CCNA Manage Secure Powerbi Questions

14 of 164 questions · Page 3/3 · Manage Secure Powerbi topic · Answers revealed

151
MCQmedium

You are a Power BI administrator. A user reports that a shared dashboard shows 'Sensitive data detected' for certain visualizations, but the dashboard is configured with row-level security (RLS). What is the most likely cause of this issue?

A.The dashboard owner has not granted the user 'Build' permission on the dataset.
B.RLS is incorrectly configured and allowing users to see data they should not.
C.A Microsoft Purview sensitivity label is applied to the dataset or report.
D.The user is viewing the dashboard in a browser that does not support sensitivity labels.
AnswerC

Sensitivity labels can cause 'Sensitive data detected' messages regardless of RLS.

Why this answer

Option B is correct because Microsoft Purview Information Protection sensitivity labels take precedence over RLS; a label applied to a dataset or report can flag data as sensitive regardless of RLS. Option A is wrong because RLS does not block sensitivity labels from being applied. Option C is wrong because the dashboard owner's permissions do not affect label detection.

Option D is wrong because the Power BI service does not strip sensitivity labels for external users unless explicitly configured.

152
MCQmedium

Refer to the exhibit. A Power BI dataset uses a service principal to connect to an Azure SQL Database. The dataset fails to refresh with an authentication error. What is the most likely cause?

A.The database name is incorrect.
B.The service principal ID is invalid.
C.The service principal credentials are not configured in the data gateway.
D.The server name is incorrect.
AnswerC

The exhibit only shows the service principal ID; the secret must be stored in the gateway.

Why this answer

Option C is correct because the service principal (client secret or certificate) must be stored in the gateway cluster credentials. Option A is wrong because the database name is correct. Option B is wrong because server name is correct.

Option D is wrong because service principal has an ID, but the password/secret is missing from the exhibit; the credentials need to be configured in the gateway.

153
Multi-Selecteasy

Which TWO are valid Power BI workspace roles?

Select 2 answers
A.Viewer
B.Admin
C.Owner
D.Reader
E.Editor
AnswersA, B

Correct. Viewer is a workspace role.

Why this answer

Options A and D are correct. Admin and Viewer are standard workspace roles. Option B is wrong because 'Editor' is not a Power BI workspace role; the equivalent is 'Contributor' or 'Member'.

Option C is wrong because 'Owner' is the same as Admin. Option E is wrong because 'Reader' is not a role; 'Viewer' is the correct term.

154
MCQmedium

You need to ensure that a Power BI report published to the service can be embedded in a secure internal SharePoint Online page. Only authenticated users from your Microsoft Entra ID tenant should be able to view the report. What should you do?

A.Use the 'Embed in SharePoint Online' option in Power BI service.
B.Share the report directly with all users and provide a direct link.
C.Use the 'Publish to web (public)' option and embed the iframe in SharePoint.
D.Use the 'Embed' option in Power BI service to generate a secure embed code, then add the Power BI web part in SharePoint.
AnswerD

Secure embedding with permissions respected.

Why this answer

Embedding a report securely requires using the 'embed' option with a secure embed code that respects user permissions, and then adding the report to SharePoint via the Power BI web part. Option C is correct. Option A is wrong because Publish to web is public.

Option B is wrong because sharing with specific users without embedding is not embedding. Option D is wrong because allowing all authenticated users is too broad.

155
MCQmedium

You have a Power BI report that uses a dataset with row-level security (RLS) roles. You need to verify that a specific user sees only the data they are supposed to see. What is the most efficient way to test this?

A.Run a DAX query in DAX Studio as the user.
B.Use the 'View as' feature in the Power BI service or Desktop.
C.Check the dataset settings in the workspace.
D.Share the report with the user and ask them to verify.
AnswerB

'View as' allows impersonation of roles or users.

Why this answer

Option B is correct because 'View as' allows you to impersonate a user and see exactly what they see. Option A is incorrect because manually checking the dataset is not efficient. Option C is incorrect because you cannot verify in the dataset settings.

Option D is incorrect because checking the report after sharing is less efficient.

156
MCQmedium

You manage a Power BI environment where users frequently share reports by sending the URL from the browser. However, external recipients often receive an error saying they cannot access the report. What is the most likely reason?

A.The 'Share content with external users' setting is disabled in the tenant.
B.External users do not have a Power BI Pro license.
C.External users are not part of the same Microsoft Entra tenant.
D.The report is not published to the Power BI service.
AnswerA

This admin setting must be enabled for external sharing to work.

Why this answer

Option D is correct. By default, sharing with external users requires the 'Share with external users' setting to be enabled in the Power BI admin portal. Option A is wrong because external users do not need a Power BI Pro license if the report is shared to them; they can view it if the setting is enabled.

Option B is wrong because external users can access the report even if they are not in the same tenant. Option C is wrong because the report is already published to the service.

157
Multi-Selecteasy

Which TWO of the following are required to configure a Power BI deployment pipeline?

Select 2 answers
A.The user must be a workspace admin.
B.Power BI Desktop installed on the admin's machine.
C.A Premium workspace (Premium per user or Premium capacity).
D.A Power BI Pro license for all users.
E.Users must have 'Build' permission on the dataset.
AnswersA, C

Only workspace admins can create and manage pipelines.

Why this answer

Options A and C are correct. A Premium workspace is required because deployment pipelines are a Premium feature. The user must have admin privileges on the workspace to create and manage pipelines.

Option B is wrong because a Pro license is not required; a Premium per user or capacity license is needed. Option D is wrong because Power BI Desktop is not required; pipelines are managed in the service. Option E is wrong because pipelines can be used with Pro users if the workspace is Premium.

158
MCQmedium

You manage a Power BI environment where users create reports using data from Azure SQL Database. You need to enforce that all data sources use Single Sign-On (SSO) with Microsoft Entra ID. What should you do?

A.In the Power BI admin portal, block authentication methods other than OAuth2.
B.Configure the dataset to use SSO in the Power BI service.
C.Enable the 'Allow data sources to use SSO' tenant setting.
D.Create a security group for SSO-enabled data sources and assign it to the workspace.
AnswerA

Blocking non-OAuth methods forces SSO.

Why this answer

Option D is correct because you can block other authentication methods via tenant settings in the Power BI admin portal. Option A is incorrect because SSO is configured per data source, not globally in a security group. Option B is incorrect because the 'Allow data sources to use SSO' setting enables SSO but does not block other methods.

Option C is incorrect because you cannot block authentication methods in the dataset itself.

159
MCQeasy

You need to audit Power BI activity for compliance. Which tool should you use to access detailed logs of user actions?

A.Microsoft Defender XDR
B.Microsoft Purview compliance portal (Audit)
C.Microsoft Purview Data Map
D.Power BI Premium capacity metrics app
AnswerB

Audit logs capture user activities.

Why this answer

Option A is correct because Microsoft Purview provides unified audit logs. Option B is wrong because it's for data mapping. Option C is wrong because it's for threat detection.

Option D is wrong because it's for capacity management.

160
MCQhard

You are the Power BI administrator for Contoso Ltd. The company has a Premium capacity workspace named 'Sales Analytics' that contains a dataset named 'SalesData' and several reports. The dataset uses DirectQuery to an Azure SQL Database. Row-level security (RLS) is configured in Power BI Desktop with roles: 'SalesManager' (filters to SalesManager rows), 'SalesRep' (filters to SalesRep rows). After publishing, you assign users to the roles in the Power BI service. However, when a user assigned to the 'SalesRep' role opens a report, they see all data instead of only their own rows. You have verified that the RLS role definition is correct and that the user is the only member of the 'SalesRep' role. The user has no other workspace permissions. The dataset is set to use single sign-on (SSO) for the DirectQuery connection. What is the most likely cause of the issue?

A.Configure RLS in the Azure SQL Database itself using security predicates or views that filter based on the user's identity (e.g., USER_NAME() or SUSER_SNAME()).
B.Add the user to multiple RLS roles to ensure the filters are applied.
C.Change the dataset storage mode from DirectQuery to Import.
D.Remove the user from the 'SalesRep' role and add them as a Viewer on the workspace to force RLS.
AnswerA

With SSO, the source must enforce RLS; Power BI RLS is ignored.

Why this answer

Option A is correct because when using DirectQuery with SSO, the user's identity is passed to the data source. If the Azure SQL Database does not enforce RLS (e.g., via security predicates or user mappings), all data is returned. Power BI RLS is bypassed in this scenario.

Option B is wrong because the user is not a workspace member with edit permissions. Option C is wrong because the user is the only member. Option D is wrong because RLS in Power BI works with DirectQuery, but SSO changes the behavior.

161
MCQmedium

Your organization is implementing a data sensitivity labeling strategy for Power BI. You have created labels in Microsoft Purview Compliance Portal. After publishing a report, you notice that some labels are not available for selection in Power BI. What is the most likely cause?

A.The labels were created in the wrong workspace.
B.The Power BI tenant does not have Premium capacity.
C.The labels are not included in a label policy that applies to Power BI.
D.Users do not have Power BI Pro licenses.
AnswerC

Correct. Labels must be published in a policy that includes Power BI.

Why this answer

Option D is correct because sensitivity labels must be published in a label policy that includes Power BI as a target. Option A is wrong because label creation does not require Premium. Option B is wrong because labels are configured centrally, not per workspace.

Option C is wrong because user licenses affect consumption, not label availability.

162
MCQmedium

You are a Power BI administrator for a large enterprise. The company has a Premium capacity (P3) that hosts over 200 datasets and 500 reports. Recently, users have reported that some reports take a long time to load, and the capacity metrics show high CPU usage during business hours. You need to optimize the capacity performance without adding additional capacity. The business requires that all reports remain available during business hours (9 AM to 5 PM). You have the following options: A. Enable 'Autoscale' on the Premium capacity to automatically add additional v-cores during peak times. B. Implement a 'Query caching' policy for frequently used datasets. C. Move all datasets to shared capacity to reduce Premium load. D. Schedule dataset refreshes to occur only during business hours. Which option should you choose?

A.Move all datasets to shared capacity to reduce Premium load.
B.Schedule dataset refreshes to occur only during business hours.
C.Enable 'Autoscale' on the Premium capacity to automatically add additional v-cores during peak times.
D.Implement a 'Query caching' policy for frequently used datasets.
AnswerD

Query caching reduces CPU usage and improves report load times.

Why this answer

Option B is correct. Query caching can improve report load times by caching query results for frequently used datasets, reducing CPU usage. Option A is wrong because Autoscale adds capacity but increases cost; the requirement is to optimize without adding capacity.

Option C is wrong because shared capacity has lower performance limits and may not support the workload. Option D is wrong because scheduling refreshes during business hours would increase CPU usage during peak times.

163
MCQhard

Your organization uses Microsoft Purview to catalog Power BI assets. You need to ensure that sensitivity labels applied to Power BI datasets are automatically synced to Microsoft Purview. What must you configure?

A.Create a sensitivity label policy in Microsoft Purview and publish it to Power BI.
B.Enable the 'Allow data discovery and classification' tenant setting and set up a Purview catalog scan.
C.Create a Microsoft Purview catalog and manually add Power BI assets.
D.Enable 'Automatically apply sensitivity labels' in the Power BI admin portal.
AnswerB

This enables the bidirectional sync.

Why this answer

Option C is correct because the integration between Power BI and Microsoft Purview requires enabling the 'Allow data discovery and classification' tenant setting and configuring the Purview catalog to scan Power BI. Option A is incorrect because labels are not synced via the Power BI admin portal alone. Option B is incorrect because sensitivity label policies in Purview do not automatically sync to Power BI.

Option D is incorrect because catalog creation does not sync labels.

164
MCQhard

Refer to the exhibit. You are configuring a Microsoft Purview Data Loss Prevention (DLP) policy for Power BI. The policy rule shown is intended to block downloads from datasets that have the 'Confidential' sensitivity label and are sourced from SharePoint or SQL Server. However, users are still able to download data from these datasets. What is the most likely reason?

A.The target should be 'reports' instead of 'datasets'.
B.The action 'blockDownload' is not a valid action; the correct action should be 'Block' or 'BlockDownload' might require additional configuration.
C.The condition uses 'dataSource' which is not a valid property in Power BI DLP policies.
D.The policy rule is missing the 'and' operator between the two conditions.
AnswerB

The action must be properly defined; 'blockDownload' may not be recognized.

Why this answer

Option B is correct because in the Power BI DLP policy, you must specify the action as 'Block' for download to be prevented. The exhibit shows 'blockDownload', but the correct action syntax is likely 'Block' (or the policy is not fully configured). Option A is wrong because the condition uses 'dataSource' which is valid.

Option C is wrong because the exhibit shows a single condition with both label and source. Option D is wrong because the target is datasets.

← PreviousPage 3 of 3 · 164 questions total

Ready to test yourself?

Try a timed practice session using only Manage Secure Powerbi questions.