlled by a single organization, providing exclusive access and management over resources. This matches the requirement for a dedicated environment, as opposed to public cloud or hybrid models where control is shared or distributed.

Exam trap

The trap here is that candidates confuse Microsoft 365 service features (like Planner, DLP, or sensitivity labels) with cloud deployment models, failing to recognize that 'dedicated environment controlled by one organization' is the textbook definition of a private cloud.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management tool within Microsoft 365, not a cloud deployment model or concept. Option C is wrong because Data Loss Prevention (DLP) is a security policy feature that helps prevent data leaks, not a cloud environment type. Option D is wrong because sensitivity labels are classification tools for data protection, not a cloud concept describing dedicated infrastructure control.

628
Multi-Selecthard

Which THREE are key characteristics of cloud computing as defined by NIST?

Select 3 answers
A.High availability
B.Broad network access
C.Resource pooling
D.On-demand self-service
E.Reserved capacity
AnswersB, C, D

Resources are accessible over the network via standard mechanisms.

Why this answer

Options A, D, and E are correct. On-demand self-service, broad network access, and resource pooling are NIST characteristics. Option B is wrong because high availability is a benefit but not a NIST characteristic.

Option C is wrong because reserved instances are a pricing model.

629
Drag & Dropmedium

Drag and drop the steps to assign a Microsoft 365 license to a user via the admin center into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

License assignment involves selecting the user, managing licenses, choosing the product, and saving.

630
MCQhard

A graphic designer needs to create a professional printed brochure with custom page layouts, text wrapping around images, and precise control over typography. Which Microsoft 365 app is designed for this type of desktop publishing task?

A.Microsoft Publisher
B.Microsoft Sway
C.Microsoft Word
D.Microsoft PowerPoint
AnswerA

Correct. Publisher is specifically built for desktop publishing tasks like creating brochures, flyers, and newsletters with advanced layout and design tools.

Why this answer

Microsoft Publisher is the correct choice because it is specifically designed for desktop publishing tasks such as creating professional brochures with custom page layouts, text wrapping around images, and precise typography control. Unlike general-purpose apps, Publisher offers advanced layout tools like master pages, baseline guides, and typographic controls that are essential for print-ready documents.

Exam trap

The trap here is that candidates often confuse Microsoft Word's basic text wrapping and image placement capabilities with the full desktop publishing features of Publisher, assuming Word can handle professional print layouts when it lacks the necessary precision and print-production tools.

How to eliminate wrong answers

Option B is wrong because Microsoft Sway is a web-based storytelling and presentation app focused on interactive, responsive layouts for digital consumption, not precise print desktop publishing. Option C is wrong because Microsoft Word is a word processor optimized for text-heavy documents and basic formatting, lacking the advanced layout and typography controls needed for professional brochure design. Option D is wrong because Microsoft PowerPoint is designed for slide-based presentations with sequential content, not for creating multi-page print layouts with text wrapping and precise typography.

631
Multi-Selecthard

Which THREE capabilities are provided by Microsoft Purview Information Protection? (Choose three.)

Select 3 answers
A.Auto-classify content based on sensitive data types
B.Apply sensitivity labels to documents and emails
C.Encrypt documents and control access using labels
D.Block sharing of sensitive data via email
E.Define retention policies for mailboxes
AnswersA, B, C

Auto-classification uses trainable classifiers and data types.

Why this answer

Sensitivity labels (A), auto-classification (C), and label-based protection (E) are core capabilities. Option B (retention policies) is part of Purview Records Management. Option D (DLP) is a separate Purview feature.

632
MCQmedium

A project team needs a centralized workspace that includes a shared calendar, a document library for storing deliverables, a task list with assignments, and the ability to have threaded discussions about each item. They want a solution that is available out of the box in Microsoft 365 and integrates with Microsoft Teams. Which service should they use?

A.Microsoft Teams
B.SharePoint team site
C.Microsoft Viva Engage
D.Microsoft Planner
AnswerB

A SharePoint team site includes document libraries, lists, calendars, and discussion boards, providing all requested features. It can be used within Teams.

Why this answer

A SharePoint team site provides a team-oriented workspace with a document library for files, a shared calendar, a tasks list, and a discussion board for threaded conversations. It can be added as a tab in Teams. Teams alone does not include all these features natively.

633
Multi-Selecthard

Which THREE Microsoft 365 services are included in Microsoft 365 E5 but not in Microsoft 365 E3? (Choose 3)

Select 3 answers
A.Microsoft Teams
B.Exchange Online
C.Microsoft Defender for Identity
D.Microsoft Purview Information Protection
E.Microsoft Defender for Office 365 (Plan 2)
AnswersC, D, E

Defender for Identity is included in E5 but not in E3.

Why this answer

Microsoft Defender for Identity is included in Microsoft 365 E5 but not in E3. It is an on-premises Active Directory security solution that uses signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions. E3 includes only basic identity and access management features like Azure AD P1, whereas E5 adds Defender for Identity as part of its advanced threat protection suite.

Exam trap

The trap here is that candidates often confuse 'included in E5' with 'available in E3 as an add-on'—Microsoft Defender for Identity is not available as an add-on for E3 and requires E5 or a standalone license, leading test-takers to incorrectly assume it is part of E3's security baseline.

634
MCQmedium

A company runs a critical application on-premises but wants to extend capacity to the cloud during peak demand without purchasing additional hardware. Which cloud deployment model best describes this strategy?

A.Public cloud
B.Private cloud
C.Hybrid cloud
D.Multi-cloud
AnswerC

Hybrid cloud connects on-premises with public cloud, enabling cloud bursting during peak loads.

Why this answer

A hybrid cloud model combines on-premises infrastructure (private cloud) with public cloud resources, enabling a company to 'burst' into the public cloud during peak demand without purchasing additional hardware. This strategy, often called cloud bursting, allows the critical application to run locally under normal conditions and seamlessly extend capacity to a public cloud provider like Azure during spikes.

Exam trap

The trap here is that candidates confuse 'hybrid cloud' with 'multi-cloud,' but hybrid cloud specifically involves a mix of on-premises and public cloud, while multi-cloud involves multiple public clouds without any on-premises component.

How to eliminate wrong answers

Option A is wrong because a pure public cloud model would require migrating the entire critical application off-premises, which contradicts the requirement to keep it on-premises and only extend capacity during peak demand. Option B is wrong because a private cloud is entirely on-premises and would still require purchasing additional hardware to handle peak loads, defeating the goal of avoiding hardware purchases. Option D is wrong because multi-cloud refers to using multiple public cloud providers (e.g., AWS and Azure) simultaneously, not extending an on-premises environment to the cloud.

635
MCQeasy

A department head wants to publish company-wide announcements and host Q&A sessions that allow employees to upvote questions. Which Microsoft 365 service is designed for this?

A.Microsoft Teams
B.SharePoint
C.Yammer
D.Outlook
AnswerC

Yammer provides a corporate social network where users can post announcements, ask questions, and upvote answers.

Why this answer

Yammer is the correct answer because it is Microsoft's enterprise social networking service specifically designed for company-wide communications, such as announcements and Q&A sessions. It includes features like threaded discussions, polls, and the ability for employees to upvote questions, making it ideal for fostering open dialogue across an organization.

Exam trap

The trap here is that candidates often confuse Microsoft Teams' 'Q&A' app or SharePoint's 'Q&A' web part with Yammer's native upvoting capability, but Teams and SharePoint lack the enterprise-wide social networking and upvoting features that Yammer provides for company-wide engagement.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams is primarily a chat-based collaboration hub for teams and channels, not designed for company-wide announcements with upvoting mechanisms; it lacks native Q&A upvoting features. Option B is wrong because SharePoint is a document management and intranet platform focused on content storage, portals, and workflows, not for hosting interactive Q&A sessions with upvoting. Option D is wrong because Outlook is an email and calendar client, which is unsuitable for structured, interactive Q&A sessions with community-driven upvoting.

636
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to control who can purchase or change subscriptions. Microsoft 365 licensing, admin, or support concept is most relevant?

A.Microsoft Whiteboard
B.Microsoft Forms
C.Admin roles and billing permissions
D.Microsoft Stream
AnswerC

Billing permissions and admin roles determine subscription management authority.

Why this answer

The question asks about controlling who can purchase or change subscriptions, which is a billing and licensing administration task. Admin roles and billing permissions in Microsoft 365 allow you to delegate specific permissions, such as the Billing Administrator role, which grants the ability to make purchases, manage subscriptions, and handle support tickets. This directly addresses the requirement to restrict subscription changes to authorized personnel.

Exam trap

The trap here is that candidates may confuse collaboration tools (Whiteboard, Forms, Stream) with administrative control, assuming any Microsoft 365 service can manage subscriptions, when in fact only specific admin roles and billing permissions handle subscription changes.

How to eliminate wrong answers

Option A is wrong because Microsoft Whiteboard is a digital canvas collaboration tool, not a licensing or admin control mechanism; it has no role in managing subscriptions or billing permissions. Option B is wrong because Microsoft Forms is a survey and quiz creation tool, unrelated to subscription management or admin role delegation. Option D is wrong because Microsoft Stream is a video hosting and sharing service within Microsoft 365, and it does not provide any functionality for controlling subscription purchases or admin permissions.

637
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to require users to approve sign-ins with a mobile app after entering a password. Microsoft security, identity, or compliance capability should it use?

A.Microsoft Planner
B.Multifactor authentication (MFA)
C.Microsoft Forms
D.Microsoft Stream
AnswerB

MFA requires more than one verification factor and reduces risk from stolen passwords.

Why this answer

Multifactor authentication (MFA) is the correct capability because it requires users to provide a second form of verification—such as approving a sign-in via the Microsoft Authenticator mobile app—after entering their password. This aligns with the security best practice of 'something you know' (password) plus 'something you have' (mobile device approval), which is a core MFA scenario in Microsoft Entra ID (formerly Azure AD).

Exam trap

The trap here is that candidates may confuse productivity tools (Planner, Forms, Stream) with security capabilities, mistakenly thinking any Microsoft 365 app can enforce authentication policies, when only identity and access management services like MFA in Microsoft Entra ID can do so.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management and project planning tool, not a security or identity capability; it cannot enforce sign-in approval workflows. Option C is wrong because Microsoft Forms is a survey and data collection tool, not an identity or authentication service; it has no role in requiring mobile app approval for sign-ins. Option D is wrong because Microsoft Stream is a video hosting and sharing platform, not a security or identity feature; it cannot be used to enforce multifactor authentication policies.

638
MCQeasy

A company wants to run a workload that requires the highest level of physical security and control over hardware. They have the budget to purchase and maintain their own data center. Which cloud deployment model should they choose?

A.Public cloud
B.Private cloud
C.Hybrid cloud
D.Community cloud
AnswerB

Private cloud offers dedicated hardware and full control, ideal for workloads requiring high security and compliance.

Why this answer

A private cloud deployment model is correct because it provides dedicated infrastructure for a single organization, offering the highest level of physical security and full control over hardware. This model allows the company to purchase, own, and manage its own data center, ensuring compliance with stringent security requirements and complete hardware isolation.

Exam trap

The trap here is that candidates often confuse 'hybrid cloud' with 'best of both worlds' and overlook that the question explicitly demands the highest physical security and hardware control, which only a private cloud with dedicated on-premises hardware can provide.

How to eliminate wrong answers

Option A is wrong because the public cloud model shares physical hardware among multiple tenants via hypervisors, which reduces direct control over hardware and cannot guarantee the highest level of physical security. Option C is wrong because the hybrid cloud model combines public and private clouds, but the public cloud component inherently lacks the dedicated hardware control required, and the model does not mandate exclusive hardware ownership. Option D is wrong because the community cloud model shares infrastructure among several organizations with common concerns, which still involves shared hardware and does not provide the exclusive physical control and security of a single-tenant private cloud.

639
Matchingmedium

Match each Microsoft 365 pricing model to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Each user requires a license; most common model

License assigned to a device, not a user

Additional feature purchased on top of a base plan

Single service subscription, e.g., Exchange Online Plan 1

Why these pairings

Different pricing models offer flexibility for various needs.

640
MCQeasy

An administrator needs to assign Microsoft 365 licenses to new users in bulk. They have a CSV file with user details and want to use a script. Which tool should they use?

A.Microsoft Graph PowerShell
B.Microsoft 365 admin center
C.Azure CLI
D.Exchange admin center
AnswerA

Allows scripting to assign licenses in bulk using Graph API.

Why this answer

Microsoft Graph PowerShell is the correct tool because it provides cmdlets like `New-MgUser` and `Set-MgUserLicense` that can process a CSV file and assign licenses in bulk via the Microsoft Graph API. This is the modern, scriptable approach for automating license assignments without manual steps in a GUI.

Exam trap

The trap here is that candidates often confuse Azure CLI with Microsoft Graph PowerShell, assuming any command-line tool can manage Microsoft 365 licensing, but Azure CLI lacks the specific Graph API endpoints for license assignment.

How to eliminate wrong answers

Option B is wrong because the Microsoft 365 admin center is a web-based GUI for manual, one-by-one or small-group license assignments, not a scriptable tool for bulk operations from a CSV. Option C is wrong because Azure CLI is designed for managing Azure resources (VMs, storage, etc.), not for assigning Microsoft 365 licenses via Graph API. Option D is wrong because the Exchange admin center is focused on Exchange Online mailboxes and transport rules, not on license management across the Microsoft 365 tenant.

641
Multi-Selecteasy

Which TWO Microsoft 365 services provide capabilities for insider risk management?

Select 2 answers
A.Microsoft Entra ID
B.Microsoft Purview Insider Risk Management
C.Microsoft Purview Communication Compliance
D.Microsoft Intune
E.Microsoft Defender XDR
AnswersB, C

This service specifically manages insider risks.

Why this answer

Microsoft Purview Insider Risk Management (option B) is a dedicated service that uses machine learning and behavioral analytics to detect, investigate, and respond to risky user activities such as data theft, policy violations, or unauthorized access. It correlates signals from Microsoft 365 logs, HR data, and user behavior to identify potential insider threats, making it the primary tool for insider risk management.

Exam trap

The trap here is that candidates often confuse Microsoft Defender XDR (external threat detection) with insider risk management, or mistakenly think Entra ID's identity protection features cover internal user behavior monitoring, when in fact only Purview Insider Risk Management and Communication Compliance directly address insider risk scenarios.

642
MCQmedium

A marketing team needs a shared workspace where they can store documents, manage a shared calendar, conduct video meetings, and collaborate on announcements. They want this workspace to be integrated with other Microsoft 365 apps. Which Microsoft 365 service is best suited for this requirement?

A.Microsoft Teams
B.Yammer
C.SharePoint
D.Microsoft Stream
AnswerA

Teams offers channels, file storage, calendar integration, meetings, and extensive app integration, meeting all the stated needs.

Why this answer

Microsoft Teams is best suited because it provides a shared workspace that integrates document storage (via SharePoint), a shared calendar (via Exchange), video meetings (via Teams meetings), and collaboration on announcements (via channel posts and the Announcement app), all within a single interface that natively integrates with other Microsoft 365 apps.

Exam trap

The trap here is that candidates often confuse SharePoint's document management capabilities with a complete workspace solution, overlooking that SharePoint alone cannot provide integrated video meetings or real-time chat without additional services.

How to eliminate wrong answers

Option B (Yammer) is wrong because Yammer is an enterprise social network focused on organization-wide conversations and communities, not a team workspace with integrated document storage, shared calendars, or video meetings. Option C (SharePoint) is wrong because while SharePoint provides document storage and some calendar functionality, it lacks native video meeting capabilities and real-time chat, requiring additional tools like Teams or Skype for Business for meetings. Option D (Microsoft Stream) is wrong because Stream is a video hosting and management platform for enterprise video content, not a collaborative workspace for documents, calendars, meetings, or announcements.

643
MCQmedium

A healthcare organization must keep sensitive patient data on-premises due to regulatory compliance, but wants to use cloud services for other applications like customer relationship management and collaboration. Which cloud deployment model best meets this requirement?

A.Public cloud
B.Private cloud
C.Hybrid cloud
D.Community cloud
AnswerC

A hybrid cloud combines on-premises infrastructure with public cloud services, enabling data to remain on-premises while using the cloud for other needs.

Why this answer

The hybrid cloud model is correct because it allows the healthcare organization to keep sensitive patient data on-premises (private cloud) for regulatory compliance (e.g., HIPAA), while leveraging public cloud services for customer relationship management and collaboration tools like Microsoft Dynamics 365 and Microsoft 365. This deployment model provides a unified environment where workloads can be distributed across on-premises and cloud infrastructure, ensuring data sovereignty and compliance without sacrificing scalability or cost efficiency.

Exam trap

The trap here is that candidates often confuse 'private cloud' as the only compliant option for sensitive data, overlooking that hybrid cloud allows the organization to meet compliance for specific workloads while still benefiting from public cloud economics for others.

How to eliminate wrong answers

Option A is wrong because a public cloud model would require all workloads, including sensitive patient data, to run on shared infrastructure managed by a third-party provider, which violates regulatory compliance requirements for data residency and control. Option B is wrong because a private cloud model, while secure and compliant, would force the organization to host all applications—including CRM and collaboration tools—on-premises, negating the cost and scalability benefits of cloud services for non-sensitive workloads. Option D is wrong because a community cloud is designed for organizations with shared compliance concerns (e.g., multiple healthcare entities), but it still requires all participants to adhere to a common regulatory framework and does not inherently allow selective placement of sensitive data on-premises while using public cloud for other apps.

644
MCQmedium

A company wants to ensure that sensitive documents stored in SharePoint Online are automatically classified and protected if they contain credit card numbers or social security numbers. Which Microsoft Purview feature should they implement?

A.Data Lifecycle Management (DLM)
B.Information Protection (Sensitivity labels)
C.Data Loss Prevention (DLP) policies
D.Insider Risk Management
AnswerC

DLP policies scan for sensitive data types and can automatically prevent sharing or encrypt content, meeting the requirement perfectly.

Why this answer

Data Loss Prevention (DLP) policies in Microsoft Purview are specifically designed to automatically detect, classify, and protect sensitive information such as credit card numbers and social security numbers. When a DLP policy is configured with sensitive information types (e.g., Credit Card Number, U.S. Social Security Number), it can scan documents in SharePoint Online and automatically apply protective actions like blocking access or triggering notifications.

This makes DLP the correct feature for the described requirement.

Exam trap

The trap here is that candidates often confuse Data Loss Prevention (DLP) with Information Protection (Sensitivity labels), but DLP is the correct choice because it is designed for automatic content-based detection of sensitive data patterns, whereas sensitivity labels are primarily for manual or rule-based classification without native pattern matching for specific data types like credit card numbers.

How to eliminate wrong answers

Option A is wrong because Data Lifecycle Management (DLM) focuses on retaining or deleting content based on age or compliance requirements, not on detecting or protecting sensitive data patterns. Option B is wrong because Information Protection (Sensitivity labels) are used to classify and protect documents based on manual or automatic labeling rules, but they do not natively scan for specific data patterns like credit card numbers; they rely on label-based classification rather than content-based detection of sensitive information types. Option D is wrong because Insider Risk Management is designed to detect and mitigate risky user behaviors (e.g., data exfiltration by insiders) rather than automatically classifying and protecting documents based on their content.

645
MCQhard

Refer to the exhibit. The administrator wants to reduce costs by reclaiming unused licenses. However, they must ensure that no user loses access to services. What should they do?

A.Purchase fewer licenses next month to offset the unused count
B.Identify users with no activity for 90 days and remove their licenses
C.Remove licenses from 30 users who have not logged in for 30 days
D.Reassign the 30 unused licenses to new users
AnswerB

A 90-day inactivity period is a common threshold to confirm unused accounts.

Why this answer

Option B is correct because the administrator should identify users with no activity for 90 days and then remove their licenses. This approach directly reclaims unused licenses while ensuring that only truly inactive users lose access, minimizing the risk of disrupting active users. Microsoft 365 provides usage reports (e.g., in the Microsoft 365 admin center) that can show sign-in activity over the last 30, 60, or 90 days, allowing precise identification of dormant accounts.

Exam trap

The trap here is that candidates confuse 'reclaiming unused licenses' with 'reassigning licenses' or use an overly short inactivity period (30 days), failing to recognize that Microsoft 365 requires a longer, more conservative threshold to avoid disrupting users who are temporarily inactive.

How to eliminate wrong answers

Option A is wrong because purchasing fewer licenses next month does not reclaim currently unused licenses; it only reduces future costs and does not address the immediate need to free up licenses without risking service disruption. Option C is wrong because removing licenses from users who have not logged in for 30 days is too aggressive; 30 days of inactivity may include legitimate users on vacation or leave, and Microsoft 365 best practices recommend a longer inactivity period (e.g., 90 days) to avoid accidentally removing active users. Option D is wrong because reassigning the 30 unused licenses to new users does not reclaim licenses; it simply redistributes them, leaving the total license count unchanged and not reducing costs.

646
MCQmedium

A project manager needs to collect weekly status reports from team members. They want to create a simple form where team members can submit updates, and the responses should automatically be stored in an Excel spreadsheet. The manager also wants a notification sent to their email when a new response is submitted. Which Microsoft 365 app(s) should be used together?

A.Microsoft Forms and Microsoft Power Automate
B.Microsoft Forms only
C.Microsoft Lists and Power Automate
D.Microsoft Excel only
AnswerA

Forms captures responses in Excel, and Power Automate can send a notification on new submission.

Why this answer

Microsoft Forms allows you to create a simple form for collecting weekly status reports, and its built-in integration with Microsoft Power Automate enables automatic storage of responses into an Excel spreadsheet and sending email notifications when a new response is submitted. Power Automate provides the workflow logic to connect Forms to Excel and trigger the notification, making this combination the correct solution.

Exam trap

The trap here is that candidates may think Microsoft Forms alone can handle Excel storage and notifications, or that Microsoft Lists is a suitable form builder, when in fact Power Automate is required to bridge the gap between form input and automated data storage/notification.

How to eliminate wrong answers

Option B is wrong because Microsoft Forms alone cannot automatically store responses in an Excel spreadsheet or send email notifications; it only collects responses in its own web-based dashboard or exports them manually. Option C is wrong because Microsoft Lists is designed for structured data management and collaboration, not for creating simple forms; while Power Automate could be used, the form creation requirement is not met by Lists. Option D is wrong because Microsoft Excel alone cannot create a form for user input or send notifications; it is a spreadsheet application without form or workflow capabilities.

647
MCQhard

A security administrator needs to automatically restrict access to documents that contain 'PII' (personally identifiable information) so that only employees in the 'Data Privacy' security group can view them. Additionally, editing and printing of these documents must be disabled. Which combination of Microsoft Purview features should be used?

A.Sensitivity labels with auto-labeling and encryption that restricts permissions to the 'Data Privacy' group
B.Data Loss Prevention (DLP) policy with a block action
C.Retention policy with a restrict action
D.Privileged Identity Management (PIM)
AnswerA

Sensitivity labels can automatically classify documents containing PII and enforce encryption, allowing only authorized users with view-only rights.

Why this answer

Option A is correct because sensitivity labels in Microsoft Purview can be configured with auto-labeling to automatically detect and classify documents containing PII, and then apply encryption that restricts access to only the 'Data Privacy' security group. Additionally, the label can enforce usage rights such as 'View Only' to disable editing and printing, meeting all requirements.

Exam trap

The trap here is that candidates often confuse DLP policies with sensitivity labels, not realizing that DLP blocks data in motion or at rest but cannot enforce persistent document-level permissions like disabling editing or printing.

How to eliminate wrong answers

Option B is wrong because a DLP policy with a block action can prevent sharing or transmission of PII data but cannot restrict access to documents already stored or disable editing/printing within the document itself. Option C is wrong because a retention policy is designed to preserve or delete data based on timeframes, not to restrict access or control permissions on documents. Option D is wrong because Privileged Identity Management (PIM) manages just-in-time privileged role assignments and does not classify, label, or restrict access to documents based on content.

648
MCQmedium

A consulting firm needs a tool to allow customers to book 30-minute online consulting sessions. The tool must show real-time availability of consultants, send automatic reminders, and allow customers to reschedule. Which Microsoft 365 app should they use?

A.Microsoft Bookings
B.Microsoft Teams
C.Microsoft Forms
D.Microsoft Lists
AnswerA

Microsoft Bookings provides a customer-facing scheduling page that displays available slots, sends reminders, and allows rescheduling.

Why this answer

Microsoft Bookings is the correct choice because it is a Microsoft 365 app specifically designed for scheduling and managing appointments. It provides a public booking page that shows real-time consultant availability, sends automatic email and SMS reminders, and allows customers to reschedule or cancel bookings directly, meeting all the stated requirements.

Exam trap

The trap here is that candidates may confuse Microsoft Teams' scheduling feature (which is for internal meetings) with the customer-facing appointment booking capabilities of Microsoft Bookings, leading them to incorrectly select Teams.

How to eliminate wrong answers

Option B is wrong because Microsoft Teams is a collaboration and communication platform (chat, meetings, calls) and does not include native appointment scheduling with real-time availability display, automatic reminders, or customer-facing rescheduling capabilities. Option C is wrong because Microsoft Forms is a survey and quiz creation tool for collecting data; it cannot manage real-time availability, send automatic reminders, or handle rescheduling of appointments. Option D is wrong because Microsoft Lists is a data tracking and organization app for creating lists and workflows; it lacks built-in scheduling features like real-time availability, automated reminders, and customer self-service rescheduling.

649
MCQhard

You are the Microsoft 365 administrator for Contoso Ltd., a multinational company with 5,000 employees. The company uses Microsoft 365 E5 licenses for all users. The HR department has requested a solution to onboard new employees more efficiently. Currently, when a new employee is hired, IT manually creates a user account in Microsoft Entra ID (formerly Azure AD), assigns licenses, creates a mailbox in Exchange Online, and provisions a OneDrive for Business account. This process takes approximately 2 hours per employee and is prone to errors. The HR team uses a third-party HR system (Workday) to manage employee records. When an employee is hired in Workday, HR wants the process to be automated so that within 15 minutes, the employee has a Microsoft 365 account, appropriate licenses based on their department, and access to Microsoft Teams and SharePoint Online. Additionally, the employee should be automatically added to a Microsoft 365 group for their department. The solution must minimize manual intervention and ensure that only authorized HR personnel can trigger the automation. What should you implement?

A.Deploy Microsoft Identity Manager (MIM) to synchronize Workday with on-premises AD, then sync to Entra ID.
B.Configure Workday to Microsoft Entra ID user provisioning in the Microsoft Entra admin center.
C.Create a Power Automate flow that triggers when a new employee is added to a SharePoint Online list, then uses Graph API to create the user.
D.Develop a custom solution using Microsoft Graph API and Azure Functions that polls Workday for changes.
AnswerB

Workday integration with Entra ID automates user provisioning and group membership.

Why this answer

Option B is correct because Workday to Microsoft Entra ID user provisioning is a built-in, cloud-native integration that automates the entire lifecycle of user accounts—creation, license assignment, group membership, and access to apps like Teams and SharePoint—directly from Workday HR events. It meets the 15-minute requirement, minimizes manual intervention, and can be scoped to allow only authorized HR personnel to trigger the automation via role-based access control in Entra ID.

Exam trap

The trap here is that candidates often confuse on-premises identity tools like MIM with cloud-native provisioning, or they overcomplicate the solution with custom development when a built-in connector exists, failing to recognize that Microsoft 365 E5 includes Entra ID P2 features that support automated HR-driven provisioning.

How to eliminate wrong answers

Option A is wrong because Microsoft Identity Manager (MIM) is an on-premises identity management solution that requires a local Active Directory infrastructure and adds complexity, latency, and manual steps; it does not provide the cloud-native, near-real-time provisioning from Workday directly to Entra ID that the scenario demands. Option C is wrong because a Power Automate flow triggered by a SharePoint Online list is not a secure or reliable way to create user accounts—it bypasses proper HR source-of-truth integration, lacks lifecycle management, and introduces security risks by relying on a manually maintained list. Option D is wrong because developing a custom solution with Microsoft Graph API and Azure Functions that polls Workday is unnecessarily complex, requires ongoing maintenance, and does not leverage the pre-built, supported Workday-to-Entra ID provisioning connector that is designed for this exact use case.

650
MCQmedium

A project team needs to track action items and issues in a shared list that is accessible from within Outlook and SharePoint. They need to be able to create custom columns, set reminders, and view a history of changes. Which Microsoft 365 app is best suited for this?

A.Microsoft Lists
B.Microsoft To Do
C.Microsoft Planner
D.Microsoft Viva Engage
AnswerA

Microsoft Lists is designed for tracking and sharing customizable lists with version history, integrations, and reminders.

Why this answer

Microsoft Lists is the correct choice because it provides a shared, customizable list that integrates directly with both Outlook and SharePoint. It allows users to create custom columns, set reminders via Power Automate or column formatting, and track version history for changes, meeting all specified requirements.

Exam trap

The trap here is that candidates often confuse Microsoft Planner's task boards with the structured list and column customization capabilities of Microsoft Lists, overlooking the specific need for custom columns and change history.

How to eliminate wrong answers

Option B is wrong because Microsoft To Do is a personal task management app that lacks shared lists accessible from SharePoint and does not support custom columns or change history tracking. Option C is wrong because Microsoft Planner is designed for team task management with boards and buckets, but it does not offer custom columns or a detailed change history view like Lists does. Option D is wrong because Microsoft Viva Engage is an employee engagement and social networking platform, not a list or task tracking tool, and it cannot create custom columns or track action items with reminders.

651
MCQmedium

Your organization is deploying Microsoft 365 and needs to ensure that data stored in SharePoint Online and OneDrive for Business is protected against accidental deletion by end users. The compliance team requires that deleted files be recoverable for at least 90 days. What should you implement?

A.Enable versioning on all document libraries.
B.Create a Microsoft Purview retention policy with a retention period of 90 days.
C.Increase the SharePoint Online recycle bin retention to 90 days.
D.Configure a Microsoft Purview Data Loss Prevention (DLP) policy for SharePoint.
AnswerB

A retention policy preserves data for the specified period, including deleted items.

Why this answer

Option C is correct because the Microsoft Purview retention policy with a retention action of 'Keep items for 90 days' preserves deleted items for the specified period. Option A is wrong because versioning only keeps previous versions, not deleted items. Option B is wrong because recycle bin default retention is 93 days but can be changed, but a retention policy provides a guaranteed 90-day retention.

Option D is wrong because DLP policies do not retain deleted items.

652
MCQhard

A security administrator needs to automatically restrict access to documents labeled as 'Highly Confidential' when accessed from devices that are not joined to the domain. The restriction should block editing and printing, and apply encryption. Which combination of Microsoft 365 solutions should the administrator use?

A.Microsoft Purview Information Protection + Microsoft Entra ID Conditional Access
B.Microsoft Purview Data Loss Prevention + Microsoft Entra ID Identity Protection
C.Microsoft Defender for Office 365 + Microsoft 365 Business Premium
D.Microsoft Purview Audit + Microsoft Entra ID Privileged Identity Management
AnswerA

Sensitivity labels defined in MIP can enforce encryption and usage restrictions. Conditional Access policies can require domain-joined devices for access, creating a layered approach.

Why this answer

Option A is correct because Microsoft Purview Information Protection (MIP) allows you to create sensitivity labels that apply encryption, restrict editing, and block printing on documents. Microsoft Entra ID Conditional Access can then enforce that these labels are automatically applied based on device compliance (e.g., devices not joined to the domain). Together, they provide the automated, policy-driven restriction described.

Exam trap

The trap here is that candidates confuse Microsoft Purview Data Loss Prevention (DLP) with Information Protection, not realizing DLP only monitors and blocks data in transit (e.g., email) and cannot enforce encryption or usage restrictions on documents at rest.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Data Loss Prevention (DLP) detects and prevents accidental sharing of sensitive data but does not apply encryption or restrict editing/printing on documents; it blocks transmission via email or apps. Microsoft Entra ID Identity Protection focuses on user risk and sign-in anomalies, not device-based access control. Option C is wrong because Microsoft Defender for Office 365 protects against email threats (phishing, malware) and does not enforce document-level restrictions like encryption or editing/printing.

Microsoft 365 Business Premium is a licensing bundle, not a specific solution for this scenario. Option D is wrong because Microsoft Purview Audit logs user and admin activities but does not enforce access restrictions. Microsoft Entra ID Privileged Identity Management (PIM) manages just-in-time privileged role assignments, not document-level encryption or device-based access control.

653
MCQhard

An organization has users who frequently collaborate on documents across departments. They want to ensure that when a document is shared with external partners, the external users must authenticate using Azure AD credentials and cannot download or print the document. Which combination of Microsoft 365 features should they use?

A.Microsoft Teams guest access and Microsoft Defender for Cloud Apps session policies
B.OneDrive sharing settings with 'Anyone' links and Microsoft Purview Data Loss Prevention
C.SharePoint external sharing with 'Specific people' and Microsoft Purview Information Protection with 'View Only' permission
D.SharePoint anonymous sharing links and Microsoft Purview Sensitivity Labels
AnswerC

Specific people requires authentication; View Only restricts download/print.

Why this answer

Option C is correct because SharePoint 'Specific people' external sharing restricts access to explicitly invited users who must authenticate with Azure AD credentials, while Microsoft Purview Information Protection's 'View Only' permission prevents downloading, printing, and copying of the document. This combination meets both requirements: enforced authentication and restricted document actions.

Exam trap

The trap here is that candidates often confuse SharePoint external sharing settings (which control access) with Microsoft Purview Information Protection (which controls usage rights), and mistakenly think that simply restricting sharing to 'Specific people' alone prevents download/print, or that Sensitivity Labels alone enforce authentication.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams guest access does not inherently prevent download or print actions; it relies on additional configuration, and Microsoft Defender for Cloud Apps session policies are for monitoring and controlling app access, not for granular document-level restrictions like view-only. Option B is wrong because 'Anyone' links allow anonymous access without Azure AD authentication, and Microsoft Purview Data Loss Prevention (DLP) is designed to prevent data leaks via policies, not to enforce per-document view-only permissions. Option D is wrong because SharePoint anonymous sharing links do not require Azure AD authentication, and Microsoft Purview Sensitivity Labels can apply encryption but do not natively enforce a 'View Only' permission that blocks download and print without additional configuration.

654
MCQmedium

A company wants to prevent users from sharing documents that contain credit card numbers via email. When a user attempts to share such a document, they should see a policy tip explaining the restriction and the share should be blocked. Which Microsoft Purview solution should the compliance team configure?

A.Retention policy
B.Data Loss Prevention (DLP) policy
C.Sensitivity label
D.Information Barriers
AnswerB

DLP policies can detect sensitive information such as credit card numbers and enforce actions like blocking the email and displaying a policy tip to the user.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies are specifically designed to detect sensitive information types—such as credit card numbers—in documents and emails, and then automatically block sharing while displaying a policy tip to the user. This matches the requirement exactly: DLP can inspect content for credit card patterns using built-in sensitive info types (e.g., Credit Card Number), enforce actions like 'Block' with an overridable policy tip, and apply to Exchange Online, SharePoint, OneDrive, and Teams. Retention policies only manage data lifecycle, not content-based blocking.

Exam trap

Microsoft often tests the distinction between DLP (which inspects content for sensitive data and blocks actions) and Sensitivity labels (which apply classification and protection but do not natively scan for specific data patterns like credit card numbers to enforce blocking with policy tips).

How to eliminate wrong answers

Option A is wrong because a Retention policy is used to preserve or delete data based on age or legal requirements, not to inspect content for sensitive information or block sharing in real time. Option C is wrong because a Sensitivity label applies classification and protection (e.g., encryption, visual markings) but does not natively scan for specific data patterns like credit card numbers or enforce block actions with policy tips; it relies on manual or automatic labeling, not content inspection for predefined sensitive types. Option D is wrong because Information Barriers are designed to restrict communication and collaboration between specific groups (e.g., to prevent conflicts of interest), not to scan content for sensitive data or block sharing based on data patterns.

655
Multi-Selectmedium

An organization wants to block sharing of documents containing credit card numbers. Which two statements are accurate about the Microsoft 365 capability involved?

Select 2 answers
A.Data Loss Prevention policies
B.It replaces the need for identity and access management
C.It requires every document to be made public
D.The policy should be tested with a limited group before broad rollout
AnswersA, D

DLP detects sensitive information types and can restrict sharing across Microsoft 365 locations.

Why this answer

Data Loss Prevention (DLP) policies in Microsoft 365 are specifically designed to detect and block the sharing of sensitive information, such as credit card numbers, by scanning content for predefined or custom sensitive information types. When a match is found, DLP can enforce actions like blocking the share or sending a notification, directly addressing the organization's requirement. This capability operates across Exchange Online, SharePoint, OneDrive, and Teams, providing comprehensive protection against accidental or malicious data leaks.

Exam trap

The trap here is that candidates may confuse DLP with identity and access management (IAM) or assume DLP requires public exposure of documents, when in fact DLP is a content-aware security control that operates independently of access permissions and typically restricts sharing rather than requiring it.

656
Multi-Selectmedium

Which THREE Microsoft 365 apps are part of the Microsoft Viva employee experience platform?

Select 3 answers
A.Viva Insights
B.Viva Engage
C.Viva Connections
D.Microsoft Teams
E.Viva Learning
AnswersA, C, E

Viva Insights provides productivity and wellbeing analytics.

Why this answer

Viva Insights is correct because it is a core module of the Microsoft Viva employee experience platform that provides data-driven, privacy-protected insights to help individuals and managers improve productivity, wellbeing, and work-life balance. It leverages Microsoft Graph data to analyze collaboration patterns and deliver actionable recommendations directly within Microsoft Teams and the Viva Insights app.

Exam trap

The trap here is that candidates often confuse Microsoft Teams (the platform) with the Viva modules that run within it, leading them to select Teams as a Viva component instead of recognizing that Viva Connections, Viva Insights, and Viva Learning are the three core apps that make up the employee experience platform.

657
MCQmedium

A user reports that Microsoft Teams meetings frequently drop audio. During troubleshooting, you discover that the user's network has high jitter and packet loss. Which Microsoft 365 service should you use to analyze the user's connection quality and identify the root cause?

A.Microsoft Defender XDR
B.Microsoft 365 Network Connectivity Center
C.Microsoft Teams admin center
D.Microsoft Intune
AnswerB

Provides network performance analytics and troubleshooting for Microsoft 365 services.

Why this answer

B is correct because Microsoft 365 Network Connectivity Center is specifically designed to analyze network performance metrics like jitter, packet loss, and latency in real time. It provides detailed insights into connection quality between a user's device and Microsoft 365 services, enabling you to pinpoint the root cause of audio drops in Teams meetings.

Exam trap

The trap here is that candidates often confuse the Microsoft Teams admin center's call analytics (which shows per-user call quality) with the Network Connectivity Center's broader network-level diagnostics, leading them to pick option C instead of B.

How to eliminate wrong answers

Option A is wrong because Microsoft Defender XDR is a security solution for threat detection and response, not a network performance analysis tool. Option C is wrong because the Microsoft Teams admin center provides call analytics and quality dashboards for individual users, but it does not offer the broader network-level analysis and diagnostic tools that Network Connectivity Center provides. Option D is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) service, focused on device compliance and app policies, not network connectivity analysis.

658
MCQmedium

A small business with 10 employees needs desktop versions of Office apps (Word, Excel, PowerPoint), business-class email, and the ability to host online meetings with up to 250 attendees. They also require basic device management to enforce security policies on company-owned devices. They do not need advanced analytics or compliance features. Which Microsoft 365 plan is most suitable?

A.Microsoft 365 Business Basic
B.Microsoft 365 Business Standard
C.Microsoft 365 Business Premium
D.Microsoft 365 Apps for Business
AnswerC

Business Premium delivers desktop Office apps, email, Teams, and device management via Microsoft Intune, meeting all stated requirements.

Why this answer

Microsoft 365 Business Premium is the most suitable plan because it includes desktop versions of Office apps (Word, Excel, PowerPoint), business-class email via Exchange Online, Microsoft Teams for hosting online meetings with up to 250 attendees, and Intune for basic device management to enforce security policies on company-owned devices. This plan uniquely combines the required productivity, communication, and security management features without the advanced analytics or compliance capabilities that would be unnecessary for this small business.

Exam trap

The trap here is that candidates often confuse Microsoft 365 Business Standard as sufficient because it includes desktop apps and email, but they overlook the explicit requirement for basic device management, which is only available in Business Premium through Intune.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Basic provides only web and mobile versions of Office apps, not the desktop versions required by the scenario. Option B is wrong because Microsoft 365 Business Standard includes desktop Office apps and email but lacks the device management capabilities (Intune) needed to enforce security policies on company-owned devices. Option D is wrong because Microsoft 365 Apps for Business includes only desktop Office apps and does not include business-class email (Exchange Online) or the ability to host online meetings via Teams.

659
MCQeasy

A user needs to sign in to Microsoft 365 from an untrusted device. The company requires multifactor authentication (MFA) for all external access. Which Microsoft Entra ID feature enforces this requirement?

A.Microsoft Entra ID Protection
B.Security defaults
C.Microsoft Entra ID Password Protection
D.Conditional Access
AnswerD

Conditional Access can require MFA based on location, device, and other conditions.

Why this answer

Option C is correct. Conditional Access policies can require MFA based on conditions like device trust. Option A is wrong because Password protection prevents weak passwords.

Option B is wrong because identity protection detects risks, not enforces MFA. Option D is wrong because security defaults provide baseline security but are not customizable like Conditional Access.

660
MCQmedium

While preparing a Microsoft 365 adoption plan, a consultant is asked to manage leads, opportunities, customer accounts, and sales processes. Microsoft 365 app or service is the best fit?

A.Dynamics 365 Sales
B.Microsoft Planner
C.Microsoft Forms
D.Microsoft Purview Audit
AnswerA

Dynamics 365 Sales provides CRM capabilities for sales teams.

Why this answer

Dynamics 365 Sales is purpose-built for managing leads, opportunities, customer accounts, and sales processes as part of the Microsoft 365 ecosystem. It provides a customer relationship management (CRM) platform with pipeline management, sales automation, and analytics, directly aligning with the consultant's requirements.

Exam trap

The trap here is that candidates may confuse Microsoft Planner's task management features with CRM functionality, or assume Microsoft Forms can handle sales processes due to its data collection capabilities, but neither provides the structured pipeline and account management required for sales.

How to eliminate wrong answers

Option B is wrong because Microsoft Planner is a task management tool for organizing work among teams, not designed for CRM functions like lead or opportunity tracking. Option C is wrong because Microsoft Forms is a survey and data collection tool, lacking sales process management capabilities. Option D is wrong because Microsoft Purview Audit is a compliance and auditing solution for tracking user activities, unrelated to sales pipeline or customer account management.

661
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to delegate SharePoint and OneDrive administration without full tenant control. Microsoft 365 licensing, admin, or support concept is most relevant?

A.SharePoint Administrator
B.Microsoft Forms
C.Microsoft Whiteboard
D.Microsoft Stream
AnswerA

SharePoint Administrator manages SharePoint Online and OneDrive settings.

Why this answer

The SharePoint Administrator role in Microsoft 365 provides delegated administration for SharePoint and OneDrive without granting full tenant-wide control. This role allows management of site collections, sharing policies, and storage limits while excluding access to other workloads like Exchange or Azure AD. It is the correct choice for the help desk lead's requirement.

Exam trap

The trap here is that candidates may confuse the SharePoint Administrator role with the Global Administrator role, assuming full control is needed, or mistakenly think a specific application (like Forms or Whiteboard) provides administrative delegation when they are merely end-user tools.

How to eliminate wrong answers

Option B (Microsoft Forms) is wrong because it is a survey and quiz tool, not an administrative role or delegation mechanism for SharePoint/OneDrive. Option C (Microsoft Whiteboard) is wrong because it is a collaborative canvas application, unrelated to delegated administration. Option D (Microsoft Stream) is wrong because it is a video management service, not an administrative role for SharePoint or OneDrive.

662
MCQmedium

Your organization has 500 users and needs to comply with data residency requirements in the EU. You plan to purchase Microsoft 365 E3 subscriptions. Which licensing option should you choose to ensure data is stored only in EU datacenters?

A.Microsoft 365 Business Basic
B.Microsoft 365 E3 with Data Residency add-on
C.Office 365 E3
D.Microsoft 365 E5
AnswerB

E3 includes the necessary compliance tools and the add-on ensures EU data residency.

Why this answer

Microsoft 365 E3 with the Data Residency add-on ensures that customer data at rest is stored only in EU datacenters, meeting EU data residency requirements. The base Microsoft 365 E3 subscription does not guarantee EU-only storage; the add-on provides the necessary data location commitment and compliance controls.

Exam trap

The trap here is that candidates assume higher-tier plans like E5 automatically include all compliance features, but data residency requires a specific add-on regardless of the base plan tier.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Business Basic is a plan for smaller organizations (up to 300 users) and does not include the Data Residency add-on or guarantee EU-only datacenter storage. Option C is wrong because Office 365 E3 lacks the Windows and Enterprise Mobility + Security components of Microsoft 365 E3, and more importantly, it does not include the Data Residency add-on option for EU-only storage. Option D is wrong because Microsoft 365 E5, while a higher-tier plan, does not inherently enforce EU-only data storage; it also requires the Data Residency add-on to meet this specific requirement.

663
MCQeasy

Which cloud computing characteristic allows users to provision resources such as virtual machines and storage without requiring human interaction with the service provider?

A.Measured service
B.On-demand self-service
C.Resource pooling
D.Rapid elasticity
AnswerB

On-demand self-service allows users to provision resources automatically without human interaction.

Why this answer

On-demand self-service is one of the five essential characteristics of cloud computing defined by NIST. It enables users to automatically provision computing resources as needed through a web portal or API, without requiring manual intervention from the service provider.

664
MCQmedium

A company is subject to GDPR and needs to respond to a data subject request to delete a user's personal data from Microsoft 365. Which Microsoft Purview solution should be used?

A.Microsoft Purview Information Protection
B.Microsoft Purview Data Lifecycle Management
C.Microsoft Purview eDiscovery
D.Microsoft Purview Audit
AnswerB

It includes retention labels and policies to manage DSRs.

Why this answer

Microsoft Purview Data Lifecycle Management (formerly Records Management) includes capabilities to manage data subject requests under GDPR. Option C is correct. Options A, B, and D are not designed for DSR management.

665
MCQhard

Your organization has a mix of Microsoft 365 E3 and E5 licenses. You want to ensure that all users have the same security baseline. Which licensing strategy should you use?

A.Assign Microsoft 365 E5 licenses to users requiring advanced security and keep E3 for others
B.Upgrade all users to Microsoft 365 E5
C.Downgrade all users to Microsoft 365 E3
D.Purchase a single E5 license and share it across all users
AnswerA

This optimizes cost while meeting security requirements.

Why this answer

Option A is correct because it aligns with a least-privilege security model: users who need advanced security features (e.g., Microsoft 365 E5's Microsoft Defender for Office 365, Microsoft Purview compliance, and advanced threat analytics) receive E5 licenses, while others retain E3. This ensures a consistent security baseline across the organization by applying the highest available security controls only where necessary, avoiding unnecessary cost and complexity.

Exam trap

The trap here is that candidates may assume a uniform license tier (E5 for all) is the simplest way to achieve a consistent security baseline, overlooking the cost implications and the fact that E3 already provides a strong baseline—E5 adds advanced capabilities that should be targeted only where needed.

How to eliminate wrong answers

Option B is wrong because upgrading all users to Microsoft 365 E5 would incur significant unnecessary costs for users who do not require advanced security features, violating cost-optimization principles. Option C is wrong because downgrading all users to Microsoft 365 E3 would remove advanced security capabilities (e.g., Microsoft Defender for Office 365 Plan 2, Microsoft Purview Information Protection, and Insider Risk Management) from users who need them, weakening the overall security baseline. Option D is wrong because Microsoft 365 licenses are per-user, not per-device or shared; a single E5 license cannot be shared across multiple users, as each user requires an individual license to comply with Microsoft's licensing terms.

666
MCQeasy

Your organization is deploying Microsoft 365 for a healthcare company that must comply with HIPAA. Which Microsoft 365 compliance feature should you use to prevent sensitive patient data from being shared externally via email?

A.Microsoft Purview Message Encryption
B.Microsoft Purview eDiscovery
C.Microsoft Purview Audit
D.Microsoft Purview Data Loss Prevention (DLP)
AnswerD

DLP policies can detect and block sharing of sensitive data.

Why this answer

Data Loss Prevention (DLP) policies are designed to detect and prevent sharing of sensitive data such as health information. Options A and B are not directly about preventing data leakage, and Option D is about encryption but not policy-based prevention.

667
MCQmedium

A company uses Microsoft Viva Insights to improve employee wellbeing. The HR team wants to identify which teams frequently work after 8 PM. Which Viva Insights feature should they use?

A.Viva Insights
B.Viva Learning
C.Viva Topics
D.Viva Connections
AnswerA

Viva Insights provides analytics on collaboration patterns, including after-hours work.

Why this answer

Microsoft Viva Insights provides personalized wellbeing and productivity analytics, including the ability to analyze collaboration patterns such as after-hours work. The HR team can use the 'Workplace Analytics' feature within Viva Insights to query and report on teams that frequently work after 8 PM, leveraging data from Microsoft 365 signals like email and meeting timestamps.

Exam trap

The trap here is that candidates may confuse Viva Insights with Viva Connections because both appear in the 'employee experience' category, but Connections is a portal for content delivery, not for analyzing behavioral data like after-hours work patterns.

How to eliminate wrong answers

Option B is wrong because Viva Learning is a centralized learning hub for accessing training content and courses, not for analyzing employee work patterns or wellbeing metrics. Option C is wrong because Viva Topics uses AI to automatically organize content into knowledge topics (like project or product pages) and does not provide any analytics on work hours or collaboration behavior. Option D is wrong because Viva Connections is a personalized dashboard for company news, resources, and tasks, but it lacks the deep behavioral analytics and querying capabilities needed to identify after-hours work patterns.

668
Multi-Selectmedium

Which TWO of the following are key benefits of using Microsoft Purview Information Protection? (Choose two.)

Select 2 answers
A.It automatically detects and blocks phishing emails.
B.It enables organizations to meet compliance requirements by applying protection.
C.It manages device compliance with Conditional Access.
D.It provides backup and recovery for SharePoint Online.
E.It helps classify and protect sensitive data across Microsoft 365.
AnswersB, E

It assists in meeting compliance obligations.

Why this answer

Option A is correct because Information Protection helps classify and protect sensitive data. Option B is correct because it helps meet compliance requirements by applying protection. Option C is incorrect because it does not directly detect phishing.

Option D is incorrect because Information Protection is not a backup solution. Option E is incorrect because it does not manage device compliance.

669
MCQmedium

A marketing team needs to create a dashboard that shows real-time sales data from Dynamics 365 and customer feedback from social media. Which Microsoft 365 service should they use to build this dashboard?

A.Microsoft Power BI
B.Microsoft Power Automate
C.Microsoft SharePoint
D.Microsoft Power Apps
AnswerA

Power BI can pull data from Dynamics 365 and social media to build real-time dashboards.

Why this answer

Microsoft Power BI is the correct service because it is designed to connect to multiple data sources, including Dynamics 365 for real-time sales data and social media APIs for customer feedback, and then create interactive, real-time dashboards. It provides built-in connectors, real-time streaming datasets, and the ability to publish dashboards for team-wide access, making it the ideal tool for this marketing requirement.

Exam trap

The trap here is that candidates often confuse Power Automate or Power Apps as dashboard-building tools because they are part of the Power Platform, but only Power BI provides the dedicated data visualization and real-time analytics capabilities required for this scenario.

How to eliminate wrong answers

Option B (Microsoft Power Automate) is wrong because it is a workflow automation tool that triggers actions based on events, not a dashboard or visualization service; it cannot natively render charts or graphs. Option C (Microsoft SharePoint) is wrong because it is a document management and collaboration platform that can host web parts but lacks native real-time data visualization and direct integration with Dynamics 365 and social media APIs for live dashboards. Option D (Microsoft Power Apps) is wrong because it is a low-code application development platform for building custom apps, not a business intelligence tool for creating dashboards; while it can display data, it does not provide the dedicated analytics, real-time streaming, and visualization capabilities of Power BI.

670
MCQmedium

A company has 250 users with Microsoft 365 E3 licenses. They need to add Microsoft Defender for Office 365 Plan 2 (for advanced threat protection and automated investigation) and Microsoft 365 E5 eDiscovery and Audit capabilities for legal investigations. They want to keep their existing E3 subscriptions and minimize additional costs. What is the most cost-effective licensing approach?

A.Upgrade all users to Microsoft 365 E5
B.Purchase the Microsoft 365 E5 Security add-on for all users
C.Purchase the Microsoft 365 E5 Compliance add-on for all users
D.Purchase the Microsoft Defender for Office 365 Plan 2 add-on and the Microsoft 365 E5 eDiscovery and Audit add-on separately
AnswerD

Both add-ons are available for E3, providing exactly the needed capabilities without paying for unnecessary features.

Why this answer

Option D is correct because it allows the company to add only the specific capabilities they need—Microsoft Defender for Office 365 Plan 2 and Microsoft 365 E5 eDiscovery and Audit—without upgrading the entire E3 license. This approach minimizes costs by purchasing only the required add-ons, leveraging the existing E3 subscription as the base.

Exam trap

The trap here is that candidates often assume the Microsoft 365 E5 Security add-on covers all advanced security and compliance needs, but it does not include the E5 eDiscovery and Audit capabilities, which require a separate Compliance add-on.

How to eliminate wrong answers

Option A is wrong because upgrading all 250 users to Microsoft 365 E5 would include many unnecessary features (e.g., advanced analytics, Power BI Pro) and cost significantly more than purchasing targeted add-ons. Option B is wrong because the Microsoft 365 E5 Security add-on includes Defender for Office 365 Plan 2 but does not include the E5 eDiscovery and Audit capabilities (those are part of the Compliance add-on). Option C is wrong because the Microsoft 365 E5 Compliance add-on includes E5 eDiscovery and Audit but does not include Defender for Office 365 Plan 2 (which is a Security add-on).

671
MCQmedium

Refer to the exhibit. An administrator configured a sensitivity label with auto-labeling for credit card numbers. What happens when a user creates a document containing a credit card number and saves it to SharePoint Online?

A.The label is applied only when the user manually selects it.
B.The label is automatically applied, and the document is encrypted.
C.The document is blocked from being saved.
D.The label is applied, but encryption is not enforced because the user can override.
AnswerB

Auto-labeling detects credit card numbers and applies the label with encryption.

Why this answer

The auto-labeling rule will automatically apply the label, which then encrypts the document and sets an expiration date. Option C is correct.

672
MCQhard

A company wants to implement a solution where employees can ask questions in natural language and get answers from internal knowledge bases. Which Microsoft 365 service should they use?

A.Copilot for Microsoft 365
B.Microsoft Search
C.Bing Chat Enterprise
D.Microsoft Viva Answers
AnswerA

Copilot can answer natural language questions using enterprise data.

Why this answer

Option B is correct because Copilot for Microsoft 365 can answer questions using enterprise data. Option A is wrong because Viva Answers is a Q&A feature but less comprehensive. Option C is wrong because Search is basic.

Option D is wrong because Bing Chat Enterprise is for web search.

673
MCQhard

You are designing a solution for a global company that needs to store documents in a central location with granular permission control. Which service should you recommend?

A.Microsoft Teams
B.OneDrive for Business
C.Exchange Online
D.SharePoint
AnswerD

SharePoint provides central storage with granular permissions.

Why this answer

SharePoint is the correct choice because it is designed as a centralized document management and collaboration platform that supports granular permission control at the site, library, folder, and item levels. Unlike other services, SharePoint allows administrators to define unique permissions using SharePoint groups or Azure AD security groups, enabling precise access management for a global company's document storage needs.

Exam trap

The trap here is that candidates often confuse OneDrive for Business with SharePoint, thinking OneDrive can serve as a central document repository, but OneDrive is designed for personal storage and lacks the centralized administration and granular permission inheritance that SharePoint provides for enterprise document management.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams is a chat-based collaboration workspace that stores files in the underlying SharePoint site for each team, but it does not provide native granular permission control beyond team-level settings; permissions are inherited from SharePoint. Option B is wrong because OneDrive for Business is a personal cloud storage service intended for individual file storage and sharing, not for centralized document storage with granular permission control across an organization; it lacks site-level administration and advanced permission inheritance features. Option C is wrong because Exchange Online is an email and calendaring service that stores mailbox data, not documents; it does not offer document storage or permission management for files.

674
MCQmedium

A company has 50 users with Microsoft 365 Business Basic licenses. They want to allow dial-in access to their online meetings for participants who cannot use VoIP. They need to minimize additional licensing costs. What should they purchase?

A.Audio Conferencing add-on
B.Phone System add-on
C.Microsoft 365 Business Voice
D.Upgrade to Microsoft 365 Business Standard
AnswerA

Correct. Audio Conferencing enables participants to dial into meetings using a phone number, which is exactly what the company needs.

Why this answer

Audio Conferencing is the correct add-on because it provides dial-in (PSTN) access to Microsoft Teams meetings, allowing participants to join via phone when VoIP is unavailable. Since the company already has Microsoft 365 Business Basic licenses, which include Teams but not dial-in capabilities, purchasing the Audio Conferencing add-on per user is the most cost-effective way to enable this feature without upgrading the entire license.

Exam trap

The trap here is that candidates confuse the Phone System add-on (which handles internal call routing) with Audio Conferencing (which provides external dial-in to meetings), leading them to pick the wrong add-on for PSTN meeting access.

How to eliminate wrong answers

Option B (Phone System add-on) is wrong because Phone System provides PBX capabilities (call queues, auto attendants, and internal call routing) but does not include dial-in access to meetings; it requires additional calling plans or third-party trunking for PSTN connectivity. Option C (Microsoft 365 Business Voice) is wrong because it bundles Phone System and a calling plan for domestic calls, which is overkill and more expensive than just needing dial-in meeting access; it also requires a minimum of 5 users and includes features not needed here. Option D (Upgrade to Microsoft 365 Business Standard) is wrong because Business Standard does not include Audio Conferencing; it only adds desktop Office apps and additional cloud services, not PSTN dial-in for meetings, so it would not solve the requirement and costs more than the add-on.

675
MCQmedium

A company uses Infrastructure-as-a-Service (IaaS) from a cloud provider. They have deployed virtual machines running a custom application. The cloud provider supplies the physical hardware, networking, and storage. Who is responsible for patching the operating system of the virtual machines?

A.The cloud provider
B.The customer
C.Both the provider and the customer share equally
D.A third-party managed security service provider
AnswerB

In IaaS, the customer is responsible for securing and patching the operating system and applications on the virtual machines.

Why this answer

In an IaaS model, the cloud provider is responsible for the physical infrastructure (hardware, networking, storage), but the customer retains responsibility for the guest OS and application stack. Patching the operating system of virtual machines is a customer task because the customer controls the OS image and has full administrative access to the VM. This follows the shared responsibility model where the provider secures the hypervisor and physical layer, while the customer secures the OS and applications.

Exam trap

The trap here is that candidates confuse IaaS with PaaS or SaaS, assuming the cloud provider patches everything, but in IaaS the customer is explicitly responsible for the guest OS and applications.

How to eliminate wrong answers

Option A is wrong because the cloud provider patches only the hypervisor and physical infrastructure, not the guest OS inside the VM; the customer manages the OS. Option C is wrong because responsibility is not shared equally for OS patching—the provider handles the underlying platform, and the customer handles the OS and applications. Option D is wrong because a third-party MSSP is an optional service the customer could contract, but it is not the default responsibility assignment in the IaaS shared responsibility model.

Page 8

Page 9 of 14

Page 10