Sample Questions and Answers
1.
Which Microsoft 365 service provides protection against advanced threats like zero-day malware and phishing?
A) Microsoft Defender for Endpoint
B) Microsoft Intune
C) Microsoft Teams
D) Microsoft Power BI
Answer: A) Microsoft Defender for Endpoint
Explanation: Microsoft Defender for Endpoint is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats, including zero-day malware and phishing attacks.
2.
You need to configure Microsoft 365 so that users can only access corporate data from compliant devices. Which service should you use?
A) Microsoft Defender for Office 365
B) Azure AD Conditional Access
C) Microsoft Teams policies
D) Microsoft Power Automate
Answer: B) Azure AD Conditional Access
Explanation: Azure AD Conditional Access policies allow you to control access to resources based on device compliance, location, user risk, and more.
3.
What is the maximum retention period for Microsoft 365 retention policies?
A) 1 year
B) 5 years
C) 7 years
D) Unlimited
Answer: D) Unlimited
Explanation: Microsoft 365 retention policies can be configured for an unlimited retention period to meet various compliance requirements.
4.
Which tool is used to manage Microsoft 365 tenant-wide roles and licenses?
A) Microsoft Endpoint Manager
B) Microsoft 365 admin center
C) Exchange Admin Center
D) Microsoft PowerShell
Answer: B) Microsoft 365 admin center
Explanation: The Microsoft 365 admin center is the primary web interface used to manage tenant roles, licenses, and users.
5.
You want to ensure that all email sent from your organization uses DKIM to improve email authentication. What should you configure?
A) SPF records only
B) DKIM signing in Exchange Online
C) DMARC policies only
D) Microsoft Defender policies
Answer: B) DKIM signing in Exchange Online
Explanation: DKIM (DomainKeys Identified Mail) signing is configured in Exchange Online to cryptographically sign outbound emails, helping prevent spoofing.
6.
Which Microsoft 365 service allows you to create and enforce data loss prevention (DLP) policies?
A) Microsoft Teams
B) Microsoft Defender for Identity
C) Microsoft Purview Compliance Portal
D) Microsoft Power BI
Answer: C) Microsoft Purview Compliance Portal
Explanation: The Microsoft Purview Compliance Portal is used to create and manage DLP policies across Microsoft 365 services to protect sensitive information.
7.
What is the PowerShell module required to manage Microsoft Teams?
A) AzureAD
B) MicrosoftTeams
C) MSOnline
D) ExchangeOnlineManagement
Answer: B) MicrosoftTeams
Explanation: The MicrosoftTeams PowerShell module is used to manage Teams-specific settings and policies.
8.
You want to prevent users from sharing files externally in OneDrive and SharePoint. What is the recommended way?
A) Disable sharing in Azure AD
B) Configure sharing policies in the SharePoint admin center
C) Disable user accounts
D) Block guest access in Teams
Answer: B) Configure sharing policies in the SharePoint admin center
Explanation: Sharing policies in the SharePoint admin center control external sharing settings for both SharePoint and OneDrive.
9.
Which Microsoft 365 feature helps you automate responses to phishing attacks?
A) Microsoft Defender for Office 365 Threat Explorer
B) Microsoft Endpoint Manager
C) Azure AD Identity Protection
D) Power Automate
Answer: A) Microsoft Defender for Office 365 Threat Explorer
Explanation: Threat Explorer allows you to investigate and automate responses to email threats like phishing.
10.
Which tool is used for migrating email from an on-premises Exchange environment to Exchange Online?
A) Azure AD Connect
B) Microsoft Endpoint Manager
C) Exchange Online Migration Service
D) Microsoft Teams Admin Center
Answer: C) Exchange Online Migration Service
Explanation: The Exchange Online Migration Service supports various migration methods, including cutover, staged, and hybrid migrations.
11.
You want to enforce multi-factor authentication (MFA) for all users accessing Microsoft 365. Which feature should you configure?
A) Security Defaults
B) Exchange Transport Rules
C) Microsoft Defender for Identity
D) Microsoft Information Protection
Answer: A) Security Defaults
Explanation: Security Defaults in Azure AD provide an easy way to enforce MFA and basic security measures across all users.
12.
Which Microsoft 365 feature allows administrators to monitor the health and performance of Microsoft 365 services?
A) Microsoft Endpoint Manager
B) Microsoft 365 Service health dashboard
C) Microsoft Defender for Endpoint
D) Azure AD Connect
Answer: B) Microsoft 365 Service health dashboard
Explanation: The Service health dashboard provides real-time info about Microsoft 365 services’ status and incidents.
13.
Which protocol does Microsoft 365 use for secure email transport?
A) HTTP
B) SMTP with TLS
C) FTP
D) Telnet
Answer: B) SMTP with TLS
Explanation: SMTP with TLS is used to secure email in transit between mail servers in Microsoft 365.
14.
You need to delegate management of certain Microsoft 365 groups to a user without giving them global admin rights. What role should you assign?
A) Global Reader
B) Groups Administrator
C) Compliance Administrator
D) Security Reader
Answer: B) Groups Administrator
Explanation: The Groups Administrator role allows delegated management of Microsoft 365 groups without full admin privileges.
15.
Which Microsoft 365 compliance tool helps identify sensitive data across the tenant?
A) Azure Sentinel
B) Microsoft Purview Data Classification
C) Microsoft Endpoint Manager
D) Microsoft Power Platform
Answer: B) Microsoft Purview Data Classification
Explanation: Data Classification helps discover, classify, and protect sensitive information within Microsoft 365.
16.
To synchronize on-premises identities to Azure AD, which tool must be installed?
A) Azure AD Connect
B) Microsoft Endpoint Manager
C) Microsoft Teams Admin Center
D) Microsoft Defender for Identity
Answer: A) Azure AD Connect
Explanation: Azure AD Connect synchronizes on-premises Active Directory accounts with Azure Active Directory.
17.
What is the minimum number of global administrators recommended for a Microsoft 365 tenant?
A) 1
B) 2
C) 3
D) 5
Answer: B) 2
Explanation: Having at least two global administrators provides redundancy and ensures management continuity.
18.
Which Microsoft 365 security feature helps protect accounts from brute force attacks?
A) Azure AD Password Protection
B) Microsoft Defender for Endpoint
C) Microsoft Information Protection
D) Microsoft Teams Policies
Answer: A) Azure AD Password Protection
Explanation: Azure AD Password Protection prevents users from selecting weak or compromised passwords.
19.
You want to create a Microsoft 365 compliance policy that applies only to users in the finance department. What attribute should you use to target users?
A) Department attribute in Azure AD
B) User principal name
C) Job title
D) Email address
Answer: A) Department attribute in Azure AD
Explanation: Using Azure AD attributes like Department allows targeted policies for specific user groups.
20.
Which license type is required for Microsoft 365 E5 Security features?
A) Microsoft 365 E3
B) Microsoft 365 E5
C) Microsoft 365 Business Basic
D) Office 365 F3
Answer: B) Microsoft 365 E5
Explanation: E5 licenses include advanced security and compliance features not available in E3 or lower.
21.
How do you enforce data encryption for emails sent to external users?
A) Enable Microsoft Information Protection encryption policies
B) Disable external sharing
C) Configure Transport Rules for encryption in Exchange Online
D) Block external emails
Answer: C) Configure Transport Rules for encryption in Exchange Online
Explanation: Transport rules can be set to automatically encrypt outbound emails based on conditions like recipient domain.
22.
Which Microsoft 365 service supports automatic device enrollment for mobile devices?
A) Microsoft Defender for Endpoint
B) Microsoft Endpoint Manager (Intune)
C) Azure AD Connect
D) Microsoft Teams
Answer: B) Microsoft Endpoint Manager (Intune)
Explanation: Intune supports automatic enrollment and management of mobile devices for compliance and security.
23.
Which feature allows you to monitor and control third-party app access to Microsoft 365 data?
A) Azure AD App Proxy
B) Azure AD Conditional Access
C) Microsoft Cloud App Security (MCAS)
D) Microsoft Endpoint Manager
Answer: C) Microsoft Cloud App Security (MCAS)
Explanation: MCAS provides visibility and control over cloud app usage, including third-party integrations.
24.
You want to limit Teams meetings to only users within your organization. What setting should you configure?
A) Teams meeting policies to disable external participants
B) Microsoft Defender for Office 365
C) Azure AD Conditional Access
D) Exchange Online Transport Rules
Answer: A) Teams meeting policies to disable external participants
Explanation: Teams meeting policies can restrict meetings so only internal users can join.
25.
Which PowerShell cmdlet is used to assign a license to a Microsoft 365 user?
A) Set-MsolUser
B) Set-MsolUserLicense
C) New-MsolUser
D) Add-MsolGroupMember
Answer: B) Set-MsolUserLicense
Explanation: Set-MsolUserLicense assigns or modifies licenses for users in Microsoft 365 via PowerShell.
26.
Which Microsoft 365 compliance tool can create audit logs and reports on user activities?
A) Microsoft Endpoint Manager
B) Microsoft Purview Audit (formerly Office 365 Audit Log)
C) Microsoft Defender for Identity
D) Azure AD Connect
Answer: B) Microsoft Purview Audit
Explanation: Purview Audit logs track user and admin activities for compliance and investigation.
27.
Which Microsoft 365 feature protects data at rest within Exchange Online mailboxes?
A) BitLocker encryption
B) Microsoft Information Protection (MIP)
C) Data Loss Prevention (DLP)
D) Transport Layer Security (TLS)
Answer: B) Microsoft Information Protection (MIP)
Explanation: MIP classifies and encrypts data stored in Exchange Online to ensure data protection at rest.
28.
Which Microsoft 365 tool allows admins to recover deleted Teams and Channels?
A) Microsoft Endpoint Manager
B) Microsoft Teams Admin Center
C) Microsoft Purview Compliance Portal
D) Azure AD Connect
Answer: B) Microsoft Teams Admin Center
Explanation: The Teams Admin Center provides recovery options for deleted teams and channels within retention periods.
29.
You want to enable self-service password reset for all users. What is the minimum license requirement?
A) Azure AD Free
B) Azure AD Premium P1
C) Microsoft 365 Business Basic
D) Microsoft 365 E3
Answer: B) Azure AD Premium P1
Explanation: Self-service password reset with write-back requires Azure AD Premium P1 licensing.
30.
Which Microsoft 365 feature helps to prevent data leakage via email by detecting sensitive information?
A) Exchange Online Protection (EOP)
B) Data Loss Prevention (DLP)
C) Azure AD Conditional Access
D) Microsoft Teams policies
Answer: B) Data Loss Prevention (DLP)
Explanation: DLP policies scan emails for sensitive information types and enforce protection actions like blocking or encrypting.
31.
Which role allows a user to manage compliance features such as retention policies and data classification?
A) Compliance Administrator
B) Global Reader
C) Security Administrator
D) Exchange Administrator
Answer: A) Compliance Administrator
Explanation: The Compliance Administrator role provides permissions to manage Microsoft Purview compliance features like retention and data classification.
32.
What does Azure AD Connect Health primarily monitor?
A) On-premises AD synchronization health
B) Microsoft Endpoint Manager compliance reports
C) Exchange Online spam filters
D) Teams usage analytics
Answer: A) On-premises AD synchronization health
Explanation: Azure AD Connect Health monitors synchronization between on-premises AD and Azure AD for issues and performance.
33.
How can you enforce encryption for Microsoft Teams chat messages?
A) Enable end-to-end encryption (E2EE) for 1:1 calls and chats
B) Use Microsoft Information Protection policies
C) Use Exchange Transport Rules
D) Configure Azure AD Conditional Access
Answer: A) Enable end-to-end encryption (E2EE) for 1:1 calls and chats
Explanation: E2EE is available in Teams for 1:1 calls and chats, providing additional encryption beyond Microsoft’s standard service encryption.
34.
Which Microsoft 365 component enables automatic device compliance assessment before granting access?
A) Azure AD Conditional Access with Intune compliance policies
B) Exchange Online Protection
C) Microsoft Defender Antivirus
D) Microsoft Power Platform
Answer: A) Azure AD Conditional Access with Intune compliance policies
Explanation: Conditional Access evaluates device compliance (managed by Intune) before allowing access to resources.
35.
What is the function of the Microsoft 365 Secure Score?
A) It measures your organization’s security posture and provides improvement recommendations
B) It scores end-user productivity
C) It ranks Azure AD user logins
D) It analyzes Exchange mail flow
Answer: A) It measures your organization’s security posture and provides improvement recommendations
Explanation: Secure Score helps organizations assess security and suggests actionable improvements.
Reviews
There are no reviews yet.