MS-900 · topic practice

Describe security, compliance, privacy, and trust in Microsoft 365 practice questions

Use this page to practise Describe security, compliance, privacy, and trust in Microsoft 365 questions for this certification. Focus on how the exam tests describe security, compliance, privacy, and trust in microsoft 365 in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Describe security, compliance, privacy, and trust in Microsoft 365

What the exam tests

What to know about Describe security, compliance, privacy, and trust in Microsoft 365

Describe security, compliance, privacy, and trust in Microsoft 365 questions on this certification test your ability to deploy and manage describe security, compliance, privacy, and trust in microsoft 365 concepts in scenario-based situations.

Core Describe security, compliance, privacy, and trust in Microsoft 365 concepts and how they apply in real-world cloud scenarios.

How to deploy describe security, compliance, privacy, and trust in microsoft 365 correctly and verify the outcome.

Troubleshooting describe security, compliance, privacy, and trust in microsoft 365 issues by interpreting error output and system state.

Cloud best practices and Describe security, compliance, privacy, and trust in Microsoft 365 design trade-offs tested by this certification.

Watch out for

Common Describe security, compliance, privacy, and trust in Microsoft 365 exam traps

  • Selecting the most expensive service when a simpler managed option meets the requirement.
  • Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • Choosing a global service fix when the issue is region-specific.
  • Overlooking cost implications of cross-region data transfer in architecture questions.

Practice set

Describe security, compliance, privacy, and trust in Microsoft 365 questions

20 questions · select your answer, then reveal the explanation

An organization is concerned about data leakage from sensitive emails. They want to enforce encryption on emails containing financial information automatically. Which Microsoft 365 solution should they configure?

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

A financial services company must prevent users from accidentally sharing sensitive customer data externally. They want to block sharing of any document containing a credit card number via email or SharePoint. What combination of Microsoft 365 compliance solutions should they use?

A company needs to ensure that all email and document content is preserved for legal purposes, even if users permanently delete items. This requirement demands that content be kept indefinitely until the legal hold is released. Which Microsoft 365 feature should they enable?

Question 4hardmulti select
Read the full NAT/PAT explanation →

A healthcare organization must protect patient health information (PHI) from being accidentally shared externally via email. They need to automatically block emails containing medical record numbers from being sent outside the organization and also encrypt any email that does contain PHI when it is allowed. Which two Microsoft Purview solutions should they combine? (Choose two.)

Question 5easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization stores patient records in SharePoint Online. They need to ensure that the data is encrypted at rest and in transit. Which statement is true regarding Microsoft 365 encryption?

A company uses Microsoft Purview to monitor for potential data security incidents. They want to automatically detect and remediate activities like downloading large amounts of data to a personal device. Which solution should they configure?

A company wants to ensure that only IT administrators can install browser extensions in Microsoft Edge. Which Microsoft 365 security feature should be used?

Question 8mediummultiple choice
Read the full NAT/PAT explanation →

An administrator needs to monitor and investigate potential data breaches by reviewing detailed records of file access and sharing activities across Microsoft 365. They require a centralized report showing who accessed what, from where, and any unusual patterns. Which tool should they use?

A compliance officer wants to ensure that all data in Microsoft 365 is encrypted using a key that the organization manages and stores in their own Azure Key Vault. Microsoft will not have access to the key. Which solution should they implement?

A security administrator needs to ensure that all users accessing Microsoft 365 resources from unmanaged devices are prompted to sign in using multi-factor authentication (MFA) and are blocked from downloading sensitive files. Which conditional access policy should be configured?

A security administrator needs to ensure that all guest users who access Microsoft Teams are required to accept a terms of use agreement before accessing any company resources. Which Microsoft 365 identity protection feature should they configure?

A company wants to ensure that all administrative actions in Microsoft 365 are logged and that any changes to roles and permissions are reviewed on a monthly basis. Which Microsoft Purview solution should the compliance team use?

A security administrator needs to audit all activities related to a specific user in Exchange Online, SharePoint Online, and Microsoft Entra ID for the past 90 days. They also need to export the audit log as a CSV file. Which Microsoft Purview solution provides this capability without additional licensing beyond Microsoft 365 E3?

Question 14hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation must ensure that all Microsoft 365 admin actions—such as adding a new user or changing a role—are recorded and searchable for at least 90 days. They also need to create custom alert rules to notify the security team when critical events occur, like disabling multi-factor authentication. Which Microsoft Purview solution should they use to meet both requirements?

A company uses Microsoft 365 (a SaaS offering). A security incident occurs where an employee's account is compromised because the employee reused their corporate password on a personal website. According to the shared responsibility model, who is primarily responsible for this security failure?

A security analyst receives an alert about a user who downloaded a large number of files from a SharePoint document library in a short period. The analyst needs to investigate the user's activities across Exchange, SharePoint, and Teams to determine if data exfiltration is occurring. Which Microsoft Purview solution should the analyst use to review detailed activity logs?

A security team needs to ensure that all Microsoft 365 administrative actions—such as creating user accounts or resetting passwords—are logged and searchable for at least 90 days. They also need to create custom alert rules for suspicious admin activity. Which Microsoft Purview solution should they use?

Question 18easymultiple choice
Read the full NAT/PAT explanation →

A security administrator needs to review all sign-in attempts and identify suspicious login patterns for the past 30 days. Which Microsoft 365 portal should they use to access this information?

A security team needs to monitor all administrative activities in Microsoft 365, including creating users, resetting passwords, and modifying policies. They require that logs be retained for at least 90 days and want to create custom alerts for suspicious admin actions (e.g., multiple password resets in a short time). Which Microsoft Purview solution should they use?

A legal firm needs to send a confidential document to a client via email. The firm requires that the client cannot forward or print the email and that the email expires after seven days. Which Microsoft Purview solution should they use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Describe security, compliance, privacy, and trust in Microsoft 365 sessions

Start a Describe security, compliance, privacy, and trust in Microsoft 365 only practice session

Every question in these sessions is drawn from the Describe security, compliance, privacy, and trust in Microsoft 365 domain — nothing else.

Related practice questions

Related MS-900 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the MS-900 exam test about Describe security, compliance, privacy, and trust in Microsoft 365?
Describe security, compliance, privacy, and trust in Microsoft 365 questions on this certification test your ability to deploy and manage describe security, compliance, privacy, and trust in microsoft 365 concepts in scenario-based situations.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Describe security, compliance, privacy, and trust in Microsoft 365 questions in a focused session?
Yes — the session launcher on this page draws every question from the Describe security, compliance, privacy, and trust in Microsoft 365 domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other MS-900 topics?
Use the topic links above to move to related areas, or go back to the MS-900 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the MS-900 exam covers. They are not copied from any real exam or dump site.