MS-900: Microsoft 365 Fundamentals Part 3
Question #: 166
Topic #: 1
A company is evaluating Microsoft 365 Apps.
The company needs to track all travel reservations and itineraries for its team members by project in a single file. Each project must have its own tab.
You need to recommend the correct solution for the company.
Which solution should you recommend?
A. Microsoft Access
B. Microsoft OneNote
C. Microsoft Word
D. Microsoft OneDrive
E. Microsoft Publisher
Selected Answer: B
Question #: 169
Topic #: 1
A company is evaluating Microsoft 365.
You need to describe the features of Microsoft Bookings.
What are two features of Microsoft Bookings? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Uses Microsoft Teams for virtual meetings.
B. Provides SMS notification for appointments.
C. Uses Yammer for virtual meetings.
D. Provides phone call notification for appointments.
Selected Answer: AB
Question #: 175
Topic #: 1
A company is evaluating Microsoft 365 services.
You need to determine which payment options are supported with a billing profile.
Which three options are supported? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. money order
B. debit card
C. check
D. cash
E. credit card
Selected Answer: A
Question #: 179
Topic #: 1
A company is evaluating Microsoft 365.
You need to identify the features of Microsoft Stream.
What are three features of Microsoft Stream? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Video files are stored in SharePoint Online.
B. Video files are stored in Yammer.
C. Video files are stored in Exchange Online.
D. Video files can be accessed from Microsoft Teams.
E. Video files can be accessed from Yammer.
Selected Answer: ADE
Question #: 180
Topic #: 1
A company uses Microsoft 365 to track progress and issues for construction projects.
Project tasks must be tracked within a Microsoft-maintained unified interface that can be shared and updated across multiple users.
You need to recommend a solution for the company.
What should you recommend?
A. Microsoft Outlook
B. Microsoft Planner
C. Microsoft Stream
D. Microsoft To Do
Selected Answer: B
Question #: 181
Topic #: 1
A company is evaluating Microsoft’s virtualization services.
Which feature is unique to Windows 365?
A. Users can connect to a virtual machine by using the Microsoft Remote Desktop app.
B. Users can connect to a virtual machine by using a web site.
C. A virtual machine can authenticate users to Active Directory Domain Services (AD DS).
D. A virtual machine can be provisioned from a custom image.
E. A virtual machine is automatically provisioned after assigning a license to a user.
Selected Answer: A
Question #: 182
Topic #: 1
A company is planning to migrate to Microsoft 365.
The company requires a service that meets the following requirements:
✑ Aggregates third-party training content and internal company content.
✑ Allows managers to assign, track, and report on training.
You need to recommend a Microsoft Viva solution that meets the requirements.
Which solution should you recommend?
A. Microsoft Viva Topics
B. Microsoft Viva Insights
C. Microsoft Viva Learning
D. Microsoft Viva Connections
Selected Answer: C
Question #: 185
Topic #: 1
A company deploys Microsoft Azure AD. You enable multi-factor authentication.
You need to inform users about the multi-factor authentication methods that they can use.
Which of the following methods is NOT a valid multi-factor authentication method in Microsoft 365?
A. Receive an automated call on the desk phone that includes a verification code
B. Insert a small card in to a desktop computer and provide a PIN code when prompted
C. Receive a call on a mobile phone and select the pound sign (#) when prompted
D. Receive an SMS text message that includes a verification code
Selected Answer: A
Question #: 189
Topic #: 1
You are a Microsoft 365 administrator for a company.
Several users report that they receive emails which have a PDF attachment. The PDF attachment launches malicious code.
You need to remove the message from inboxes and disable the PDF threat if an affected document is opened.
Which feature should you implement?
A. Microsoft Exchange Admin Center block lists
B. Sender Policy Framework
C. Advanced Threat Protection anti-phishing
D. zero-hour auto purge
E. DKIM signed messages with mail flow rules
Selected Answer: D
Question #: 192
Topic #: 1
You are the Microsoft 365 administrator for a company.
All staff must use Microsoft Outlook to access corporate email. When users access Outlook on mobile devices, they must use a PIN to open the application.
You need to implement a Microsoft Intune policy to enforce the security requirements.
Which policy should you use?
A. device compliance
B. device configuration
C. app protection
D. app configuration
Selected Answer: C
Question #: 195
Topic #: 1
A company deploys Exchange Online and SharePoint Online.
You must audit and assessment reports for the Microsoft 365 cloud services that the company uses.
You need to provide the required documents.
Which Microsoft site should you use to obtain this information?
A. Compliance Manager
B. Service Trust Portal
C. Office 365 Security and Compliance Center
D. Azure portal
Selected Answer: B
Question #: 201
Topic #: 1
A company is planning to use Microsoft 365 Defender.
The company needs to protect Windows 10 client computers from malicious viruses. The company also needs to identify unauthorized cloud apps that are used by end users.
You need to identify the Microsoft 365 Defender solutions that meet the requirements.
Which two solutions should you choose? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Microsoft Defender for Identity
B. Microsoft Defender for Endpoint
C. Microsoft Defender for Office 365
D. Microsoft Cloud App Security
Selected Answer: BD
Question #: 202
Topic #: 1
A company has Microsoft 365.
The company needs to secure their environment. They start by identifying the highest risks to security according to Microsoft.
You need to identify the security changes that are recommended by Microsoft 365.
Which tool should you choose?
A. Microsoft Intune
B. Microsoft Secure Score
C. Azure Information Protection scanner
D. Advanced Threat Analytics
E. Microsoft 365 compliance center
Selected Answer: B
Question #: 205
Topic #: 1
A company uses Microsoft 365.
The company wants users to be prompted for additional verification when they access a federated third-party application. However, users must not be prompted for additional verification when they access Microsoft Outlook.
You need to identify a solution that meets the requirements.
Which solution should you choose?
A. Conditional Access
B. Multi-factor authentication (MFA)
C. Active Directory Federation Services (AD FS)
D. Self-service password reset (SSPR)
Selected Answer: C
Question #: 206
Topic #: 1
A company plans to migrate to Microsoft 365.
You need to advise the company about how Microsoft provides protection in a multitenancy environment.
What are three ways that Microsoft provides protection? Each correct answer presents part of the solution. (Choose three.)
NOTE: Each correct selection is worth one point.
A. Customer content at rest is encrypted on the server by using BitLocker.
B. Microsoft Azure AD provides authorization and role-based access control at the tenant layer.
C. Customer content at rest is encrypted on the server by using transport-layer security (TLS).
D. Microsoft Azure AD provides authorization and role-based access control at the transport layer.
E. Mailbox databases in Microsoft Exchange Online contain only mailboxes from a single tenant.
F. Mailbox databases in Microsoft Exchange Online contain mailboxes from multiple tenants.
Selected Answer: ABF
Question #: 207
Topic #: 1
You are the Microsoft 365 administrator for a company.
Your company plans to open a new office in the United Kingdom.
You need to provide penetration test and security assessment reports for the new office.
Where can you locate the required reports?
A. Data Governance page of the Security and Compliance portal
B. Compliance Manager page of the Services Trust portal
C. Data Loss Prevention page of the Security and Compliance portal
D. Regional Compliance page of the Services Trust portal
Selected Answer: A
Question #: 209
Topic #: 1
You are the Microsoft Office 365 administrator for a company.
You need to perform security and compliance reviews before new updates are distributed to the entire company.
What should you implement?
A. standard releases
B. Microsoft 365 Enterprise Test Lab
C. targeted releases
D. FastTrack
Selected Answer: D
Question #: 211
Topic #: 1
A company has a Microsoft 365 subscription that includes Office apps.
A user has identified a new issue while working with an app. When the user attempts to create a support request, the following message displays:
You need to determine the cause of the error message.
What is the cause?
A. The user account is disabled.
B. The user does not have a license assigned for the app.
C. The user account is not a member of the global admin role.
D. The company does not have Premier support.
Selected Answer: C
Question #: 212
Topic #: 1
Your company purchases Microsoft 365 E3 and Azure AD P2 licenses.
You need to provide identity protection against login attempts by unauthorized users.
What should you implement?
A. Azure AD Identity Protection
B. Azure AD Privileged Identity Management
C. Azure Information Protection
D. Azure Identity and Access Management
Selected Answer: A
Question #: 214
Topic #: 1
You are a Microsoft 365 administrator for a company. Employees use Microsoft Office 365 ProPlus to create documents.
You need to implement document classification and protection by using Microsoft Azure Information Protection.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add an Azure subscription to your Microsoft 365 tenant
B. Install the Azure Information Protection client
C. Create a custom Azure Information Protection policy with the Confidential label
D. Enable the default Azure Information Protection policy
E. Install the Rights Management Service client
Selected Answer: B
Question #: 219
Topic #: 1
A company uses Microsoft 365.
The company needs to label emails and documents that contain confidential text.
You need to identify a feature that meets this requirement.
Which feature should you choose?
A. Customer Key
B. Sensitivity label
C. Microsoft Outlook rule
D. Retention label
Selected Answer: A
Question #: 222
Topic #: 1
A company deploys Microsoft Azure AD. You run the Identity Secure Score report. The report displays five security items.
Which three security items on the report have the most impact on the score? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Enable policy to block legacy authentication.
B. Enable user risk policy.
C. Require multi-factor authentication for all users.
D. Delete/block accounts not used in last 30 days.
E. Do not expire passwords.
Selected Answer: ACE
Question #: 223
Topic #: 1
A company deploys Microsoft Azure AD. You enable multi-factor authentication.
You need to inform users about the multi-factor authentication methods that they can use.
Which of the following methods is NOT a valid multi-factor authentication method in Microsoft 365?
A. Receive an automated call on the desk phone that includes a verification code.
B. Use the Microsoft Authenticator mobile application to receive a notification and authenticate.
C. Receive a call on a phone.
D. Enter a Windows 10 PIN code when prompted.
Selected Answer: D
Question #: 224
Topic #: 1
You deploy Enterprise Mobility + Security E5 and assign Microsoft 365 licenses to all employees.
Employees must not be able to share documents or forward emails that contain sensitive information outside the company.
You need to enforce the file sharing restrictions.
What should you do?
A. Use Microsoft Azure Information Protection to define a label. Associate the label with an Azure Rights Management template that prevents the sharing of files or emails that are marked with the label.
B. Create a Microsoft SharePoint Online content type named Sensitivity. Apply the content type to other content types in Microsoft 365. Create a Microsoft Azure Rights Management template that prevents the sharing of any content where the Sensitivity column value is set to Sensitive.
C. Use Microsoft Azure Information Rights Protection to define a label. Associate the label with an Active Directory Rights Management template that prevents the sharing of files or emails that are marked with the label.
D. Create a label named Sensitive. Apply a Data Layer Protection policy that notifies users when their document contains personally identifiable information (PII).
Selected Answer: A
Question #: 228
Topic #: 1
A company deploys Microsoft 365.
The company needs to deploy a solution that meets the following requirements:
✑ allows access to Microsoft 365 only from corporate networks
✑ allows access to Microsoft 365 only from corporate-owned devices
✑ requires additional verification during authentication
You need to identify a solution that meets the requirements.
What should you select?
A. Multi-factor authentication
B. Conditional Access
C. Azure Active Directory hybrid identity
D. Self-service password reset
Selected Answer: B
Question #: 230
Topic #: 1
After experiencing security breaches with on-premises servers, a company is considering migrating to Microsoft 365 for their security solutions.
What are three security-related benefits of moving to Microsoft 365? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Microsoft employs a full-time team of penetration testers to identify vulnerabilities.
B. Microsoft 365 prevents all attackers from gaining access to company data.
C. Microsoft simplifies infrastructure management to help detect and respond to threats.
D. Microsoft 365 monitors all customers for threats to prevent attacks.
E. Microsoft 365 can troubleshoot security issues by accessing customer data without explicit permission from the customer.
Selected Answer: A
Question #: 231
Topic #: 1
A company uses Microsoft 365.
The company wants to improve their compliance score based on Microsoft recommendations.
You need to identify the task that has the largest impact to the compliance score.
Which task should you choose?
A. Detective discretionary
B. Preventative mandatory
C. Corrective discretionary
D. Corrective mandatory
Selected Answer: B
Question #: 232
Topic #: 1
A company uses Microsoft 365.
The company needs to remotely encrypt devices.
You need to identify which solution meets the requirement.
Which solution should you choose?
A. Microsoft Intune
B. Retention labels
C. Azure Information Protection scanner
D. Sensitivity labels
Selected Answer: A
Question #: 236
Topic #: 1
A company uses Microsoft 365.
The company must identify which cloud apps and services are used in the company.
You need to identify which service can be used to find this information.
Which service should you use?
A. Microsoft Defender for Office 365
B. Microsoft Cloud App Security
C. Azure Security Center
D. Azure Active Directory
Selected Answer: B
Question #: 238
Topic #: 1
You manage a local Active Directory Domain Services environment. Your company purchases an Enterprise E1 license for all users.
You need to implement self-service password reset. You want to achieve this goal while minimizing costs.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Upgrade your subscription to Azure AD Premium P2.
B. Deploy Azure AD Connect.
C. Deploy Azure Information Protection.
D. Upgrade your subscription to Azure AD Premium P1.
Selected Answer: BD
Question #: 239
Topic #: 1
You are a Microsoft 365 administrator for a company.
What are two ways that you can ensure data security? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. service-level encryption using customer-provided key
B. tenant-dedicated Microsoft Azure AD encryption using customer-provided key
C. single-tenant infrastructure partitions for sensitive data
D. data transfer using transport-layer security (TLS)
Selected Answer: D
Question #: 240
Topic #: 1
A company uses Azure Active Directory.
The company requires that authentication requests from client applications that do not support modern authentication are blocked.
You need to identify the policy that meets the requirement.
Which policy should you select?
A. Conditional Access
B. Multi-factor authentication registration
C. Sign-in risk
D. User risk
Selected Answer: A
Question #: 241
Topic #: 1
You are a Microsoft 365 administrator for a company.
You need to identify security vulnerabilities by using the Office 365 Attack Simulator.
Which three attack simulations are available? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Brute-force password
B. Cross-site scripting
C. Password-spray
D. Denial-of-service
E. Display name spear-phishing
Selected Answer: D
Question #: 246
Topic #: 1
A company plans to implement an insider risk solution in Microsoft 365.
The company needs to implement a solution that meets the following requirements:
✑ Uses machine learning to identify email risks.
✑ Provides workflows to remediate email risks.
✑ Provides a dashboard to display email risks, actions, and trends.
You need to identify a solution that meets the requirements.
Which solution should you select?
A. Communication compliance policies
B. Core eDiscovery cases
C. Advanced eDiscovery cases
D. Sensitivity labels
Selected Answer: D
Question #: 247
Topic #: 1
Your organization plans to deploy Microsoft 365 in a hybrid scenario.
You need to ensure that employees can use a smart card for authentication.
Which hybrid identity solution should you implement?
A. password hash synchronization with single sign-on
B. Active Directory Federation Services (AD FS)
C. PingFederate and federation integration
D. pass-through authentication and single sign-on
Selected Answer: A
Question #: 249
Topic #: 1
You need to ensure that the process by which users sign in to Microsoft 365 confirms the identity of the user.
Which feature should you use?
A. mobile application management (MAM)
B. Microsoft Defender for Office 365
C. Multi-Factor Authentication (MFA)
D. data loss prevention (DLP) policies
Selected Answer: B
Question #: 250
Topic #: 1
You are a Microsoft 365 administrator for a company.
You need to ensure that company documents are marked as confidential. You must prevent employees from sharing documents with people outside the company.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Validate outbound emails by using DomainKeys Identified Mail (DKIM)
B. Create sensitive information types
C. Configure Secure/Multipurpose Internet Mail Extensions (S/MIME) settings for Outlook
D. Create a data-loss prevention policy
E. Apply sensitivity labels to documents
Selected Answer: DE
Question #: 253
Topic #: 1
A company plans to deploy a solution to manage its Windows 10 computers. Some computers are connected to the corporate network and some computers are connected to the internet,
The solution must meet the following requirements:
✑ Deploy an operating system to the computers.
✑ Join the computer to an on-premises Active Directory domain.
✑ Install Windows updates to the computers.
You need to identify a solution that meets the requirements.
Which solution should you choose?
A. Microsoft Endpoint Manager
B. Microsoft Intune
C. Windows Autopilot
D. Configuration Manager
Selected Answer: B
Question #: 254
Topic #: 1
A company deploys Microsoft 365.
The company plans to use sensitivity labels.
You need to identify the capabilities of sensitivity labels.
What are three capabilities of sensitivity labels? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Sensitivity labels can be customized.
B. Sensitivity labels can ensure that a document is retained indefinitely.
C. Sensitivity labels can trigger disposition reviews.
D. Sensitivity labels can be used to encrypt documents.
E. Sensitivity labels can automatically be applied to documents.
Selected Answer: ADE
Question #: 255
Topic #: 1
What are three capabilities of Security and Compliance Center? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Management of e-discovery cases, holds, and exports
B. Assessment and auditing of Active Directory event logs
C. Prevention of data loss for Exchange Online and SharePoint Online
D. Assessment and auditing of on-premises firewall logs
E. Threat management by using email filtering and anti-malware software
Selected Answer: ACE
Question #: 260
Topic #: 1
You are a company’s Microsoft 365 administrator.
You need to retrieve the following information:
✑ an assessment of your tenant’s security status for a given regulation
✑ a list of audit and assessment reports on Microsoft’s cloud services
Which two portals have this information? Each correct answer presents a partial solution.
NOTE: Each correct selection is worth one point.
A. Service Trust Portal
B. Azure portal
C. Compliance Center
D. SharePoint admin center
Selected Answer: AC
Question #: 262
Topic #: 1
A company is evaluating Microsoft Azure Conditional Access policies.
You reed to determine which scenarios Conditional Access policies support.
Which three scenarios should you select? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Multi-factor authentication
B. Self-service password reset capabilities
C. Hybrid Azure Active Directory joined device
D. Blocked access to Microsoft 365 services for unverified users
E. BitLocker deployment
Selected Answer: ACD
Question #: 264
Topic #: 1
You are the Microsoft 365 administrator for a company.
An employee requests personal data under General Data Protection Regulation (GDPR) guidelines.
You need to retrieve data for the employee.
What should you do?
A. Create a data subject request case.
B. Create a retention policy.
C. Create a data-loss prevention policy.
D. Create a GDPR assessment.
Selected Answer: D
