Tag: PL-300 Exam Hub

Analytics, Business Intelligence, Data Education & Training, Microsoft Certification, PL-300, Power BI

Practice Questions: Publish, import, or update items in a workspace (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Create and manage workspaces and assets
      --> Publish, import, or update items in a workspace

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

What happens when you publish a PBIX file from Power BI Desktop to a workspace that already contains a report with the same name?

A. Power BI creates a duplicate report
B. Power BI merges the changes
C. Power BI overwrites the existing report and semantic model
D. Power BI creates a new dataset only

Correct Answer: C

Explanation:
Publishing a PBIX with the same name replaces both the report and the semantic model in the workspace. This behavior is commonly tested on the exam.

Question 2

Which workspace role is required to publish content from Power BI Desktop to a shared workspace?

A. Viewer
B. Contributor
C. Viewer or Contributor
D. Viewer or Member

Correct Answer: B

Explanation:
A Contributor (or higher) role is required to publish content. Viewers have read-only access and cannot publish or update items.

Question 3

Which method allows you to bring an Excel workbook into a Power BI workspace as a report and dataset?

A. Publish from Power BI Desktop
B. Import the Excel file in the Power BI Service
C. Copy from another workspace
D. Use a deployment pipeline

Correct Answer: B

Explanation:
Excel files can be imported directly in the Power BI Service, which creates reports and datasets in the workspace.

Question 4

You need to update a report’s visuals without changing the underlying semantic model. What is the most appropriate action?

A. Delete and recreate the dataset
B. Republish the PBIX
C. Edit the report in the Power BI Service
D. Import the report again

Correct Answer: C

Explanation:
If permissions allow, editing visuals in the Power BI Service updates the report without replacing the dataset.

Question 5

Which action requires you to manually update a workspace app for users to see the change?

A. Adding a user to the workspace
B. Editing a report in the workspace
C. Refreshing a dataset
D. Applying row-level security

Correct Answer: B

Explanation:
Changes made in the workspace do not automatically appear in the app. The app must be republished.

Question 6

Which item can be edited directly in the Power BI Service without using Power BI Desktop?

A. PBIX file
B. Dataflow
C. Dataset schema
D. Power BI template

Correct Answer: B

Explanation:
Dataflows are created and edited directly in the Power BI Service and support centralized data preparation.

Question 7

What is the primary difference between publishing and importing content into a workspace?

A. Publishing creates dashboards; importing does not
B. Importing always overwrites existing content
C. Publishing is done from Desktop; importing is done from the Service
D. Importing does not create datasets

Correct Answer: C

Explanation:
Publishing is typically done from Power BI Desktop, while importing occurs within the Power BI Service using files or other sources.

Question 8

Which workspace role can update reports but cannot publish or update a workspace app?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: B

Explanation:
Contributors can publish and update content but cannot manage workspace settings or apps, which is restricted to Members and Admins.

Question 9

You want to move the same report through Development, Test, and Production environments. What is the recommended approach?

A. Use My Workspace
B. Import the report multiple times
C. Publish the PBIX to multiple workspaces
D. Share the report with different users

Correct Answer: C

Explanation:
Publishing the same PBIX to separate workspaces supports lifecycle management and environment separation.

Question 10

After importing a PBIX file into a workspace, which action is often required before users can view updated data?

A. Update the app
B. Configure data source credentials
C. Assign workspace roles
D. Enable row-level security

Correct Answer: B

Explanation:
Imported datasets often require credential configuration before refreshes can occur and data becomes available.

Exam Tip

If a question mentions:

  • Overwriting content
  • Workspace roles
  • Publishing vs importing
  • Updating without breaking access

➡️ Focus on workspace permissions, publish behavior, and app update requirements.

Go back to the PL-300 Exam Prep Hub main page

Analytics, Business Intelligence, Data Education & Training, Microsoft Certification, PL-300, Power BI

Practice Questions: Configure and Update a Workspace App (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Create and manage workspaces and assets
      --> Configure and Update a Workspace App

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

What is the primary purpose of publishing a workspace app in Power BI?

A. To allow multiple developers to edit reports simultaneously
B. To provide a read-only, curated experience for report consumers
C. To improve dataset refresh performance
D. To apply row-level security to reports

Correct Answer: B

Explanation:
Workspace apps are designed for content consumption, not development. They provide a controlled, read-only experience for users, which is why they are preferred over direct report sharing for large audiences.

Question 2

Which workspace roles can publish or update a workspace app?

A. Viewer only
B. Contributor and Viewer
C. Member and Admin
D. Contributor and Member

Correct Answer: C

Explanation:
Only Members and Admins have permission to publish or update workspace apps. Contributors can create content but cannot manage apps.

Question 3

You update a report in a workspace, but users do not see the changes in the app. What must you do?

A. Refresh the dataset
B. Clear the app cache
C. Republish or update the app
D. Reassign user permissions

Correct Answer: C

Explanation:
Changes made in the workspace do not automatically appear in the app. You must explicitly update (republish) the app for consumers to see the changes.

Question 4

Which feature allows different users to see different content within the same workspace app?

A. Row-level security (RLS)
B. Dataset roles
C. App audiences
D. Visual-level filters

Correct Answer: C

Explanation:
App audiences control content visibility, allowing different groups to see different reports or dashboards without duplicating content.

Question 5

Which permission allows users of an app to build their own reports using the app’s semantic model?

A. Viewer permission
B. Allow reshare
C. Build permission
D. Admin permission

Correct Answer: C

Explanation:
Granting Build permission allows users to connect to the underlying semantic model for scenarios such as Analyze in Excel or creating new reports.

Question 6

What happens to users when a workspace app is updated?

A. They must be re-added to the app
B. Their bookmarks are deleted
C. They automatically see the updated content
D. Their permissions are reset

Correct Answer: C

Explanation:
After an app is updated, users retain access and permissions, and the updated content becomes available automatically without additional action.

Question 7

Which scenario is the best use case for a workspace app?

A. Collaborative report development
B. Testing new visuals
C. Distributing finalized reports to a large audience
D. Debugging DAX calculations

Correct Answer: C

Explanation:
Workspace apps are ideal for broad distribution of production-ready content, while workspaces remain the collaboration area for developers.

Question 8

Which of the following is true about workspace apps?

A. Users can edit reports in an app
B. Apps automatically update when workspace content changes
C. Apps provide a controlled navigation experience
D. Apps replace the need for workspaces

Correct Answer: C

Explanation:
Apps allow creators to control navigation, ordering, and visibility of content. They are read-only and require manual updates.

Question 9

You want to hide a report from most users but make it available to executives using the same app. What should you do?

A. Duplicate the report into a new workspace
B. Use row-level security
C. Create a separate app
D. Use app audiences

Correct Answer: D

Explanation:
App audiences allow selective visibility of content without duplication, making them ideal for role-based access to reports.

Question 10

What is the key difference between a workspace and a workspace app?

A. Workspaces support data refresh; apps do not
B. Workspaces are for collaboration; apps are for consumption
C. Apps allow editing; workspaces do not
D. Apps automatically apply security

Correct Answer: B

Explanation:
A workspace is where content is created and maintained, while a workspace app is the distribution layer for end users.

Exam Tip

If a question mentions:

  • Broad distribution
  • Read-only access
  • Controlled release
  • Audiences
  • Updating without disrupting users

➡️ The correct answer is almost always Workspace App.

Go back to the PL-300 Exam Prep Hub main page

Analytics, Business Intelligence Platform, Microsoft Certification, PL-300, Power BI

Practice Questions: Identify when a gateway is required (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Create and manage workspaces and assets
      --> Identify when a gateway is required

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

You publish a Power BI report that imports data from an on-premises SQL Server and want to schedule daily refreshes in the Power BI service. What is required?

A. No additional configuration
B. A Power BI app
C. An on-premises data gateway
D. A premium capacity workspace

Correct Answer: C

Explanation:
Scheduled refresh from an on-premises data source requires a gateway to securely connect Power BI service to the local SQL Server.

Question 2

A dataset uses Azure SQL Database in Import mode with scheduled refresh enabled. Is a gateway required?

A. Yes, because scheduled refresh is enabled
B. Yes, because Import mode is used
C. No, because the data source is cloud-based
D. No, because the dataset is small

Correct Answer: C

Explanation:
Azure SQL Database is a cloud data source that Power BI can access directly, so no gateway is needed.

Question 3

You create a Power BI report using DirectQuery to an on-premises SQL Server. When users view the report in the Power BI service, what is required?

A. A gateway
B. A scheduled refresh
C. Import mode
D. Power BI Premium

Correct Answer: A

Explanation:
DirectQuery sends queries at report view time. A gateway is required for on-premises sources.

Question 4

Which scenario does NOT require a Power BI gateway?

A. Importing data from SharePoint Online
B. DirectQuery to an on-premises database
C. Refreshing an on-premises dataflow
D. Live connection to on-premises SSAS

Correct Answer: A

Explanation:
SharePoint Online is a cloud-based service and does not require a gateway.

Question 5

A report combines data from Azure Data Lake Storage and an on-premises file share. What is true?

A. No gateway is required because one source is cloud-based
B. A gateway is required for the on-premises source
C. A gateway is required for both sources
D. Gateways are not supported for mixed data sources

Correct Answer: B

Explanation:
Any on-premises data source used in the Power BI service requires a gateway, even in hybrid datasets.

Question 6

While working in Power BI Desktop, you connect to an on-premises SQL Server and refresh data locally. Is a gateway required?

A. Yes, always
B. Yes, if Import mode is used
C. No, gateways are only needed in the Power BI service
D. No, if DirectQuery is used

Correct Answer: C

Explanation:
Power BI Desktop connects directly to local data sources. Gateways are only required after publishing to the Power BI service.

Question 7

You want to refresh a Power BI dataflow that connects to an on-premises Oracle database. What is required?

A. Power BI Premium
B. A gateway
C. A paginated report
D. An app workspace

Correct Answer: B

Explanation:
Dataflows that use on-premises data sources require a gateway to refresh in the Power BI service.

Question 8

Which connection type always requires a gateway when the data source is on-premises?

A. Import with manual refresh
B. Import with scheduled refresh
C. DirectQuery
D. Both B and C

Correct Answer: D

Explanation:
Scheduled refresh and DirectQuery both require a gateway for on-premises data sources.

Question 9

A report uses a Live connection to an on-premises Analysis Services model. What is required?

A. A dataset refresh schedule
B. A gateway
C. Import mode
D. A certified dataset

Correct Answer: B

Explanation:
Live connections to on-premises Analysis Services require a gateway for real-time queries.

Question 10

Which factor is the most important when deciding if a gateway is required?

A. Dataset size
B. Data refresh frequency
C. Location of the data source
D. Number of report users

Correct Answer: C

Explanation:
Gateway requirements are based on whether the data source is accessible from the cloud or located on-premises.

Exam Tips

  • On-premises + Power BI service = Gateway
  • Cloud sources do not require gateways
  • DirectQuery and Live connections still require gateways
  • Desktop-only work never requires a gateway

Go back to the PL-300 Exam Prep Hub main page

Analytics, Business Intelligence, Data Education & Training, PL-300, Power BI

Practice Questions: Assign workspace roles (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Secure and govern Power BI items
      --> Assign workspace roles

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

You need to allow a user to add and remove workspace users and change workspace settings.
Which workspace role should you assign?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: D. Admin

Explanation:
Only the Admin role can manage workspace access and modify workspace settings. Members can manage content but cannot manage users.

Question 2

A business user needs to view reports and dashboards but should not be able to modify or publish any content.
Which role is most appropriate?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: A. Viewer

Explanation:
The Viewer role provides read-only access, allowing users to consume and interact with content without making changes.

Question 3

Which workspace role allows a user to create and edit reports but not publish or update a workspace app?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: B. Contributor

Explanation:
Contributors can create and modify content but cannot publish apps or manage workspace access.

Question 4

A Power BI developer must publish a workspace app but should not be able to add or remove users from the workspace.
Which role should be assigned?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: C. Member

Explanation:
Members can publish and update workspace apps but cannot manage workspace access, which is restricted to Admins.

Question 5

Which role is required to delete a workspace?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: D. Admin

Explanation:
Only workspace Admins have permission to delete a workspace.

Question 6

You want to follow best practices for access management by minimizing ongoing maintenance when employees change roles.
What should you use when assigning workspace access?

A. Individual user accounts
B. Distribution lists
C. Azure AD security groups
D. Shareable links

Correct Answer: C. Azure AD security groups

Explanation:
Using Azure AD security groups simplifies governance by allowing access changes to be managed centrally.

Question 7

A user needs to configure scheduled refresh for a semantic model but should not manage workspace access.
Which role is the minimum required?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: C. Member

Explanation:
Configuring scheduled refresh requires Member or Admin permissions. Contributors cannot manage refresh settings.

Question 8

Which workspace role requires a Power BI Pro license when the workspace is not in Premium capacity?

A. Admin only
B. Contributor only
C. Viewer only
D. All workspace roles

Correct Answer: D. All workspace roles

Explanation:
When a workspace is not in Premium capacity, all users, including Viewers, require a Power BI Pro license to access content.

Question 9

Which statement correctly describes the difference between workspace roles and row-level security (RLS)?

A. Workspace roles control data visibility, RLS controls actions
B. Workspace roles control actions, RLS controls data visibility
C. Both control user actions only
D. Both control data visibility only

Correct Answer: B. Workspace roles control actions, RLS controls data visibility

Explanation:
Workspace roles define what users can do, while RLS defines what data users can see within reports.

Question 10

You are designing a production workspace and want report consumers to have the least privilege possible.
Which role should they be assigned?

A. Viewer
B. Contributor
C. Member
D. Admin

Correct Answer: A. Viewer

Explanation:
The Viewer role follows the principle of least privilege, granting read-only access appropriate for production consumers.

Exam Readiness Checklist

✔ Know all four workspace roles
✔ Understand capabilities vs limitations
✔ Apply least privilege principles
✔ Recognize Admin-only actions
✔ Distinguish workspace roles from RLS

Go back to the PL-300 Exam Prep Hub main page

Business Intelligence, Business Intelligence Platform, Data Education & Training, PL-300, Power BI

Practice Questions: Configure item-level access in Power BI (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Secure and govern Power BI items
      --> Configure item-level access

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

You want business users to create their own reports using an existing semantic model, but you do not want them to edit the model. What should you grant them?

A. Workspace Viewer role
B. Workspace Contributor role
C. Build permission on the semantic model
D. Read permission on the report

Correct Answer: C

Explanation:
The Build permission allows users to create new reports using a semantic model without modifying it. Viewer access alone does not allow report creation, and Contributor access is broader than required.

Question 2

A user can view a dashboard but sees broken tiles that fail to load data. What is the most likely cause?

A. The dataset refresh failed
B. The user lacks Build permission
C. The user does not have access to the underlying report
D. The dashboard was shared incorrectly

Correct Answer: C

Explanation:
Dashboard tiles link back to underlying reports. If the user does not have access to those reports, the tiles will not display correctly—even if the dashboard itself is shared.

Question 3

Which permission allows a user to create a new report in Power BI Desktop using a published semantic model?

A. Read
B. Viewer
C. Contributor
D. Build

Correct Answer: D

Explanation:
Only the Build permission enables users to create new reports from an existing semantic model, including using Power BI Desktop or Analyze in Excel.

Question 4

You need to limit who can see specific reports within a Power BI app without creating multiple apps. What should you use?

A. Row-level security (RLS)
B. Workspace roles
C. App audiences
D. Dataset permissions

Correct Answer: C

Explanation:
App audiences provide item-level visibility within an app, allowing different user groups to see different reports or dashboards.

Question 5

Which statement best describes item-level access?

A. It controls what data rows users can see
B. It controls access to entire workspaces
C. It controls access to individual Power BI items
D. It replaces workspace roles

Correct Answer: C

Explanation:
Item-level access applies to individual items such as reports, dashboards, and datasets. It does not control row-level data access and does not replace workspace roles.

Question 6

A user has access to a report but cannot export data from it. What is the most likely explanation?

A. The dataset is using DirectQuery
B. The report is in a Premium workspace
C. Export permissions are restricted at the report or tenant level
D. The user lacks RLS permissions

Correct Answer: C

Explanation:
Export behavior is governed by item-level settings and tenant-level policies, not RLS or workspace type alone.

Question 7

When sharing a report, which permission must be explicitly granted if the user needs to reshare it with others?

A. Build
B. Viewer
C. Contributor
D. Reshare

Correct Answer: D

Explanation:
The Reshare permission must be explicitly enabled when sharing an item. Without it, users can view the report but cannot share it further.

Question 8

Which scenario requires item-level access instead of workspace roles?

A. Granting full control of all assets
B. Managing dataset refresh schedules
C. Allowing users to view only specific reports in a workspace
D. Enabling paginated report creation

Correct Answer: C

Explanation:
Item-level access allows fine-grained control over individual assets, making it ideal when users should only see specific reports.

Question 9

How does item-level access differ from row-level security (RLS)?

A. Item-level access controls data rows
B. RLS controls report visibility
C. Item-level access controls content access; RLS controls data visibility
D. They serve the same purpose

Correct Answer: C

Explanation:
Item-level access determines whether a user can open or interact with content, while RLS limits the data shown within that content.

Question 10

What is the recommended best practice when assigning item-level access at scale?

A. Assign permissions to individual users
B. Use workspace roles only
C. Use Azure AD security groups
D. Share reports anonymously

Correct Answer: C

Explanation:
Using Azure AD security groups improves scalability, simplifies maintenance, and aligns with enterprise governance best practices.

Exam Readiness Tip

If you can confidently answer questions about:

  • Build vs Read vs Reshare
  • Dashboards vs reports vs datasets
  • Item-level access vs workspace roles vs RLS

…you are in excellent shape for PL-300 questions in this domain.

Go back to the PL-300 Exam Prep Hub main page

Business Intelligence, Business Intelligence Platform, Data Education & Training, PL-300, Power BI

Practice Questions: Configure Access to Semantic Models (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Secure and govern Power BI items
      --> Configure access to semantic models

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

A user can view reports in a workspace but cannot create a new report using the existing semantic model. What is the most likely reason?

A. The user does not have Read permission on the semantic model
B. The user does not have Build permission on the semantic model
C. The user is not assigned a Row-Level Security role
D. The semantic model is not endorsed

Correct Answer: B

Explanation:
Creating new reports from a semantic model requires Build permission. A user can still view reports without Build permission, which makes this a common exam scenario.

Question 2

Which workspace role allows a user to edit semantic models and manage permissions?

A. Viewer
B. Contributor
C. Member
D. App user

Correct Answer: C

Explanation:
Members can publish, update, and manage semantic models, including assigning permissions. Contributors can edit content but cannot manage access.

Question 3

You want business users to create their own reports while preventing them from modifying the semantic model. What is the best approach?

A. Assign users the Viewer role and grant Build permission on the semantic model
B. Assign users the Contributor role
C. Assign users the Admin role
D. Publish the reports through a Power BI App only

Correct Answer: A

Explanation:
Granting Viewer role + Build permission enables self-service report creation without allowing model changes—this is a best practice and frequently tested.

Question 4

Where is Row-Level Security (RLS) enforced?

A. At the report level
B. At the dashboard level
C. At the semantic model level
D. At the workspace level

Correct Answer: C

Explanation:
RLS is defined in Power BI Desktop and enforced at the semantic model level, applying to all reports that use the model.

Question 5

Which DAX function is commonly used to implement dynamic Row-Level Security?

A. SELECTEDVALUE()
B. USERELATIONSHIP()
C. USERPRINCIPALNAME()
D. LOOKUPVALUE()

Correct Answer: C

Explanation:
USERPRINCIPALNAME() returns the logged-in user’s email or UPN and is commonly used in dynamic RLS filters.

Question 6

A user with Viewer access can see a report but receives an error when using Analyze in Excel. What is the most likely issue?

A. The user is not licensed for Power BI
B. The semantic model is not certified
C. The user does not have Build permission
D. RLS is incorrectly configured

Correct Answer: C

Explanation:
Analyze in Excel requires Build permission on the semantic model. Viewer role alone is insufficient.

Question 7

Which permission allows a user to share a semantic model with others?

A. Read
B. Build
C. Reshare
D. Admin

Correct Answer: C

Explanation:
The Reshare permission explicitly allows users to share the semantic model with other users or groups.

Question 8

What is the primary purpose of certifying a semantic model?

A. To apply Row-Level Security automatically
B. To improve query performance
C. To indicate the model is an approved and trusted data source
D. To allow external tool access

Correct Answer: C

Explanation:
Certification signals that a semantic model is officially approved and governed, helping users identify trusted data sources.

Question 9

Which approach is recommended for managing access to semantic models at scale?

A. Assign permissions to individual users
B. Use Microsoft Entra ID (Azure AD) security groups
C. Share semantic models directly from Power BI Desktop
D. Grant Admin role to all analysts

Correct Answer: B

Explanation:
Using security groups simplifies access management, supports scalability, and aligns with governance best practices.

Question 10

A report is published using a semantic model that has RLS enabled. A user accesses the report through a Power BI App. What happens?

A. RLS is ignored when using apps
B. RLS must be reconfigured for the app
C. RLS is enforced automatically
D. Only static RLS is applied

Correct Answer: C

Explanation:
Row-Level Security is always enforced at the semantic model level, regardless of whether content is accessed via a workspace, report, or app.

Final Exam Tips

  • Build permission is the most frequently tested concept
  • Viewer + Build is a common least-privilege design pattern
  • RLS always applies at the semantic model level
  • Certification is about trust and governance, not security
  • Apps do not bypass semantic model security

Go back to the PL-300 Exam Prep Hub main page

Business Intelligence Platform, Data Education & Training, PL-300, Power BI

Practice Questions: Implement Row-Level Security Roles (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Secure and govern Power BI items
      --> Implement row-level security roles

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

Where are Row-Level Security roles and filters created?

A. In the Power BI Service
B. In Power BI Desktop
C. In Microsoft Entra ID
D. In Power BI Apps

Correct Answer: B

Explanation:
RLS roles and DAX filters are created in Power BI Desktop. Users and groups are assigned to those roles later in the Power BI Service.

Question 2

Which DAX function is most commonly used to implement dynamic RLS?

A. USERELATIONSHIP()
B. USERNAME()
C. USERPRINCIPALNAME()
D. SELECTEDVALUE()

Correct Answer: C

Explanation:
USERPRINCIPALNAME() returns the logged-in user’s email/UPN and is the most commonly used function for dynamic RLS scenarios.

Question 3

A single semantic model must filter sales data so that users only see rows matching their email address. What is the best approach?

A. Create one role per user
B. Create static RLS roles by region
C. Use dynamic RLS with a user-mapping table
D. Use Object-Level Security

Correct Answer: C

Explanation:
Dynamic RLS with a user-to-dimension mapping table scales efficiently and avoids creating many static roles.

Question 4

What happens if a user belongs to multiple RLS roles?

A. Access is denied
B. Only the most restrictive role is applied
C. The union of all role filters is applied
D. The first role alphabetically is applied

Correct Answer: C

Explanation:
Power BI applies the union of RLS role filters, meaning users see data allowed by any role they belong to.

Question 5

Which statement about Row-Level Security behavior is correct?

A. RLS is applied at the report level
B. RLS applies only to dashboards
C. RLS is enforced at the semantic model level
D. RLS must be reconfigured for each report

Correct Answer: C

Explanation:
RLS is enforced at the semantic model level and automatically applies to all reports and apps using that model.

Question 6

You test RLS using View as role in Power BI Desktop. What does this feature do?

A. Permanently applies RLS to the model
B. Bypasses RLS for the model author
C. Simulates how the report appears for a role
D. Assigns users to roles automatically

Correct Answer: C

Explanation:
View as allows you to simulate role behavior to validate RLS logic before publishing.

Question 7

Which type of RLS is least scalable in enterprise environments?

A. Dynamic RLS
B. RLS using USERPRINCIPALNAME()
C. Static RLS with hard-coded values
D. Group-based RLS

Correct Answer: C

Explanation:
Static RLS requires separate roles for each data segment, making it difficult to maintain at scale.

Question 8

A user accesses a report through a Power BI App. How does RLS behave?

A. RLS is ignored
B. RLS must be redefined in the app
C. RLS is enforced automatically
D. Only static RLS is enforced

Correct Answer: C

Explanation:
RLS is always enforced at the semantic model level, including when content is accessed through apps.

Question 9

Which security feature should be used if you need to hide entire columns or tables from certain users?

A. Row-Level Security
B. Workspace roles
C. Object-Level Security
D. Build permission

Correct Answer: C

Explanation:
RLS controls rows only. Object-Level Security (OLS) is used to hide tables or columns.

Question 10

Which best practice is recommended when assigning users to RLS roles?

A. Assign individual users directly
B. Assign workspace Admins only
C. Assign Microsoft Entra ID security groups
D. Assign report-level permissions

Correct Answer: C

Explanation:
Using security groups improves scalability, governance, and ease of maintenance.

Final PL-300 Exam Reminders

  • RLS controls data visibility, not report access
  • Dynamic RLS is heavily tested
  • RLS applies everywhere the semantic model is used
  • Users see the union of multiple roles
  • RLS is defined in Desktop, enforced in the Service

Go back to the PL-300 Exam Prep Hub main page

Data Education & Training, PL-300, Power BI

Practice Questions: Configure Row-Level Security Group Membership (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections: 
Manage and secure Power BI (15–20%) 
    --> Secure and govern Power BI items 
        --> Configure row-level security group membership

Below are 10 practice questions (with answers and explanations) for this topic of the exam. 
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

Where are security groups assigned to RLS roles?

A. Power BI Desktop
B. Power BI Service
C. Microsoft Entra ID only
D. Power BI App settings

Correct Answer: B

Explanation:
RLS roles and filters are created in Power BI Desktop, but users and security groups are assigned to roles in the Power BI Service after the model is published.

Question 2

Which approach is considered a best practice for managing RLS membership at scale?

A. Assign individual users to each role
B. Create one role per user
C. Assign Microsoft Entra ID security groups to roles
D. Use workspace Admin access

Correct Answer: C

Explanation:
Using Entra ID security groups simplifies administration, supports scalability, and aligns with enterprise security standards.

Question 3

What happens when a user is added to an Entra ID security group that is already assigned to an RLS role?

A. The semantic model must be republished
B. The role must be recreated
C. The user automatically inherits the RLS permissions
D. The user must be manually added in Power BI

Correct Answer: C

Explanation:
Group-based RLS automatically applies to all members of the group without changes to the model or Power BI configuration.

Question 4

Which type of group is recommended for RLS role membership?

A. Distribution list
B. Microsoft 365 group
C. Entra ID security group
D. Power BI workspace group

Correct Answer: C

Explanation:
Entra ID security groups are designed for access control and are the preferred option for RLS scenarios.

Question 5

A user belongs to two security groups, each assigned to a different RLS role. How is access determined?

A. The most restrictive role applies
B. The first role applied alphabetically applies
C. Access is denied
D. The union of both roles applies

Correct Answer: D

Explanation:
Power BI applies the union of all RLS roles a user belongs to, allowing access to any data permitted by either role.

Question 6

Which action requires updating Microsoft Entra ID, not Power BI?

A. Modifying a DAX RLS filter
B. Creating a new RLS role
C. Adding a user to an RLS role via group membership
D. Testing RLS with View as

Correct Answer: C

Explanation:
User membership in security groups is managed in Entra ID, not in Power BI.

Question 7

Which statement about testing group-based RLS is correct?

A. Group membership can be fully tested in Power BI Desktop
B. Group membership is evaluated only in the Power BI Service
C. RLS does not apply to groups
D. Groups bypass dynamic RLS

Correct Answer: B

Explanation:
Power BI Desktop can test role logic, but actual group membership is evaluated only in the Power BI Service.

Question 8

Why is group-based RLS preferred over assigning individual users?

A. It improves report performance
B. It hides tables and columns
C. It reduces the need to update Power BI when users change roles
D. It removes the need for DAX filters

Correct Answer: C

Explanation:
Group-based RLS allows access changes to be managed centrally without modifying Power BI roles or republishing models.

Question 9

Which security concept is often confused with RLS group membership but serves a different purpose?

A. Build permission
B. Workspace roles
C. Object-Level Security
D. All of the above

Correct Answer: D

Explanation:
All listed options are different security mechanisms that control content access or structure, not row-level data visibility.

Question 10

What is the primary role of Power BI in a group-based RLS solution?

A. Managing group membership
B. Authenticating users
C. Enforcing data filters defined in RLS roles
D. Creating security groups

Correct Answer: C

Explanation:
Power BI enforces RLS filters at query time, while identity and group membership are managed externally in Entra ID.

Final PL-300 Exam Reminders

  • Use Entra ID security groups for RLS membership
  • Assign groups in the Power BI Service
  • RLS role logic lives in Power BI Desktop
  • Users see the union of all assigned roles
  • Group membership changes do not require republishing

Go back to the PL-300 Exam Prep Hub main page