A company employs a team of customer service agents to provide telephone and email support to customers. The company develops a webchat bot to provide automated answers to common customer queries. Which bu...

To evaluate the business benefit of creating a webchat bot solution, let's break down each option: A) Increased sales: This option suggests that the webchat bot would directly lead to higher sales. While a well-designed bot could engage customers more efficiently and potentially guide them to make purchases, the primary purpose of the bot in this case is customer support. Therefore, it is less likely to directly contribute to increased sales, as the bot is designed for answering queries rather than actively promoting or selling products. B) A reduced workload for the customer service agents: This is the most likely benefit. The webchat bot would be able to handle common and repetitive queries automatically, leaving more complex or unique issues to the human customer service agents. This would significantly reduce the workload f...

Author: Liam · Last updated May 13, 2026

You have an Azure web app named webapp1. You need to configure continuous deployment for webapp1 by using...

To configure continuous deployment for WebApp1 using an Azure Repo, the first thing you need to create is an Azure DevOps organization. Here’s a detailed explanation of why this is the most appropriate option and why the other options are not suitable. Selected Option: B) an Azure DevOps organization Why choose this option? - Azure DevOps and Continuous Deployment: To set up continuous deployment (CD) using an Azure Repo, you need to utilize Azure DevOps Services. An Azure DevOps organization is the central place to manage your development projects, repositories, and pipelines. It serves as the foundation for setting up continuous integration (CI) and continuous deployment (CD) for your web app. - Azure Repos: In Azure DevOps, Azure Repos provides Git repositories to store your application code. From there, you can configure a CI/CD pipeline using Azure Pipelines to automate the build, test, and deployment of your web app to WebApp1. Without an Azure DevOps organization, you won't be able to set up repositories or pipelines for continuous deployment. - Project management and pipeline orchestration: An Azure DevOps organization also manages your teams, permissions, and workflows, ensuring that your continuous deployment process is streamlined and secure. Why Reject Other Options? A) An Azure Application Insights service - What is Azure Application Insights? It is a service used for monitoring and diagnosing the performance and usage of applications, including web apps. It helps in tracking metrics like performance, exceptions, and user interactions. - Why rejected: Although Application Insights is valuable for monitoring your web app’s health and performance, it is not related to configuring continuous deployment. It does not manage repositories or deployment pipelines, so it cannot be the first thing you create for continuous deployment...

Author: Lucas Carter · Last updated May 18, 2026

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The company develops an application named App1. App1 is registered in Azure AD. You need to ensure that A...

In this scenario, you need to configure permissions that will allow the application (App1) to access secrets in Azure Key Vault on behalf of the application users. Let's analyze the options: Key Concepts: 1. Application Permissions: These permissions are typically used when an application acts on its own behalf, rather than on behalf of a user. This means that the application is acting with its own identity and not relying on a user’s identity for authentication. 2. Delegated Permissions: These permissions are used when the application needs to access resources on behalf of a user. The user must be authenticated and authorized to access the resource. 3. Admin Consent: Some permissions require an administrator to approve (admin consent) before they can be granted. This is typically required for permissions that give broader access to resources, such as access to all users in a directory or sensitive data. Analysis of Options: - A) An application permission without admin consent: - This would allow the application to access Key Vault on its own behalf, without the need for user interaction. However, accessing Key Vault secrets typically requires delegated permissions when acting on behalf of users, not just application permissions. Furthermore, certain sensitive operations require admin consent even for app permissions. - Rejection Reason: While application permissions might be useful for accessing Key Vault directly, the requirement to access secrets on behalf of users makes this option unsuitable in this case. - B) A delegated permission without admin consent: - Delegated permissions allow the app to access resources on behalf of a user. However, many scenarios involving accessing Key Vault on behalf of a user do requi...

Author: CrimsonViperX · Last updated May 18, 2026

DRAG DROP - Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company is developing an application named App1. App1 will run as a service on server that runs Windows Server 2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data. You need to delegate the minimum required permissions to App1. Which three actions should you perform ...

Author: Amira · Last updated May 18, 2026

For a machine learning progress, how should you split data for training and evaluation?

To determine the best way to split data for training and evaluation in a machine learning process, let's analyze each option: A) Use features for training and labels for evaluation: This option is incorrect. Features are the input data used to train the model, while labels represent the target or the output values that the model aims to predict. Using labels for evaluation would not make sense, as the evaluation should be done on the predicted outputs (based on features), comparing them to the true labels. Mixing this up would result in a nonsensical model evaluation. B) Randomly split the data into rows for training and rows for evaluation: This is a correct approach. Typically, in machine learning, the data is randomly split into two parts: one for training and one for evaluation (or testing). The training set is used to train the model, and the evaluation set is used to test the model's generalization to unseen data. Random splitting ensures that both the training and evaluation sets are representative of the entire dataset, reducing bias and making the evaluation more reliable. C) Use labels for training...

Author: Krishna · Last updated May 13, 2026

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure AD access tokens. You n...

To properly register App1 in Azure AD, we need to obtain key information from the developer. Let's break down the options and their relevance to registering an app that uses the OAuth 2.0 implicit grant type. Key Concepts: 1. OAuth 2.0 Implicit Grant: This flow is typically used for client-side applications (like mobile apps) that run in a browser or on a device. The main purpose is to enable the application to obtain access tokens directly, which can then be used to authenticate API calls to Azure services. 2. Redirect URI: The URI where Azure AD sends the response containing the access token after the user completes the authentication. This is a critical part of the implicit grant flow because the token is sent to this URI after successful authentication. 3. Reply URL: In Azure AD, this term is used interchangeably with "Redirect URI." It refers to the location where Azure AD sends the response after the user has authenticated, and the implicit grant flow is completed. 4. Application ID: This is the unique identifier for the registered application in Azure AD. The application ID is essential for identifying the app in the Azure AD directory, but it is not the specific information needed for configuring OAuth flows. 5. Key: The application key is typically used for authentication in scenarios such as client credentials flow or other server-side authentication, but it is not required for the OAuth 2.0 implicit grant flow. The implicit flow relies on the browser redirect mechanism rather than client credentials. Analysis of Options: - A) A redirect URI: - This is essential for the OAuth 2.0 implicit grant flow. After the user authenticates, Azure AD sends the access token to this URI. The mobile application needs to provide the redirect URI so Azure AD knows where to send the token. - Selected Option: ...

Author: Rohan · Last updated May 18, 2026

HOTSPOT - You are developing a model to predict events by using classification. You have a confusion matrix for the model scored on test data as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each co...

Color-coded Confusion Matrix (Predicted labels on the left) | Predicted ↓ / Actual → | Actual 1 | Actual 0 | | ---------------------- | ---------------- | ----------------- | | Predicted 1 | 🟢 TP = 11 | 🔴 FP = 5 | | Predicted 0 | 🔴 FN = 1033 | 🟢 TN = 13951 | Legend: 🟢 Green = Correct prediction...

Author: Noah Williams · Last updated May 13, 2026

From the Azure portal, you are configuring an Azure policy. You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny ef...

In Azure Policy, different policy effects are used to define how resources are managed and governed. Let’s evaluate each of the effects and determine which one requires a managed identity for the assignment. Key Concepts: 1. Managed Identity: This is an identity in Azure Active Directory (Azure AD) that allows Azure services to authenticate to resources without the need to manage credentials. A managed identity is typically used by Azure services, including when deploying resources or performing actions that require permissions. 2. Policy Effects: - AuditIfNotExist: This effect audits a resource when it does not exist or when the policy conditions are not met. It does not require any additional permissions or managed identities to be deployed. It only reports non-compliance. - Append: This effect is used to add values to the properties of a resource during the policy evaluation. It does not require a managed identity, as it is a local operation based on the existing resource properties. - DeployIfNotExist: This effect allows for the deployment of a resource if it does not already exist, based on a specified condition. This requires a managed identity to deploy resources on behalf of the policy. - Deny: This effect denies a request to create or modify a resource if it violates the policy. It does not require a managed identity because it is based on policy evaluation rather than deploying or managing resources. Analysis of Options: -...

Author: Sofia · Last updated May 18, 2026

You build a machine learning model by using the automated machine learning user interface (UI). You need to ensure that the model meets the Microsof...

To ensure that the machine learning model meets the Microsoft transparency principle for responsible AI, let’s evaluate each option: A) Set Validation type to Auto: Setting the validation type to Auto helps in model evaluation by automatically selecting the most appropriate validation method, such as cross-validation or a simple train-test split. While it contributes to model performance and robustness, it does not directly address transparency or responsible AI practices. Transparency in AI is about making models interpretable and understandable, so this option does not fully align with the transparency principle. B) Enable Explain best model: This option is the most directly aligned with Microsoft's transparency principle for responsible AI. Enabling the "Explain best model" feature provides insights into how the model makes predictions, including feature importance and decision processes. This enhances transparency by making the model's decisions more understandable, thus supporting responsible AI practices. Transparency in AI requires that models are interpretable and that stakeholders understand how...

Author: Isabella · Last updated May 13, 2026

You have an Azure web app named WebApp1. You upload a certificate to WebApp1. You need to make the certificate accessi...

To make a certificate accessible to the app code of WebApp1, we need to ensure that the app can access the uploaded certificate in a way that the application can use it securely for its operations (such as authentication or encryption). Let’s evaluate each option and determine the best approach. Key Concepts: - Certificates in Azure: When you upload a certificate to a web app, it typically becomes available for use in operations like TLS/SSL or for app code that needs to access it, like making secure API calls. - Managed Identity: Managed identities are used to authenticate the web app to Azure services and securely access resources, but they are not directly involved in making certificates accessible to the app code. - App Settings: App settings are used to configure various settings for the application, including environment variables or configurations required for the app's runtime. While useful for managing configurations, they are not directly related to certificate access. Analysis of Options: - A) Add a user-assigned managed identity to WebApp1: - Reason for Rejection: A user-assigned managed identity allows the web app to authenticate to Azure resources like Key Vault, but it does not directly relate to making an uploaded certificate accessible to the app code. This is typically used for accessing Azure services, not for managing certificates within the web app. - B) Add an app setting to the WebApp1 configuration: - Selected Option: This is the correct option for accessing certificates in the app code. In Azure We...

Author: Chloe · Last updated May 18, 2026

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Ea...

Author: VioletCheetah55 · Last updated May 13, 2026

HOTSPOT - You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days. How should you complete the command? To answer, select the appropria...

Author: Krishna · Last updated May 18, 2026

HOTSPOT - To complete the sentence, select the appropriate option in the answer area. The handling of unusual or missing values provided to an Al system is a consideration fo...

Correct answer: C. reliability and safety Why Reliability and Safety is correct The reliability and safety principle focuses on ensuring that AI systems behave consistently, accurately, and safely under expected and unexpected conditions. Unusual or missing values are unexpected inputs. How an AI system handles these values (for example, errors, defaults, graceful degradation, or incorrect predictions) directly affects whether the system is reliable and safe to use. Microsoft explicitly includes robustness to edge cases, missing data, and abnormal inputs under reliability and safety. --- Why the other options are not relevant A. Inclus...

Author: Daniel · Last updated May 13, 2026

You have an Azure subscription that contains an Azure key vault named Vault1. In Vault1, you create a secret named Secret1. An application developer registers an application in Azure Active Directory (A...

To ensure that the registered Azure AD application can use Secret1 from Vault1, you need to give the application appropriate access to the Key Vault. Let's break down each option and evaluate the best solution. Key Concepts: 1. Azure Key Vault Access Policies: In Azure Key Vault, access policies control which users, groups, or applications can access secrets, keys, and certificates within the vault. 2. Azure AD Applications: When an application is registered in Azure AD, it gets an identity within the directory that can be used to authenticate and authorize access to Azure resources. 3. Permissions: The registered application needs permission to read secrets in the Azure Key Vault. This is controlled by access policies in Key Vault. Analysis of Options: - A) In Azure AD, create a role: - Reason for Rejection: Roles in Azure AD are used for assigning permissions to users, groups, or service principals. However, creating a role in Azure AD does not directly grant access to a specific Azure resource like Key Vault. Key Vault access is not granted through Azure AD roles but via access policies in Key Vault itself. Therefore, creating a role in Azure AD alone won't grant the application access to the secret. - B) In Azure Key Vault, create a key: - Reason for Rejection: Creating a key in Azure Key Vault is used to store cryptographic keys, not secrets. While Key Vault can store both keys and secrets, this step would only make the application able to use a cryptographic key, not a secret like Secret1. Th...

Author: Isabella · Last updated May 18, 2026

DRAG DROP - Match the types of AI workloads to the appropriate scenarios. To answer, drag the appropriate workload type from the column on the left to its scenario on the right. Each workload type may be used once, more...

Author: Daniel · Last updated May 13, 2026

You have an Azure SQL database. You implement Always Encrypted. You need to ensure that application developers can retrieve and decrypt data in the database. Which two pieces of information should you provide to the developers? ...

To ensure that application developers can retrieve and decrypt data from an Azure SQL database that uses Always Encrypted, certain pieces of information are necessary. Let's analyze each option and determine the correct solutions. Key Concepts: - Always Encrypted is a feature in Azure SQL Database that ensures sensitive data is encrypted both in transit and at rest. Data is encrypted and decrypted on the client side, meaning that the data in the database is stored in an encrypted form, and only authorized users or applications can decrypt it. - Column Master Key (CMK): This key is used to encrypt the column encryption keys (CEKs) and is managed in Azure Key Vault or a similar secure store. - Column Encryption Key (CEK): This is the key used to encrypt and decrypt the actual data in specific columns in the database. - Stored Access Policy and SAS: These are used for granting secure, time-limited access to resources in Azure (typically blobs or files) but are unrelated to the encryption of data in Azure SQL. - User Credentials: These are needed for authentication to the Azure SQL Database but are not directly related to the encryption/decryption process. Analysis of Options: - A) A stored access policy: - Reason for Rejection: A stored access policy is used with Azure Storage (for managing access to storage resources like blobs) and is unrelated to Always Encrypted in Azure SQL Database. It doesn't play a role in enabling decryption or encryption operations for the application. - B) A shared access signature (SAS): - Reason for Rejection: A SAS token is used to grant time-limited access to Azure resources (like blobs or files). It is not related...

Author: VioletCheetah55 · Last updated May 18, 2026

You are designing an AI system that empowers everyone, including people who have hearing, visual, and other impairments. This is an exam...

Let's analyze each option based on the scenario where you are designing an AI system that empowers everyone, including people with hearing, visual, and other impairments: A) Fairness: Fairness ensures that AI systems do not discriminate and that they treat all individuals or groups impartially. While fairness is a key principle in responsible AI, it focuses on ensuring equal treatment and opportunities for all, including avoiding bias in decisions. In this case, though fairness is important, the focus of the AI system is on empowering people with impairments, which aligns more closely with inclusiveness, rather than fairness specifically. B) Inclusiveness: Inclusiveness is the guiding principle that directly aligns with designing AI systems that empower everyone, including individuals with hearing, visual, and other impairments. Inclusiveness in AI means ensuring that all people, regardless of their abilities or backgrounds, can use and benefit from the system. This principle emphasizes accessibility and removing barriers, ensuring that AI systems are designed for the benefit of diverse groups. In this scenario, inclusiveness is the most appropriate principle because the goal is to create a system that accommodates people with i...

Author: Olivia Johnson · Last updated May 13, 2026

You have a hybrid configuration of Azure Active Directory (Azure AD). All users have computers that run Windows 10 and are hybrid Azure AD joined. You have an Azure SQL database that is configured to support Azure AD authentication. Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account. You need to tell the developers whic...

In this scenario, the developers are working with a hybrid Azure AD setup, and they are required to authenticate to an Azure SQL Database using their on-premises Active Directory (AD) credentials. The goal is to minimize authentication prompts when connecting to the SQL database using Microsoft SQL Server Management Studio (SSMS). Let’s analyze the options for the best authentication method to achieve this. Key Concepts: - Hybrid Azure AD Join: This means that the users’ devices are joined to both on-premises Active Directory and Azure Active Directory. The users can authenticate using either their on-premises AD credentials or Azure AD credentials, depending on how they are configured. - Azure AD Authentication for SQL Database: Azure SQL Database can be configured to support Azure AD authentication, allowing users to log in using their Azure AD credentials. - Authentication Methods: - SQL Login: This method uses credentials stored directly in the SQL database (username and password) rather than relying on Active Directory. This would not allow for the use of the on-premises AD credentials, so it is not suitable. - Active Directory Password Authentication: This method allows users to authenticate using their Azure AD or on-premises AD credentials, but it will require the user to input their password each time they connect, which may introduce authentication prompts. - Active Directory Integrated Authentication: This method allows users to authenticate to the SQL database using Windows Integrated Authentication. Since the users are hybrid Azure AD joined, this method leverages their on-premises AD credentials seamlessly, provided the users are signed into their Windows 10 devices using their on-premises AD account. This approach typically minimizes authentication prompts because it uses the current user's existing Windows session credentials. - Active Directory Universal Authentication with MFA support: This method is used when multi-factor authentication (MFA) is required for Azure AD login. I...

Author: Krishna · Last updated May 18, 2026

DRAG DROP - Match the Microsoft guiding principles for responsible AI to the appropriate descriptions. To answer, drag the appropriate principle from the column on the left to its description on the right. Each principle may be used on...

Let’s carefully match the Microsoft Responsible AI principles to the statements you provided. I’ll go step by step. --- 1️⃣ Statement: “Ensure that AI systems operate as they were originally designed, respond to unanticipated conditions, and resist harmful manipulation.” This is about robustness, reliability, and safety under unexpected conditions. Principle: Reliability and Safety ✅ --- 2️⃣ Statement: “Implementing processes to ensure that decisions made by AI systems can be overridden by humans.” This is about humans being able to take accountability and intervene if AI makes mistakes. Principle: Accountability ✅ --- 3️⃣ Statement: “Provide consumers with information and controls over the collection, use, and storage of their data.” This is about ...

Author: Ravi Patel · Last updated May 13, 2026

HOTSPOT - To complete the sentence, select the appropriate option in the answer area. When developing an Al system for self-driving cars, the Microsoft _____________ principle for responsible AI should be appli...

The correct answer is: C. reliability and safety ✅ Explanation: The sentence talks about a self-driving car AI system that must operate consistently during unexpected circumstances. This is exactly what the Reliability and Safety principle of responsible AI covers: designing AI systems to behave predictably, safely, and robustly, even in unusual or unexpected situations. Why not the others? Inclusiveness → Foc...

Author: Abigail · Last updated May 13, 2026

DRAG DROP - You have an Azure subscription named Sub1 that contains an Azure Storage account named contosostorage1 and an Azure key vault named Contosokeyvault1. You plan to create an Azure Automation runbook that will rotate the keys of contosostorage1 and store them in Contosokeyvault1. You need to implement prerequisites to ensure that you can implement the runbook. Which three actions sh...

Author: Elijah · Last updated May 18, 2026

You are building an AI system. Which task should you include to ensure that the service meets the Micros...

The correct answer is: C. Provide documentation to help developers debug code ✅ Explanation: The Microsoft transparency principle focuses on making AI systems understandable and explainable, so users and developers know how decisions are made. Providing clear documentation that helps developers understand and debug the system aligns with transparency, because it reveals how the AI works. Why no...

Author: Olivia Johnson · Last updated May 13, 2026

HOTSPOT - You have an Azure Storage account that contains a blob container named container1 and a client application named App1. You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication. What should you do? To answe...

Author: Olivia · Last updated May 18, 2026

DRAG DROP - Match the types of AI workloads to the appropriate scenarios. To answer, drag the appropriate workload type from the column on the left to its scenario on the right. Each workload type may be used once, more...

Let's carefully match each workload type to the task: --- Workload Types: 1. Anomaly detection – Detecting unusual patterns or outliers in data. 2. Computer vision – AI that processes images or video. 3. Machine Learning (Regression) – Predicting a continuous numeric value. 4. Natural language processing (NLP) – AI that understands or analyzes text or language. --- Tasks: 1. Identify handwritten letters → Computer vision ✅ Reason: This involves recognizing patterns in images of letters. 2. Predict the sentiment of a social media post → Natural language processing (NLP) ✅ Reason: Sentiment analysis is based on analyzing text. 3. Identify a fraudulent credit card ...

Author: Lina Zhang · Last updated May 13, 2026

HOTSPOT - You have an Azure subscription that contains an Azure key vault named ContosoKey1. You create users and assign them roles as shown in the following table. You need to identify which users can perform the following actions: * Delegate permissions for ContosoKey1. * Configure network access to ContosoKey1. Which user...

Author: Scarlett · Last updated May 18, 2026

HOTSPOT - ___________________ is used to extract dates, quantities, and locations from text. Select the ...

Let’s carefully go through this HOTSPOT question. The sentence: > “___________________ is used to extract dates, quantities, and locations from text.” Analyzing options: A. Key phrase extraction → This identifies important words or phrases in text (like “charity event,” “Twitter campaign”), but it doesn’t specifically extract dates, numbers, or locations. ❌ B. Language detection → This only determines the language of the text (English, Spanish, etc.), n...

Author: FlamePhoenix2025 · Last updated May 13, 2026

You have an Azure subscription that contains four Azure SQL managed instances. You need to evaluate the vulnerability of the managed ins...

To evaluate the vulnerability of your Azure SQL managed instances to SQL injection attacks, the primary focus should be on identifying security threats related to SQL injection and enhancing the security posture of the SQL instances. Let’s evaluate each option: Key Concepts: - SQL Injection Attacks: These are a type of security vulnerability where an attacker can manipulate SQL queries to execute unintended commands or access data. Preventing and detecting SQL injection attacks is a key aspect of database security. - Azure Security Solutions: Azure provides several tools and solutions to assess and mitigate security risks, including SQL injection attacks. Analysis of Options: - A) Create an Azure Sentinel workspace: - Reason for Rejection: Azure Sentinel is a security information and event management (SIEM) tool used for detecting, investigating, and responding to security threats across your Azure environment. While Azure Sentinel can be helpful in monitoring security events, it is not directly focused on evaluating SQL injection vulnerability. It is a more general tool for security monitoring, not a specific solution for identifying SQL injection vulnerabilities. - B) Enable Advanced Data Security: - Selected Option: Advanced Data Security for Azure SQL provides a suite of security features, including vulnerability assessment. This service is specifically designed to evaluate and identify vulnerabilities such as SQL injection and other potential security risks in Azure SQL Managed Instances. Enabling Advanced Data Security e...

Author: Amelia · Last updated May 18, 2026

What are three Microsoft guiding principles for responsible AI? Each correct answer presents a complete solution. ...

Microsoft's guiding principles for responsible AI are designed to ensure that AI systems are designed and deployed in ways that prioritize ethics, fairness, transparency, and the safety of users. Let’s analyze the options: Option A: Knowledgeability - Reasoning: While knowledgeability is important for understanding the system and its capabilities, it is not one of Microsoft’s officially stated guiding principles for responsible AI. - Rejection: Knowledge alone doesn’t ensure fairness, safety, or inclusiveness in AI systems. Responsible AI principles go beyond knowledge to ensure equitable outcomes, safety, and respect for all individuals. Option B: Decisiveness - Reasoning: Decisiveness is a quality relevant to decision-making but doesn’t directly address the core ethical and responsibility aspects of AI. - Rejection: Responsible AI principles emphasize fairness, transparency, safety, and accountability, rather than decisiveness in decision-making. Decisions should be explainable, ethical, and unbiased, which is not the same as simply being decisive. Option C: Inclusiveness - Reasoning: Inclusiveness is one of Microsoft's key principles for responsible AI. It focuses on ensuring AI systems serve and benefit people from diverse backgrounds, reflecting a wide range of perspectives, and addressing potential biases in design and deployment. - Selected for Inclusiveness: This principle helps ensure that the AI is fair and equitable for all users, ensuring no group is excluded or discriminated against based on race, gender, socioeconomic status, etc. Option D: Fairness - Reasoning: Fairness is another core guiding principle of responsible AI at Microsoft. It emphasizes ensuring that AI systems provide equitable and non-biased outcomes, avoiding discrimination based on personal attributes such as race, gender, or ot...

Author: Arjun · Last updated May 13, 2026

HOTSPOT - To complete the sentence, select the appropriate option in the answer area. Returning a bounding box that indicates the location of a...

Let’s carefully break this down: Sentence: > “Returning a bounding box that indicates the location of a vehicle in an image is an example of ______________” Key clue: Bounding box → This is a rectangle around an object to show its location. We’re detecting a vehicle (an object) in an image. Options: A. Image classification ❌ → This only labels the entire image (e.g., “this image contains a car”), but doesn’t provide location. B. Object detection ✅ → Object detection identifies objects in an image and returns their location, typically as bounding boxes. Perfect match....

Author: Nia · Last updated May 13, 2026

DRAG DROP - You have an Azure subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016. You need to encrypt VM1 disks by using Azure Disk Encryption. Which three actions should you perform in sequence? To answer, move the app...

Author: StarlightBear · Last updated May 18, 2026

HOTSPOT - To complete the sentence, select the appropriate option in the answer area. ____________________is ...

The correct answer is: A. Feature engineering ✅ Explanation: Feature engineering is the process of creating, transforming, or generating new features from raw data to improve a model’s performance. It goes beyond just selecting existing features—it can combine, normalize, or encode features to make the data more useful for machine learning. Why not the ...

Author: Aarav · Last updated May 13, 2026

You have an Azure subscription that contains a virtual machine named VM1. You create an Azure key vault that has the following configurations: * Name: Vault5 * Region: West US * Resource group: RG1 You need to use Vault5 to enable Azure Disk Encryption on V...

To enable Azure Disk Encryption on VM1 using Vault5 and support backing up the virtual machine with Azure Backup, the correct settings must be configured in the Key Vault. Let's evaluate each option: Key Concepts: - Azure Disk Encryption: This feature encrypts data on Azure virtual machine disks using BitLocker for Windows and DM-Crypt for Linux. It requires a Key Vault to store the encryption keys. - Azure Backup: This service allows for the backup of Azure VMs. It requires that the VM’s disks are encrypted using Azure Disk Encryption with a supported encryption key from an Azure Key Vault. Key Vault Components: - Access Policies: These define who can access the vault and what operations they can perform. This is essential for granting permissions to the encryption keys, but by itself does not handle the encryption or backup functionality directly. - Secrets: These store sensitive information like passwords or connection strings, but they are not used for encryption purposes in Azure Disk Encryption. Encryption requires keys, not secrets. - Keys: Keys are used for encryption purposes, such as Azure Disk Encryption. To enable disk encryption, you must configure and use an encryption key stored in the Key Vault. This is the core requirement for the disk encryption process. - Locks: Locks prevent changes to resources (e.g., deletion or modification), and while useful for preventing accidental deletion of the Key Vault, they do not play a direct role in supporting disk encryption or Azure Backup. Analysis of Options: - A...

Author: Samuel · Last updated May 18, 2026

You run a charity event that involves posting photos of people wearing sunglasses on Twitter. You need to ensure that you only retweet photos that meet the following requirements: * Include one or more faces. *...

Let’s carefully analyze this question for the AI-900 exam. Scenario: You want to filter images on Twitter to only retweet those that: 1. Include one or more faces. 2. Contain at least one person wearing sunglasses. Options: A. Verify operation in Face service → This is used to verify if two faces belong to the same person. It does not detect sunglasses or multiple faces, so this is not correct. B. Detect operation in Face service → This detects faces in an image and can return attributes like age, gender, head pose, facial hair, and glasses (including sunglasses). ✅ This can identify both faces and sunglasses...

Author: Olivia Johnson · Last updated May 13, 2026

When you design an AI system to assess whether loans should be approved, the factors used to make the decision should be explainable. This is an e...

When designing an AI system that assesses loan approvals, the factors used to make the decision should be explainable to ensure that stakeholders (such as applicants and regulators) understand how decisions are made. This aligns with transparency, which is about ensuring that AI decisions are understandable and can be explained to the people affected by them. Option A: Transparency - Reasoning: Transparency is a core principle of responsible AI. It ensures that AI decisions are explainable, making it possible for users to understand why a particular decision (such as loan approval or rejection) was made. In this case, an AI system for loan approval should provide clear explanations about the factors influencing the decision, such as credit score, income, and other relevant criteria. - Selected for Transparency: This principle ensures that users, customers, and stakeholders can trust the system because they can understand how decisions are made, which is particularly important in critical areas like loan approvals. Option B: Inclusiveness - Reasoning: Inclusiveness ensures that AI systems are designed to be fair and serve a broad range of people. While inclusiveness is important, especially in avoiding discrimination, it focuses more on ensuring that diverse groups are represented and treated fairly, rather than on making the decision-making process explainable. - Rejection: While inclusiveness may play a role in how the AI assesses applications (e.g., ensuring no bias against certain groups), the requirement for explainability of the ...

Author: Oscar · Last updated May 13, 2026

You have an Azure subscription named Sub1 that contains the resources shown in the following table. You need to ensure that you can provide VM1 with secure access to a...

To ensure that VM1 can securely access a database on SQL1 using a contained database user, let's break down each option: A) Enable a managed identity on VM1. - Explanation: A managed identity is a feature in Azure Active Directory (AAD) that allows Azure services like virtual machines to authenticate securely to resources that support Azure AD authentication, without needing to manage credentials. However, enabling a managed identity on VM1 alone doesn't directly provide access to SQL1 or configure a contained database user for authentication. - Rejected Reason: Although managed identities help in secure authentication, they don't automatically solve the problem of securely connecting a VM to a SQL database using a contained database user without additional configurations like setting up AAD authentication or secret management. B) Create a secret in KV1. - Explanation: Azure Key Vault (KV1) can securely store secrets like passwords or connection strings. A secret in Key Vault could potentially be used to store credentials that VM1 might need to access SQL1. However, simply creating a secret in Key Vault does not directly enable the VM to authenticate to SQL1 using a contained database user. - Rejected Reason: While secrets in Key Vault are important for storing sensitive data like connection strings or passwords, this option alone doesn't ensure that VM1 can use the contained database user for authentication. C) Configure a service endpoint on SQL1. - Explanation: A service endpoint in Azure allows traffic from a virtual network to reach an Azure service like SQL Database securely. This ensures that the traffic between VM1 and SQL1 is private and protected. However, service endpo...

Author: Sofia · Last updated May 18, 2026

HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Ea...

The correct answer is: ✅ B. Yes, No, No Explanation (aligned with Microsoft AI-900): 1. Providing an explanation of the outcome of a credit loan application → Yes This demonstrates the Transparency principle (AI decisions should be explainable). 2. A triage bot that prioritizes insurance claims based on injuries → No This is automated decision-ma...

Author: Elijah · Last updated May 13, 2026

DRAG DROP - Match the principles of responsible AI to appropriate requirements. The system must not discriminate based on gender, race? Personal data must be visible only to approve? Automated decision-making processes must be recorded so that approved users can identify why a decision was made? To answer, drag the appropriate principles from the column on the left to its requirement on the right. Each principle may be u...

1. Fairness → “The system must not discriminate based on gender, race” Why: Fairness in AI means that the system’s decisions should not introduce bias or discriminate against individuals based on protected attributes such as gender, race, age, or ethnicity. Example: If an AI model recommends loans, fairness ensures it doesn’t favor one gender or race over another. --- 2. Privacy and security → “Personal data must be visible only to approved users” Why: This principle ensures that sensitive information is protected and only accessible to authorized personnel. Example: User names, addresses, or medical records should be encrypted and restricted so that unauthorized users cannot view them. --- 3. Transparency → “Automated decision-making processes must be recorded so that approved users can identify why a decision was made” Why: Transparency means that AI decisions are explainable and auditable. Users or regulato...

Author: FlamePhoenix2025 · Last updated May 13, 2026

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table: In Sub1, you create a virtual machine that has the following configurations: * Name: VM1 * Size: DS2v2 * Resource group: RG1 * Region: West Europe * Operating system: Wind...

Azure Disk Encryption Overview Azure Disk Encryption (ADE) uses a key to encrypt the OS and data disks of a virtual machine (VM). The encryption keys are typically stored in an Azure Key Vault, and this vault must be in the same subscription as the virtual machine. Additionally, the vault must be in the same region or a supported cross-region configuration for the encryption process to work properly. Given Information: - VM1 Configuration: - Resource Group: RG1 - Region: West Europe - Operating System: Windows Server 2016 - Size: DS2v2 (Standard Azure VM) - Key Vaults: - Vault1 – Region: West Europe, Subscription: Sub1 - Vault2 – Region: East Europe, Subscription: Sub1 - Vault3 – Region: West Europe, Subscription: Sub1 - Vault4 – Region: West Europe, Subscription: Sub2 Key Factors for Storing the Encryption Key: 1. Same Subscription Requirement: The Azure Key Vault used to store the encryption keys for Azure Disk Encryption must be in the same subscription as the VM. Hence, Vaults in other subscriptions are not eligible. 2. Same Region or Supported Cross-Region: The Azure Key Vault must be in the same region as the virtual machine or in a supported cross-region configuration. If the key vault is in a different region, it might not be eligible unless it supports cross-region scenarios, but it is recommended to store the key in the same region. Review of Each Option: A) Vault1 or Vault3 only - Vault1 and Vault3 are both located in the West Europe region, which is the same as the region where th...

Author: SolarFalcon11 · Last updated May 18, 2026

DRAG DROP - You plan to deploy an Azure Machine Learning model as a service that will be used by client applications. Which three processes should you perform in sequence before you deploy the model? To answer, move the appropriate processe...

Let’s carefully go through this DRAG-DROP question step by step. Scenario: > Deploy an Azure Machine Learning model as a service. Which three processes should you perform in sequence before deployment? Key principle: The ML workflow always follows this order: 1. Data preparation – clean, format, and transform the data so it can be used for training. 2. Model training – train the model using the prepared data. 3. Model evaluation – evaluate the model’s performance to make sure it meets requirements before deployment. --- Options: A. Data preparati...

Author: Charlotte · Last updated May 13, 2026

You are building an AI-based app. You need to ensure that the app uses the principles for responsible AI. Which two principles should you follow? Each correct answer prese...

When building an AI-based app, it's crucial to follow responsible AI principles to ensure fairness, transparency, accountability, and safety. Let's evaluate each option to determine which two principles are most relevant. Option A: Implement an Agile software development methodology - Reasoning: While Agile is a beneficial software development methodology, it primarily focuses on iterative development and flexibility in meeting user needs. While Agile practices can indirectly help improve certain aspects of responsible AI development (such as responsiveness to feedback and quick iterations), it does not directly address responsible AI principles such as fairness, transparency, or safety. - Rejection: Implementing Agile does not directly address the ethical, transparency, or fairness concerns critical for responsible AI development. It’s more of a general development approach and does not focus on ensuring responsible AI behavior. Option B: Implement a process of AI model validation as part of the software review process - Reasoning: Model validation is a key aspect of responsible AI. It ensures that the AI system is working as intended and meets ethical standards, such as fairness, accuracy, and safety. It can help identify and correct biases, ensure robustness, and assess the generalizability of the model. Incorporating AI validation into the software review process also promotes transparency and accountability. - Selected for AI Model Validation: This is critical for ensuring that the AI system behaves as expected and doesn't produce harmful or biased outcomes. Model validation ensures that the system adheres to ethical standards, performs as intended, and is thoroughly tested for potential issues. Option C: Establish a risk governance committee that includes members of the legal team, members of the risk management team, and a privacy officer - Reasoning: Esta...

Author: Liam · Last updated May 13, 2026

HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1. On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. The date format YYYY-MM-DD is used on the exhibit. (Click the Exhibit tab.) User2 is assigned an access policy to Vault1. The policy has the following configurations: * Key Management Operations: Get, List, and Restore * Cryptographic Operations: Decrypt and Unwrap Key * Secret Management Operations: Get, List, and Restore Group1 is assigned an access policy to Vault1. The policy...

Author: Ahmed97 · Last updated May 18, 2026

HOTSPOT - To complete the sentence, select the appropriate option in the answer area. According to Microsoft's ______________ principle of responsible Al, Al systems should NOT re...

Let’s carefully analyze this HOTSPOT question. Sentence: > “According to Microsoft's ______________ principle of responsible AI, AI systems should NOT reflect biases from the data sets that are used to train the systems.” Key clue: The focus is on bias in AI systems → ensuring AI does not discriminate. --- Options: A. Accountability ❌ → Accountability is about assigning responsibility for AI decisions, not directly about bias. B. Fairness ✅ → Fairness ensures that AI decisions a...

Author: Sofia · Last updated May 13, 2026

HOTSPOT - Select the answer that correctly completes the sentence. According to Microsoft's principle of responsible Al,______________ Al systems should NOT reflect ...

Let’s carefully go through this HOTSPOT question. Sentence: > “According to Microsoft's principle of responsible AI, ______________ AI systems should NOT reflect biases from the data sets that are used to train the systems.” Key clue: The focus is on AI systems not reflecting bias. --- Options: A. Accountability ❌ → Accountability is about assigning responsibility for AI decisions, not specifically about bias. B. Fairness ✅ → Fairness ensures that AI does not discriminate or reflect bias in decision-...

Author: Manish · Last updated May 13, 2026

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso1812.onmicrosoft.com that contains the users shown in the following table. You create an Azure Information Protection label named Label1. The Protection settings for Label1 are configured as shown in the exhibit. (Click the Exhibit tab.) Label1 is applied to a file named File1. F...

Author: Vivaan · Last updated May 18, 2026

DRAG DROP - Match the types of AI workloads to the appropriate scenarios. To answer, drag the appropriate workload type from the column on the left to its scenario on the right. Each workload type may be used once, more...

The correct answer is: ✅ A) Natural language processing, Computer vision, Natural language processing Explanation (AI-900 exam logic): 1. An automated chatbot to answer questions about refunds and exchanges → Understands and responds to human language → Natural Language Processing 2. Determining whether a photo contains a person → Analyzing image content → ...

Author: Sophia Clark · Last updated May 13, 2026

SIMULATION - You need to prevent HTTP connections to the rg1lod1234578n1 Azure Storage account. To com...

To prevent HTTP connections to an Azure Storage account, you need to enforce secure communication protocols, such as HTTPS, for accessing the storage account. The most efficient way to achieve this is by configuring the storage account's security settings. Key Factors: - HTTP vs. HTTPS: Azure Storage supports both HTTP and HTTPS connections. However, to ensure that data is transferred securely, HTTP access should be blocked, and only HTTPS should be allowed. - Storage Account Security Options: The Azure portal provides several settings related to security and network access that can help you control how your storage account is accessed. Options to Consider: 1. Option 1: Disable HTTP traffic and enforce HTTPS: - In the Azure portal, you can configure the storage account's "Secure transfer required" setting. Enabling this setting ensures that all connections to the storage account must be made over HTTPS, effectively blocking HTTP traffic. - This is the best option for preventing HTTP connections and forcing secure communication via HTTPS. 2. Option 2: Network Security Configurations (e.g., Firewall or Virtual Network Restrictions): - While restricting access to the storage account via IP whitelisting, firewalls, or virtual network rules is possible, it doesn’t directly address the requirement of preventing HTTP traffic. These settings are useful for controlling access to the storage account from certain networks but do not enforce HTTPS. 3. Option 3: Rest...

Author: Emma · Last updated May 18, 2026

DRAG DROP - Match the machine learning tasks to the appropriate scenarios. To answer, drag the appropriate task from the column on the left to its scenario on the right. Each task may be used once, more than...

Let’s carefully map each learning task / process to the examples you provided. This is an AI-900 style alignment exercise. --- Processes / Learning Types: 1. Feature engineering → Creating new features from raw data to help the model learn better. Example: Splitting a date into month, day, and year fields ✅ Why: You’re transforming raw data into useful features for the model. 2. Feature selection → Choosing which input features to include in the model. Example: Picking temperature and pressure to train a weather model ✅ Why: You’re selecting the most relevant variables for training. 3. Model training → Feeding the selected features into an algorithm to learn patterns. (Not listed directly in your examples, but the training step comes after selecting features.) 4. Model evaluation → Assessing model performance using metrics. Example: Examining the valu...

Author: Ava · Last updated May 13, 2026

HOTSPOT - To complete the sentence, select the appropriate option in the answer area. Data values that influence the predic...

Let’s carefully analyze this HOTSPOT question. Sentence: > “Data values that influence the prediction of a model are called ______________” Key clue: These are the inputs to the model that the model uses to make predictions. --- Options: A. Dependent variables ❌ Dependent variables are the outputs or targets the model tries to predict, not the inputs. B. Features ✅ Features are the input variables used by the model to make predictions. Exa...

Author: ThunderBear · Last updated May 13, 2026

You have the Predicted vs. True chart shown in the following exhibit. Which type of model is the ...

To determine which type of model the "Predicted vs. True" chart evaluates, let's consider the nature of the chart and the type of data it involves. Option A: Classification - Reasoning: In classification models, the predicted values are discrete labels or categories, and the true values are also discrete. A "Predicted vs. True" chart for classification typically shows how many instances fall into each category (such as a confusion matrix), where you compare predicted labels with actual labels. - Rejection: A "Predicted vs. True" chart in classification might involve a confusion matrix or accuracy plots, but it doesn't typically show predicted values directly against true values in the same way as regression, where continuous values are plotted. Option B: Regression - Reasoning: Regression models predict continuous numeric values. A "Predicted vs. True" chart for regression typically plots the predicted values on the x-axis and the true values on the y-axis, showing how closely the predicted values match the actual values. This chart helps assess how well the model performs in predicting continuous outcomes, and is commonly used to e...

Author: Olivia · Last updated May 13, 2026

Which type of machine learning should you use to predict the number of gift cards that will be sold ...

To predict the number of gift cards that will be sold next month, the type of machine learning should be chosen based on the nature of the target variable (i.e., the value you are trying to predict). In this case, you're predicting a quantity (the number of gift cards), which is a continuous numerical value. Let's review the options: Option A: Classification - Reasoning: Classification is used when the target variable is categorical. In classification, you predict discrete labels or categories (e.g., predicting whether an email is spam or not, or classifying a customer as likely or unlikely to buy a product). - Rejection: Since the target variable (number of gift cards sold) is a continuous quantity, classification is not appropriate. It would be a poor fit if we were to categorize sales into specific classes (e.g., "low", "medium", "high"), but we want to predict a numerical amount. Option B: Regression - Reasoning: Regression is used to predict continuous numerical values. Since you're predicting the number of gift cards sold, which is a continuous variable (a number), regression is the most suitable machine learning approach. Regression models can predict values such as sales, rev...

Author: Ahmed97 · Last updated May 13, 2026