Question 106 of 976

Quick Answer

The answer is to enable Customer Managed Key (CMK) for the Power Platform environment. This is correct because CMK gives the healthcare organization sole control over the encryption key that protects patient data at rest, ensuring that even Microsoft cannot decrypt the data without the organization’s permission—a non-negotiable requirement for HIPAA compliance regarding data-at-rest encryption. On the PL-900 exam, this scenario tests your understanding of data security and compliance features within Power Platform administration, often appearing as a distractor against simpler options like “Enable Data Loss Prevention policies” or “Use Azure Active Directory.” A common trap is confusing CMK with standard Microsoft-managed encryption, which does not satisfy HIPAA’s need for customer-controlled keys. Memory tip: think “CMK = Customer Must Keep the key” to remember that you, not Microsoft, hold the encryption authority for protected health information.

PL-900 Practice Question: Describe the business value of Microsoft Power Platform

This PL-900 practice question tests your understanding of describe the business value of microsoft power platform. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A healthcare organization is deploying Power Apps for patient intake. They must ensure that the app complies with HIPAA regulations. Which feature should they use to protect patient data at rest?

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Enable Customer Managed Key (CMK) for the Power Platform environment.

Customer Managed Key (CMK) allows the healthcare organization to control the encryption key used to protect data at rest in their Power Platform environment. This ensures that even Microsoft cannot access the underlying data without the organization's key, which is a critical requirement for HIPAA compliance regarding data encryption at rest.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Require multi-factor authentication (MFA) for app users.

    Why it's wrong here

    MFA secures access, not data at rest.

  • Enable audit logging in the Power Platform admin center.

    Why it's wrong here

    Audit logs track activities, not encrypt data.

  • Enable Customer Managed Key (CMK) for the Power Platform environment.

    Why this is correct

    CMK encrypts data at rest with a key the organization controls.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Create a Data Loss Prevention (DLP) policy to restrict connectors.

    Why it's wrong here

    DLP policies control data movement, not encryption.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates confuse data protection features (like MFA, audit logging, or DLP policies) with encryption at rest, assuming any security feature satisfies HIPAA's data-at-rest requirement, but only CMK provides the necessary customer-controlled encryption for stored data.

Detailed technical explanation

How to think about this question

CMK uses Azure Key Vault to store the encryption key, which is used by the Power Platform service to encrypt the underlying database (Dataverse) at rest. When CMK is enabled, the service uses the customer-provided key for envelope encryption, ensuring that the data is encrypted with a key that only the customer manages and can revoke at any time. This is distinct from Microsoft-managed keys, which are the default and do not meet certain compliance requirements like HIPAA's encryption at rest mandate.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A company's IT admin needs to give a contractor read-only access to production logs without sharing account credentials. Using role-based access control (RBAC) and temporary scoped permissions — not a permanent shared password — is the correct pattern. Questions like this test whether you can apply least-privilege access across cloud identity services.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related PL-900 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Identify foundational components of Power Platform practice questions

Practise PL-900 questions linked to Identify foundational components of Power Platform.

Demonstrate capabilities of Power BI practice questions

Practise PL-900 questions linked to Demonstrate capabilities of Power BI.

Describe complementary Microsoft Power Platform solutions practice questions

Practise PL-900 questions linked to Describe complementary Microsoft Power Platform solutions.

Demonstrate the capabilities of Power Automate practice questions

Practise PL-900 questions linked to Demonstrate the capabilities of Power Automate.

Describe the business value of Microsoft Power Platform practice questions

Practise PL-900 questions linked to Describe the business value of Microsoft Power Platform.

Manage the Microsoft Power Platform environment practice questions

Practise PL-900 questions linked to Manage the Microsoft Power Platform environment.

Identify foundational components of Microsoft Power Platform practice questions

Practise PL-900 questions linked to Identify foundational components of Microsoft Power Platform.

Demonstrate the capabilities of Power BI practice questions

Practise PL-900 questions linked to Demonstrate the capabilities of Power BI.

Demonstrate the capabilities of Power Apps practice questions

Practise PL-900 questions linked to Demonstrate the capabilities of Power Apps.

Demonstrate the capabilities of Microsoft Copilot Studio practice questions

Practise PL-900 questions linked to Demonstrate the capabilities of Microsoft Copilot Studio.

Demonstrate the capabilities of Power Pages practice questions

Practise PL-900 questions linked to Demonstrate the capabilities of Power Pages.

PL-900 fundamentals practice questions

Practise PL-900 questions linked to PL-900 fundamentals.

Practice this exam

Start a free PL-900 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this PL-900 question test?

Describe the business value of Microsoft Power Platform — This question tests Describe the business value of Microsoft Power Platform — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Enable Customer Managed Key (CMK) for the Power Platform environment. — Customer Managed Key (CMK) allows the healthcare organization to control the encryption key used to protect data at rest in their Power Platform environment. This ensures that even Microsoft cannot access the underlying data without the organization's key, which is a critical requirement for HIPAA compliance regarding data encryption at rest.

What should I do if I get this PL-900 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 24, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This PL-900 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PL-900 exam.