AB-900, Microsoft Certification

AB-900 Practice Exam #2

AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Practice Exam

This practice exam is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.

Question 1 (Single Answer)

A company plans to deploy Microsoft 365 Copilot to 300 employees. Before deployment, administrators want to reduce the possibility that Copilot will surface documents that were unintentionally shared with a broad audience.

Which action should administrators perform FIRST?

A. Increase mailbox storage quotas.

B. Run SharePoint Advanced Management reports to identify oversharing.

C. Assign Copilot licenses to all users.

D. Enable Microsoft Defender for Endpoint.

Correct Answer

B

Explanation

SharePoint Advanced Management provides reports that identify overshared sites and content. Reviewing and correcting permissions before deployment reduces the risk of Copilot surfacing sensitive information to users who already have access.

  • A is unrelated.
  • C deploys Copilot before addressing governance concerns.
  • D improves endpoint security but does not address oversharing.

Question 2 (Multiple Response)

Which THREE Microsoft 365 services commonly provide organizational data that Microsoft 365 Copilot can use through Microsoft Graph?

(Choose three.)

A. SharePoint Online

B. Exchange Online

C. Microsoft Teams

D. Azure Kubernetes Service

Correct Answers

A, B, and C

Explanation

Microsoft Graph connects Microsoft 365 services, including:

  • SharePoint Online
  • Exchange Online
  • Microsoft Teams
  • Outlook
  • OneDrive
  • Calendar

Azure Kubernetes Service is an Azure infrastructure service and is not a Microsoft 365 productivity workload used as a primary grounding source.

Question 3 (Scenario)

A compliance administrator wants to investigate whether users have recently used Microsoft 365 Copilot to access files containing credit card numbers.

Which Microsoft Purview capability is MOST appropriate?

A. Activity Explorer

B. Microsoft Defender XDR

C. Microsoft Intune

D. Azure Monitor

Correct Answer

A

Explanation

Activity Explorer helps administrators investigate user activities involving sensitive information, including Copilot interactions when supported by Microsoft Purview auditing and compliance features.

The remaining services focus on endpoint management, security operations, or Azure monitoring.

Question 4 (Best Answer)

An organization wants to find every document and email related to “Project Orion” across Exchange Online, SharePoint Online, and OneDrive.

Which Microsoft Purview feature should be used?

A. Data Loss Prevention

B. Activity Explorer

C. Content Search (eDiscovery)

D. Communication Compliance

Correct Answer

C

Explanation

Content Search enables administrators to search across Microsoft 365 workloads for emails, files, Teams messages, and other supported content.

Activity Explorer monitors activities rather than searching stored content.

Question 5 (Matching)

Match each administrative tool with its primary purpose.

ToolPurpose
1. Copilot AnalyticsA. Discover AI-related risks
2. DSPM for AIB. Measure Copilot adoption
3. Microsoft 365 Admin CenterC. Assign licenses and manage users

Choose the correct answer.

A.

1-B

2-A

3-C

B.

1-A

2-C

3-B

C.

1-C

2-B

3-A

D.

1-B

2-C

3-A

Correct Answer

A

Explanation

  • Copilot Analytics measures adoption and usage.
  • DSPM for AI identifies AI-related security and governance risks.
  • Microsoft 365 Admin Center manages users, licenses, and Microsoft 365 services.

Question 6 (Scenario)

An organization wants a conversational assistant that answers only Human Resources questions using approved HR documentation.

Which solution best satisfies this requirement?

A. Microsoft Purview eDiscovery

B. Exchange Online

C. Custom agent

D. Microsoft Defender for Cloud Apps

Correct Answer

C

Explanation

A custom agent can be configured with:

  • Specific instructions
  • Approved knowledge sources
  • Department-specific behaviors
  • Controlled user access

This makes it ideal for HR, Finance, Legal, or IT support scenarios.

Question 7 (Multiple Response)

Which TWO statements correctly describe Microsoft 365 Copilot licensing?

(Choose two.)

A. Copilot licenses are assigned to individual users.

B. Some Copilot services support pay-as-you-go billing.

C. Every Copilot capability requires monthly licensing.

D. Copilot licensing automatically grants Global Administrator permissions.

Correct Answers

A and B

Explanation

Microsoft supports:

  • Per-user licensing for Microsoft 365 Copilot.
  • Consumption-based (pay-as-you-go) billing for certain Copilot experiences and services.

Licensing never grants administrative permissions.

Question 8 (Scenario)

An administrator wants to understand how frequently employees are using Copilot in Word, Excel, Outlook, and Teams.

Which tool provides this information?

A. Microsoft Defender Portal

B. Copilot Analytics

C. Exchange Admin Center

D. Microsoft Intune

Correct Answer

B

Explanation

Copilot Analytics provides reporting on:

  • Active users
  • Adoption trends
  • Usage by application
  • Organizational engagement
  • Return on investment insights

Question 9 (Fill in the Blank)

Microsoft 365 Copilot retrieves organizational context through the __________ while respecting existing security permissions.

A. Azure Virtual Network

B. Windows Registry

C. Microsoft Graph

D. SQL Server Agent

Correct Answer

C

Explanation

Microsoft Graph securely connects Microsoft 365 applications and organizational data. Copilot uses Microsoft Graph to retrieve business context while honoring existing permissions.

Question 10 (Scenario-Based Case Study)

A company has completed a pilot deployment of Microsoft 365 Copilot. Administrators notice that some employees rarely use Copilot while others use it daily.

Management asks the IT department to identify:

  • adoption trends,
  • frequently used Microsoft 365 applications,
  • active users,
  • opportunities to improve adoption.

Which solution BEST meets these requirements?

A. Microsoft Purview Audit

B. Microsoft Defender XDR

C. Microsoft Entra ID

D. Copilot Analytics

Correct Answer

D

Explanation

Copilot Analytics is specifically designed to provide insights into:

  • Adoption rates
  • User engagement
  • Application usage
  • Organizational trends
  • Opportunities to increase Copilot adoption

The other services are designed for auditing, security, or identity management rather than adoption reporting.

Question 11 (Single Answer)

A Microsoft 365 administrator wants to determine whether users are actively using Microsoft 365 Copilot after licenses have been assigned.

Which tool provides adoption and usage metrics specifically for Copilot?

A. Microsoft Entra admin center

B. Copilot Analytics

C. Azure Monitor

D. Microsoft Defender XDR

Correct Answer: B

Explanation

Copilot Analytics provides adoption metrics, usage trends, active users, feature usage, and business insights for Microsoft 365 Copilot.

  • A is incorrect because Entra manages identities.
  • C monitors Azure resources.
  • D focuses on security incidents.

Question 12 (Multiple Answer)

A company wants to reduce oversharing before deploying Microsoft 365 Copilot.

Which TWO tools specifically help identify oversharing?

A. SharePoint Data Access Governance Reports

B. SharePoint Advanced Management

C. Microsoft Word Editor

D. Microsoft Purview DSPM for AI

E. Windows Event Viewer

Choose TWO answers.

Correct Answers:

A

D

Explanation

Data Access Governance Reports identify sites with excessive permissions, while DSPM for AI identifies AI-related exposure risks and recommends remediation.

  • B helps administer SharePoint but isn’t specifically an oversharing discovery tool by itself.
  • C and E are unrelated.

Question 13 (Scenario)

A legal department needs to locate every email discussing a confidential acquisition during the last six months.

Which Microsoft Purview feature should the administrator use?

A. Insider Risk Management

B. Communication Compliance

C. Content Search

D. Data Loss Prevention

Correct Answer: C

Explanation

Content Search allows administrators to search Exchange mailboxes, SharePoint, OneDrive, and Teams content for investigations and legal discovery.

The other solutions perform different governance functions.

Question 14 (Fill in the Blank)

Complete the sentence.

Microsoft 365 Copilot only returns information that a user is already __________ to access.

A. configured

B. licensed

C. authorized

D. synchronized

Correct Answer: C

Explanation

Copilot honors existing Microsoft 365 permissions. Users only receive information they are already authorized to access.

Question 15 (Match the Answers)

Match each Microsoft 365 service with its primary purpose.

ServicePurpose
1. Microsoft Entra IDA. Data governance and compliance
2. Microsoft PurviewB. Identity and authentication
3. Microsoft DefenderC. Threat protection

Correct Matching

  • 1 → B
  • 2 → A
  • 3 → C

Explanation

  • Microsoft Entra manages identities.
  • Microsoft Purview manages governance and compliance.
  • Microsoft Defender protects against threats.

Question 16 (Single Answer)

Which administrator is most likely responsible for configuring Microsoft 365 Copilot licenses?

A. SharePoint Site Owner

B. Exchange User

C. Global Administrator

D. Power BI Viewer

Correct Answer: C

Explanation

Global Administrators (or other appropriately delegated licensing administrators) can assign Copilot licenses.

The remaining roles cannot generally assign organization-wide licenses.

Question 17 (Scenario)

A company wants to monitor which departments are adopting Copilot most rapidly.

Which report would best meet this requirement?

A. Azure Cost Management

B. Copilot Analytics Adoption Report

C. Windows Performance Monitor

D. Exchange Queue Report

Correct Answer: B

Explanation

Copilot Analytics includes organizational adoption trends broken down by departments and user groups.

The other reports are unrelated.

Question 18 (Multiple Answer)

Which actions can administrators perform when managing Microsoft 365 Copilot prompts?

A. Save prompts

B. Share prompts

C. Schedule prompts

D. Permanently modify Microsoft Graph

E. Delete prompts

Choose THREE answers.

Correct Answers

A

B

E

Explanation

Users can:

  • Save prompts
  • Share prompts
  • Delete prompts

While Microsoft continues to expand prompt management capabilities, scheduling depends on the experience and scenario and is not a universal prompt-management capability tested at the AB-900 level.

Modifying Microsoft Graph is unrelated.

Question 19 (Scenario)

An organization wants sensitive SharePoint sites to be inaccessible to Microsoft 365 Copilot until additional review has been completed.

Which SharePoint Advanced Management capability supports this goal?

A. Restricted Site Access

B. Anonymous Sharing

C. Site Templates

D. Version History

Correct Answer: A

Explanation

Restricted Site Access allows administrators to temporarily exclude selected SharePoint sites from organizational search and Copilot experiences while permissions or content are reviewed.

Question 20 (Single Answer)

Which statement correctly describes custom agents?

A. They permanently replace Microsoft 365 Copilot.

B. They only answer questions using internet data.

C. They are designed to automate and assist with organization-specific business scenarios.

D. They require every user to have Global Administrator permissions.

Correct Answer: C

Explanation

Custom agents extend Copilot by providing specialized knowledge, workflows, and automation tailored to an organization’s processes.

  • They do not replace Copilot.
  • They are not limited to internet data.
  • Users do not need Global Administrator permissions to use them.

Question 21 (Scenario-Based Single Answer)

A company plans to deploy Microsoft 365 Copilot to its Finance department. Before enabling Copilot, administrators want to identify SharePoint sites that contain excessive permissions which could expose confidential financial data.

Which Microsoft capability should they use first?

A. Microsoft Defender XDR

B. SharePoint Data Access Governance Reports

C. Microsoft Intune

D. Exchange Online Message Trace

Correct Answer: B

Explanation

Data Access Governance Reports help administrators identify overshared SharePoint sites by analyzing permissions, external sharing, and potentially excessive access. This allows organizations to remediate permissions before enabling Microsoft 365 Copilot.

  • A focuses on threat detection.
  • C manages devices.
  • D tracks email delivery.

Question 22 (Multiple Answer)

Which THREE statements correctly describe Microsoft Purview Data Security Posture Management (DSPM) for AI?

A. It identifies AI-related data exposure risks.

B. It helps discover AI activity across Microsoft 365.

C. It replaces Microsoft Defender Antivirus.

D. It provides recommendations to reduce AI-related risks.

E. It creates Microsoft 365 licenses.

Choose THREE answers.

Correct Answers

A

B

D

Explanation

DSPM for AI helps organizations:

  • Discover AI usage.
  • Identify AI-related security risks.
  • Recommend remediation actions.

It does not replace endpoint protection or manage licensing.

Question 23 (Single Answer)

Which Microsoft 365 administrator role typically has the permissions required to manage Microsoft 365 Copilot settings across the tenant?

A. SharePoint Visitor

B. Billing Reader

C. Global Administrator

D. Teams Meeting Organizer

Correct Answer: C

Explanation

Global Administrators have broad permissions to configure Microsoft 365 services, including Microsoft 365 Copilot administration.

The remaining roles have much more limited permissions.

Question 24 (Scenario-Based Single Answer)

An administrator wants to review the number of active Copilot users, adoption trends, and feature usage across the organization.

Which tool should they use?

A. Microsoft Entra Admin Center

B. Azure Monitor

C. Microsoft Defender Portal

D. Copilot Analytics

Correct Answer: D

Explanation

Copilot Analytics provides insights into:

  • Adoption
  • Active users
  • Feature usage
  • Organizational trends
  • Business value indicators

The other tools serve different purposes.

Question 25 (Match the Answers)

Match each Microsoft technology with its primary purpose.

TechnologyPurpose
1. Microsoft Purview Content SearchA. Discover content during investigations
2. SharePoint Advanced ManagementB. Reduce oversharing risks
3. Copilot AnalyticsC. Measure Copilot adoption

Correct Matching

  • 1 → A
  • 2 → B
  • 3 → C

Explanation

Each solution addresses a different administrative responsibility:

  • Content Search supports investigations.
  • SharePoint Advanced Management helps reduce oversharing.
  • Copilot Analytics measures adoption.

Question 26 (Scenario-Based Multiple Answer)

A company plans to publish a custom agent for Human Resources.

Which TWO activities should occur before broad deployment?

A. Verify organizational approval requirements.

B. Validate the agent’s knowledge sources.

C. Disable Microsoft Entra ID.

D. Remove Microsoft Purview compliance policies.

E. Delete SharePoint permissions.

Choose TWO answers.

Correct Answers

A

B

Explanation

Before deployment, administrators should:

  • Complete any approval process.
  • Verify that the agent uses accurate and authorized knowledge sources.

The remaining options reduce security or are unrelated.

Question 27 (Fill in the Blank)

Microsoft 365 Copilot respects existing __________ when retrieving organizational information.

A. passwords

B. licenses

C. permissions

D. storage quotas

Correct Answer: C

Explanation

Copilot never bypasses Microsoft 365 permissions. Users only receive information they already have permission to access.

Question 28 (Scenario-Based Single Answer)

An organization wants to create an AI assistant that answers internal Human Resources questions using approved HR documentation.

Which solution best meets this requirement?

A. Create a custom agent

B. Enable Windows Copilot

C. Deploy Microsoft Defender

D. Configure Microsoft Intune

Correct Answer: A

Explanation

A custom agent can be built using approved HR documents as its knowledge source, allowing employees to receive accurate answers tailored to organizational policies.

The remaining options do not provide organization-specific conversational AI.

Question 29 (Multiple Answer)

Which THREE activities can administrators perform while monitoring Microsoft 365 agents?

A. Review usage statistics.

B. Monitor operational insights.

C. Track the agent lifecycle.

D. Install Windows updates.

E. Replace Microsoft Graph.

Choose THREE answers.

Correct Answers

A

B

C

Explanation

Administrators can monitor:

  • Usage
  • Operational health
  • Lifecycle status

These capabilities are available through the Microsoft 365 admin center and, for applicable agents, the Microsoft Power Platform admin center.

Windows updates and Microsoft Graph replacement are unrelated.

Question 30 (Scenario-Based Single Answer)

A company has completed a pilot deployment of Microsoft 365 Copilot. Management asks the administrator to determine whether employee adoption is increasing and whether users are regularly interacting with Copilot.

Which solution provides the most appropriate information?

A. Microsoft Defender Secure Score

B. Azure Cost Management

C. Exchange Online Mail Flow Reports

D. Copilot Analytics

Correct Answer: D

Explanation

Copilot Analytics is specifically designed to measure:

  • User adoption
  • Active users
  • Usage frequency
  • Feature utilization
  • Organizational trends

The other reporting tools focus on security, cloud spending, or email traffic rather than Copilot adoption.

Go to the AB-900 Exam Prep Hub main page

Leave a comment