MS-900 Describe security, compliance,

privacy and trust in Microsoft

Hi, Mateusz. When you submit this form, the owner will see your name and email address.

1. Your organization plans to deploy Microsoft 365 in a hybrid scenario.

You need to ensure that employees can use a smart card for authentication.

Which hybrid identity solution should you implement? (1 Point)

password hash synchronization with single sign-on

Active Directory Federation Services (AD FS)

PingFederate and federation integration

pass-through authentication and single sign-on

2. You implement Microsoft Azure Information Protection.

For the statement below, select Yes if the statement is true. otherwise, select
No.

Statement: Installing the Azure Information Protection client installs an

information protection bar to Microsoft Excel.

(1 Point)
 Yes

No

3. You need to ensure that the process by which users sign in to Microsoft 365
confirms the identity of the user.

Which feature should you use? (1 Point)

mobile application management (MAM)

Microsoft Defender for Office 365

Multi-Factor Authentication (MFA)

data loss prevention (DLP) policies

4. You are a Microsoft 365 administrator for a company.

You need to ensure that company documents are marked as confidential.

You must prevent employees from sharing documents with people outside
the company.

What are two possible ways to achieve the goal? (1 Point)

Validate outbound emails by using DomainKeys Identified Mail (DKIM)

Create sensitive information types

Configure Secure/Multipurpose Internet Mail Extensions (S/MIME) settings for Out-

look

Create a data-loss prevention policy

Apply sensitivity labels to documents

5. An organization plans to deploy Microsoft 365 in a hybrid scenario.

You need to provide a recommendation based on some common identity and

access management scenarios. The solution must minimize costs.

Scenario: Enable a federation option for authentication in a hybrid

environment. (1 Point)

Active Directory Federation Services (AD FS)

PingFederate and federation integration

Password hash synchronization with single sign-on

Pass-through authentication and single sign-on

6. An organization plans to deploy Microsoft 365 in a hybrid scenario.

You need to provide a recommendation based on some common identity and

access management scenarios. The solution must minimize costs.

Scenario: Allow administrators to reset user passwords in Microsoft Azure

AD. (1 Point)

Pass-through authentication and single sign-on

Active Directory Federation Services (AD FS)

Password hash synchronization with single sign-on

PingFederate and federation integration

7. An organization plans to deploy Microsoft 365 in a hybrid scenario.

You need to provide a recommendation based on some common identity and

access management scenarios. The solution must minimize costs.

Scenario: Support non-federated users who authenticate with on-premises

AD and support multi-factor authentication (1 Point)

Pass-through authentication and single sign-on

Active Directory Federation Services (AD FS)

Password hash synchronization with single sign-on

PingFederate and federation integration

8. You are the Microsoft 365 administrator for a company.

An employee requests personal data under General Data Protection

Regulation (GDPR) guidelines.

You need to retrieve data for the employee.

What should you do?

(1 Point)

Create a data subject request case

Create a retention policy.

Create a data-loss prevention policy.

Create a GDPR assessment.

 9. A company plans to deploy Microsoft Intune.

Which scenario can you implement by using Intune?

For the scenario below, select Yes if scenario can be implemented,

otherwise, select No.

Scenario: Intune app protection policies can protect access to Exchange

Server on-premises mailboxes
(1 Point)

Yes

No

10. A company plans to deploy Microsoft Intune.

Which scenario can you implement by using Intune?

For the scenario below, select Yes if scenario is possible , otherwise, select
No.

Scenario: Intune app protection policies require a mobile-device

management (MDM) solution.
(1 Point)

Yes

No
11. You have a hybrid environment that includes Microsoft Azure AD. On-
premises applications use Active Directory Domain Services (AD DS) for
authentication.

You need to determine which authentication methods to use.

Match feature to its authentication source.

Client Feature: Log on to devices by using Windows Hello. (1 Point)

AD DS only

Azure AD only

AD DS and Azure AD

12. You have a hybrid environment that includes Microsoft Azure AD. On-
premises applications use Active Directory Domain Services (AD DS) for
authentication.

You need to determine which authentication methods to use.

Match feature to its authentication source.

Client Feature: Log on to devices that are managed by Microsoft Intune.

(1 Point)

AD DS only

AD DS and Azure AD

Azure AD only
13. You have a hybrid environment that includes Microsoft Azure AD. On-
premises applications use Active Directory Domain Services (AD DS) for
authentication.

You need to determine which authentication methods to use.

Match feature to its authentication source.

Client Feature: Sign in to Outlook on the web by using multi-factor

authentication. (1 Point)

AD DS only

Azure AD only

AD DS and Azure AD

14. A company has a Microsoft 365 subscription. Employees use personal

devices to access company data in the cloud.

You need to restrict employees from copying data to personal OneDrive

folders.

What should you use? (1 Point)

Information Rights Management

Microsoft Azure Security Center

Office 365 Advanced Threat Protection

Microsoft Endpoint Manager

15. You are the network administrator of a company.

The Microsoft 365 tenant contains sensitive information. Employees must

verify their identities when they sign into Microsoft 365 by providing
information in addition to their Azure AD password.

You need to select the tools that employees can use to verify their identities.

Which two tools should you select? Each correct answer presents a complete
solution. (1 Point)

Customer Lockbox for Office 365

Azure Security Center

Windows Hello for Business

Microsoft Authenticator

16. An organization uses Microsoft 365 Business to secure their data.

Many users install the organization’s data on their personal tablets and
phones.

You need to protect the organization’s data stored on users’ devices.

Which three features support device security? Each correct answer presents
a complete solution. (1 Point)

Remotely wiping company data

Enabling Advanced Threat Protection for users

Disabling the device remotely

Automatically deleting files after 90 days of inactivity

Requiring users to have a PIN on their device

17. A company has a Microsoft 365 E5 subscription. The company plans to use
eDiscovery to meet legal discovery requirements.

For following statements select Yes if the statement is true. Otherwise, select
No.

Statement: You can create eDiscovery cases to preserve data in Exchange

Online mailboxes. (1 Point)

Yes

No

18. A company has a Microsoft 365 E5 subscription. The company plans to use
eDiscovery to meet legal discovery requirements.

For following statements select Yes if the statement is true. Otherwise, select
No.

Statement: You can create one eDiscovery case to preserve data in an

Exchange Server mailbox and a OneDrive for Business site. (1 Point)

Yes

No

19. You are the Microsoft 365 administrator for a company.

You need to ensure that users receive a warning message if they select links
in emails that might be unsafe.

What should you do? (1 Point)

 Use Windows PowerShell to install the latest antimalware engine updates

Enable Microsoft Defender for Office 365

Use the Microsoft Exchange Admin Center to configure a new spam-filter policy

Use the Microsoft Exchange Admin Center to create a new antimalware policy

20. A company deploys Microsoft Azure AD. You enable multi-factor

authentication.

You need to inform users about the multi-factor authentication methods that
they can use.

Which of the following methods is NOT a valid multi-factor authentication

method in Microsoft 365? (1 Point)

Receive an automated call on the desk phone that includes a verification code

Insert a small card in to a desktop computer and provide a PIN code when prompt-
ed

Receive a call on a mobile phone and select the pound sign (#) when prompted

Receive an SMS text message that includes a verification code

21. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Protected emails can be read on any device when using Azure
Information Protection with Exchange Online. (1 Point)

Yes

No
22. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Users can configure custom permissions in the File Explorer

when using Azure Information Protection. (1 Point)

Yes

No

23. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: You can protect information shared with internal and external
users by using Azure Information Protection. (1 Point)

Yes

No

24. You are a Microsoft 365 administrator for a company.

Several users report that they receive emails which have a PDF attachment.
The PDF attachment launches malicious code.

You need to remove the message from inboxes and disable the PDF threat if
an affected document is opened.

Which feature should you implement? (1 Point)

 Microsoft Exchange Admin Center block lists

Sender Policy Framework

Advanced Threat Protection anti-phishing

zero-hour auto purge

DKIM signed messages with mail flow rules

25. You are a Microsoft 365 administrator for a company.

A customer submits a data subject request (DSR) to delete customer

information in compliance with General Data Protection Regulation (GDPR).
You must place legal holds on related data whenever possible.

You need to respond to the request by searching for the customer’s data in
various Microsoft 365 tools.

How should you search for the data?

Microsoft 365 application: Microsoft SharePoint Online (1 Point)

Content Search eDiscovery

In the app
26. You are a Microsoft 365 administrator for a company.

A customer submits a data subject request (DSR) to delete customer

information in compliance with General Data Protection Regulation (GDPR).
You must place legal holds on related data whenever possible.

You need to respond to the request by searching for the customer’s data in
various Microsoft 365 tools.

How should you search for the data?

Microsoft 365 application: Microsoft Access (1 Point)

Content Search eDiscovery

In the app

27. You are a Microsoft 365 administrator for a company.

A customer submits a data subject request (DSR) to delete customer

information in compliance with General Data Protection Regulation (GDPR).
You must place legal holds on related data whenever possible.

You need to respond to the request by searching for the customer’s data in
various Microsoft 365 tools.

How should you search for the data?

Microsoft 365 application: Microsoft Outlook (1 Point)

Content Search eDiscovery

In the app
28. You are a Microsoft 365 administrator for a company.

A customer submits a data subject request (DSR) to delete customer

information in compliance with General Data Protection Regulation (GDPR).
You must place legal holds on related data whenever possible.

You need to respond to the request by searching for the customer’s data in
various Microsoft 365 tools.

How should you search for the data?

Microsoft 365 application: Microsoft PowerApps (1 Point)

Content Search eDiscovery

In the app

29. You are the Microsoft 365 administrator for a company.

All staff must use Microsoft Outlook to access corporate email. When users
access Outlook on mobile devices, they must use a PIN to open the
application.

You need to implement a Microsoft Intune policy to enforce the security

requirements.

Which policy should you use? (1 Point)

device compliance

device configuration

app protection

app configuration
30. You are the Microsoft 365 administrator for a company.

You need to identify available cloud security features.

Match feature to the correct description.

Description: Block users from accessing cloud apps from certain devices.
(1 Point)

Cloud Discovery dashboard

Mcrosoft Azure Information Protection

Microsoft Azure Security Center

Microsoft Azure AD Conditional Access

31. A company deploys Exchange Online and SharePoint Online.

You must audit and assessment reports for the Microsoft 365 cloud services
that the company uses.

You need to provide the required documents.

Which Microsoft site should you use to obtain this information? (1 Point)

Compliance Manager

Service Trust Portal

Office 365 Security and Compliance Center

Azure portal
32. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: You can assign apps to devices that are not enrolled with
Microsoft Intune. (1 Point)

Yes

No

33. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: You can install available apps from the web-based Company
Portal app regardless or whether the device if enrolled with Intune. (1 Point)

Yes

No

34. A company needs to protect documents and emails by automatically applying

classifications and labels. You must minimize costs.

What should the company implement? (1 Point)

Azure Information Protection P1

Azure Information Protection P2

Microsoft 365 E3
35. An organization has a Microsoft 365 subscription. You plan to implement
multi-factor authentication.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: After users are enrolled in multi-factor authentication, they must

configure a second authentication factor the next time they sign in. (1 Point)

Yes

No

36. An organization has a Microsoft 365 subscription. You plan to implement

multi-factor authentication.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Enabling multi-factor authentication requires an additional

subscription purchase. (1 Point)

Yes

No

37. An organization has a Microsoft 365 subscription. You plan to implement

multi-factor authentication.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Complete multi-factor authentication by using text messages, a

smartphone app, or a phone call. (1 Point)
 Yes

No

38. A company has Microsoft 365 and uses Microsoft Endpoint Manager.

You need to identify the endpoint management tool associated with action.

Which tool should you identify for action?

Action: Manage employees personal devices form the cloud.

(1 Point)

Software Center

Configuration Manager

Microsoft Intune

Autopilot

39. A company is planning to use Microsoft 365 Defender.

The company needs to protect Windows 10 client computers from malicious

viruses. The company also needs to identify unauthorized cloud apps that
are used by end users.

You need to identify the Microsoft 365 Defender solutions that meet the
requirements.

Which two solutions should you choose? Each correct answer presents part
of the solution. (1 Point)
 Microsoft Defender for Identity

Microsoft Defender for Endpoint

Microsoft Defender for Office 365

Microsoft Cloud App Security

40. A company has Microsoft 365.

The company needs to secure their environment. They start by identifying

the highest risks to security according to Microsoft.

You need to identify the security changes that are recommended by

Microsoft 365.
Which tool should you choose? (1 Point)

Microsoft Intune

Microsoft Secure Score

Azure Information Protection scanner

Advanced Threat Analytics

Microsoft 365 compliance center

41. An organization plans to deploy Microsoft Intune.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Data protection can be selectively applied to applications.

(1 Point)
 Yes

No

42. An organization plans to deploy Microsoft Intune.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Microsoft Intune can define where corporate data is stored.

(1 Point)

Yes

No

43. An organization plans to deploy Microsoft Intune.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Once a device is registered with Microsoft Intune, device wipe

will include the user`s personal data. (1 Point)

Yes

No

44. A company purchases Microsoft 365 E5.

You need to determine which security features you should implement.

Which feature should you implement for scenario below?

Scenario: Control how a Microsoft support engineer accesses data during a

help session. (1 Point)
 Microsoft Office 365 Secure Score

Microsoft Defender for Office 365

Data Loss Prevention

Customer Lockbox

45. A company purchases Microsoft 365 E5.

You need to determine which security features you should implement.

Which feature should you implement for scenario below?

Scenario: Protect against unknown malware, viruses, and harmful URL`s

(1 Point)

Microsoft Office 365 Secure Score

Microsoft Defender for Office 365

Data Loss Prevention

Customer Lockbox

46. A company purchases Microsoft 365 E5.

You need to determine which security features you should implement.

Which feature should you implement for scenario below?

Scenario: Identify sensitive data and create policies that help prevent users
from accidentally or intentionally sharing the data. (1 Point)
 Microsoft Office 365 Secure Score

Microsoft Defender for Office 365

Data Loss Prevention

Customer Lockbox

47. A company has a Microsoft 365 subscription that includes Office apps.

A user has identified a new issue while working with an app. When the user
attempts to create a support request, the following message displays:

" You don`t have permission to access this page or perform this action."

You need to determine the cause of the error message.

What is the couse? (1 Point)

The user account is disabled.

The user does not have a license assigned for the app.

The user account is not a member of the global admin role.

The company does not have Premier support.

48. Your company purchases Microsoft 365 E3 and Azure AD P2 licenses.

You need to provide identity protection against login attempts by

unauthorized users.

What should you implement? (1 Point)

 Azure AD Identity Protection

Azure AD Privileged Identity Management

Azure Information Protection

Azure Identity and Access Management

49. Your company has a Microsoft 365 subscription.

You need to implement security policies to ensure that sensitive data is

protected.

Which tools should you use?

Scenario: Use the Microsoft Authenticator app to enable multi-factor

authentication. (1 Point)

Compliance Manager

Identity and access management (IAM)

Information right management (IRM)

50. Your company has a Microsoft 365 subscription.

You need to implement security policies to ensure that sensitive data is

protected.

Which tools should you use?

Scenario: Classify documents to restrict permission to content. (1 Point)

 Compliance Manager

Identity and access management (IAM)

Information right management (IRM)

51. Your company has a Microsoft 365 subscription.

You need to implement security policies to ensure that sensitive data is

protected.

Which tools should you use?

Scenario: Use a dashboard for data-protection recommendations. (1 Point)

Identity and access management (IAM)

Compliance Manager

Information right management (IRM)

52. Your company has a Microsoft 365 subscription.

You need to implement security policies to ensure that sensitive data is

protected.

Which tools should you use?

Scenario: Provide auditors and regulators with reports on data-protection

status. (1 Point)

Identity and access management (IAM)

Compliance Manager

Information right management (IRM)

53. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Multi-factor authentication (MFA) supports single sign-on by

allowing a user to access Microsoft 365 services using only a username and
password. (1 Point)

Yes

No

54. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: MFA-enabled accounts can be compromised with only a stolen

user name and password. (1 Point)

Yes

No

55. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: MFA protects against brute-force attacks. (1 Point)

Yes

No
56. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: You can use sensitivity labels to control read and write access.
(1 Point)

Yes

No

57. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: You can use sensitivity labels to control read and write access to
a Word document as well as permission level to modify the contents.
(1 Point)

Yes

No

58. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Sensitivity labels can apply watermarks within a Word document

to indicate that the document is for internal company use only. (1 Point)

Yes

No
59. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Microsoft Intune allows companies to manage users personal

devices that have been enrolled in Azure AD. (1 Point)

Yes

No

60. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Microsoft Intune allows companies to manage organization-

owned phones. (1 Point)

Yes

No

61. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Microsoft Intune can use Conditional Access policies. (1 Point)

Yes

No
62. A company deploys Microsoft Azure AD. You enable multi-factor
authentication.

You need to inform users about the multi-factor authentication methods that
they can use.

Which of the following methods is NOT a valid multi-factor authentication

method in Microsoft 365? (1 Point)

Receive an automated call on the desk phone that includes a verification code.

Use the Microsoft Authenticator mobile application to receive a notification and au-
thenticate.

Receive a call on a phone.

Enter a Windows 10 PIN code when prompted.

63. You are a Microsoft 365 administrator for a company. The company
implements federated authentication.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Users have the same passwords in the cloud and on-premises.
(1 Point)

Yes

No
64. You are a Microsoft 365 administrator for a company. The company
implements federated authentication.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Users sign in again to access Microsoft 365. (1 Point)

Yes

No

65. You are a Microsoft 365 administrator for a company. The company
implements federated authentication.

For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: You can configure federated authentication to require a smart

card. (1 Point)

Yes

No

66. A company plans to migrate to a hybrid cloud infrastructure.

You need to determine where to manage the environment after the

migration is complete.

Match option to the location where it will be managed.

Option: Configure multi-factor authentication for cloud services. (1 Point)

 Microsoft 365 only

on-premises only

both Microsoft 365 and on-premises

67. A company plans to migrate to a hybrid cloud infrastructure.

You need to determine where to manage the environment after the

migration is complete.

Match option to the location where it will be managed.

Option: Configure email disclaimers. (1 Point)

Microsoft 365 only

on-premises only

both Microsoft 365 and on-premises

68. A company plans to migrate to a hybrid cloud infrastructure.

You need to determine where to manage the environment after the

migration is complete.

Match option to the location where it will be managed.

Option: Configure compliance. (1 Point)

Microsoft 365 only

on-premises only

both Microsoft 365 and on-premises

69. A company plans to migrate to a hybrid cloud infrastructure.

You need to determine where to manage the environment after the

migration is complete.

Match option to the location where it will be managed.

Option: Set frequency of Microsoft Office 365 updates. (1 Point)

Microsoft 365 only

on-premises only

both Microsoft 365 and on-premises

70. A company deploys Microsoft 365.

The company needs to deploy a solution that meets the following

requirements:

allows access to Microsoft 365 only from corporate networks

allows access to Microsoft 365 only from corporate-owned devices
requires additional verification during authentication

You need to identify a solution that meets the requirements.

What should you select? (1 Point)

Multi-factor authentication

Conditional Access

Azure Active Directory hybrid identity

Self-service password reset

71. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Microsoft Defender for Endpoint detects advanced attacks and

automates investigation and remediation of security incidents. (1 Point)

Yes

No

72. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Microsoft Defender for Office 365 helps protect against malicious
attachments and links that are sent through email. (1 Point)

Yes

No

73. For the following statement, select Yes if the statement is true. Otherwise,
select No.

Statement: Microsoft Cloud App Security provides client virtual private

network (VPN) access to Office 365 services. (1 Point)

Yes

No
74. You manage a local Active Directory Domain Services environment. Your
company purchases an
Enterprise E1 license for all users.

You need to implement self-service password reset. You want to achieve this
goal while minimizing costs.

Which two actions should you perform? Each correct answer presents part of
the solution. (1 Point)

Upgrade your subscription to Azure AD Premium P2.

Deploy Azure AD Connect.

Deploy Azure Information Protection.

Upgrade your subscription to Azure AD Premium P1

This content is created by the owner of the form. The data you submit will be sent to the form owner. Microsoft
is not responsible for the privacy or security practices of its customers, including those of this form owner. Never
give out your password.
Microsoft Forms | AI-Powered surveys, quizzes and polls Create my own form
Privacy and cookies | Terms of use