CCNA Describe Microsoft 365 apps and services Questions

75 of 350 questions · Page 2/5 · Describe Microsoft 365 apps and services · Answers revealed

76
MCQmedium

A marketing team wants to create a centralized repository for brand assets, such as logos and templates, that can be accessed by all employees. Which Microsoft 365 service should they use?

A.SharePoint Online
B.Microsoft Stream
C.OneDrive for Business
D.Microsoft Lists
AnswerA

SharePoint provides team sites with document libraries for centralized content.

Why this answer

SharePoint Online is the correct choice because it is designed as a cloud-based document management and storage platform that supports centralized repositories with granular permission controls. It allows the marketing team to create a dedicated site or document library for brand assets, enabling all employees to access, share, and collaborate on logos and templates while maintaining version history and compliance policies.

Exam trap

The trap here is that candidates often confuse OneDrive for Business with SharePoint Online, assuming OneDrive can serve as a team repository, but OneDrive is designed for personal storage and lacks the centralized management, site hierarchy, and enterprise-level sharing controls that SharePoint provides.

How to eliminate wrong answers

Option B (Microsoft Stream) is wrong because it is a video management service for storing, streaming, and sharing recorded content, not a repository for static brand assets like logos and templates. Option C (OneDrive for Business) is wrong because it is a personal cloud storage solution intended for individual file storage and sharing, lacking the centralized, team-wide access controls and site structure needed for a company-wide brand asset repository. Option D (Microsoft Lists) is wrong because it is a data-tracking application for creating lists of items (e.g., issues, contacts) with metadata and views, not a file storage system for binary assets like images and documents.

77
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to improve employee experience through learning, insights, goals, and engagement experiences. Microsoft 365 app or service is the best fit?

A.Microsoft Viva
B.Microsoft Forms
C.Microsoft Planner
D.Microsoft Purview Audit
AnswerA

Microsoft Viva is the employee experience platform for Microsoft 365.

Why this answer

Microsoft Viva is the correct answer because it is an integrated employee experience platform (EXP) within Microsoft 365 that explicitly combines learning (Viva Learning), insights (Viva Insights), goals (Viva Goals), and engagement (Viva Engage). This directly matches the help desk lead's requirement to improve employee experience through those four pillars, whereas the other options are single-purpose tools that do not cover the full scope.

Exam trap

The trap here is that candidates may confuse Microsoft Viva with a single-feature app like Planner or Forms, failing to recognize that Viva is the only option designed as a comprehensive employee experience platform covering all four specified areas.

How to eliminate wrong answers

Option B (Microsoft Forms) is wrong because it is a survey and data collection tool, not a platform for learning, insights, goals, or engagement experiences. Option C (Microsoft Planner) is wrong because it is a lightweight project management and task assignment tool, lacking any capabilities for learning analytics, goal tracking, or employee engagement. Option D (Microsoft Purview Audit) is wrong because it is a compliance and auditing solution for tracking user and admin activities, unrelated to improving employee experience through learning, insights, goals, or engagement.

78
MCQmedium

An enterprise wants to allow employees to access corporate resources (emails, files, intranet) from unmanaged personal devices while ensuring that corporate data cannot be copied to personal apps. Which Microsoft 365 technology should be configured?

A.Microsoft Intune Mobile Device Management (MDM)
B.Microsoft Intune Mobile Application Management (MAM)
C.Microsoft Entra ID Conditional Access
D.Microsoft Baseline Protection
AnswerB

MAM allows policy-driven data protection at the app level, separating corporate and personal data.

Why this answer

Microsoft Intune Mobile Application Management (MAM) allows administrators to apply data protection policies directly to applications, such as Outlook and SharePoint, without enrolling the device itself. This enables employees to access corporate resources from unmanaged personal devices while preventing data from being copied or transferred to personal apps through features like multi-identity management and app-level PIN policies.

Exam trap

The trap here is that candidates often confuse MDM (device-level management) with MAM (app-level management), assuming that any data protection requires full device enrollment, when MAM provides the exact capability needed for unmanaged devices.

How to eliminate wrong answers

Option A is wrong because Microsoft Intune MDM requires device enrollment, which gives the organization control over the entire device, conflicting with the requirement to keep personal devices unmanaged. Option C is wrong because Microsoft Entra ID Conditional Access controls access based on conditions like device compliance or location but does not provide the granular data-loss prevention controls within apps needed to block copying corporate data to personal apps. Option D is wrong because Microsoft Baseline Protection is not a real Microsoft 365 technology; it is a distractor that does not exist in the Microsoft 365 security portfolio.

79
MCQhard

A tenant administrator sees the above JSON snippet for a Copilot for Microsoft 365 license assignment. What is the result of this configuration?

A.The user receives Copilot for Microsoft 365 with all features enabled.
B.The license assignment is invalid because Copilot for Microsoft 365 cannot be assigned via JSON.
C.The user receives Copilot for Microsoft 365 but cannot use Bing Chat Enterprise or Teams meeting recordings.
D.The user is assigned a Microsoft 365 E5 license instead.
AnswerC

Correct. The disabledPlans list indicates which services are turned off.

Why this answer

Option C is correct because the JSON snippet shows that the 'Bing_Chat_Enterprise' and 'Microsoft_Teams_Meeting_Recording' service plans are disabled (status 'Disabled') for the Copilot for Microsoft 365 license assignment. This means the user receives Copilot but without those specific features. The JSON snippet is a valid way to assign a Copilot license with custom service plan exclusions using Microsoft Graph or PowerShell.

Exam trap

The trap here is that candidates assume all features are enabled by default when a license is assigned, but the JSON snippet's 'Disabled' status for specific service plans directly contradicts that assumption, and many overlook the ability to disable individual service plans during license assignment.

How to eliminate wrong answers

Option A is wrong because the JSON explicitly disables two service plans, so the user does not receive all features enabled. Option B is wrong because Copilot for Microsoft 365 can be assigned via JSON using the Microsoft Graph API or PowerShell with the `-LicenseOptions` parameter, which is a standard method for granular license assignment. Option D is wrong because the JSON specifies the SKU for Copilot for Microsoft 365 (not an E5 license), and disabling service plans does not change the license type.

80
MCQmedium

Your organization uses Microsoft 365 E5 licenses and wants to implement a data loss prevention (DLP) policy that blocks sharing of credit card numbers in email. Which Microsoft 365 admin center should you use to create and manage this DLP policy?

A.Microsoft Security Center
B.Microsoft Entra admin center
C.Microsoft Purview compliance portal
D.Microsoft 365 admin center
AnswerC

Centrally manages compliance policies including DLP.

Why this answer

The Microsoft Purview compliance portal is the correct admin center for creating and managing Data Loss Prevention (DLP) policies because it provides the unified compliance management interface for data protection, including DLP for Exchange Online email. DLP policies that block sharing of sensitive information like credit card numbers are configured under the 'Data loss prevention' section within the Purview portal, which leverages built-in sensitive information types and rules to enforce actions such as blocking email transmission.

Exam trap

The trap here is that candidates often confuse the Microsoft 365 admin center (general admin tasks) with the Purview compliance portal (compliance-specific tasks), leading them to select the wrong portal for DLP policy management.

How to eliminate wrong answers

Option A is wrong because the Microsoft Security Center focuses on threat protection, security posture management, and incident response (e.g., Microsoft Defender for Cloud), not on compliance-based data loss prevention policies for email. Option B is wrong because the Microsoft Entra admin center is used for identity and access management (e.g., user accounts, groups, conditional access policies), not for configuring DLP rules that govern data in transit. Option D is wrong because the Microsoft 365 admin center is for general tenant administration (e.g., user licensing, service health, billing) and does not include the compliance-specific tools needed to create or manage DLP policies.

81
MCQeasy

A company wants to enable employees to securely access work files and collaborate in real-time from any device. Which Microsoft 365 service should the company use?

A.Microsoft Teams
B.Exchange Online
C.SharePoint Online
D.OneDrive for Business
AnswerA

Microsoft Teams provides real-time collaboration, file sharing, and integration with other Microsoft 365 services.

Why this answer

Microsoft Teams is the correct choice because it provides a unified platform for real-time collaboration, including chat, video conferencing, and file sharing, with integrated security and compliance features. It allows employees to access and co-author work files from any device while leveraging Azure Active Directory for conditional access and data encryption in transit and at rest.

Exam trap

The trap here is that candidates often confuse SharePoint Online's document management capabilities with real-time collaboration, overlooking that Teams is the primary service for synchronous teamwork and integrated file access from any device.

How to eliminate wrong answers

Option B (Exchange Online) is wrong because it is primarily an email and calendaring service, not designed for real-time file collaboration or secure file access from any device. Option C (SharePoint Online) is wrong because while it enables file storage and sharing, it lacks native real-time collaboration features like persistent chat and video meetings that Teams provides. Option D (OneDrive for Business) is wrong because it is a personal cloud storage service for individual file sync and sharing, not a team-based collaboration hub with integrated real-time communication.

82
MCQeasy

Refer to the exhibit. You have a Conditional Access policy as shown. A user reports they cannot access Exchange Online from a non-compliant device. What is the most likely reason?

A.The device is not marked as compliant
B.The policy only applies to administrators
C.The user has not registered for MFA
D.The policy is disabled
AnswerA

The grant control requires a compliant device.

Why this answer

The Conditional Access policy shown requires device compliance for Exchange Online access. When a device is non-compliant, the policy blocks access regardless of user identity or MFA status. The most likely reason for the user's inability to access Exchange Online is that the device is not marked as compliant, which is the condition explicitly enforced by the policy.

Exam trap

The trap here is that candidates may assume MFA or admin-only scoping is the issue, but the policy explicitly targets device compliance, which is the direct cause of the block.

How to eliminate wrong answers

Option B is wrong because the policy does not specify 'Only apply to administrators' — it applies to all users or a specific user group, not just admins. Option C is wrong because MFA registration is not the blocking factor; the policy targets device compliance, not authentication strength. Option D is wrong because if the policy were disabled, it would not enforce any restrictions, and the user would not be blocked.

83
MCQeasy

A sales manager wants to track customer interactions, manage leads, and automate follow-up emails from a single platform. Which Microsoft 365 service is specifically designed for customer relationship management (CRM)?

A.Microsoft Bookings
B.Microsoft Dynamics 365 Sales
C.Microsoft Power Automate
D.Microsoft To Do
AnswerB

Dynamics 365 Sales provides a comprehensive CRM platform for tracking interactions, managing leads, and automating sales processes including follow-up emails. It meets the manager's requirements.

Why this answer

Microsoft Dynamics 365 Sales is the dedicated CRM service within the Microsoft 365 ecosystem, purpose-built for tracking customer interactions, managing leads, and automating follow-up emails. Unlike general productivity tools, it provides a unified platform with lead scoring, opportunity management, and workflow automation specifically for sales processes.

Exam trap

The trap here is that candidates often confuse Microsoft Bookings (a scheduling tool) or Power Automate (an automation tool) with a full CRM solution, failing to recognize that Dynamics 365 Sales is the only option specifically designed for end-to-end customer relationship management.

How to eliminate wrong answers

Option A is wrong because Microsoft Bookings is a scheduling and appointment management tool, not a CRM platform; it lacks lead management and automated follow-up email capabilities. Option C is wrong because Microsoft Power Automate is a workflow automation service that can integrate with CRM systems but is not itself a CRM platform; it does not provide native lead tracking or customer interaction management. Option D is wrong because Microsoft To Do is a personal task management app with no CRM features such as lead tracking, customer history, or automated email sequences.

84
MCQmedium

A department asks for the Microsoft 365 service best suited for personal work files that follow a user across devices. Which service should they use?

A.Microsoft Entra Privileged Identity Management
B.OneDrive for Business
C.Microsoft Defender for Endpoint
D.Microsoft Purview Compliance Manager
AnswerB

OneDrive is intended for individual file storage and sync.

Why this answer

OneDrive for Business is the correct service because it provides personal cloud storage for work files that sync across a user's devices, enabling access from anywhere. Unlike SharePoint or Teams, which are team-based, OneDrive is designed for individual file storage and synchronization, making it ideal for files that follow the user.

Exam trap

The trap here is that candidates may confuse OneDrive for Business with SharePoint Online, but the key distinction is that OneDrive is for personal files that follow the user across devices, while SharePoint is for team collaboration and shared document libraries.

How to eliminate wrong answers

Option A is wrong because Microsoft Entra Privileged Identity Management is an identity governance service for managing, controlling, and monitoring access to privileged roles, not for storing personal work files. Option C is wrong because Microsoft Defender for Endpoint is a security solution for endpoint protection, detection, and response, not a file storage or synchronization service. Option D is wrong because Microsoft Purview Compliance Manager is a compliance management tool for assessing and managing regulatory compliance risks, not for personal file storage.

85
MCQmedium

A user reports that they cannot access their work email on their mobile device. The admin confirms the user has an Exchange Online license. What is the most likely cause?

A.The user is using the Outlook mobile app
B.The user is trying to access Outlook on the web
C.Exchange ActiveSync is disabled for the user
D.A Conditional Access policy requires app protection policies
AnswerD

Conditional Access may block access if the device is not compliant.

Why this answer

Option D is correct because Conditional Access policies can require app protection policies (e.g., Intune MAM) to enforce data security on mobile devices. If the user's device does not have the required app protection policies applied, access to Exchange Online via mobile apps (including Outlook) will be blocked, even though the user has a valid Exchange Online license. This is a common scenario where licensing alone does not guarantee access when additional security controls are in place.

Exam trap

The trap here is that candidates often assume a valid license (Exchange Online) guarantees access, but Microsoft 365 security features like Conditional Access can override licensing and block access based on policy requirements, especially on mobile devices.

How to eliminate wrong answers

Option A is wrong because using the Outlook mobile app is not a cause of access failure; it is the intended client for mobile email access. Option B is wrong because accessing Outlook on the web (OWA) is a browser-based method, not a mobile device issue, and the question specifically states the user is on a mobile device. Option C is wrong because if Exchange ActiveSync were disabled for the user, the admin would typically see a specific error or setting in the Exchange admin center, and this is less likely than a Conditional Access policy blocking access due to missing app protection policies.

86
MCQeasy

A sales team uses Microsoft Copilot for Sales to draft emails. To ensure Copilot uses the most relevant customer data from Dynamics 365, what must be configured?

A.Microsoft Teams channels
B.Dynamics 365 records
C.Exchange Online mailboxes
D.Microsoft Viva Topics
AnswerB

Copilot for Sales uses Dynamics 365 records to personalize emails.

Why this answer

Copilot for Sales relies on Dynamics 365 records to access customer data such as contacts, accounts, and opportunities. By configuring the appropriate Dynamics 365 records, Copilot can retrieve the most relevant information to draft personalized emails. Without this configuration, Copilot lacks the necessary data source to generate context-aware content.

Exam trap

The trap here is that candidates may confuse the general data sources available in Microsoft 365 (like Exchange or Teams) with the specific structured CRM data required by Copilot for Sales, leading them to select a broad but incorrect option.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams channels are used for collaboration and communication, not as a data source for Copilot to pull customer records from Dynamics 365. Option C is wrong because Exchange Online mailboxes store email messages and calendar items, but they do not contain structured customer relationship data like Dynamics 365 records. Option D is wrong because Microsoft Viva Topics uses AI to organize knowledge and content from across Microsoft 365, but it does not directly provide the specific customer data from Dynamics 365 that Copilot for Sales requires.

87
MCQmedium

A sales team frequently collaborates on proposals stored in Microsoft 365. They want to use an AI-powered tool to draft sections based on previous winning proposals. Which Microsoft 365 app should they use?

A.Microsoft Copilot for Microsoft 365
B.Microsoft Syntex
C.Microsoft Viva Topics
D.Microsoft Power Automate
AnswerA

Copilot uses AI to draft content based on existing files in Microsoft 365.

Why this answer

Microsoft Copilot for Microsoft 365 is the correct choice because it integrates large language models directly into the Microsoft 365 productivity apps, including Word, Excel, and PowerPoint. It can analyze existing content—such as previous winning proposals stored in SharePoint or OneDrive—and generate new draft sections based on that data, using natural language prompts. This makes it the ideal AI-powered tool for collaborative proposal writing.

Exam trap

The trap here is that candidates may confuse Microsoft Syntex's content understanding and classification capabilities with generative AI, leading them to select Syntex instead of recognizing that Copilot is the dedicated generative AI assistant for content creation in Microsoft 365.

How to eliminate wrong answers

Option B (Microsoft Syntex) is wrong because Syntex is a content AI service focused on content understanding, classification, and extraction of metadata from documents, not on generating new draft content based on prior examples. Option C (Microsoft Viva Topics) is wrong because Viva Topics is a knowledge discovery tool that automatically organizes content into topic pages and surfaces relevant information, but it does not generate new text or draft sections. Option D (Microsoft Power Automate) is wrong because Power Automate is a workflow automation platform for creating automated processes and integrations, not an AI content generation tool.

88
MCQhard

A company uses Microsoft 365 E5 and wants to implement a solution that automatically detects and remediates security incidents across endpoints, email, and identities. Which service should they use?

A.Microsoft Defender XDR
B.Microsoft Purview
C.Microsoft Defender for Cloud
D.Microsoft Sentinel
AnswerA

Defender XDR provides cross-domain detection and automated response.

Why this answer

Microsoft Defender XDR (Extended Detection and Response) is the correct choice because it provides a unified, cross-domain security solution that automatically detects, investigates, and remediates threats across endpoints, email, and identities. It leverages AI and automation to correlate signals from Microsoft Defender for Endpoint, Defender for Office 365, and Defender for Identity, enabling coordinated incident response without manual intervention.

Exam trap

The trap here is that candidates often confuse Microsoft Defender for Cloud (a cloud workload protection tool) with Microsoft Defender XDR, or mistakenly think Microsoft Sentinel (a SIEM) is the primary automated remediation tool, when in fact Sentinel requires custom playbooks and is not designed for cross-domain automated remediation out of the box.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview is a data governance, compliance, and risk management solution, not a security incident detection and remediation tool; it focuses on data classification, retention, and eDiscovery. Option C is wrong because Microsoft Defender for Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) for multi-cloud environments (Azure, AWS, GCP), not for endpoint, email, and identity incident response. Option D is wrong because Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) that ingests logs and requires custom analytics rules and manual or semi-automated playbooks for remediation, whereas Defender XDR provides built-in, automated detection and remediation across the specified domains.

89
MCQeasy

A project manager needs to assign tasks to team members, set deadlines, and track progress in a shared workspace. The workspace should integrate with Outlook and Teams. Which Microsoft 365 app is best suited for this requirement?

A.Microsoft To Do
B.Microsoft Planner
C.SharePoint
D.Microsoft Lists
AnswerB

Planner offers team-based task boards, assignment, due dates, and integration with Teams and Outlook.

Why this answer

Microsoft Planner is best suited because it provides a shared workspace with task assignment, deadline setting, and progress tracking via Kanban boards, and it integrates natively with Outlook for task synchronization and with Teams as a tab app for collaborative access.

Exam trap

Microsoft often tests the distinction between personal task tools (To Do), collaborative task management (Planner), and data tracking (Lists), where candidates may confuse Lists' custom fields with Planner's task assignment capabilities.

How to eliminate wrong answers

Option A is wrong because Microsoft To Do is a personal task management app focused on individual to-do lists, lacking shared workspaces, team assignment, and progress tracking features. Option C is wrong because SharePoint is a document management and collaboration platform for sites and libraries, not designed for task assignment, deadline tracking, or Kanban-style progress views. Option D is wrong because Microsoft Lists is a data tracking app for creating custom lists (e.g., issue trackers, inventories), but it does not provide built-in task assignment, deadline management, or the integrated Kanban boards that Planner offers.

90
MCQmedium

A marketing team needs to collaborate on a presentation that will be updated frequently by multiple team members, and they want to ensure everyone always has the latest version without manual tracking. Which Microsoft 365 service should they use?

A.Exchange Online
B.SharePoint Online
C.Microsoft Teams
D.OneDrive for Business
AnswerB

SharePoint provides co-authoring and version control.

Why this answer

SharePoint Online is the correct choice because it provides a centralized document library with version history, co-authoring, and metadata management, ensuring all team members always access the latest version without manual tracking. Unlike OneDrive for Business, which is designed for individual use, SharePoint Online supports structured collaboration across a team with granular permissions and automated sync.

Exam trap

The trap here is that candidates often confuse Microsoft Teams as the collaboration service itself, but Teams relies on SharePoint Online for file storage and versioning, so the correct underlying service is SharePoint.

How to eliminate wrong answers

Option A is wrong because Exchange Online is an email and calendaring service, not a document collaboration platform; it lacks version control and co-authoring for files. Option C is wrong because Microsoft Teams is a chat-based workspace that integrates with SharePoint for file storage, but it is not the primary service for managing and versioning shared documents; files in Teams are stored in SharePoint, so the underlying service is SharePoint. Option D is wrong because OneDrive for Business is optimized for personal file storage and sharing, not for team-based collaboration with multiple simultaneous editors and automated version tracking across a group; it lacks team-level metadata and permissions management.

91
MCQeasy

Refer to the exhibit. A SharePoint admin views site properties in JSON format. What type of site is this?

A.Communication site
B.Classic team site
C.Hub site
D.Team site (group-connected)
AnswerD

'GROUP#0' indicates a group-connected team site.

Why this answer

The JSON output includes the 'GroupId' property, which is a GUID that uniquely identifies the Microsoft 365 Group associated with the site. This property is only present on team sites that are connected to a Microsoft 365 Group (group-connected team sites). Communication sites and classic team sites do not have a GroupId, and hub sites are a site association feature, not a site template.

Exam trap

The trap here is that candidates may confuse the presence of a 'GroupId' with a hub site's association ID, or assume that any modern site (including communication sites) would have a group ID, when in fact only group-connected team sites include this property in their JSON output.

How to eliminate wrong answers

Option A is wrong because communication sites do not have a 'GroupId' property in their JSON representation; they are designed for broadcasting information and are not group-connected. Option B is wrong because classic team sites (without a Microsoft 365 Group) lack the 'GroupId' property; they use SharePoint-specific permissions and are not backed by a Microsoft 365 Group. Option C is wrong because a hub site is a site that has been designated as a hub for navigation and search aggregation, but it is not a distinct site template; the JSON shown does not include a 'HubSiteId' or 'IsHubSite' property, and hub sites can be either communication sites or group-connected team sites.

92
MCQeasy

A company uses Microsoft SharePoint Online for intranet and wants to display important company announcements on the home page. Which SharePoint feature should they use?

A.Pages
B.Document libraries
C.Lists
D.News posts
AnswerD

Designed for announcements.

Why this answer

News posts are the correct feature because they are specifically designed to display timely, engaging announcements on a SharePoint intranet home page. They support rich formatting, images, and web parts that surface news content prominently, making them ideal for company-wide communications. Unlike other options, News posts are optimized for visibility and user engagement on the home page.

Exam trap

The trap here is that candidates confuse 'Pages' (option A) with 'News posts' because both use the same underlying page infrastructure, but News posts are a distinct feature with specific properties for announcements, not general-purpose pages.

How to eliminate wrong answers

Option A is wrong because Pages are used for creating static, structured content like landing pages or detailed information, not for dynamic, time-sensitive announcements. Option B is wrong because Document libraries store files and documents, not announcements, and lack the formatting and visibility features needed for home page news. Option C is wrong because Lists are for structured data (e.g., tasks, contacts) and require custom formatting or web parts to display as announcements, making them less suitable for immediate, engaging news.

93
MCQmedium

An administrator needs to restrict access to Microsoft 365 admin centers based on user location. Which Microsoft Entra ID feature should they configure?

A.Conditional Access
B.Identity Protection
C.Entra ID Governance
D.Privileged Identity Management (PIM)
AnswerA

Conditional Access policies can include location conditions to restrict access.

Why this answer

Conditional Access is the correct feature because it allows administrators to enforce policies that grant or block access to Microsoft 365 admin centers based on conditions such as user location (IP address ranges or countries). By configuring a Conditional Access policy with a location condition, you can restrict access to sensitive admin portals like the Microsoft 365 admin center or Exchange admin center to trusted networks only.

Exam trap

The trap here is that candidates often confuse Identity Protection (which also uses location signals for risk detection) with Conditional Access, but Identity Protection does not enforce access policies—it only provides risk assessments that Conditional Access can consume.

How to eliminate wrong answers

Option B (Identity Protection) is wrong because it focuses on detecting and responding to identity-based risks (e.g., leaked credentials, sign-ins from anonymous IPs) but does not directly restrict access to admin centers based on location. Option C (Entra ID Governance) is wrong because it manages identity lifecycle, access reviews, and entitlement management, not real-time location-based access control. Option D (Privileged Identity Management) is wrong because it provides just-in-time privileged access and approval workflows for roles, but does not enforce location-based restrictions on accessing admin centers.

94
MCQhard

Your company has 10,000 users across multiple regions and uses Microsoft 365 E5. You need to ensure that all users have access to Microsoft Copilot for Microsoft 365 to boost productivity. However, due to licensing costs, management wants to minimize expenses by only assigning Copilot licenses to users who will actively use it. They also want to track usage to make informed renewal decisions. What should you do?

A.Assign Copilot licenses to a pilot group and use Microsoft 365 usage reports to identify active users before expanding.
B.Disable Copilot by default and allow users to request it via a helpdesk ticket.
C.Assign Copilot licenses to all users via group-based licensing in Microsoft Entra ID.
D.Use Power Automate to automatically assign Copilot licenses to users who send more than 50 emails per day.
AnswerA

This approach controls cost and uses data to make decisions.

Why this answer

Option A is correct because it aligns with the management's goal of minimizing costs by first assigning Copilot licenses to a pilot group, then using Microsoft 365 usage reports (which track Copilot-specific metrics like active users, sessions, and feature adoption) to identify active users before expanding license assignment. This approach ensures only engaged users receive licenses, optimizing spend while providing data for renewal decisions.

Exam trap

The trap here is that candidates may assume group-based licensing (Option C) is the most efficient method for large-scale deployment, but the question explicitly prioritizes cost minimization and usage tracking, making a pilot group with usage reports the correct choice over blanket assignment.

How to eliminate wrong answers

Option B is wrong because disabling Copilot by default and requiring helpdesk tickets creates administrative overhead and delays user access, failing to leverage Microsoft's built-in license management and usage analytics for cost-effective scaling. Option C is wrong because assigning Copilot licenses to all 10,000 users via group-based licensing contradicts the requirement to minimize expenses, as it would pay for inactive users without any usage tracking. Option D is wrong because using Power Automate to assign licenses based on email volume (e.g., >50 emails/day) is an arbitrary, unsupported metric that does not correlate with Copilot usage; Microsoft 365 usage reports are the correct tool for tracking actual Copilot adoption.

95
Drag & Dropmedium

Drag and drop the steps to configure Microsoft 365 Multi-Factor Authentication (MFA) for a user into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

MFA is enabled per user from the admin center, then the user must register their verification methods.

96
MCQhard

Refer to the exhibit. The JSON shows a device compliance policy assignment in Microsoft Intune. Based on the exhibit, what is the current compliance status of the devices in the target group?

A.Not compliant, only because the password setting is missing
B.Compliant, because both settings are compliant
C.Not compliant, because the encryption setting is not compliant
D.Compliant, because the password setting is compliant
AnswerC

Encryption is required but not compliant, making the device non-compliant.

Why this answer

The exhibit shows a device compliance policy in Microsoft Intune with two settings: 'require device encryption' set to 'Required' and 'minimum password length' set to '6'. The compliance status for the target group is 'Not compliant, because the encryption setting is not compliant'. This is because the JSON indicates that the encryption requirement is not being met by the devices in the group, likely due to BitLocker or device encryption not being enabled.

The password setting alone does not override the encryption non-compliance, as all required settings must be satisfied for a device to be marked compliant.

Exam trap

The trap here is that candidates may focus on the password setting being present and compliant, overlooking that the encryption setting is explicitly non-compliant, and assume partial compliance is sufficient for an overall 'Compliant' status.

How to eliminate wrong answers

Option A is wrong because the password setting is present and configured (minimum length of 6), so the non-compliance is not due to a missing password setting; it is due to the encryption setting. Option B is wrong because both settings are not compliant; the encryption setting is explicitly non-compliant, as shown in the exhibit. Option D is wrong because compliance requires all settings to be compliant; even if the password setting is compliant, the encryption non-compliance makes the device not compliant overall.

97
Multi-Selectmedium

Which TWO Microsoft 365 services can be used to create and manage custom business processes without writing code?

Select 2 answers
A.SharePoint Designer
B.Microsoft Power Automate
C.Microsoft Flow
D.Microsoft Lists
E.Microsoft Power Apps
AnswersB, E

Power Automate enables creating automated workflows with triggers and actions.

Why this answer

Microsoft Power Automate is a low-code automation platform that enables users to create custom workflows and business processes by connecting various applications and services through pre-built connectors. It allows the design of automated processes without writing code, using a visual designer to define triggers, conditions, and actions.

Exam trap

The trap here is that candidates may confuse Microsoft Flow as a separate service when it is simply the former name of Power Automate, leading them to select both B and C as correct answers, but only Power Automate (B) is the current and valid service.

98
MCQmedium

A help desk lead is documenting the correct Microsoft 365 approach to build a simple mobile app for field workers to submit inspection results. Microsoft 365 app or service is the best fit?

A.Power Apps
B.Microsoft Planner
C.Microsoft Purview Audit
D.Microsoft Forms
AnswerA

Power Apps builds low-code business applications for web and mobile use.

Why this answer

Power Apps is the correct choice because it is a low-code platform specifically designed for building custom mobile apps that integrate with Microsoft 365 data sources, such as SharePoint, Dataverse, or SQL. Field workers can submit inspection results through a tailored app with forms, business logic, and offline capabilities, making it ideal for this scenario.

Exam trap

The trap here is that candidates often confuse Microsoft Forms (a simple survey tool) with Power Apps (a full app builder), assuming Forms can be used for mobile app development when it lacks the necessary customization, offline, and integration capabilities.

How to eliminate wrong answers

Option B (Microsoft Planner) is wrong because it is a task management tool for organizing work, not a platform for building custom mobile apps with data submission capabilities. Option C (Microsoft Purview Audit) is wrong because it is a compliance and auditing solution for tracking user activities, not an app development service. Option D (Microsoft Forms) is wrong because it creates simple surveys and quizzes with limited customization and no ability to build a full mobile app with offline support or complex business logic.

99
MCQmedium

An administrator runs the above PowerShell command and receives output of '14'. What does this value indicate?

A.Inbox rules are retained for 14 days after deletion.
B.Items in the Deleted Items folder are permanently deleted after 14 days.
C.The mailbox has a litigation hold for 14 days.
D.Calendar items are retained for 14 days after the meeting end.
AnswerB

RetainDeletedItemsFor defines the retention period for deleted items.

Why this answer

The PowerShell command `Get-MailboxFolderStatistics -Identity user@contoso.com -FolderScope DeletedItems | Select-Object -ExpandProperty RetentionPolicy` returns '14', indicating that the retention policy applied to the Deleted Items folder permanently deletes items after 14 days. This is controlled by the `RetentionPolicy` property, which reflects the number of days items are kept before being purged from the Deleted Items folder.

Exam trap

The trap here is confusing the Deleted Items folder retention policy (which permanently deletes items after a set number of days) with the `RetainDeletedItemsFor` setting (which controls how long items are kept in the recoverable items folder after deletion).

How to eliminate wrong answers

Option A is wrong because inbox rules are retained for a default of 30 days after deletion (configurable via `RetainDeletedItemsFor`), not 14 days. Option C is wrong because litigation hold places an indefinite hold on all mailbox content, not a fixed 14-day retention period. Option D is wrong because calendar item retention after the meeting end is managed by the `CalendarRetention` property, which defaults to 30 days, not 14 days.

100
MCQmedium

A company uses Microsoft 365 Business Premium. A user reports that when they try to access a file in SharePoint Online, they receive an error that the file is blocked by policy. The IT admin needs to identify which policy is blocking the file. Which tool should the admin use?

A.Microsoft Intune compliance policies
B.Microsoft Entra ID Conditional Access policies
C.Microsoft Defender for Cloud Apps session policies
D.Microsoft Purview Data Loss Prevention policies
AnswerD

DLP policies in Purview can block files in SharePoint based on sensitive content.

Why this answer

Microsoft Purview Data Loss Prevention (DLP) policies are specifically designed to detect and block the sharing or access of sensitive information, such as credit card numbers or personally identifiable information, in Microsoft 365 services like SharePoint Online. When a file is blocked with a 'blocked by policy' error, it is typically because a DLP rule has matched the file's content and applied an action to restrict access. The admin can use the Microsoft Purview compliance portal to review DLP policy matches and identify the exact rule that triggered the block.

Exam trap

The trap here is that candidates often confuse Microsoft Defender for Cloud Apps session policies (which control user actions in real-time) with SharePoint's native DLP enforcement, but the 'blocked by policy' error is a direct result of a DLP policy applied at the SharePoint level, not a session-level control.

How to eliminate wrong answers

Option A is wrong because Microsoft Intune compliance policies are used to enforce device configuration and security requirements (e.g., requiring a PIN or encryption) for managed devices, not to block specific files based on content in SharePoint Online. Option B is wrong because Microsoft Entra ID Conditional Access policies control access at the authentication and authorization level (e.g., requiring MFA or blocking sign-ins from untrusted locations), not the content-level blocking of individual files. Option C is wrong because Microsoft Defender for Cloud Apps session policies monitor and control user actions in real-time via reverse proxy (e.g., blocking downloads of sensitive data), but they do not produce a 'blocked by policy' error on the file itself; that error originates from SharePoint's native DLP enforcement.

101
MCQeasy

Refer to the exhibit. The PowerShell script retrieves compliance tags from Microsoft Purview. What does the script do?

A.Changes the retention action from Delete to Archive
B.Deletes compliance tags that have a Delete retention action
C.Outputs the name and retention duration for compliance tags that delete data
D.Lists all compliance tags and their retention actions
AnswerC

The script filters tags with Delete action and outputs name and duration.

Why this answer

The script uses Get-ComplianceTag to retrieve all compliance tags, then filters with Where-Object to select only those where the RetentionAction property equals 'Delete'. For each matching tag, it outputs the Name and RetentionDuration. This directly matches option C: it outputs the name and retention duration for compliance tags that delete data.

Exam trap

The trap here is that candidates may assume the script deletes the tags (option B) because of the word 'Delete' in the filter, but the script only retrieves and displays information—it does not perform any deletion of tags or data.

How to eliminate wrong answers

Option A is wrong because the script only retrieves and outputs information; it does not perform any modification actions like changing retention actions. Option B is wrong because the script uses a filter to select tags with a Delete retention action but does not include any cmdlet or logic to delete the tags themselves. Option D is wrong because the script filters to only tags with a Delete retention action, not all compliance tags, so it does not list all tags and their retention actions.

102
Multi-Selectmedium

A project team needs to collaborate on forms-based surveys and quizzes and co-author related Office files. Which two Microsoft 365 capabilities are most relevant?

Select 2 answers
A.Exchange anti-malware policy
B.SharePoint Online document storage
C.Microsoft Forms
D.Microsoft Purview eDiscovery case
AnswersB, C

SharePoint stores many Teams files and supports co-authoring, permissions, and version history.

Why this answer

SharePoint Online provides document storage and co-authoring capabilities, enabling team members to simultaneously edit Office files (e.g., Word, Excel, PowerPoint) stored in document libraries. Microsoft Forms allows the team to create forms-based surveys and quizzes, with responses automatically collected and easily exportable to Excel for analysis.

Exam trap

The trap here is that candidates may confuse Microsoft Forms with other survey tools like Excel Online or Microsoft Lists, or mistakenly think Exchange anti-malware policy is relevant for collaboration, when it is solely an email security control.

103
Multi-Selecthard

Which TWO Microsoft 365 services are specifically designed to help organizations manage and monitor data compliance?

Select 2 answers
A.Microsoft Purview Communication Compliance
B.Microsoft Defender for Office 365
C.Microsoft Intune
D.Microsoft Sentinel
E.Microsoft Purview
AnswersA, E

This monitors communications for compliance.

Why this answer

Microsoft Purview (A) provides data governance and compliance solutions. Microsoft Purview Communication Compliance (C) monitors communications for policy violations. Microsoft Defender for Office 365 (B) is for threat protection.

Microsoft Intune (D) is for device management. Microsoft Sentinel (E) is a SIEM.

104
MCQeasy

A department asks for the Microsoft 365 service best suited for Teams channel conversations and meetings. Which service should they use?

A.Microsoft Entra Privileged Identity Management
B.Microsoft Defender for Endpoint
C.Microsoft Purview Compliance Manager
D.Microsoft Teams
AnswerD

Teams is the hub for chat, meetings, calls, and team collaboration.

Why this answer

Microsoft Teams is the correct service because it is specifically designed to host channel-based conversations and meetings within Microsoft 365. Teams provides persistent chat channels, audio/video conferencing, and meeting scheduling, directly fulfilling the department's request.

Exam trap

The trap here is that candidates may confuse Microsoft Teams with other Microsoft 365 services that have 'management' or 'compliance' in their names, assuming they support collaboration features, when in fact they are specialized for identity, security, or compliance tasks.

How to eliminate wrong answers

Option A is wrong because Microsoft Entra Privileged Identity Management is an identity governance tool for managing, controlling, and monitoring access to Azure AD roles, not for conversations or meetings. Option B is wrong because Microsoft Defender for Endpoint is a security solution for endpoint detection and response (EDR) and vulnerability management, not a collaboration platform. Option C is wrong because Microsoft Purview Compliance Manager is a compliance management solution for assessing and managing regulatory compliance risks, not for real-time communication.

105
MCQeasy

A user needs to access their work files from a personal device without storing a copy locally. Which Microsoft 365 app should they use?

A.Microsoft Outlook
B.OneDrive for Business
C.Microsoft Teams
D.Microsoft SharePoint
AnswerB

OneDrive for Business allows files on demand, streaming from the cloud.

Why this answer

OneDrive for Business enables users to access work files from any device via the cloud, with the option to stream files on demand without downloading them locally. This is achieved through Files On-Demand, which uses placeholder files and syncs only metadata, ensuring no full copy is stored on the personal device unless explicitly made available offline.

Exam trap

The trap here is that candidates may confuse SharePoint's web-based access with the ability to prevent local storage, overlooking that OneDrive for Business is the only option with a dedicated Files On-Demand feature that explicitly avoids storing a full copy locally on personal devices.

How to eliminate wrong answers

Option A is wrong because Microsoft Outlook is an email and calendar client, not designed for file storage or remote access without local copies; it downloads attachments locally by default. Option C is wrong because Microsoft Teams primarily focuses on chat, meetings, and collaboration, and while it can access files from SharePoint or OneDrive, it does not provide a dedicated mechanism to prevent local storage of files on personal devices. Option D is wrong because Microsoft SharePoint is a web-based document management and collaboration platform that can be accessed via browser, but it does not natively offer a Files On-Demand feature to prevent local caching; files opened from SharePoint in a browser may still be cached locally by the browser or Office apps.

106
MCQeasy

A team needs to create a shared online document and collaborate in real time with colleagues. They require built-in version history and the ability to access the document from any device. Which Microsoft 365 app should they use?

A.Microsoft Word (desktop)
B.Microsoft Word Online
C.Microsoft OneNote
D.Microsoft Teams
AnswerB

Correct. Word Online runs in a browser, supports real-time co-authoring, automatic version history, and is accessible from any device with internet.

Why this answer

Microsoft Word Online is the correct choice because it is a browser-based version of Word that enables real-time co-authoring, automatic version history, and access from any device with an internet connection. Unlike the desktop app, it does not require installation and syncs changes instantly via OneDrive or SharePoint, meeting all stated requirements.

Exam trap

The trap here is that candidates often confuse Microsoft Teams as the app for document collaboration, but Teams itself is a hub for communication and relies on integrated Office Online apps for actual document editing, making Word Online the direct answer for the specific requirements of shared document creation and real-time collaboration.

How to eliminate wrong answers

Option A is wrong because Microsoft Word (desktop) requires installation on a specific device, lacks built-in real-time co-authoring without additional configuration (e.g., saving to OneDrive with AutoSave enabled), and does not inherently provide cross-device access without manual file transfer. Option C is wrong because Microsoft OneNote is a digital notebook app designed for free-form note-taking and organization, not for creating structured shared documents with the same real-time collaboration and version history features as Word Online. Option D is wrong because Microsoft Teams is a collaboration platform for chat, meetings, and channel-based file sharing, but its document editing capabilities rely on integrated Office Online apps (like Word Online) rather than providing a standalone document creation and editing experience.

107
MCQmedium

A school uses Microsoft 365 A3 for faculty and staff. They want to create a hub for teachers to share lesson plans, collaborate on documents, and communicate via instant messaging. They also need to integrate with third-party educational apps. Which Microsoft 365 service should they use as the primary platform?

A.Yammer
B.SharePoint Online
C.OneNote for Windows 10
D.Microsoft Teams
AnswerD

Teams integrates chat, files, and apps in a single hub.

Why this answer

Microsoft Teams is the correct primary platform because it integrates chat, document collaboration (via SharePoint and OneDrive), and third-party app connectors into a single hub. For teachers sharing lesson plans, collaborating on documents, and using instant messaging, Teams provides persistent chat, file sharing, and a rich app ecosystem that supports third-party educational app integration through tabs, connectors, and bots.

Exam trap

The trap here is that candidates often confuse Yammer's social networking features with Teams' real-time collaboration capabilities, or they assume SharePoint alone can fulfill all communication needs, missing the requirement for instant messaging and integrated third-party apps.

How to eliminate wrong answers

Option A is wrong because Yammer is an enterprise social network focused on broad organizational conversations and communities, not a real-time collaboration hub for instant messaging and document co-authoring. Option B is wrong because SharePoint Online is a document management and intranet platform; while it stores and shares files, it lacks native instant messaging and real-time chat capabilities. Option C is wrong because OneNote for Windows 10 is a digital note-taking app, not a platform for instant messaging, collaborative document editing, or third-party app integration.

108
MCQmedium

A service owner is comparing Microsoft 365 capabilities and needs to use a lightweight Kanban-style task board with assignments and due dates inside Teams. Microsoft 365 app or service is the best fit?

A.Microsoft Planner
B.Microsoft Purview Audit
D.Microsoft Forms
AnswerA

Planner provides task boards, assignments, due dates, and Teams integration.

Why this answer

Microsoft Planner is the correct choice because it provides a lightweight Kanban-style task board that integrates directly into Microsoft Teams via the Planner tab. It supports task assignments, due dates, and progress tracking, making it ideal for a service owner needing a simple visual task management tool within Teams.

Exam trap

The trap here is that candidates may confuse Microsoft Planner with Microsoft To Do, but To Do is a personal task list without Kanban boards or team collaboration features, while Planner is designed for team-based project management with visual boards.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Audit is a compliance and auditing service for tracking user and admin activities across Microsoft 365, not a task management tool with Kanban boards. Option D is wrong because Microsoft Forms is used for creating surveys, quizzes, and polls, not for managing tasks with assignments and due dates in a Kanban-style board.

109
MCQmedium

Adventure Works is a non-profit with 200 users. They use Microsoft 365 for Nonprofits. They need to: (1) Restrict access to sensitive donor information to only specific users; (2) Automatically archive emails older than 5 years; (3) Allow volunteers to access shared files from their personal devices without enrolling them in device management; (4) Use AI to summarize long email threads and suggest replies. Which Microsoft 365 services or features should they use?

A.Sensitivity labels, Exchange Online archiving, SharePoint Online, Microsoft Copilot for Microsoft 365
B.Sensitivity labels, Exchange Online in-place hold, SharePoint Online, Microsoft Editor
C.Microsoft Purview Data Loss Prevention, Exchange Online archiving, Microsoft Teams, Microsoft Copilot for Microsoft 365
D.Azure Information Protection, Exchange Online retention policies, OneDrive, Microsoft Copilot for Microsoft 365
AnswerA

Correct: Sensitivity labels for access restriction, archiving for email retention, SharePoint for file sharing without device management, Copilot for AI assistance.

Why this answer

Microsoft Purview sensitivity labels can restrict access to sensitive data. Exchange Online archiving can archive emails older than 5 years. SharePoint Online allows external sharing with expiration and permissions, without device enrollment.

Microsoft Copilot for Microsoft 365 provides AI email summaries and suggested replies. Microsoft Intune requires device enrollment, which is not desired.

110
MCQmedium

A product design team wants to conduct remote brainstorming sessions where participants can draw, write sticky notes, and add images on a shared canvas in real time. Which Microsoft 365 app should they use?

A.Microsoft To Do
B.Microsoft Whiteboard
C.Microsoft Forms
D.Microsoft Planner
AnswerB

Provides a flexible digital canvas for real-time collaborative drawing, sticky notes, and images.

Why this answer

Microsoft Whiteboard is the correct choice because it provides a free-form digital canvas that supports real-time collaboration, including drawing, sticky notes, and image insertion. This directly meets the requirement for remote brainstorming sessions where participants need to interact on a shared canvas simultaneously.

Exam trap

The trap here is that candidates may confuse Microsoft Planner's task boards with a collaborative canvas, but Planner is strictly for task tracking, not for free-form drawing or sticky note brainstorming.

How to eliminate wrong answers

Option A is wrong because Microsoft To Do is a task management app focused on personal to-do lists and reminders, not a collaborative canvas for drawing or sticky notes. Option C is wrong because Microsoft Forms is used for creating surveys, quizzes, and polls, not for real-time visual collaboration or drawing. Option D is wrong because Microsoft Planner is a project management tool for organizing tasks and plans with boards, not a shared canvas for brainstorming activities.

111
MCQeasy

Refer to the exhibit. The ARM template is used to deploy an Azure resource. Which Microsoft 365 service is most likely to use this template for storing data?

A.Microsoft Teams
B.Exchange Online
C.SharePoint Online
D.OneDrive for Business
AnswerC

SharePoint Online uses Azure Storage for its content databases.

Why this answer

The ARM template in the exhibit deploys an Azure resource, and SharePoint Online is the Microsoft 365 service that most commonly uses Azure Resource Manager (ARM) templates for provisioning and managing its storage infrastructure, such as Azure SQL Database or Azure Storage accounts that back SharePoint's content databases. SharePoint Online relies on Azure services for scalable storage, and ARM templates are the standard deployment mechanism for these underlying Azure resources.

Exam trap

The trap here is that candidates may assume OneDrive for Business is the correct answer because it is a personal storage service, but they overlook that SharePoint Online is the underlying platform that provisions the Azure storage resources via ARM templates, making it the most likely service to use such templates for data storage.

How to eliminate wrong answers

Option A is wrong because Microsoft Teams uses Azure services for chat, meetings, and media, but its primary data storage is in Exchange Online for chat history and SharePoint Online for files, not directly via ARM templates for its own service. Option B is wrong because Exchange Online stores mailbox data in its own proprietary databases and uses Azure for some infrastructure, but ARM templates are not the typical method for deploying Exchange Online storage resources; Exchange Online is managed through Microsoft's own provisioning systems. Option D is wrong because OneDrive for Business is built on SharePoint Online's storage infrastructure, so while it uses the same underlying Azure storage, the ARM template is more directly associated with SharePoint Online as the service that provisions and manages the storage layer.

112
Multi-Selecteasy

A company uses Microsoft 365 Business Premium. They want to deploy a cloud-based phone system for their employees. Which TWO services should they use?

Select 2 answers
A.Teams Audio Conferencing
B.Direct Routing
C.Calling Plan
D.Microsoft Bookings
E.Microsoft Teams Phone System
AnswersC, E

Correct. Calling Plans provide PSTN minutes and phone numbers.

Why this answer

Microsoft Teams Phone System (formerly Cloud PBX) provides the core PBX functionality—call control, voicemail, and auto attendants—while a Calling Plan (Microsoft's first-party PSTN connectivity) supplies the phone numbers and minutes to make/receive external calls. Together they form a complete cloud phone system without any on-premises infrastructure.

Exam trap

The trap here is that candidates confuse Teams Audio Conferencing (meeting dial-in) with the phone system, or think Direct Routing is a cloud-only option when it actually requires on-premises hardware.

113
MCQmedium

A department asks for the Microsoft 365 service best suited for forms-based surveys and quizzes. Which service should they use?

A.Microsoft Entra Privileged Identity Management
B.Microsoft Forms
C.Microsoft Purview Compliance Manager
D.Microsoft Defender for Endpoint
AnswerB

Forms is used to create surveys, quizzes, and polls.

Why this answer

Microsoft Forms is the correct service because it is specifically designed for creating forms-based surveys, quizzes, and polls. It provides real-time response tracking, automatic grading for quizzes, and seamless integration with Microsoft 365 apps like Excel and Teams, making it the ideal choice for the department's request.

Exam trap

The trap here is that candidates may confuse Microsoft Forms with other Microsoft 365 services that have 'management' or 'compliance' in their names, assuming they include survey capabilities, but only Forms is purpose-built for forms-based data collection and quizzes.

How to eliminate wrong answers

Option A is wrong because Microsoft Entra Privileged Identity Management is an identity governance tool for managing, controlling, and monitoring access to Azure AD resources, not for creating surveys or quizzes. Option C is wrong because Microsoft Purview Compliance Manager is a compliance management solution that helps organizations assess and manage their compliance posture, not a forms-based survey tool. Option D is wrong because Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to protect devices from threats, not for building forms or quizzes.

114
MCQmedium

A compliance-aware administrator is selecting the right Microsoft 365 capability to brainstorm using a shared digital canvas during Teams meetings. Microsoft 365 app or service is the best fit?

A.Microsoft Planner
B.Microsoft Purview Audit
C.Microsoft Forms
D.Microsoft Whiteboard
AnswerD

Whiteboard provides a collaborative digital canvas.

Why this answer

Microsoft Whiteboard is the best fit because it provides a shared digital canvas that allows meeting participants to brainstorm, draw, and collaborate in real time during Teams meetings. It integrates directly with Teams, supports ink and sticky notes, and persists content across sessions, making it ideal for interactive brainstorming.

Exam trap

The trap here is that candidates may confuse Microsoft Planner's board view with a canvas, but Planner is strictly for task tracking, not freeform drawing or brainstorming.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner is a task management tool for organizing work with boards and checklists, not a real-time shared canvas for brainstorming. Option B is wrong because Microsoft Purview Audit is a compliance and auditing solution that tracks user and admin activities, not a collaborative whiteboarding tool. Option C is wrong because Microsoft Forms is used to create surveys, quizzes, and polls, not a freeform digital canvas for brainstorming.

115
MCQmedium

Refer to the exhibit. An administrator creates a Conditional Access policy in Microsoft Entra ID. The AppId 00000003-0000-0ff1-ce00-000000000000 corresponds to Microsoft Graph. The policy requires MFA for all users accessing Microsoft Graph. However, users report that they are not prompted for MFA when using Microsoft Teams. What is the most likely reason?

A.The policy applies only to Microsoft Graph, not to the Teams service itself.
B.The policy is not enabled.
C.The policy should include the app ID for Office 365 Exchange Online.
D.The GrantControls should be set to RequireMFA for all resources.
AnswerA

Teams uses multiple app IDs; the policy targets only Graph, so Teams may not trigger MFA.

Why this answer

Teams does not exclusively use Microsoft Graph for all operations; it also uses other endpoints. The policy only applies to Microsoft Graph, not Teams service endpoints. Option B is correct.

Options A, C, and D are incorrect.

116
Multi-Selectmedium

Which THREE Microsoft 365 services are part of Microsoft Purview compliance suite?

Select 3 answers
A.Microsoft Entra ID
B.Microsoft Defender for Cloud Apps
C.Data Lifecycle Management
D.Communication Compliance
E.Audit
AnswersC, D, E

Data Lifecycle Management is part of Purview for governing data retention and deletion.

Why this answer

Data Lifecycle Management (C) is part of Microsoft Purview because it provides automated retention and deletion policies for sensitive data across Exchange, SharePoint, OneDrive, and Teams. It helps organizations comply with regulatory requirements by governing data from creation to disposal, directly supporting the Purview compliance portal's governance capabilities.

Exam trap

The trap here is that candidates often confuse Microsoft Defender for Cloud Apps (a security tool) with a compliance service, but Purview focuses on data governance, audit, and communication monitoring, not threat detection or identity management.

117
Multi-Selecteasy

Which TWO Microsoft 365 apps are included in Microsoft 365 Business Basic?

Select 2 answers
A.Microsoft Teams
B.Exchange Online
C.Microsoft Power BI Pro
D.Microsoft Project Online Plan 3
E.Microsoft Word (desktop app)
AnswersA, B

Teams is included in Business Basic.

Why this answer

Microsoft Teams is included in Microsoft 365 Business Basic as a core app for chat, meetings, and collaboration. Exchange Online is also included, providing hosted email, calendars, and contacts with a 50 GB mailbox per user. Both are cloud-only services in this plan, with no desktop Office apps.

Exam trap

The trap here is that candidates often assume all Microsoft 365 plans include desktop Office apps, but Business Basic explicitly excludes them, offering only web and mobile versions.

118
MCQmedium

A business stakeholder asks how Microsoft 365 can help them host an intranet landing page with news, navigation links, and department content. Microsoft 365 app or service is the best fit?

A.SharePoint Online
B.Microsoft Purview Audit
C.Microsoft Forms
D.Microsoft Planner
AnswerA

SharePoint Online is the primary Microsoft 365 service for intranet pages and structured content.

Why this answer

SharePoint Online is the correct answer because it is a web-based platform specifically designed for creating intranet portals, team sites, and communication sites. It provides built-in web parts for news feeds, navigation links, and department content pages, making it the ideal service for hosting a company intranet landing page.

Exam trap

The trap here is that candidates may confuse Microsoft Planner's task lists with content organization, or assume Microsoft Forms can publish content, when in fact only SharePoint Online provides the structured site hierarchy and web part capabilities needed for an intranet landing page.

How to eliminate wrong answers

Option B is wrong because Microsoft Purview Audit is a compliance and auditing solution that tracks user and admin activities across Microsoft 365, not a tool for building intranet pages. Option C is wrong because Microsoft Forms is a survey and quiz creation tool, not a content management or intranet hosting platform. Option D is wrong because Microsoft Planner is a task management and project tracking application, not designed for publishing news or organizing department content.

119
MCQmedium

A company uses Microsoft 365 Copilot to summarize a long email thread. Where does Copilot retrieve the email content from?

A.SharePoint Online
B.Exchange Online
C.OneDrive for Business
D.Microsoft Viva Topics
AnswerB

Copilot retrieves email content from the user's Exchange Online mailbox.

Why this answer

Microsoft 365 Copilot retrieves email content directly from Exchange Online, which is the Microsoft 365 service that stores and manages mailboxes, emails, and calendar items. When summarizing a long email thread, Copilot accesses the user's mailbox via Exchange Web Services (EWS) or the Microsoft Graph API, which provides programmatic access to email data. This allows Copilot to read the thread's messages and generate a concise summary without needing to store or index the content elsewhere.

Exam trap

The trap here is that candidates often confuse where email content is stored versus where documents or files are stored, mistakenly selecting SharePoint Online or OneDrive for Business because they associate Copilot with summarizing content from those services, but email specifically resides in Exchange Online.

How to eliminate wrong answers

Option A is wrong because SharePoint Online is a document management and collaboration platform for files, lists, and sites, not for storing individual email messages or threads. Option C is wrong because OneDrive for Business is a personal cloud storage service for files and documents, not for email content, which resides in Exchange Online mailboxes. Option D is wrong because Microsoft Viva Topics is a knowledge discovery service that uses AI to organize and surface topics from content across Microsoft 365, but it does not directly store or provide raw email thread data for Copilot summarization.

120
MCQhard

A company uses a third-party Human Resources (HR) system. Whenever a new employee is added to the HR system, they want to automatically create a user account in Microsoft 365, assign the appropriate license, and send a welcome email. Which Microsoft 365 service should be used to orchestrate this automation?

A.Microsoft Power Automate
B.Microsoft Identity Manager
C.Microsoft Entra ID Connect
D.Microsoft Graph API
AnswerA

Power Automate provides triggers and actions to automate workflows across services, perfect for HR-driven user provisioning.

Why this answer

Microsoft Power Automate is the correct service because it provides a low-code workflow automation platform that can trigger actions based on events in external systems (e.g., a new employee record in a third-party HR system) and then orchestrate a sequence of tasks in Microsoft 365, such as creating a user account via the Microsoft Graph API, assigning a license, and sending a welcome email. It integrates seamlessly with hundreds of connectors, including HR systems and Microsoft 365 services, making it the ideal tool for this cross-system automation scenario.

Exam trap

The trap here is that candidates often confuse the Microsoft Graph API (a development tool) with Power Automate (a no-code/low-code orchestration service), mistakenly thinking that because the Graph API can perform the individual actions, it is the correct answer for orchestrating the entire automated workflow.

How to eliminate wrong answers

Option B (Microsoft Identity Manager) is wrong because it is an on-premises identity and access management solution focused on synchronizing identities between on-premises directories and cloud directories, not on orchestrating event-driven workflows like creating users and sending emails. Option C (Microsoft Entra ID Connect) is wrong because it is a synchronization tool that replicates on-premises Active Directory objects to Microsoft Entra ID for hybrid identity scenarios; it does not provide workflow automation or trigger actions based on external HR system events. Option D (Microsoft Graph API) is wrong because while it can be used to programmatically create users, assign licenses, and send emails, it is a RESTful API that requires custom code and does not provide the orchestration, scheduling, or low-code workflow capabilities that Power Automate offers for automating a multi-step process triggered by an external system.

121
MCQeasy

A training department wants to create interactive learning paths and track employee progress. Which Microsoft 365 service should they use?

A.Microsoft Viva Learning
B.Microsoft Viva Topics
C.Microsoft Stream
D.SharePoint Online
AnswerA

Viva Learning provides learning paths and progress tracking.

Why this answer

Option A is correct because Viva Learning is designed for learning and training. Option B is incorrect because SharePoint Online is for document management. Option C is incorrect because Stream is for videos.

Option D is incorrect because Viva Topics is for knowledge management.

122
Multi-Selectmedium

Which TWO Microsoft 365 services provide real-time communication and collaboration features?

Select 2 answers
A.OneDrive for Business
B.Microsoft Teams
C.Exchange Online
D.Yammer
E.SharePoint
AnswersB, D

Teams provides real-time chat, meetings, and collaboration.

Why this answer

Microsoft Teams (B) is correct because it provides real-time communication and collaboration features such as instant messaging, voice/video calls, and online meetings, all integrated within a single hub. Yammer (D) is correct because it offers enterprise social networking with real-time conversations, live events, and community-based collaboration, enabling immediate communication across an organization.

Exam trap

The trap here is that candidates often confuse OneDrive for Business or SharePoint as collaboration tools because they allow co-authoring, but they lack real-time communication features like chat or video, which are the core focus of this question.

123
MCQmedium

An organization uses Microsoft Teams and wants to ensure that external users from partner companies can access only specific channels and cannot initiate private chats with internal users. Which Microsoft 365 feature should they configure?

A.Microsoft Purview Communication Compliance
B.Teams External Access (Federation)
C.Microsoft Entra B2B collaboration
D.Teams Guest Access
AnswerB

Federation settings control what external users can do, including channel access and chat restrictions.

Why this answer

B is correct because Teams External Access (Federation) allows external users from partner organizations to be added to specific channels without granting them full tenant access. It uses the Session Initiation Protocol (SIP) federation model to enable limited collaboration, and administrators can control whether federated users can initiate private chats by disabling the 'External users can contact me' policy in the Teams admin center. This meets the requirement of restricting external users to only designated channels and preventing private chat initiation.

Exam trap

The trap here is that candidates often confuse Guest Access (which creates full Azure AD guest identities) with External Access (federation), assuming both provide the same level of control, but Guest Access actually grants broader permissions and requires more complex policy management to restrict private chats.

How to eliminate wrong answers

Option A is wrong because Microsoft Purview Communication Compliance is a supervision and policy-based solution for monitoring internal and external communications for compliance risks, not for controlling access or chat permissions. Option C is wrong because Microsoft Entra B2B collaboration (formerly Azure AD B2B) provides full guest user accounts with identities in the tenant, allowing them to access resources broadly and initiate private chats unless explicitly restricted via conditional access policies, which is more complex than the simple federation control needed. Option D is wrong because Teams Guest Access creates guest accounts in the tenant's Azure AD, giving them broader access to Teams features (including private chats by default) and requiring more granular policy configuration to restrict chat initiation, whereas federation is designed for limited, channel-specific collaboration without full guest identities.

124
Multi-Selectmedium

A company is planning to deploy Microsoft 365 and needs to meet the following requirements: enable secure remote access to on-premises applications, provide a unified search experience across SharePoint and external data sources, and allow users to create custom dashboards from multiple data sources. Which TWO Microsoft 365 services should the company use?

Select 2 answers
A.Microsoft Loop
B.Microsoft Entra Application Proxy
C.Microsoft Search
D.Power BI
E.Microsoft Forms
AnswersB, D

Correct: Provides secure remote access to on-premises web applications.

Why this answer

Microsoft Entra Application Proxy (option B) enables secure remote access to on-premises web applications by publishing them through Azure AD, using pre-authentication and application-layer security without requiring a VPN. Power BI (option D) allows users to create custom dashboards and reports from multiple data sources, including SharePoint, SQL databases, and cloud services, meeting the requirement for custom dashboards from diverse data.

Exam trap

The trap here is that candidates may confuse Microsoft Search (option C) as fulfilling the unified search requirement while overlooking that it does not address secure remote access or custom dashboards, leading them to select it alongside a wrong pairing like Microsoft Loop.

125
MCQmedium

A company uses Microsoft 365 E5 licenses. The security team wants to automatically remediate advanced threats detected on endpoints without manual intervention. Which Microsoft 365 service should they use?

A.Microsoft Intune
B.Microsoft Purview
C.Microsoft Defender XDR
D.Microsoft Sentinel
AnswerC

Defender XDR provides automated investigation and remediation of advanced threats across endpoints.

Why this answer

Microsoft Defender XDR (Extended Detection and Response) is the correct service because it provides automated investigation and remediation capabilities for advanced threats detected on endpoints. It uses AI-driven playbooks to automatically contain or remove threats without manual intervention, which aligns directly with the security team's requirement.

Exam trap

The trap here is that candidates often confuse Microsoft Sentinel's SIEM/SOAR capabilities with automated endpoint remediation, but Sentinel requires integration with Defender XDR to execute such actions, whereas Defender XDR provides native automated remediation directly on endpoints.

How to eliminate wrong answers

Option A is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) service focused on policy enforcement and device compliance, not automated threat remediation. Option B is wrong because Microsoft Purview is a data governance, compliance, and risk management solution (formerly Microsoft 365 Compliance), not designed for endpoint threat detection or automated response. Option D is wrong because Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) service that aggregates logs and alerts from multiple sources, but it does not natively perform automated remediation on endpoints; it requires integration with other tools like Defender XDR for that capability.

126
MCQhard

Refer to the exhibit. A SharePoint admin is reviewing a policy JSON snippet. Which statement accurately describes the effect of this policy?

A.External sharing is allowed only for existing guests who expire in 30 days.
B.External sharing is allowed but guests expire after 30 days.
C.External sharing is allowed but only for users in the same tenant.
D.External sharing is completely disabled.
AnswerD

The policy sets sharingCapability to Disabled and allowExternalSharing to false.

Why this answer

The policy JSON snippet sets the 'sharingCapability' to 'Disabled', which completely disables external sharing for the SharePoint environment. This means no external users can be invited, and any existing external sharing links will cease to function. The 'expirationTime' value of 30 days is irrelevant because sharing is disabled entirely.

Exam trap

The trap here is that candidates see the 'expirationTime' of 30 days and assume external sharing is allowed with an expiration, but they overlook that the 'sharingCapability' is set to 'Disabled', which nullifies any expiration settings.

How to eliminate wrong answers

Option A is wrong because it suggests external sharing is allowed only for existing guests with a 30-day expiration, but the policy disables sharing entirely, not just for new guests. Option B is wrong because it implies external sharing is allowed with a 30-day guest expiration, but the 'sharingCapability' is set to 'Disabled', overriding any expiration settings. Option C is wrong because it claims sharing is allowed only for users in the same tenant, which is the default behavior when external sharing is disabled; however, the policy explicitly disables all sharing, not just external.

127
MCQhard

An organization uses Microsoft 365 E5 and wants to implement a solution that automatically detects and remediates security incidents across identities, endpoints, and email. Which Microsoft 365 service should they use?

A.Microsoft Defender XDR
B.Microsoft Defender for Endpoint
C.Microsoft Sentinel
D.Microsoft Entra ID Protection
AnswerA

Defender XDR correlates signals across identities, endpoints, email, and more to detect and remediate incidents.

Why this answer

Microsoft Defender XDR (Extended Detection and Response) is the correct choice because it provides a unified, cross-domain security solution that automatically correlates alerts and orchestrates remediation across identities, endpoints, email, and cloud apps. This aligns directly with the requirement to detect and remediate security incidents across identities, endpoints, and email, leveraging the Microsoft 365 Defender portal to break down silos between individual security products.

Exam trap

The trap here is that candidates often confuse Microsoft Defender XDR with its individual component products (like Defender for Endpoint or Defender for Office 365), mistakenly assuming that a single-domain solution can meet a cross-domain requirement, or they overestimate Microsoft Sentinel's out-of-the-box automation capabilities versus its actual SIEM-centric, custom-playbook nature.

How to eliminate wrong answers

Option B (Microsoft Defender for Endpoint) is wrong because it focuses solely on endpoint detection and response (EDR) for devices, lacking the cross-domain correlation and automated remediation for identities and email that the question specifies. Option C (Microsoft Sentinel) is wrong because it is a cloud-native SIEM (Security Information and Event Management) that ingests logs and requires custom analytics rules and playbooks for automation; it does not provide built-in, automatic cross-domain incident correlation and remediation across identities, endpoints, and email out of the box. Option D (Microsoft Entra ID Protection) is wrong because it is limited to identity-based risk detection and conditional access policies for user accounts, with no capability to monitor or remediate threats on endpoints or in email.

128
MCQmedium

A company wants to securely share a large video file (2 GB) with an external partner without using email attachments. Which Microsoft 365 service should they use?

A.Microsoft SharePoint
B.Microsoft Teams
C.Microsoft Stream
D.Microsoft OneDrive
AnswerD

OneDrive allows sharing large files via secure link with options like expiration and password.

Why this answer

Microsoft OneDrive is the correct choice because it allows sharing large files (up to 250 GB per file) via secure, expiring links with external users, without relying on email attachments. It integrates with Azure AD for access control and supports granular permissions like view or edit, making it ideal for ad-hoc external file sharing.

Exam trap

The trap here is that candidates often confuse Microsoft Stream as the service for sharing video files because of the word 'video,' but Stream is for hosting and streaming, not for secure file sharing with external partners, which requires a storage and sharing service like OneDrive.

How to eliminate wrong answers

Option A is wrong because Microsoft SharePoint is designed for team collaboration and document management within a site, not for ad-hoc sharing of a single large file with an external partner; it requires setting up a site and managing permissions, which is overkill for this scenario. Option B is wrong because Microsoft Teams is a chat-based collaboration platform that uses SharePoint or OneDrive for file storage; sharing a 2 GB file via Teams would still rely on underlying storage and is not optimized for direct external sharing without a Teams guest account. Option C is wrong because Microsoft Stream is a video hosting and management service for enterprise video content, not for sharing raw video files; it is designed for streaming and playback, not secure file download or external partner access.

129
MCQmedium

A team wants to build a custom business app to track inventory with minimal custom code. They need a cloud-based database that can store structured data and is tightly integrated with the low-code app platform. Which Microsoft 365 service should they use as the database?

A.Microsoft Dataverse
B.Microsoft SharePoint Online list
C.Microsoft Excel Online
D.Microsoft Forms
AnswerA

Dataverse is the underlying data platform for Power Platform, providing a secure, scalable database for custom business apps.

Why this answer

Microsoft Dataverse (formerly Common Data Service) is the cloud-scale database that stores data used by Power Apps, Power Automate, and Dynamics 365. It provides a relational data store with built-in security, business logic, and integration. Power Apps can connect directly to Dataverse to create custom apps with minimal code.

SharePoint lists or Excel Online are less suitable for scalable business apps requiring relationships and business rules.

130
MCQmedium

You need to ensure that only authorized users from your tenant can access a SharePoint site. Which setting should you configure?

A.External sharing settings
B.Sensitivity labels
C.Conditional Access policy
D.Sharing links expiration
AnswerA

External sharing settings control whether external users can access the site.

Why this answer

External sharing settings control who outside your tenant can access SharePoint sites, files, and folders. By configuring these settings at the tenant or site level, you can restrict access to only authorized users from your tenant, blocking external users entirely. This is the direct mechanism for limiting access to internal users only.

Exam trap

The trap here is that candidates confuse external sharing settings with Conditional Access policies, thinking that CA policies can block external users from accessing SharePoint, when in fact CA policies apply to all users (including internal) and do not control the sharing invitation process.

How to eliminate wrong answers

Option B is wrong because sensitivity labels enforce classification and protection (encryption, watermarking) on content, not access control for external users. Option C is wrong because Conditional Access policies govern authentication and device compliance for all users, but they do not specifically block or allow external sharing of SharePoint sites. Option D is wrong because sharing links expiration controls how long a shared link is valid, not who can access the site; it does not prevent external users from being invited.

131
Multi-Selectmedium

A project team needs to collaborate on Teams channel conversations and meetings and co-author related Office files. Which two Microsoft 365 capabilities are most relevant?

Select 2 answers
A.Microsoft Teams
B.SharePoint Online document storage
C.Microsoft Purview eDiscovery case
D.Exchange anti-malware policy
AnswersA, B

Teams is the hub for chat, meetings, calls, and team collaboration.

Why this answer

Microsoft Teams is the correct answer because it provides the central hub for channel conversations, meetings, and real-time collaboration. SharePoint Online document storage is also correct because Teams channels use SharePoint as the underlying storage for all shared files, enabling co-authoring of Office documents directly within the Teams interface.

Exam trap

The trap here is that candidates may think Microsoft Teams alone covers all collaboration needs, forgetting that SharePoint Online is the underlying file storage and co-authoring engine for Teams channel files.

132
Multi-Selecthard

Which THREE Microsoft 365 services can be used to store and manage files in the cloud?

Select 3 answers
A.OneDrive for Business
B.Microsoft Teams
C.Power BI
D.SharePoint
E.Exchange Online
AnswersA, B, D

OneDrive stores personal files in the cloud.

Why this answer

OneDrive for Business is a cloud storage service that allows users to store, sync, and share files individually. It is part of Microsoft 365 and provides personal storage with up to 1 TB per user, integrating with Office apps for real-time co-authoring.

Exam trap

The trap here is that Microsoft Teams is listed as a correct answer because it can store files via its Files tab (which actually uses SharePoint or OneDrive under the hood), but candidates often confuse Teams as a primary storage service rather than a collaboration hub that relies on underlying storage services.

133
Multi-Selectmedium

Which TWO Microsoft 365 services can be used to create and manage business process automation workflows?

Select 2 answers
A.Power Automate
B.Microsoft Forms
C.Microsoft Stream
D.Power BI
E.Microsoft Lists
AnswersA, E

Power Automate is designed for workflow automation.

Why this answer

Options B and D are correct: Power Automate is the primary workflow automation tool, and Microsoft Lists can be used with Power Automate to create approval workflows. Option A is incorrect because Power BI is for analytics. Option C is incorrect because Forms is for surveys.

Option E is incorrect because Stream is for video.

134
MCQmedium

A company wants to replace its on-premises Exchange Server with a cloud-based email solution that integrates with Microsoft Teams and SharePoint Online. Which Microsoft 365 service should they subscribe to?

A.Microsoft 365 Business Basic
B.Exchange Online
C.Microsoft 365 Apps
D.Microsoft Outlook desktop app
AnswerB

Exchange Online provides cloud-based email with integration to Teams and SharePoint.

Why this answer

Exchange Online is the cloud-based email solution that integrates with Teams and SharePoint. Option A is correct. Options B, C, and D are incorrect because they are not email services.

135
MCQhard

Your organization uses Microsoft 365 and wants to ensure that only managed devices can access corporate email in Exchange Online. Which conditional access policy setting should you configure?

A.Require device to be marked as compliant
B.Require approved client app
C.Require device to be joined to Azure AD
D.Require multi-factor authentication
AnswerA

This ensures only Intune-managed compliant devices can access email.

Why this answer

Option A is correct because the 'Require device to be marked as compliant' setting in a Conditional Access policy integrates with Microsoft Intune to enforce that only devices meeting compliance policies (e.g., encryption, OS version, jailbreak detection) can access Exchange Online. This ensures corporate email is accessible only from managed, trusted devices, directly addressing the requirement.

Exam trap

The trap here is that candidates often confuse 'device compliance' with 'device join status' or 'app protection,' mistakenly selecting Azure AD join or approved client app when the question specifically targets managed device enforcement via compliance policies.

How to eliminate wrong answers

Option B is wrong because 'Require approved client app' controls which applications (e.g., Outlook mobile) can access data, not the device's management state; a device could be unmanaged but still use an approved app. Option C is wrong because 'Require device to be joined to Azure AD' enforces that the device is registered in Azure AD, but it does not verify compliance with security policies like encryption or patch levels. Option D is wrong because 'Require multi-factor authentication' adds an identity verification layer but does not restrict access based on device management or compliance status.

136
MCQhard

A financial services firm must comply with regulatory requirements that prevent accidental sharing of sensitive customer data via email. They need to automatically detect and block emails containing credit card numbers sent to external recipients. Which Microsoft 365 service should they configure?

A.Microsoft Defender XDR
B.Microsoft Purview
C.Microsoft Intune
D.Microsoft Entra ID
AnswerB

Purview includes DLP policies to detect and block sensitive data in emails.

Why this answer

Microsoft Purview (formerly Microsoft 365 Compliance) includes Data Loss Prevention (DLP) policies that can automatically detect sensitive data types, such as credit card numbers, in emails and block them from being sent to external recipients. This directly addresses the regulatory requirement to prevent accidental sharing of sensitive customer data via email.

Exam trap

The trap here is that candidates often confuse Microsoft Defender XDR (security threat detection) with Microsoft Purview (compliance and data protection), leading them to choose Defender for a data loss prevention scenario instead of the correct compliance service.

How to eliminate wrong answers

Option A is wrong because Microsoft Defender XDR is a security solution focused on threat detection, investigation, and response across endpoints, email, and identities, not on compliance-driven data loss prevention for sensitive content like credit card numbers. Option C is wrong because Microsoft Intune is a mobile device management (MDM) and mobile application management (MAM) service for managing devices and apps, not for inspecting email content or enforcing DLP rules. Option D is wrong because Microsoft Entra ID (formerly Azure AD) is an identity and access management service handling authentication and authorization, not email content inspection or DLP policy enforcement.

137
MCQeasy

A user needs to co-author a Word document stored in Microsoft SharePoint Online with external partners who do not have Microsoft 365 licenses. What must the administrator enable?

A.External sharing in SharePoint Online
B.Azure AD B2B collaboration
C.Anonymous access links for documents
D.Guest access in Microsoft Teams
AnswerA

Allows sharing with external users who can authenticate.

Why this answer

External sharing in SharePoint Online must be enabled at the tenant or site level to allow users to share documents with external partners who lack Microsoft 365 licenses. This setting controls the ability to send sharing invitations or generate shareable links for people outside the organization, which is the prerequisite for co-authoring with unlicensed external users.

Exam trap

The trap here is that candidates confuse Azure AD B2B collaboration as a separate setting that must be enabled, when in fact it is automatically activated once SharePoint external sharing is turned on, making the direct answer the SharePoint-level sharing configuration.

How to eliminate wrong answers

Option B is wrong because Azure AD B2B collaboration is the underlying identity mechanism that SharePoint external sharing uses, but it is not a setting an administrator must explicitly enable for this scenario—it is automatically available when external sharing is turned on. Option C is wrong because anonymous access links allow anyone with the link to view or edit the document without authentication, which is not the same as co-authoring with specific named external partners who need to sign in with a Microsoft account or one-time passcode. Option D is wrong because guest access in Microsoft Teams is a separate feature for inviting external users to Teams channels and chats, not for co-authoring a Word document stored in SharePoint Online.

138
Multi-Selecthard

A company uses Microsoft 365 E5. They want to automatically retain all documents containing credit card numbers for 3 years and then delete them. Which THREE Microsoft Purview features should they use?

Select 3 answers
A.Auto-labeling policies
B.Data Loss Prevention (DLP) policies
C.eDiscovery
D.Retention labels
E.Sensitivity labels
AnswersA, D, E

Correct. Auto-labeling policies automatically apply sensitivity labels based on conditions.

Why this answer

Auto-labeling policies (A) are correct because they can automatically apply sensitivity labels to documents containing sensitive information types like credit card numbers, based on conditions defined in the policy. This enables the automatic classification of content, which is a prerequisite for applying retention labels that enforce the 3-year retention and deletion rule.

Exam trap

The trap here is that candidates often confuse DLP policies with retention and auto-labeling, mistakenly thinking DLP can enforce retention or deletion, when in fact DLP only handles data loss prevention actions like blocking or alerting, not lifecycle management.

139
MCQeasy

A small business with 10 employees wants to use professional email with custom domain, web versions of Office apps, and 1 TB of cloud storage per user. Which Microsoft 365 plan meets these requirements?

A.Microsoft 365 Apps for Business
B.Microsoft 365 E3
C.Microsoft 365 Business Standard
D.Microsoft 365 Business Basic
AnswerD

Includes Exchange Online, web apps, and 1 TB storage.

Why this answer

Microsoft 365 Business Basic provides professional email with a custom domain (Exchange Online), web versions of Office apps (Office for the web), and 1 TB of cloud storage per user (OneDrive for Business). This plan is designed for small businesses needing core productivity and communication tools at a lower cost, without desktop Office installations.

Exam trap

The trap here is that candidates often confuse Business Basic with Business Standard, assuming desktop Office apps are required for professional email, when Business Basic fully meets the stated needs with web-only Office apps and custom domain email.

How to eliminate wrong answers

Option A is wrong because Microsoft 365 Apps for Business includes only desktop and web versions of Office apps with 1 TB OneDrive storage, but it does not include Exchange Online for custom domain email. Option B is wrong because Microsoft 365 E3 is an enterprise plan with advanced security and compliance features, far exceeding the requirements and budget of a 10-employee small business. Option C is wrong because Microsoft 365 Business Standard includes desktop Office apps in addition to the required features, making it more expensive than necessary for a business that only needs web versions of Office apps.

140
MCQmedium

A project manager needs to create a visual timeline of project tasks, dependencies, and milestones to share with stakeholders. The timeline should be embedded in the project team's SharePoint site. Which Microsoft 365 app should they use?

A.Microsoft Planner
B.Microsoft Project for the web
C.Microsoft To Do
D.Microsoft Lists
AnswerB

Project for the web offers a timeline (Gantt) view of tasks, dependencies, and milestones, and can be embedded in SharePoint.

Why this answer

Microsoft Project for the web is the correct choice because it is designed specifically for creating Gantt charts that visualize project tasks, dependencies, and milestones over a timeline. It integrates directly with SharePoint, allowing the timeline to be embedded as a web part on a team site for stakeholder viewing.

Exam trap

The trap here is that candidates confuse Planner's 'Board view' and 'Charts' (which show simple bar charts) with a true Gantt timeline, but Planner cannot display task dependencies or milestones in a timeline format.

How to eliminate wrong answers

Option A is wrong because Microsoft Planner provides a Kanban-style board for task assignment and tracking, but it lacks a timeline view with dependency lines and milestone markers. Option C is wrong because Microsoft To Do is a personal task management app focused on individual to-do lists, not project-level timelines or dependencies. Option D is wrong because Microsoft Lists is a data-tracking app for creating custom lists (e.g., issue trackers), but it does not natively support Gantt chart timelines or dependency visualization.

141
MCQmedium

A manager wants to quickly create a survey to collect employee feedback on a new policy. The survey must automatically store responses in an Excel spreadsheet and trigger an email notification when a response is submitted. Which Microsoft 365 service should the manager use?

A.Microsoft Forms
B.Microsoft Lists
C.Microsoft Power Apps
D.Microsoft SharePoint
AnswerA

Forms allows creation of surveys, automatically stores responses in Excel, and can be used with Power Automate to send email alerts.

Why this answer

Microsoft Forms is the correct choice because it is designed specifically for creating surveys and quizzes, and it natively integrates with Excel to automatically store responses in a spreadsheet. Additionally, Forms supports Power Automate flows out of the box, allowing you to trigger an email notification whenever a new response is submitted, meeting both requirements without custom development.

Exam trap

The trap here is that candidates may confuse Microsoft Lists with Forms because both can collect data, but Lists is a structured data repository, not a survey tool, and lacks the automatic Excel storage and email trigger capabilities that Forms offers through its native Power Automate integration.

How to eliminate wrong answers

Option B is wrong because Microsoft Lists is a data-tracking application for organizing information in a list format, not a survey tool; it lacks built-in survey creation and does not automatically store responses in Excel or trigger email notifications on submission. Option C is wrong because Microsoft Power Apps is a low-code platform for building custom applications, which would require significant development effort to create a survey and integrate Excel storage and email triggers, making it overkill for this simple task. Option D is wrong because Microsoft SharePoint is a content management and collaboration platform; while it can host surveys via SharePoint lists or web parts, it does not automatically store responses in Excel or provide native email notification triggers without additional configuration or Power Automate flows.

142
Multi-Selectmedium

A team is working on a project proposal that requires simultaneous input from multiple team members. They need to see each other's changes in real time and have a full revision history. Which two Microsoft 365 applications support this capability? (Choose two.)

Select 2 answers
A.Word for the web
B.Excel for the web
C.Outlook on the web
D.OneNote for Windows 10
AnswersA, B

Word for the web supports real-time co-authoring and version history, enabling multiple contributors to work simultaneously.

Why this answer

Word for the web and Excel for the web support real-time co-authoring, allowing multiple users to edit the same document simultaneously with changes visible to all collaborators within seconds. They also maintain a full revision history via versioning, enabling users to view, restore, or compare previous versions. This capability is built on the Office Online Server infrastructure and uses WebSocket-based synchronization for low-latency updates.

Exam trap

The trap here is that candidates may assume Outlook on the web supports real-time collaboration because it is a web app, or that OneNote for Windows 10 has the same co-authoring features as the web version, but Microsoft specifically limits full real-time editing and revision history to the web-based Office apps (Word, Excel, PowerPoint) and not to desktop-only versions or Outlook.

143
MCQhard

Refer to the exhibit. A device management report from Microsoft Intune shows a device with non-compliant status. Which action should the administrator take to bring the device into compliance?

A.Enable BitLocker encryption
B.Force a check-in
C.Remediate jailbreak status
D.Install antivirus software
AnswerA

The device is not encrypted, so enabling BitLocker will address the compliance issue.

Why this answer

The device is marked non-compliant because Intune's compliance policy requires BitLocker encryption on Windows devices. Enabling BitLocker satisfies that policy requirement, allowing the device to report as compliant on its next check-in.

Exam trap

The trap here is that candidates confuse a non-compliant status with a connectivity or agent issue, and choose 'Force a check-in' instead of addressing the specific missing configuration (BitLocker) that caused the non-compliance.

How to eliminate wrong answers

Option B is wrong because forcing a check-in only triggers a re-evaluation of the current state; it does not resolve the underlying missing encryption. Option C is wrong because jailbreak status applies to iOS/iPadOS devices, not Windows, and is unrelated to BitLocker compliance. Option D is wrong because antivirus software is a separate compliance setting (e.g., requiring Windows Defender or a third-party AV), but the exhibit specifically indicates a BitLocker encryption requirement, not an antivirus requirement.

144
MCQmedium

A project manager needs a digital notebook where team members can capture meeting notes, add ink drawings using a stylus, and share content in real time. The solution must integrate with Microsoft Teams and support tagging for easy search. Which Microsoft 365 app is best suited?

A.OneNote
B.Word Online
C.SharePoint Wiki
D.Microsoft Lists
AnswerA

Correct. OneNote provides a flexible digital notebook with inking support, real-time collaboration, and tag-based organization, making it ideal for meeting notes.

Why this answer

OneNote is the best fit because it provides a digital notebook with support for ink drawings via stylus, real-time collaboration, and tagging for search. It integrates natively with Microsoft Teams through the OneNote tab, allowing team members to capture and share meeting notes directly within Teams channels.

Exam trap

The trap here is that candidates may confuse Word Online's co-authoring capabilities with OneNote's specialized notebook features, overlooking the specific requirements for ink drawings and tagging that are native to OneNote.

How to eliminate wrong answers

Option B (Word Online) is wrong because while it supports real-time co-authoring and basic drawing tools, it lacks a dedicated notebook structure for organizing meeting notes and does not support ink drawings with a stylus as seamlessly as OneNote. Option C (SharePoint Wiki) is wrong because it is a web-based wiki for static content, not a real-time collaborative notebook, and it does not support stylus input or tagging for search in the same way. Option D (Microsoft Lists) is wrong because it is designed for tracking and organizing data in list format, not for capturing freeform meeting notes with ink drawings or real-time sharing.

145
MCQeasy

A user needs to create a form to collect feedback from customers. The responses should be automatically stored in an Excel spreadsheet in OneDrive. Which Microsoft 365 app should they use?

A.Microsoft Lists
B.Microsoft Forms
C.Microsoft Power Apps
D.Microsoft Sway
AnswerB

Forms provides surveys and automatically exports responses to Excel.

Why this answer

Microsoft Forms is the correct app because it is specifically designed for creating surveys, quizzes, and feedback forms, and it natively integrates with Excel to automatically store responses in a spreadsheet hosted on OneDrive. This meets the user's requirement without additional configuration or custom development.

Exam trap

The trap here is that candidates may confuse Microsoft Lists with Forms because both can collect data, but Lists requires manual setup for Excel export and lacks the automatic, one-click response-to-Excel workflow that Forms provides.

How to eliminate wrong answers

Option A is wrong because Microsoft Lists is a tracking and organization app for managing data in list format (e.g., issue tracking, inventory), not for creating forms with automatic Excel storage. Option C is wrong because Microsoft Power Apps is a low-code platform for building custom business applications, which is overkill and not the intended tool for simple form creation and Excel integration. Option D is wrong because Microsoft Sway is a presentation and storytelling app for creating interactive reports and newsletters, not for collecting form responses or storing them in Excel.

146
MCQeasy

A project manager needs to create a shared workspace for a cross-functional team to manage tasks, share files, track deadlines, and have threaded conversations. Which Microsoft 365 app should be the primary platform for this workspace?

A.Microsoft SharePoint
B.Microsoft Teams
C.Microsoft Planner
D.Microsoft To Do
AnswerB

Teams offers channels with threaded conversations, file sharing, and integration with Planner for task management, making it ideal for a collaborative workspace.

Why this answer

Microsoft Teams is the correct primary platform because it integrates chat, threaded conversations, file sharing, task management (via integrated Planner or Tasks by Planner and To Do), and deadline tracking into a single shared workspace. Unlike SharePoint, which is a document management and intranet platform, Teams provides a real-time collaboration hub with persistent threaded conversations and direct task assignment capabilities, making it ideal for cross-functional team coordination.

Exam trap

The trap here is that candidates often confuse SharePoint as the primary collaboration workspace because it is a powerful content management platform, but the question specifically requires threaded conversations and real-time task management, which are native to Teams, not SharePoint.

How to eliminate wrong answers

Option A is wrong because Microsoft SharePoint is a document management and intranet portal platform focused on content storage, version control, and site-based collaboration, not a real-time workspace with threaded conversations and integrated task management. Option C is wrong because Microsoft Planner is a lightweight task management tool that provides Kanban boards and task assignments but lacks native threaded conversations, file sharing, and a persistent chat workspace. Option D is wrong because Microsoft To Do is a personal task management app designed for individual productivity and list-based task tracking, not for team collaboration, shared workspaces, or threaded conversations.

147
MCQmedium

A company deploys Microsoft Defender for Office 365 to protect against phishing. Users report that legitimate external emails are being moved to Junk Email folder. The security team needs to allowlist a specific sender domain without reducing protection. What should they do?

A.Add the domain to the safe sender list in the user's Outlook client.
B.Add the domain to the allowed sender list in the anti-spam policy.
C.Disable anti-phishing protection for the affected users.
D.Create a mail flow rule to set the Spam Confidence Level (SCL) to -1 for emails from that domain.
AnswerD

This allows the email but still scans for malware and phishing.

Why this answer

Option D is correct because setting the Spam Confidence Level (SCL) to -1 via a mail flow rule explicitly marks emails from the specified domain as trusted, bypassing all spam filtering including anti-phishing checks. This ensures legitimate external emails are delivered to the inbox while maintaining protection for all other senders. Unlike user-level or policy-level allowlists, this method does not reduce the overall security posture because it only exempts that specific domain from filtering.

Exam trap

The trap here is that candidates often confuse the user-level safe sender list (Option A) with a server-side allowlist, not realizing that Microsoft Defender for Office 365 filters emails before they reach the Outlook client, so client-side settings have no effect on server-side filtering decisions.

How to eliminate wrong answers

Option A is wrong because adding the domain to the safe sender list in the user's Outlook client only affects the client-side Junk Email Filter, not the server-side filtering by Microsoft Defender for Office 365; the email may still be blocked or moved to junk by the service before it reaches the client. Option B is wrong because adding the domain to the allowed sender list in the anti-spam policy can reduce protection by completely bypassing spam and phishing filters for that domain, potentially allowing malicious emails from that domain to reach users. Option C is wrong because disabling anti-phishing protection for the affected users removes all phishing defenses for those users, leaving them vulnerable to phishing attacks from any sender, not just the legitimate domain.

148
MCQmedium

Refer to the exhibit. A compliance admin runs the PowerShell command. What is the purpose of this command?

A.To find tags that keep and then delete content after more than 365 days.
B.To find tags that require a review after 365 days.
C.To find tags that delete content after more than 365 days.
D.To find tags that keep content indefinitely.
AnswerA

KeepAndDelete means keep for a period then delete; duration >365 days.

Why this answer

Option C is correct: The command filters compliance tags where retention action is 'KeepAndDelete' and retention duration is greater than 365 days. Option A is incorrect because it mentions 'Delete' action only, not 'KeepAndDelete'. Option B is incorrect because it mentions 'Keep' only.

Option D is incorrect because it mentions 'Review' which is not a retention action.

149
Multi-Selecthard

Which THREE Microsoft 365 services are included in Microsoft 365 E5 license that provide advanced security capabilities? (Select exactly 3.)

Select 3 answers
A.Microsoft Intune
B.Microsoft Defender XDR
C.Microsoft Purview Information Protection
D.Microsoft Purview Data Loss Prevention
E.Microsoft Sentinel
AnswersB, C, E

Defender XDR is included in E5.

Why this answer

Microsoft Defender XDR (B) is included in Microsoft 365 E5 to provide unified, cross-domain threat detection and response across endpoints, email, identities, and cloud apps. It correlates signals from multiple Defender products to automate incident response and reduce dwell time, making it a core advanced security capability of the E5 license.

Exam trap

The trap here is that candidates often confuse Microsoft Purview Information Protection (a data classification and labeling service) with Microsoft Purview Data Loss Prevention (a compliance policy enforcement tool), but both are included in E5; however, the question asks for advanced security capabilities, and DLP is a compliance feature, not a security detection/response service, while Information Protection is considered an advanced security capability because it encrypts and controls access to sensitive data.

150
MCQmedium

A sales team needs to track leads, manage customer contact information, record interactions, and automate follow-up email sequences. Which Microsoft 365 app should they use as the primary platform?

A.Microsoft Dynamics 365 Sales
B.Microsoft Power Automate
C.Microsoft SharePoint
D.Microsoft Teams
AnswerA

This is the dedicated CRM app for sales management, offering lead and opportunity tracking, customer data management, and sales automation.

Why this answer

Microsoft Dynamics 365 Sales is a customer relationship management (CRM) application specifically designed to manage leads, track customer contact information, record interactions, and automate sales processes such as follow-up email sequences. It provides built-in lead scoring, opportunity management, and workflow automation that directly match the sales team's requirements, making it the correct primary platform.

Exam trap

The trap here is that candidates often confuse Microsoft Power Automate as the primary tool for automation, overlooking that Dynamics 365 Sales provides the CRM foundation needed to manage leads and contacts, while Power Automate is only an add-on for extending workflows.

How to eliminate wrong answers

Option B is wrong because Microsoft Power Automate is a workflow automation tool that can create flows to trigger actions, but it is not a primary platform for managing leads, contacts, or interactions; it lacks native CRM data models and lead management features. Option C is wrong because Microsoft SharePoint is a document management and collaboration platform focused on content storage, sharing, and intranet sites, not designed for tracking sales leads or automating email sequences. Option D is wrong because Microsoft Teams is a chat-based collaboration workspace for real-time communication and meetings, not a CRM system capable of managing customer relationships or automating sales workflows.

← PreviousPage 2 of 5 · 350 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Describe Microsoft 365 apps and services questions.