- A
Require multi-factor authentication (MFA) for app users.
Why wrong: MFA secures access, not data at rest.
- B
Enable audit logging in the Power Platform admin center.
Why wrong: Audit logs track activities, not encrypt data.
- C
Enable Customer Managed Key (CMK) for the Power Platform environment.
CMK encrypts data at rest with a key the organization controls.
- D
Create a Data Loss Prevention (DLP) policy to restrict connectors.
Why wrong: DLP policies control data movement, not encryption.
Quick Answer
The answer is to enable Customer Managed Key (CMK) for the Power Platform environment. This is correct because CMK gives the healthcare organization sole control over the encryption key that protects patient data at rest, ensuring that even Microsoft cannot decrypt the data without the organization’s permission—a non-negotiable requirement for HIPAA compliance regarding data-at-rest encryption. On the PL-900 exam, this scenario tests your understanding of data security and compliance features within Power Platform administration, often appearing as a distractor against simpler options like “Enable Data Loss Prevention policies” or “Use Azure Active Directory.” A common trap is confusing CMK with standard Microsoft-managed encryption, which does not satisfy HIPAA’s need for customer-controlled keys. Memory tip: think “CMK = Customer Must Keep the key” to remember that you, not Microsoft, hold the encryption authority for protected health information.
PL-900 Practice Question: Describe the business value of Microsoft Power Platform
This PL-900 practice question tests your understanding of describe the business value of microsoft power platform. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A healthcare organization is deploying Power Apps for patient intake. They must ensure that the app complies with HIPAA regulations. Which feature should they use to protect patient data at rest?
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Enable Customer Managed Key (CMK) for the Power Platform environment.
Customer Managed Key (CMK) allows the healthcare organization to control the encryption key used to protect data at rest in their Power Platform environment. This ensures that even Microsoft cannot access the underlying data without the organization's key, which is a critical requirement for HIPAA compliance regarding data encryption at rest.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✗
Require multi-factor authentication (MFA) for app users.
- ✗
Enable audit logging in the Power Platform admin center.
Why it's wrong here
Audit logs track activities, not encrypt data.
- ✓
Enable Customer Managed Key (CMK) for the Power Platform environment.
Why this is correct
CMK encrypts data at rest with a key the organization controls.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Create a Data Loss Prevention (DLP) policy to restrict connectors.
Why it's wrong here
DLP policies control data movement, not encryption.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates confuse data protection features (like MFA, audit logging, or DLP policies) with encryption at rest, assuming any security feature satisfies HIPAA's data-at-rest requirement, but only CMK provides the necessary customer-controlled encryption for stored data.
Detailed technical explanation
How to think about this question
CMK uses Azure Key Vault to store the encryption key, which is used by the Power Platform service to encrypt the underlying database (Dataverse) at rest. When CMK is enabled, the service uses the customer-provided key for envelope encryption, ensuring that the data is encrypted with a key that only the customer manages and can revoke at any time. This is distinct from Microsoft-managed keys, which are the default and do not meet certain compliance requirements like HIPAA's encryption at rest mandate.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A company's IT admin needs to give a contractor read-only access to production logs without sharing account credentials. Using role-based access control (RBAC) and temporary scoped permissions — not a permanent shared password — is the correct pattern. Questions like this test whether you can apply least-privilege access across cloud identity services.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Describe the business value of Microsoft Power Platform — study guide chapter
Learn the concepts, then practise the questions
- →
Describe the business value of Microsoft Power Platform practice questions
Targeted practice on this topic area only
- →
All PL-900 questions
976 questions across all exam domains
- →
Microsoft Power Platform Fundamentals PL-900 study guide
Full concept coverage aligned to exam objectives
- →
PL-900 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related PL-900 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Identify foundational components of Power Platform practice questions
Practise PL-900 questions linked to Identify foundational components of Power Platform.
Demonstrate capabilities of Power BI practice questions
Practise PL-900 questions linked to Demonstrate capabilities of Power BI.
Describe complementary Microsoft Power Platform solutions practice questions
Practise PL-900 questions linked to Describe complementary Microsoft Power Platform solutions.
Demonstrate the capabilities of Power Automate practice questions
Practise PL-900 questions linked to Demonstrate the capabilities of Power Automate.
Describe the business value of Microsoft Power Platform practice questions
Practise PL-900 questions linked to Describe the business value of Microsoft Power Platform.
Manage the Microsoft Power Platform environment practice questions
Practise PL-900 questions linked to Manage the Microsoft Power Platform environment.
Identify foundational components of Microsoft Power Platform practice questions
Practise PL-900 questions linked to Identify foundational components of Microsoft Power Platform.
Demonstrate the capabilities of Power BI practice questions
Practise PL-900 questions linked to Demonstrate the capabilities of Power BI.
Demonstrate the capabilities of Power Apps practice questions
Practise PL-900 questions linked to Demonstrate the capabilities of Power Apps.
Demonstrate the capabilities of Microsoft Copilot Studio practice questions
Practise PL-900 questions linked to Demonstrate the capabilities of Microsoft Copilot Studio.
Demonstrate the capabilities of Power Pages practice questions
Practise PL-900 questions linked to Demonstrate the capabilities of Power Pages.
PL-900 fundamentals practice questions
Practise PL-900 questions linked to PL-900 fundamentals.
Practice this exam
Start a free PL-900 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this PL-900 question test?
Describe the business value of Microsoft Power Platform — This question tests Describe the business value of Microsoft Power Platform — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Enable Customer Managed Key (CMK) for the Power Platform environment. — Customer Managed Key (CMK) allows the healthcare organization to control the encryption key used to protect data at rest in their Power Platform environment. This ensures that even Microsoft cannot access the underlying data without the organization's key, which is a critical requirement for HIPAA compliance regarding data encryption at rest.
What should I do if I get this PL-900 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Jun 24, 2026
This PL-900 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PL-900 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.