매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
Microsoft 365 Copilot and Agent Administration Fundamentals 온라인 연습
최종 업데이트 시간: 2026년03월30일
당신은 온라인 연습 문제를 통해 Microsoft AB-900 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 AB-900 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 65개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
The correct answer is
D. the Analyst agent in Microsoft 365 Copilot. Microsoft Learn training for Microsoft 365 Copilot specifically distinguishes the Analyst agent as the tool for gathering insights from data and enhancing data presentations. Microsoft’s guidance also notes in the Researcher FAQ that when the task is spreadsheet-related, Analyst agent is better suited for Microsoft Excel related tasks. This makes Analyst the best choice for a quarterly sales reporting scenario that involves detecting performance trends, surfacing anomalies, and producing visual insights from multiple datasets.
The other options are less suitable. Researcher is intended for complex multi-step research and source-cited reports across web and work content, not specialized data analysis across files. Microsoft 365 Copilot Search is for finding information, not for deep quantitative analysis and anomaly summarization. Copilot in Excel is powerful for workbook-level analysis, but the question emphasizes broader insight generation across multiple files and asks for the best Copilot experience for trends, visuals, and anomaly summaries. Microsoft positions Analyst as the dedicated agent for that kind of data-analysis workflow.
정답:
Explanation:
The correct answer is C. a custom Microsoft 365 Copilot agent. Microsoft Learn explains that Agent Builder in Microsoft 365 Copilot lets you create agents with specific instructions, dedicated knowledge sources, and starter prompts. Starter prompts are designed to help users understand the most common supported scenarios, which directly matches the requirement to provide users with a list of common queries. Microsoft also documents that an agent can be grounded in selected SharePoint sites, folders, or files, allowing the response scope to be targeted to the HR policy content in Site1 rather than broad enterprise or web data.
The other options do not fit the requirement. Copilot in Word is document-focused and is not intended to create a reusable, shared query experience grounded only in one SharePoint source. Copilot notebooks group materials and chats, but they are not the right tool for publishing a guided HR policy assistant with starter prompts. Researcher is designed for broader, multi-step research using work data and web content, so it does not satisfy the requirement to keep answers grounded only in Site1.
정답: 
Explanation:
The correct answer is Activate the role. Microsoft Learn states that in Microsoft Entra Privileged Identity Management (PIM), when a user is made eligible for a Microsoft Entra role, they do not immediately have the permissions of that role. Microsoft specifically explains that eligible users must activate the role assignment before using the role. Only after activation does the user receive the permissions associated with that role for the approved time period.
That means if you are only eligible for the User Administrator role, you cannot create user accounts until you activate that role in PIM. The other options are incorrect because installing Microsoft Authenticator, requesting a license, or updating location information are not the universal prerequisite stated by Microsoft for using an eligible PIM role. Multifactor authentication can be required during activation depending on policy, but the core required action is still to activate the role first. Microsoft also notes that activation can involve entering a reason, selecting a duration, and completing any required approval or MFA steps.
정답:
Explanation:
The correct answer is C because Microsoft explains that authorization is the process of determining whether an authenticated identity is allowed to access a resource. Microsoft Learn distinguishes authorization from authentication by stating that authentication proves who you are, while authorization decides what you can access or do after identity has been established. In Microsoft 365 and the Microsoft identity platform, authorization commonly involves permissions, scopes, roles, and consent that control access to data and services such as Microsoft Graph, Exchange, SharePoint, or Teams.
Option A is incorrect because it refers more to external identity validation or federation concepts, not authorization itself. Option B describes authentication, not authorization, since it is about verifying identity claims. Option D describes a control such as multifactor authentication or Conditional Access requirements, which can happen before access is granted, but that still is not the definition of authorization. Authorization begins after identity verification and focuses on whether the identity has the right permissions for the requested resource.
정답:
Explanation:
The correct answer is A. Microsoft Learn defines Zero Trust as a security strategy built on the principles verify explicitly, use least privilege access, and assume breach. Microsoft also summarizes Zero Trust as a model that assumes breach and verifies every request, rather than trusting users, devices, or traffic simply because they originate from inside the corporate network. This is the key reason option A is correct. Under Zero Trust, every access request should be evaluated continuously using available signals such as identity, device state, location, service, and risk.
Option B is incorrect because improving user experience is not the defining principle of Zero Trust. Option C is incorrect because Zero Trust requires ongoing review and adjustment of permissions, especially through least privilege and risk-based access. Option D is incorrect because Zero Trust explicitly rejects implicit trust based on network location. Microsoft states that organizations should reduce reliance on the traditional idea that anything on the internal network is automatically safe or trustworthy.
정답:
Explanation:
The correct answers are A and D because Microsoft Entra Identity Secure Score is based on identity security recommendations, and Microsoft Learn specifically lists recommendations such as “Designate more than one Global Administrator” and “Do not expire passwords.” That means the number of global administrators in the tenant and whether password expiration is disabled directly influence the Identity Secure Score. Microsoft also notes that the score measures how closely an organization aligns with Microsoft’s recommended identity security best practices.
Option B is incorrect because SharePoint site permissions are related to SharePoint and Microsoft 365 workload permissions, not to the Entra identity-focused scoring model. Option C is incorrect because user location may be evaluated in Conditional Access and Zero Trust scenarios, but it is not itself listed as a direct Identity Secure Score factor in the Microsoft Entra recommendations referenced by Microsoft Learn. Identity Secure Score is driven by tracked identity recommendations and security configurations, not by simple geographic placement of users.
정답: 
Explanation:
The correct selections are No, Yes, No. Microsoft defines Zero Trust as a security strategy and explicitly states that it isn’t a product or a service. Instead, it is an approach based on principles such as verify explicitly, use least privilege access, and assume breach. That makes statement 2 true.
Statement 1 is false because Zero Trust does not require an Azure subscription. Microsoft provides Zero Trust guidance across many environments, including Microsoft 365, Copilot, Azure, and hybrid scenarios. It is a strategy that can be implemented with different technologies and is not dependent on owning Azure specifically.
Statement 3 is also false because there is no single switch in the Microsoft 365 admin center to “enable Zero Trust” for an organization. Microsoft’s documentation presents Zero Trust as a set of policies, configurations, and deployment steps across services such as Microsoft Entra, Intune, Defender, and Microsoft 365 workloads, not as one admin-center toggle.
Top of Form
Bottom of Form
정답: 
Explanation:
The correct answer is Require multifactor authentication for administrative roles. In the exhibit, each recommendation shows its available Secure Score points. The listed values are 1/1 for Use least privileged administrative roles, 8/8 for Do not expire passwords, 0.73/8 for Enable policy to block legacy authentication, and 0/10 for Require multifactor authentication for administrative roles.
Because 10 points is the highest value among the options shown, resolving that recommendation would improve the Identity Secure Score the most.
Microsoft Learn explains that Identity Secure Score in Microsoft Entra is based on Microsoft security recommendations, and each recommendation contributes a specific number of points depending on its impact and implementation state. Recommendations related to administrator protection are especially important because privileged accounts are high-value attack targets. Microsoft also emphasizes multifactor authentication for admin roles as a core identity security best practice. Therefore, both from the screenshot and from Microsoft’s identity guidance, the recommendation with the greatest score improvement is Require multifactor authentication for administrative roles.
정답: 
Explanation:
The correct answer is View all the users in the Microsoft Entra tenant. In the exhibit, John is assigned the Global Reader role. Microsoft documents that the Global Reader role is intended for users who need to view administrator features and settings in admin centers that a Global Administrator can view, but without edit permissions. That makes it appropriate for read-only visibility into tenant-wide directory and admin information, including users in Microsoft Entra.
The other answer choices are not supported by the Global Reader role. Microsoft distinguishes admin-center visibility from access to content in workloads such as SharePoint sites and Exchange mailboxes. Global Reader is a read-only administrative role, not a content access role for reading all documents or mailbox items. Likewise, performing eDiscovery of Microsoft 365 Copilot prompts requires Purview eDiscovery permissions or role group membership, not merely the Global Reader role. Microsoft documents eDiscovery permissions separately in Purview role groups.
Therefore, based on the assigned role shown, the valid completion is that John can view all the users in the Microsoft Entra tenant.
정답:
Explanation:
The correct answer is A. Microsoft Entra ID Protection. Microsoft Learn explains that Microsoft Entra ID Protection detects sign-in risk and user risk and can work with Conditional Access risk policies to automatically respond when suspicious authentication activity is identified. Microsoft documents specifically state that organizations can configure sign-in risk policies and user risk policies to automate responses such as blocking access, requiring multifactor authentication, or forcing password changes when risky activity is detected. Microsoft also notes that some very high-confidence risky sign-ins are automatically blocked by built-in protections.
The other options do not match this function. Microsoft Defender for Office 365 focuses on email, collaboration, and threat protection for tools like Exchange Online and Teams, not sign-in risk blocking. Microsoft Entra Privileged Identity Management (PIM) manages privileged role activation and governance, not risky sign-in detection. Microsoft Defender for Identity detects identity-related threats in hybrid identity environments, but the Microsoft feature used to automatically block risky sign-ins is Microsoft Entra ID Protection.
정답: 
Explanation:
The correct answer is Microsoft Defender XDR. Microsoft Learn defines Microsoft Defender XDR as a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. That wording matches the sentence in the question almost exactly, which makes this the clearly correct choice.
The other options do not fit that definition. Microsoft Entra Conditional Access is Microsoft’s Zero Trust policy engine used to evaluate signals and enforce access policies, not a cross-domain threat detection and response suite. Microsoft Entra ID Protection focuses on detecting and responding to identity risks such as risky sign-ins and risky users. Microsoft Purview is Microsoft’s portfolio for data governance, data security, and compliance. None of those products is described by Microsoft as coordinating detection, prevention, investigation, and response across endpoints, identities, email, and applications in the same integrated XDR manner. Therefore, the only answer that correctly completes the sentence is Microsoft Defender XDR.
정답:
Explanation:
The correct answers are A and D because both tasks are supported directly in the Exchange admin center (EAC). Microsoft Learn states that administrators can manage mail flow rules in Exchange Online from the EAC under Mail flow > Rules, which includes creating and managing transport rules for organizational email handling. Microsoft Learn also states that administrators can create shared mailboxes in the EAC under Recipients > Mailboxes, where a shared mailbox can be added and then delegated to users.
Option B is incorrect because adding a custom domain is normally done in the Microsoft 365 admin center, specifically on the Domains page. Although Exchange can later work with accepted domains and related mail flow settings, the act of adding and verifying a custom domain is not an Exchange admin center task. Option C is incorrect because license assignment is handled through Microsoft 365 or Microsoft Entra administrative tools, not the Exchange admin center.
정답: 
Explanation:
The correct answer is adding a public DNS record. Microsoft documents that when you add a custom domain to Microsoft 365, you must first prove ownership of that domain before Microsoft 365 can use it for services such as Exchange Online, SharePoint, and user sign-ins. The standard verification method described by Microsoft is to add a DNS record at your domain registrar or DNS hosting provider. Microsoft commonly uses a TXT record for verification, although in some cases an MX record can also be used depending on the setup flow. This is why “adding a public DNS record” is the right completion for the sentence.
The other choices are not the standard Microsoft 365 domain verification process. Microsoft’s admin guidance does not use confirming your business address, uploading a certificate, or uploading a webpage as the normal method for proving ownership of a domain in Microsoft 365. Domain verification is specifically tied to DNS because DNS is the authoritative public system used to prove control over the domain name.
정답: 
Explanation:
The correct selections are Yes, Yes, Yes. For statement 1, Microsoft Support explains that if you are not a site owner, you might still be able to invite other people to the site, although the invitation can generate an access request that a site owner approves or declines. Microsoft also states that site users have the opportunity to invite other people to collaborate on sites, unless that feature is disabled. That makes the statement true.
For statement 2, Microsoft Learn states that in SharePoint you can give people permissions to a site by adding individual users, security groups, or Microsoft 365 groups to one of the three SharePoint groups, including the Members group. That directly supports the statement.
For statement 3, Microsoft documents that site ownership and membership can be managed by adding or removing owners, members, site owners, site members, and site visitors. For group-connected sites, Microsoft also documents that owners can manage group ownership and remove owner status. Therefore, a site owner can remove another site owner, provided at least one owner remains.
정답: 
Explanation:
You can use a Microsoft Entra security group to assign permissions to Microsoft Entra ID resources. Answer. Yes
You can use a Microsoft Entra security group to assign Microsoft 365 licenses.
Answer. Yes
You can use a Microsoft Entra security group to assign permissions to Microsoft Exchange mailboxes.
Answer. No