Hard AB-100 practice questions
Challenge — multi-step scenarios, trade-offs, and subtle distinctions. 32 hard questions available — no sign-up, always free.
A retail company has a production Copilot Studio agent that answers product return questions. Customer satisfaction (CSAT) scores have plateaued, and the architect suspects the agent's instructions could be improved. Before rolling a revised prompt to all users, the team wants empirical evidence that the new instruction set actually improves resolution quality without regressing other conversations. Which tuning approach best supports this goal?
A customer service organization deployed a Copilot Studio agent three months ago to handle tier-1 support inquiries. Leadership wants to know whether the agent is genuinely reducing load on human agents versus simply deflecting users who later re-contact support. As the solutions architect responsible for the monitoring process, which primary metric should you emphasize to answer this question, and how should you interpret it correctly?
You are designing a Copilot Studio agent for a healthcare provider that queries patient appointment data stored in a Dataverse environment governed by row-level security. Regulatory rules require that each user only ever see records they are individually authorized to access, and every data access must be attributable to the requesting individual for audit purposes. When configuring how the agent authenticates to the Dataverse connector, which approach best satisfies these governance and compliance requirements?
A financial services firm is finalizing the deployment pipeline for a Copilot Studio agent that answers customer account questions by grounding on internal Dataverse and SharePoint knowledge. Security requires that every promotion to production be gated by a repeatable check that surfaces known weaknesses — such as susceptibility to prompt manipulation, over-broad connector permissions, and grounding sources exposing sensitive fields — before release. Which approach BEST establishes this gate as part of the ALM process?
A pro-dev team of five is building a complex Copilot Studio agent used across the company. Multiple developers frequently modify the same topics and custom actions in parallel, leading to lost changes when someone publishes over another's work. The ALM lead wants a repeatable process that captures every change, enables code review before promotion, and supports rolling back individual changes. Which approach best addresses these ALM requirements?
A manufacturing company wants an AI solution to accelerate supplier onboarding. The process involves collecting supplier documents, validating them against internal compliance rules, and routing approvals. The business has these constraints: the workflow logic is highly specific to their internal ERP, a vendor offers a generic onboarding SaaS agent that covers ~60% of the steps, and the company already uses Microsoft 365 Copilot broadly. Leadership asks the architect for a build-vs-buy-vs-extend recommendation that minimizes total cost of ownership while meeting the specialized requirements. Which recommendation best fits?
A Business Solutions Architect is designing the ALM release process for a customer-service Copilot Studio agent that is used by 4,000 live agents across three Dynamics 365 Customer Service environments. Leadership requires that new agent versions be validated against real production traffic without risking a full-population regression, and that any quality degradation can be reversed quickly. Which release strategy best meets these requirements?
A Copilot Studio customer service agent has been promoted to production across three business units. During monitoring, the operations team notices that the groundedness score has slowly declined over six weeks while conversation volume stayed constant, but no single deployment event correlates with the decline. Individual daily telemetry snapshots look acceptable, and no alert threshold has been breached. What is the MOST effective approach to confirm and diagnose the root cause of this gradual degradation?
A telecom company runs its customer support on a third-party contact center platform (Genesys) but wants to add AI that can autonomously resolve common billing questions by grounding on Dynamics 365 Customer Service knowledge articles and case data. The support operations team wants to deploy this capability inside their existing Genesys voice and chat channels without replacing the platform. As the solutions architect, which approach best meets these requirements?
A financial services firm has deployed a custom demand-forecasting model built in Microsoft Foundry into its production Dynamics 365 Supply Chain environment. Over the past quarter, forecast accuracy has degraded steadily even though no code or model version has changed. The architect must design the ALM process so that the model is retrained and re-promoted at the right time rather than on a fixed calendar schedule. Which approach best addresses the root cause?
A financial services firm uses a custom-tuned model in Microsoft Foundry to score loan applications. Regulators require that any change to the model's training data or hyperparameters be attributable to a named individual, reviewed before promotion, and reconstructable months later. The data science team currently retrains ad hoc and promotes directly to production. As the solution architect, which change to the ALM process best satisfies the regulatory requirements without blocking legitimate iteration?
A global manufacturer deploys a Copilot Studio agent in its EU environment to help procurement staff answer supplier questions. The agent uses a custom connector that calls a supplier analytics API hosted in a US data center. Compliance flags that supplier records classified under GDPR are being sent from EU to the US API during agent calls. The architect must recommend a design change that preserves the agent capability while ensuring data movement compliance. What should the architect recommend FIRST?
A multinational insurance company is deploying a Microsoft Foundry Agent service solution that grounds on customer policy documents. Regulatory requirements mandate that all personal data belonging to EU customers must be stored and processed within EU boundaries, and must never transit to other regions during inference or model tuning. The architect must design the solution to guarantee compliance. Which approach best satisfies the data residency requirement while allowing the agent to function?
A production Copilot Studio agent orchestrates three downstream tools: a Dataverse query action, a custom Azure Function connector, and a Foundry-hosted model for summarization. Users report intermittent slow responses, but overall agent analytics show acceptable average latency. As the solutions architect, you need to identify which specific component causes the tail-latency spikes without disrupting production. Which monitoring approach should you implement?
You are the architect for a Copilot Studio agent that spans Dynamics 365 Sales and Field Service. Your team is designing end-to-end test scenarios that exercise real tool calls against a Dataverse environment, a third-party scheduling API, and a payment gateway. During test runs, the agent occasionally fails because the external scheduling API returns rate-limit errors and the payment gateway sandbox returns non-production data shapes. Leadership wants reliable, repeatable end-to-end validation before promoting the agent to production. What is the most appropriate approach to structure these end-to-end tests?
A financial services firm has deployed a Microsoft Foundry Agent that grounds on a fine-tuned custom model. The team follows an ALM process with separate development, test, and production environments. During a recent production incident, the agent's responses degraded after the underlying foundation model was silently updated by the platform, causing regression in the tuned behavior. The architect must redesign the ALM process to prevent uncontrolled model changes from reaching production while still allowing planned upgrades. Which approach best addresses this requirement?
A financial services company needs an autonomous agent that reconciles trade settlements across three internal systems. The requirements include: complex multi-step reasoning orchestrated in code, custom retry and compensation logic, integration with the firm's existing CI/CD pipeline, unit-testable orchestration, and version-controlled agent definitions maintained by a team of professional .NET developers. Business users will not author or modify the agent. Which platform should the solutions architect select to build this agent?
A pharmaceutical company is building a custom agent in Microsoft Foundry to answer regulatory affairs questions. The base foundation model performs well on general reasoning but frequently misinterprets the company's highly specialized internal drug-naming conventions and abbreviations, producing incorrect terminology in its responses. The company has a large, well-labeled corpus of internal documents that consistently use these conventions. Latency and answer freshness are not primary concerns, but the responses must reliably adopt the company's linguistic style and terminology. Which approach should the architect recommend to best address the terminology problem?
A financial services firm is deploying a custom classification model in Microsoft Foundry that will process customer financial records containing PII. The compliance team requires that the model and its inference data never be used to train the underlying foundation model, that inference inputs are not retained by the platform, and that the model endpoint is only reachable from within the firm's virtual network. As the solutions architect, which combination of controls best satisfies these model security requirements?
A global manufacturer wants a solution where employees ask questions in Microsoft Teams and receive answers drawn from SharePoint and Exchange, while a separately owned, code-first agent handles complex supply-chain optimization by calling proprietary Python models and orchestrating several specialized sub-agents. The Teams-facing experience must reuse existing Microsoft 365 grounding with minimal custom code, and the two agents must be able to invoke each other. As the solution architect, how should you allocate the workloads across Microsoft's agent platforms?
A global manufacturing company wants an agentic solution with three capabilities: (1) employees ask questions grounded in Microsoft 365 documents and Teams chats from within their normal productivity apps, (2) a customer-facing web and WhatsApp bot that answers warranty questions with low-code authoring by a business team, and (3) a high-throughput backend agent that orchestrates several specialized reasoning models against proprietary telemetry data, requiring custom code and fine-grained control. As the solutions architect, which mapping of capabilities to Microsoft platforms best fits the requirements?
A global manufacturer runs Dynamics 365 Sales in North America, Dynamics 365 Field Service in Europe, and Dynamics 365 Customer Service in Asia, each managed by separate regional teams with distinct data models. Leadership wants a unified agentic experience so sellers, technicians, and support reps can ask cross-region questions (for example, 'Are there open service cases affecting accounts in my sales pipeline?') without abandoning their existing apps. As the solutions architect, what is the most appropriate strategy to plan this multi-Dynamics 365 solution?
A Copilot Studio agent for a financial services firm answers customer questions by grounding on uploaded PDF documents and public web content. During a security review, the architect discovers that malicious instructions embedded inside an uploaded document caused the agent to ignore its system instructions and reveal internal pricing logic. Which mitigation most directly addresses this indirect prompt injection risk while preserving the agent's grounding capability?
A financial services company deploys a Copilot Studio agent that helps loan officers evaluate credit applications. The agent surfaces a recommendation ('approve' or 'refer for review') based on a custom model plus grounding data. During a compliance review, regulators demand that every recommendation be accompanied by the specific factors that influenced it, so that adverse decisions can be justified to applicants. Which responsible AI design measure most directly satisfies this requirement?
A retail company deployed a Copilot Studio customer service agent that logs full conversation transcripts, including customer-provided personal details, to a Dataverse table for tuning purposes. Under GDPR, a customer submits a verified data subject deletion request. The architect must ensure the solution can honor such requests going forward while preserving the ability to tune the agent. Which design approach best satisfies the responsible AI privacy principle and compliance obligation?