Back to Microsoft 365 Fundamentals MS-900 questions

Scenario-based practice

Refer to the Exhibit Practice Questions

Practise Microsoft 365 Fundamentals MS-900 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

12
scenario questions
MS-900
exam code
Microsoft
vendor

Scenario guide

How to approach refer to the exhibit practice questions

Practise exhibit-style questions that ask you to read a topology, table, command output or diagram before choosing the best answer.

Quick answer

Exhibit-style questions test whether you can read a topology, command output, diagram or table before choosing the best answer.

How to extract the relevant detail from an exhibit.

How topology, command output or routing information affects the answer.

How to avoid answering from memory before reading the evidence.

How to map the exhibit back to the exam objective.

Related practice questions

Related MS-900 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummultiple choice
Full question →

Refer to the exhibit. The JSON snippet represents a Microsoft Purview sensitivity label policy. An administrator wants to prevent external users from accessing documents labeled 'Highly Confidential'. Which element in the policy achieves this?

Exhibit

{
  "name": "CompanyPolicy",
  "description": "Block external sharing for sensitive data",
  "labels": ["Highly Confidential"],
  "actions": {
    "blockAccess": true,
    "encrypt": true,
    "applyWatermark": true
  }
}
Question 2hardmultiple choice
Full question →

Refer to the exhibit. An admin creates a Microsoft Purview Data Loss Prevention (DLP) policy rule as shown. When will the rule block access?

Exhibit

Refer to the exhibit.
```json
{
  "version": "1.0",
  "rules": [
    {
      "name": "Block sensitive data sharing",
      "condition": {
        "sensitiveInformationTypes": [
          {
            "id": "Credit Card Number",
            "confidenceLevel": "high"
          }
        ]
      },
      "actions": {
        "blockAccess": true,
        "notifyUser": true
      }
    }
  ]
}
```
Question 3hardmultiple choice
Full question →

Refer to the exhibit. A device management report from Microsoft Intune shows a device with non-compliant status. Which action should the administrator take to bring the device into compliance?

Exhibit

Device Name: LAPTOP-1234
Compliance State: Non-compliant
Last Check-in: 2026-03-10T14:30:00Z
Primary User: user@contoso.com
OS: Windows 11
Threat Level: High
Jailbroken: No
Encryption: Not Encrypted
Question 4easymultiple choice
Full question →

Refer to the exhibit. The ARM template is used to deploy an Azure resource. Which Microsoft 365 service is most likely to use this template for storing data?

Exhibit

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-02-01",
      "name": "[parameters('storageAccountName')]",
      "location": "[resourceGroup().location]",
      "kind": "StorageV2",
      "sku": {
        "name": "Standard_LRS"
      }
    }
  ]
}
Question 5hardmultiple choice
Full question →

Refer to the exhibit. You are reviewing a role definition in Microsoft Purview compliance portal. Which actions can a user assigned this role perform?

Exhibit

{
  "roleName": "Compliance Administrator",
  "permissions": [
    "microsoft.office365.securityComplianceCenter/allEntities/allTasks",
    "microsoft.office365.protectionCenter/allEntities/allTasks"
  ]
}
Question 6easymultiple choice
Full question →

Refer to the exhibit. You have a Conditional Access policy as shown. A user reports they cannot access Exchange Online from a non-compliant device. What is the most likely reason?

Exhibit

Refer to the exhibit.
```json
{
  "displayName": "Block access for non-Microsoft Entra ID users",
  "state": "enabled",
  "conditions": {
    "applications": {
      "includeApplications": ["Office365"]
    },
    "users": {
      "includeUsers": ["All"]
    }
  },
  "grantControls": {
    "builtInControls": ["mfa", "compliantDevice"]
  }
}
```
Question 7mediummultiple choice
Full question →

Refer to the exhibit. You are reviewing a Microsoft Defender for Cloud Apps access policy configuration. What does this policy do?

Exhibit

{
  "IsEnabled": true,
  "Urls": ["https://contoso.sharepoint.com/sites/ProjectX"],
  "BlockDownload": true,
  "AccessType": "Block",
  "IPRange": ["192.168.1.0/24"]
}
Question 8hardmultiple choice
Full question →

Refer to the exhibit. A JSON snippet from a Microsoft Purview compliance policy. What is the effect of this policy when applied to a document?

Exhibit

{
  "appliedIntents": ["encrypt", "watermark"],
  "sensitivityLabelId": "S12345",
  "encryption": {
    "encryptedWith": "Microsoft Purview",
    "protectionEnabled": true
  },
  "watermark": {
    "text": "CONFIDENTIAL",
    "visible": true
  }
}
Question 9easymultiple choice
Full question →

Refer to the exhibit. The PowerShell script retrieves compliance tags from Microsoft Purview. What does the script do?

Exhibit

Refer to the exhibit.

$policies = Get-ComplianceTag
foreach ($policy in $policies) {
    if ($policy.RetentionAction -eq "Delete") {
        Write-Host "Policy $($policy.Name) will delete data after $($policy.RetentionDuration) days"
    }
}
Question 10mediummultiple choice
Full question →

Refer to the exhibit. An administrator creates a Conditional Access policy in Microsoft Entra ID. The AppId 00000003-0000-0ff1-ce00-000000000000 corresponds to Microsoft Graph. The policy requires MFA for all users accessing Microsoft Graph. However, users report that they are not prompted for MFA when using Microsoft Teams. What is the most likely reason?

Exhibit

Refer to the exhibit.

```xml
<Policy Id="Contoso-ConditionalAccess">
  <Conditions>
    <Users>
      <Include>
        <AllUsers></AllUsers>
      </Include>
    </Users>
    <Applications>
      <Include>
        <AppId>00000003-0000-0ff1-ce00-000000000000</AppId>
      </Include>
    </Applications>
  </Conditions>
  <GrantControls>
    <RequireMFA>true</RequireMFA>
  </GrantControls>
</Policy>
```
Question 11mediummultiple choice
Full question →

Refer to the exhibit. A compliance admin runs the PowerShell command. What is the purpose of this command?

Exhibit

Security & Compliance PowerShell:
Get-ComplianceTag | Where-Object {$_.RetentionAction -eq "KeepAndDelete" -and $_.RetentionDuration -gt 365}
Question 12hardmultiple choice
Full question →

Refer to the exhibit. A SharePoint admin is reviewing a policy JSON snippet. Which statement accurately describes the effect of this policy?

Exhibit

{
  "policy": {
    "name": "Block External Sharing",
    "type": "SharePoint Online Sharing Policy",
    "sharingCapability": "Disabled",
    "allowExternalSharing": false,
    "externalUserExpirationInDays": 30
  }
}

These MS-900 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style MS-900 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.