Sample Questions and Answers
Which Microsoft 365 feature helps protect data shared with external users?
A) Azure Information Protection and Sensitivity Labels
B) Azure AD Identity Protection
C) Exchange Online Protection
D) Microsoft Defender Antivirus
Answer: A) Azure Information Protection and Sensitivity Labels
Explanation: These features enable encryption and access restrictions on externally shared content.
What type of policy can be used to prevent users from downloading sensitive files on unmanaged devices?
A) Conditional Access Policy with device compliance requirements
B) Retention Policy
C) Mail Flow Rule
D) Security Defaults
Answer: A) Conditional Access Policy with device compliance requirements
Explanation: This policy enforces access only on devices meeting compliance criteria.
What Microsoft 365 tool allows investigation and response to security incidents?
A) Microsoft 365 Defender portal
B) Azure AD Identity Protection
C) Microsoft Endpoint Manager
D) Compliance Manager
Answer: A) Microsoft 365 Defender portal
Explanation: It consolidates alerts and provides investigation and remediation tools.
How do Microsoft 365 retention labels differ from retention policies?
A) Labels can be applied to individual items manually or automatically, while policies are broader and apply to containers like mailboxes or sites
B) Policies encrypt data, labels do not
C) Policies only apply to emails, labels apply to all content
D) Labels block external sharing
Answer: A) Labels can be applied to individual items manually or automatically, while policies are broader and apply to containers like mailboxes or sites
Explanation: Labels offer fine-grained retention controls.
What is the main goal of Microsoft Secure Score?
A) To improve an organization’s security posture by providing actionable recommendations
B) To encrypt all emails automatically
C) To detect spam emails
D) To monitor device compliance
Answer: A) To improve an organization’s security posture by providing actionable recommendations
Explanation: Secure Score tracks security settings and suggests improvements.
What is the function of Microsoft Cloud App Security (MCAS)?
A) To provide visibility, control, and threat protection for cloud applications
B) To manage endpoint protection
C) To encrypt emails
D) To enforce MFA
Answer: A) To provide visibility, control, and threat protection for cloud applications
Explanation: MCAS helps detect risky app usage and data leaks.
How does Microsoft 365 help protect against ransomware attacks?
A) By using Defender for Endpoint with behavioral detection and automatic remediation
B) By disabling external sharing
C) By enforcing retention policies
D) By applying DLP policies
Answer: A) By using Defender for Endpoint with behavioral detection and automatic remediation
Explanation: Defender identifies ransomware behaviors and blocks attacks.
Which Microsoft 365 feature allows control over who can access a SharePoint site?
A) SharePoint site permissions and sensitivity labels
B) Exchange Online Protection
C) Azure AD Identity Protection
D) Microsoft Defender Antivirus
Answer: A) SharePoint site permissions and sensitivity labels
Explanation: These govern access and data protection on sites.
How can you monitor user sign-in risks in Microsoft 365?
A) By reviewing Azure AD Identity Protection reports
B) By using retention policies
C) By configuring Exchange Online Protection
D) By applying sensitivity labels
Answer: A) By reviewing Azure AD Identity Protection reports
Explanation: Azure AD Identity Protection detects and reports risky sign-ins.
What action does a Microsoft 365 mail flow rule (transport rule) NOT perform?
A) Encrypt attachments automatically without admin setup
B) Block emails based on sender or content
C) Redirect emails to another mailbox
D) Add disclaimers to outgoing emails
Answer: A) Encrypt attachments automatically without admin setup
Explanation: Encryption requires additional configuration beyond mail flow rules.
Which security feature helps reduce the risk of compromised accounts in Microsoft 365?
A) Enforcing Multi-Factor Authentication (MFA)
B) Applying retention labels
C) Blocking external sharing
D) Enabling Unified Audit Logs
Answer: A) Enforcing Multi-Factor Authentication (MFA)
Explanation: MFA adds a second layer of authentication.
How do sensitivity labels enhance document protection?
A) They can encrypt content, apply watermarks, and restrict access or actions
B) They delete documents after a retention period
C) They scan for malware
D) They block spam emails
Answer: A) They can encrypt content, apply watermarks, and restrict access or actions
Explanation: Sensitivity labels offer detailed control over document use.
What is the purpose of Microsoft Defender for Identity?
A) To detect identity-based threats and suspicious activities on-premises and in the cloud
B) To block malware in emails
C) To manage device compliance
D) To enforce data retention policies
Answer: A) To detect identity-based threats and suspicious activities on-premises and in the cloud
Explanation: Defender for Identity analyzes user behavior to identify threats.
How do administrators restrict external sharing in Microsoft Teams?
A) By configuring external sharing policies in the Teams admin center and SharePoint admin center
B) By enabling Conditional Access policies
C) By applying retention labels
D) By enforcing MFA
Answer: A) By configuring external sharing policies in the Teams admin center and SharePoint admin center
Explanation: These controls manage guest access and sharing.
What tool provides a centralized view of threats across Microsoft 365 services?
A) Microsoft 365 Security Center
B) Azure AD Connect
C) Microsoft Endpoint Manager
D) Compliance Manager
Answer: A) Microsoft 365 Security Center
Explanation: It consolidates alerts and security insights.
Which Microsoft 365 service helps prevent data leaks by scanning content for sensitive information?
A) Data Loss Prevention (DLP)
B) Microsoft Defender Antivirus
C) Azure AD Identity Protection
D) Exchange Online Protection
Answer: A) Data Loss Prevention (DLP)
Explanation: DLP detects and blocks sharing of sensitive info.
How does Microsoft 365 enable conditional access based on user location?
A) By creating Conditional Access policies that include location conditions
B) By applying retention policies
C) By setting mail flow rules
D) By using sensitivity labels
Answer: A) By creating Conditional Access policies that include location conditions
Explanation: Admins can block or allow access from specific regions.
What is the benefit of Azure AD Privileged Identity Management (PIM)?
A) It provides just-in-time access to privileged roles with approval workflows and access reviews
B) It scans emails for malware
C) It applies retention policies automatically
D) It blocks external sharing
Answer: A) It provides just-in-time access to privileged roles with approval workflows and access reviews
Explanation: PIM reduces risk by limiting permanent admin access.
How can an administrator enforce encryption for emails containing sensitive data?
A) By configuring mail flow rules with Office 365 Message Encryption (OME)
B) By enabling MFA
C) By blocking external sharing
D) By setting retention policies
Answer: A) By configuring mail flow rules with Office 365 Message Encryption (OME)
Explanation: OME encrypts email messages based on conditions.
What is the purpose of Microsoft 365 Compliance Manager’s improvement actions?
A) To guide organizations through steps to enhance their compliance posture
B) To manage device compliance policies
C) To block phishing emails
D) To encrypt files automatically
Answer: A) To guide organizations through steps to enhance their compliance posture
Explanation: Improvement actions provide specific compliance tasks.
Which Microsoft 365 feature helps track and manage data subject requests (DSRs) for GDPR?
A) Microsoft 365 Compliance Center’s Data Subject Request management
B) Azure AD Identity Protection
C) Exchange Online Protection
D) Sensitivity Labels
Answer: A) Microsoft 365 Compliance Center’s Data Subject Request management
Explanation: It helps respond to requests like data access or deletion.
What is the function of Microsoft Defender for Office 365 Safe Links?
A) To protect users from malicious URLs by scanning and rewriting links in emails and documents
B) To block spam emails
C) To enforce MFA
D) To apply sensitivity labels
Answer: A) To protect users from malicious URLs by scanning and rewriting links in emails and documents
Explanation: Safe Links check URLs in real time before users click them.
Reviews
There are no reviews yet.