freefiles

Microsoft MS-900 Exam Dumps & Practice Test Questions

Question No 1:

Your organization utilizes Microsoft Office 365, and as the person responsible for ensuring compliance with the General Data Protection Regulation (GDPR), you must handle a customer's Data Subject Request (DSR) for identifying and possibly removing their personal data. As part of the process, you are required to search across your Microsoft 365 environment for all customer-related data. You are also instructed to ensure that any identified information can be placed under a legal hold, if needed, during further investigation.

Which two Microsoft 365 applications can be searched using Content Search in eDiscovery?

A. Microsoft PowerApps
B. Microsoft Outlook
C. Microsoft Access
D. Microsoft SharePoint Online

Correct Answers:
B. Microsoft Outlook
D. Microsoft SharePoint Online

Explanation:

Microsoft 365's Content Search feature, located within the Microsoft Purview Compliance Portal, is an essential tool for compliance officers working under the constraints of GDPR and other data protection regulations. The tool allows users to locate, identify, and export content across various Microsoft 365 services. This is particularly important for responding to Data Subject Requests (DSRs), where the goal is to search for and retrieve personal data belonging to an individual.

Among the supported applications in Content Search, Microsoft Outlook is a key component. It includes data such as emails, calendar events, and contacts, all of which are essential when fulfilling compliance obligations. As a critical communication tool, Outlook stores vast amounts of personal information that often need to be reviewed during legal and regulatory investigations.

Microsoft SharePoint Online is another key service that can be searched using Content Search. Many organizations store documents, spreadsheets, and collaborative content within SharePoint. Since SharePoint is frequently used for document management and team collaboration, it is a critical source of data in compliance activities, especially for retrieving content tied to a specific user or customer.

On the other hand, Microsoft PowerApps and Microsoft Access are not supported by Content Search. PowerApps is a platform for creating apps and doesn’t store content in a searchable manner as part of the compliance toolset. Similarly, Microsoft Access is a desktop database solution, which isn’t integrated with the compliance center for searches within the cloud-based Microsoft 365 environment.

In conclusion, for effective content identification during DSR responses, Microsoft Outlook and SharePoint Online are the critical services supported by Content Search, and they help ensure compliance with data protection laws like GDPR.

Question No 2:

You are tasked with developing a comprehensive data governance strategy for your organization. One key objective is to implement data classification and ensure that these classifications are effectively enforced across Microsoft 365 services.

Which two components should be part of your data governance plan to meet these objectives?

A. Use Microsoft SharePoint permissions to manage access
B. Publish sensitivity labels for classification and protection
C. Configure Microsoft Outlook MailTips for user guidance
D. Set up supervision policies for communications monitoring
E. Implement retention policies to manage data lifecycle
F. Apply preservation policies for legal and compliance holds

Correct Answers:
B. Publish sensitivity labels for classification and protection
E. Implement retention policies to manage data lifecycle

Explanation:

A successful data governance strategy within a Microsoft 365 environment requires a combination of tools and policies that support both data classification and enforcement. This strategy must not only identify and categorize sensitive data but also ensure compliance and protection through policies.

Sensitivity labels (Option B) are an essential component of Microsoft Information Protection. These labels allow for the classification of data based on its sensitivity—whether it’s Confidential, Internal, or Public. Once sensitivity labels are published, users can apply these classifications across Microsoft 365 services like Word, Excel, Outlook, and SharePoint. Additionally, sensitivity labels can also trigger automatic protection actions, such as encryption or restricted access, to ensure sensitive information is properly safeguarded.

In addition, retention policies (Option E) are crucial for enforcing data lifecycle management. Retention policies help ensure that classified data is retained for the appropriate amount of time according to regulatory requirements or organizational needs. They also ensure that data is properly deleted when no longer required, reducing the risk of data over-retention and non-compliance with data privacy laws.

The other options, while useful in various contexts, do not directly contribute to both classification and enforcement of data governance:

  • SharePoint permissions (Option A) control access but do not classify or enforce data protection.

  • Outlook MailTips (Option C) provide user guidance but do not enforce data protection or classification.

  • Supervision policies (Option D) are focused on monitoring communications, not on data classification.

  • Preservation policies (Option F) are designed for legal holds and litigation, not for general data governance.

Therefore, publishing sensitivity labels for data classification and implementing retention policies for lifecycle management are the two core elements necessary to effectively enforce data governance across Microsoft 365 services.

Question No 3:

Your organization is utilizing a Microsoft Office 365 subscription, and as the administrator, you are responsible for enhancing data protection across the platform. Specifically, you are required to implement a cloud-based security feature that allows sensitive content—such as emails and documents—to be classified, labeled, and optionally encrypted based on predefined policies. This feature must support automatic and manual labeling, integrate with Microsoft 365 apps like Outlook and Word, and ensure that information protection remains intact even when content is shared outside your organization.

Which Microsoft feature is designed to meet these requirements?

A. Microsoft Azure Information Protection
B. Microsoft Azure AD Identity Protection
C. Microsoft Azure AD Privileged Identity Protection
D. Intune App Protection

Correct Answer: A. Microsoft Azure Information Protection

Explanation:

To ensure data protection in Microsoft 365, particularly for sensitive content, organizations need a solution that can classify, label, and protect data across the entire platform. The right solution for this scenario is Microsoft Azure Information Protection (AIP).

Microsoft Azure Information Protection (AIP) provides a cloud-based solution that allows organizations to classify, label, and protect data based on its sensitivity. It enables administrators to define classification labels such as Confidential, Internal, or Public and to apply those labels either manually or automatically based on content inspection. This feature integrates seamlessly with Microsoft 365 apps such as Outlook, Word, and SharePoint, ensuring that all data within these platforms can be effectively managed and protected.

One of AIP's key benefits is its ability to maintain protection even when data is shared outside of the organization. For example, when a labeled document is emailed externally, the label’s protection settings (such as encryption or access restrictions) remain intact, ensuring that sensitive information is not compromised.

The other options do not meet the full set of requirements:

  • Microsoft Azure AD Identity Protection (Option B) is focused on securing user identities and detecting suspicious sign-ins.

  • Microsoft Azure AD Privileged Identity Protection (Option C) is designed to manage and secure privileged access within an organization.

  • Intune App Protection (Option D) focuses on securing access to apps and data on mobile devices but does not directly provide the classification and labeling capabilities needed for document protection.

In summary, Microsoft Azure Information Protection is the comprehensive solution that meets the need for classifying, labeling, and protecting sensitive data across Microsoft 365 apps while maintaining security even when sharing externally.

Question No 4:

Your company recently upgraded to a Microsoft 365 E5 subscription to improve productivity and enhance security. As part of your security configuration, you need to control how Microsoft support engineers can access your organization's data during support requests. Specifically, you want to ensure that Microsoft support staff cannot access data unless you give explicit permission.

Which Microsoft 365 feature should you configure to meet this requirement?

A. Customer Lockbox
B. Data Governance
C. Data Loss Prevention
D. Microsoft Defender for Office 365 (formerly known as Advanced Threat Protection)

Correct Answer: A. Customer Lockbox

Explanation:

The Customer Lockbox feature in Microsoft 365 is designed to give organizations more control over how and when Microsoft support engineers can access their data. It is especially useful for organizations that need to meet strict compliance and regulatory requirements, as it ensures that no support engineer can access any organizational data without explicit approval from the organization itself.

When a support request is submitted that requires access to sensitive content, such as files stored in OneDrive for Business, SharePoint Online, or Exchange Online mailboxes, Microsoft’s support engineers are blocked from accessing the data until the customer explicitly grants permission. This feature helps maintain a high level of data sovereignty and privacy, which is critical for industries or organizations handling sensitive information.

The Data Governance feature, Option B, deals with the management of data retention and deletion policies, and does not provide control over support access to data. Data Loss Prevention (DLP), Option C, is designed to prevent sensitive information from being shared outside of the organization, but it doesn’t focus on support access management. Microsoft Defender for Office 365 (formerly known as Advanced Threat Protection), Option D, protects against threats such as malware, phishing attacks, and malicious links, but it does not control support engineer access to data.

In conclusion, to meet the requirement of ensuring that Microsoft support staff cannot access your data without permission, the appropriate solution is Customer Lockbox. This feature provides transparency and control over support activities, ensuring that sensitive data remains protected and that all actions are logged for audit purposes.

Question No 5:

Your organization has recently upgraded to a Microsoft 365 E5 subscription to enhance productivity and strengthen cybersecurity measures. As a cloud administrator, you are setting up a security solution to protect users from advanced threats, such as zero-day malware, phishing attacks, viruses, and malicious links or attachments in emails, documents, and collaboration tools like Outlook, Teams, SharePoint Online, and OneDrive.

This solution uses machine learning, real-time detection, sandboxing, and automated responses to block harmful content before it reaches users.

Which Microsoft 365 security feature are you configuring?

A. Microsoft Azure AD Identity Protection
B. Data Governance
C. Microsoft Azure AD Conditional Access
D. Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection)

Correct Answer:
D. Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection)

Explanation:

Microsoft Defender for Office 365 is a comprehensive security solution that protects against sophisticated threats, including zero-day malware, phishing, and other malicious activities that may be embedded in emails, documents, and collaboration tools. This service is part of the Microsoft 365 E5 subscription and provides critical real-time protection against a variety of threats that can compromise users and organizational data.

Key features of Microsoft Defender for Office 365 include:

  • Safe Attachments: Automatically analyzes email attachments in a secure environment (sandboxing) to detect any harmful behavior before delivering them to users.

  • Safe Links: Scans and rewrites URLs in emails and documents to prevent users from clicking on dangerous links.

  • Threat Intelligence and Reporting: Offers detailed reports and real-time alerts on detected threats, enabling administrators to track and respond promptly.

  • Attack Simulation Training: Provides training for users by simulating phishing and social engineering attacks to raise awareness.

  • Automated Investigation and Response (AIR): Uses automation and built-in intelligence to investigate and respond to potential threats more efficiently.

Option A, Microsoft Azure AD Identity Protection, focuses on identity management and protection but does not address content-based threats. Option B, Data Governance, handles data retention and deletion policies but is not related to threat protection. Option C, Microsoft Azure AD Conditional Access, deals with enforcing security policies for access to resources, but it does not offer protection against threats like malware or phishing in emails.

Microsoft Defender for Office 365 is the correct solution for protecting users from advanced threats that target content in Microsoft 365 environments, providing proactive, real-time defense against a range of malicious activities.

Question No 6:

Your organization is in the process of moving from an on-premises IT setup to Microsoft 365, a cloud-based productivity platform. The leadership team is eager to understand the advantages of this transition.

As an IT consultant, you are tasked with outlining the benefits associated with migrating to Microsoft 365.

Which of the following benefits are associated with this move? Choose the correct advantages.

Options:

  • Predictable Microsoft licensing costs

  • Decreased service scalability

  • Increased service scalability

  • Decreased on-premises infrastructure maintenance

Correct Answers:

  • Predictable Microsoft licensing costs

  • Increased service scalability

  • Decreased on-premises infrastructure maintenance

Explanation:

Migrating to Microsoft 365 offers several key benefits for organizations transitioning from on-premises IT infrastructures to cloud-based solutions:

  1. Predictable Microsoft Licensing Costs:
    Microsoft 365 follows a subscription-based model, offering fixed monthly or annual payments that cover not just software but also updates, support, and new features. This predictable cost structure is easier for organizations to manage compared to the traditional upfront costs of on-premises IT systems, which might include large hardware investments and unpredictable ongoing maintenance costs.

  2. Increased Service Scalability:
    One of the most significant advantages of Microsoft 365 is its scalability. Cloud platforms allow organizations to scale services as needed without the burden of purchasing additional hardware or worrying about infrastructure limitations. As your business grows, you can add more users, increase storage, and even adopt new features seamlessly.

  3. Decreased On-Premises Infrastructure Maintenance:
    By moving to Microsoft 365, your organization reduces the need for maintaining on-premises servers and hardware. This results in lower costs for physical infrastructure and ongoing maintenance. Microsoft takes responsibility for maintaining the infrastructure, which means your IT team can focus on more strategic tasks rather than routine maintenance and support.

The option "Decreased service scalability" is incorrect. On the contrary, cloud services like Microsoft 365 are designed to offer increased scalability, not decreased. Organizations can easily expand their usage as required.

In conclusion, the migration to Microsoft 365 supports cost control, operational efficiency, and growth agility, making it a beneficial move for most modern businesses seeking to enhance productivity and reduce IT overhead.

Question No 7:

Scenario-Based Licensing Question – Microsoft 365 Enterprise

You are tasked with purchasing Microsoft 365 Enterprise licenses for an organization with over 250 employees. During your research, you encounter the following guidance:

"You should contact a Cloud Solution Provider (CSP) or subscribe to a Microsoft Enterprise Agreement (EA)."You need to assess whether the statement is correct.

If the statement is accurate, select “No adjustment required.” If not, choose the options that correctly reflect how you can acquire Microsoft 365 Enterprise licenses.

Which two of the following options are valid ways to obtain Microsoft 365 Enterprise licenses?

A. No adjustment required
B. Contact a Cloud Solution Provider (CSP) or use a company credit card via the Microsoft website
C. Subscribe to a Microsoft Enterprise Agreement (EA) or visit a Microsoft retail store
D. Use a company credit card via the Microsoft website or visit a Microsoft retail store subscription from

Correct Answers:
A. No adjustment required
B. Contact a Cloud Solution Provider (CSP) or use a company credit card via the Microsoft website

Explanation:

When acquiring Microsoft 365 Enterprise licenses for a large organization, it is important to follow the appropriate purchasing channels that cater to enterprise-level needs.

The guidance stating, "You should contact a Cloud Solution Provider (CSP) or subscribe to a Microsoft Enterprise Agreement (EA)," is accurate. Both CSPs and EA agreements are well-established methods for large-scale licensing of Microsoft products.

A Cloud Solution Provider (CSP) is a Microsoft partner who offers cloud services and Microsoft 365 licenses, providing flexibility in billing and management. CSPs are suitable for organizations of various sizes and are particularly beneficial for companies seeking customized support and scalable solutions.

The Microsoft Enterprise Agreement (EA) is designed for larger enterprises (typically 500+ users). This agreement includes benefits such as volume licensing, software assurance, and long-term support. It is an ideal option for large organizations, ensuring the company gets the most cost-effective and flexible licensing terms.

Additionally, organizations can also purchase licenses directly from the Microsoft website using a company credit card, especially when acquiring smaller quantities or for trial and pilot deployments. Therefore, Option B is also a valid method.

However, Microsoft retail stores do not offer enterprise-level licensing solutions, making Options C and D incorrect for purchasing Microsoft 365 Enterprise licenses. Retail stores cater to smaller-scale consumers and businesses and do not support large enterprise purchases.

Thus, Options A and B are the accurate and valid ways to obtain Microsoft 365 Enterprise licenses.

Question No 8:

Your organization uses Microsoft 365, and you are responsible for monitoring the service health. Recently, there was an outage in your region affecting Microsoft 365 services. Upon checking the Service Health Dashboard, you find that the issue has been marked as resolved and the service status is now healthy.

To understand the root cause of the disruption and what actions were taken to resolve it, you plan to review the Post-Incident Review (PIR) document, which provides detailed information about the incident.

Based on Microsoft's service standards, what is the maximum amount of time they may take to deliver a preliminary Post-Incident Review (PIR) via the Service Health Dashboard after an incident has been resolved?

A. 12 hours
B. 24 hours
C. 48 hours
D. 5 business days

Correct Answer: D. 5 business days

Explanation:

The Service Health Dashboard in Microsoft 365 is an essential tool for administrators to track the health status of Microsoft services, including incidents and outages. Once an incident has been resolved, many administrators look for a detailed Post-Incident Review (PIR) to understand the root cause of the issue, its impact, and what measures have been implemented to prevent similar issues in the future.

Microsoft aims to provide a preliminary PIR within 5 business days of the incident resolution. This allows Microsoft sufficient time to conduct a thorough investigation, verify the findings, and communicate the details to customers. The PIR typically includes:

  • The cause of the incident

  • The impact on users and services

  • A summary of Microsoft’s response

  • Preventative measures taken to avoid similar issues in the future

While it is possible that some PIRs may be delivered sooner depending on the nature and complexity of the incident, the standard time frame for delivering the preliminary PIR is 5 business days. This ensures that customers are kept informed about the root cause of the incident and the actions taken to avoid a recurrence.

Understanding this timeframe helps IT administrators manage expectations and plan internal communications effectively after an outage or disruption.

Question No 9:

A national retail organization operates a chain of stores with Windows 7-based point-of-sale (POS) terminals. The IT department is tasked with upgrading these systems to Windows 10. Management has specified that the POS terminals should not require another major upgrade for at least five years. Additionally, the solution must allow for centralized management of updates and upgrades while minimizing ongoing maintenance costs. Given that these are POS systems with limited functionality, long-term stability is more important than frequent feature updates.

Which edition of Windows 10 is best suited for this scenario?

A. Windows 10 Home
B. Windows 10 Pro
C. Windows 10 Enterprise
D. Windows 10 Enterprise LTSC

Correct Answer: D. Windows 10 Enterprise LTSC

Explanation:

For the retail organization upgrading its point-of-sale (POS) terminals, Windows 10 Enterprise LTSC (Long-Term Servicing Channel) is the ideal choice. The LTSC edition is specifically designed for devices that require long-term stability and minimal feature updates, making it the perfect fit for the organization's needs.

The LTSC version of Windows 10 does not receive regular feature updates (typically every 6 months) like the standard versions. Instead, it only receives essential security updates and critical patches, which helps maintain the system’s stability over long periods. This makes it highly suitable for systems such as POS terminals, where constant changes or frequent updates are not desirable. The LTSC version is also supported for up to 10 years (5 years mainstream and 5 years extended support), providing long-term reliability without the need for frequent upgrades.

Additionally, the LTSC edition lacks non-essential consumer-oriented features, such as the Microsoft Store and Cortana, making it a lighter, more secure, and stable system for enterprise use. This helps reduce administrative overhead and long-term maintenance costs, which is a key consideration for the organization.

In contrast, Windows 10 Home and Windows 10 Pro are more suited to individual or small business use and do not offer the long-term servicing and stability needed for POS systems. Windows 10 Enterprise, while a good option for large organizations, is not specifically designed for environments that prioritize long-term stability without feature updates.

By choosing Windows 10 Enterprise LTSC, the organization can ensure that its POS terminals remain secure, reliable, and easy to manage for the next five years with minimal updates and interventions.

Question No 10:

Your company is planning to migrate its on-premises infrastructure to Microsoft Azure. The IT department needs to understand the key benefits of using cloud computing services over traditional on-premises infrastructure. Which of the following is a primary advantage of using Azure’s cloud services?

A) High upfront capital expenditure
B) Scalability and flexibility
C) Dedicated hardware resources
D) Limited access to data storage

Correct Answer: B

Explanation:

The key benefit of using cloud computing services, particularly in the context of Microsoft Azure, is the ability to leverage the platform's scalability and flexibility. Let’s break down each option:

  • A) High upfront capital expenditure:
    One of the main reasons organizations migrate to the cloud is to reduce or eliminate the need for high upfront capital expenditure. In a traditional on-premises environment, businesses must purchase hardware, maintain physical servers, and make significant upfront investments in infrastructure. Cloud services, including Azure, provide a pay-as-you-go model, which eliminates the need for large initial investments and reduces financial barriers. Therefore, A does not represent the core advantage of cloud computing.

  • B) Scalability and flexibility:
    Scalability and flexibility are among the primary advantages of cloud computing. With services like Azure, businesses can scale resources up or down based on their needs, without the constraints of physical hardware. For instance, if your company experiences a surge in demand, Azure can quickly allocate additional resources (such as computing power, storage, or network bandwidth) to meet that demand. Likewise, during off-peak times, resources can be scaled back to reduce costs. This flexibility is not easily achievable with on-premises infrastructure, where adding or reducing resources often involves purchasing or decommissioning physical hardware, which can be slow and costly.

  • C) Dedicated hardware resources:
    While on-premises infrastructure might involve dedicated hardware resources, the cloud—including Microsoft Azure—typically provides shared resources. This is done through virtualization, where physical servers are abstracted to serve multiple customers, offering better resource utilization and cost efficiency. Azure offers virtual machines, containers, and other compute options, but these are not necessarily dedicated hardware. Therefore, this is not a primary advantage of cloud computing in comparison to on-premises setups.

  • D) Limited access to data storage:
    Azure provides highly scalable and flexible data storage options, which can be expanded as needed. In fact, one of the main benefits of cloud computing is unlimited storage capacity, at a much lower cost than on-premises solutions. The storage is virtually limitless and can be managed with advanced security and backup features. Thus, limited access to data storage is not a correct description of Azure’s capabilities.

In conclusion, B) Scalability and flexibility is the correct answer, as it directly addresses the most significant benefits of moving to cloud services like Microsoft Azure, allowing businesses to efficiently scale their resources without the high costs and complexities associated with traditional on-premises infrastructure.