AB-730 Certification Exam Guide + Practice Questions

Explanation:
In Microsoft 365 Copilot, agents such as Researcher are accessed through the Agents experience within the Copilot app. If the user interface does not immediately display a specific agent, the correct action is to browse or search the available agents catalog. The exhibit shows the left navigation pane with an Explore agents option.
According to Microsoft AI Business Professional guidance, built-in and custom agents can be discovered and enabled through the Explore agents section. If the user already has the appropriate Copilot license and is signed in with their work account, there is no need to switch accounts or request another license.
Signing in through a browser does not change feature availability, and using a personal account would remove access to organizational features. Therefore, to access the Researcher agent, you should select Explore agents and search for Researcher.

Explanation:
The first statement is correct because Microsoft 365 provides transparency and user control through the My Account portal, where users can review their Copilot activity history. This aligns with Microsoft’s responsible AI and data governance principles, ensuring visibility into AI interactions.
The second statement is incorrect. Deleting Copilot activity history removes stored interaction records (such as prompts and responses), but it does not automatically delete associated notebooks, documents, or pages stored in services like OneDrive or SharePoint. Those files remain governed by standard Microsoft 365 retention and lifecycle policies.
The third statement is correct because users can delete their entire Copilot activity history, including both prompts and generated responses. This reinforces enterprise-grade privacy controls and regulatory compliance requirements.
These controls demonstrate core generative AI fundamentals: transparency, user data ownership, security boundaries, and responsible lifecycle management of AI-generated interactions within Microsoft 365 environments.

Explanation:
Prompt injection is a generative AI security risk where an attacker inserts instructions (often hidden in text, documents, webpages, or user inputs) to override or manipulate the assistant’s intended behavior. This can lead to unintended actions such as ignoring policy controls, producing unsafe outputs, or attempting to reveal sensitive information. Because generative AI systems follow natural-language instructions, they can be socially engineered to prioritize malicious content unless safeguards are in place. This is why prompt injection can cause data exposure (for example, attempting to extract confidential content from grounded sources) and can also embed harmful instructions that redirect the model’s behavior. In enterprise settings like Microsoft 365 Copilot, mitigations include grounding boundaries, permission trimming, content filtering, and instruction hierarchy (system policies over user instructions). From a business governance perspective, users should treat untrusted inputs (emails, documents, web text) as potentially hostile and apply least-privilege access and validation when using AI outputs in decision-making.

Explanation:
Microsoft 365 Copilot operates within the security, compliance, and identity boundaries of a Microsoft 365 tenant. Shared prompts, prompt links, and Copilot artifacts are governed by organizational access controls and tenant isolation. If a prompt is created and shared from outside your organization, cross-tenant access may not be supported depending on the sharing configuration and administrative policies.
When a user attempts to open a prompt that resides in another organization’s tenant without proper cross-tenant sharing permissions, Copilot cannot locate or validate the resource within the user’s own environment. As a result, the system displays a “Prompt not found” message.
Option B would typically result in an access or permissions error rather than the prompt being unavailable entirely. Sensitivity labels and scheduled prompts do not inherently cause a “not found” error. Therefore, the most likely cause is that the prompt exists outside your organization’s tenant boundary and is not accessible to you.

Explanation:
Microsoft 365 Copilot is designed to be helpful by using work context―for example, the files you have access to, recent activity, meetings, emails, and SharePoint/OneDrive content―to suggest relevant prompts and help you start tasks faster. It also uses this context to augment your prompt before it is sent to the LLM. This is the grounding approach (often described as retrieval-augmented generation): Copilot retrieves relevant organizational content you’re permitted to access and adds it as supporting context so responses are accurate and business-relevant. However, Microsoft 365 Copilot does not use your organization’s contextual data to train the underlying foundation model. That separation is critical for enterprise privacy and compliance: your prompts, responses, and tenant data are used to generate the answer for your session and permissions, but are not used to improve or retrain the base LLM. This approach supports responsible AI, protects confidential business information, and ensures outputs respect access controls.