50 Microsoft Certified: Agentic AI Business Solutions Architect (beta) Practice Questions: Question Bank 2025

A retail company is designing an agentic AI solution that must answer customer questions using internal policies and product manuals. The company requires citations in responses and wants to minimize hallucinations. What is the recommended design approach?

You are implementing a business AI agent that can book travel, create calendar events, and submit expense reports. You need a design that separates decision-making from tool execution and supports adding new tools without rewriting the agent. What should you implement?

An agent orchestrates multiple steps: classify an email, extract entities, look up a customer record, and draft a reply. The team wants to reduce end-to-end latency while keeping each step observable. Which approach is best?

A regulated financial services company is deploying an agent that can initiate wire transfers. The company needs to ensure the agent cannot execute transfers without explicit human approval, even if the user requests it. What control should be implemented?

An organization is designing a multi-agent system where a "Planner" agent decomposes tasks and a "Worker" agent executes tools. During testing, the Worker repeatedly calls the same tool with slightly different parameters, causing a loop. What is the best mitigation?

A business AI agent must answer HR questions but only for the employee's region and role. The documents are in a shared index. What is the most appropriate way to enforce data access at retrieval time?

A customer-support agent uses an orchestration workflow with tools for CRM lookup and ticket creation. Intermittently, the agent returns incomplete answers with no ticket created, but logs show the model responded successfully. What is the most likely root cause?

You are implementing an agent that summarizes long legal documents and answers follow-up questions. Users complain that follow-up answers contradict the earlier summary. Which change is most effective to improve consistency?

A healthcare provider is building an agent that can draft clinical notes and recommend next steps. The organization requires that protected health information (PHI) is never stored in logs and that prompts/responses can be audited without exposing PHI. Which architecture best meets the requirement?

A global enterprise needs an agentic AI platform used by multiple business units. They require: (1) tenant-level isolation of data and tools, (2) centralized governance of model usage policies, and (3) the ability for each unit to add its own tools and knowledge bases without affecting others. Which design best satisfies these requirements?

A business wants an employee-facing AI agent that answers HR policy questions. The agent must only answer from approved internal documents and must refuse to answer when the answer is not present. Which design best meets the requirement?

You are implementing an AI agent that can create and update customer cases in a CRM system. You must ensure the agent can only perform a limited set of actions and that every action is explicitly validated. What is the best approach?

An agentic workflow needs to trigger when a new document is uploaded, extract key entities, route it for approval, and then update a line-of-business system. The solution must be event-driven and minimize custom code for orchestration. Which Azure service is the best fit for the workflow orchestration?

A company is building an AI agent that summarizes meetings and stores outputs in a knowledge base. The security team requires that all model prompts and completions be prevented from leaving the Azure boundary and that service access be restricted to private endpoints. What should you recommend?

An AI agent uses a vector index to retrieve product documentation. Users report that the agent returns outdated guidance even though newer documents exist. The ingestion pipeline is working and both old and new docs are present. What is the most likely issue to fix first?

You must design an agent that processes customer emails and automatically drafts responses. The business requires that a human must approve any outgoing message, but the agent should still learn from corrections over time. Which pattern best satisfies this requirement?

An agent uses multiple tools (search, calculator, CRM update). Occasionally it enters a loop calling search repeatedly and never finishes. You need to mitigate this at runtime without removing tools. What is the best mitigation?

A regulated enterprise requires an audit trail showing which data sources were used to generate each agent response, including retrieved documents and tool invocations. Which design best supports this?

An agent is deployed globally and must meet strict latency targets while using a central policy store for prompts and tool definitions. You observe high latency due to repeated fetching of policies and prompts. What is the best architectural improvement?

You are designing an agent that can initiate high-impact actions (issuing refunds, canceling orders). The company wants the agent to operate autonomously for low-risk actions but require stronger safeguards for high-risk actions. Which approach best fits a risk-tiered control model?

You are designing an agentic AI solution where a customer-facing agent must decide when to call external tools (CRM lookup, order status API, and a refund workflow). The business requires that the agent always follow a deterministic sequence for refunds: verify identity, validate eligibility, then initiate refund. Which design best enforces this requirement while still allowing flexible conversation?

A procurement agent must summarize vendor proposals for internal reviewers. The proposals contain confidential pricing and personally identifiable information (PII). Reviewers must see summarized content but not raw PII. Which approach best meets the requirement with least exposure of sensitive data?

A sales operations agent needs to read and update opportunities in Microsoft Dataverse. The security team requires least privilege and centralized identity management. Which authentication approach is recommended?

An agent uses RAG to answer questions about internal HR policies. Users report that answers are fluent but sometimes cite outdated policies. The latest policies exist in SharePoint, but the index refresh runs weekly. What is the best remediation to reduce stale answers while maintaining performance?

You are integrating multiple tools into an agent (ticketing, billing, identity verification). During load tests, tool invocations intermittently fail due to transient network errors, causing the agent to abandon tasks. Which design change is best to improve resiliency without changing tool implementations?

A finance agent must generate monthly variance narratives. The narratives must be consistent in structure (same section headings and ordering) across business units, but the content should vary based on data. Which approach best ensures consistent output format?

A support agent should answer customer questions and create a case only when the user explicitly requests it or when sentiment is negative and the issue cannot be resolved in two turns. Which solution best implements this policy in an agentic architecture?

An agent can initiate refunds through an external payment tool. During a security review, you discover the LLM can directly call the refund tool with arbitrary amounts if prompted. You must ensure refunds cannot exceed policy limits and must be authorized per customer account, even if the model is compromised. What is the best control?

You operate a multi-tenant agent platform for several subsidiaries. Each tenant has its own documents and line-of-business data. A pen test shows occasional cross-tenant data appearing in responses during peak load. The retrieval system uses a shared index with tenantId metadata. Which change most directly mitigates the risk?

A complex agent executes long-running tasks: gather data from multiple systems, draft a proposal, request approvals, then send an email. Business users complain that if the agent runtime restarts, the task state is lost and actions may be repeated. Which architecture best addresses durability and exactly-once side effects?

You are designing an agentic AI solution where multiple specialized agents (sales, finance, legal) must collaborate on a single customer proposal. The business requires a clear, auditable record of which agent produced each section and what sources were used. Which design approach best satisfies this requirement?

A customer support agent must call internal APIs to reset passwords and update account details. The security team requires that the agent can only invoke approved operations with strict parameter validation to prevent prompt injection from causing unintended API calls. What should you implement?

You are implementing an internal HR agent that answers policy questions using a set of PDFs stored in SharePoint and an employee handbook in Azure Blob Storage. The agent sometimes answers with outdated policy language. Which change most directly addresses this issue?

A business wants an agent to create purchase orders (POs). The process must include an approval step when the PO exceeds a threshold, and the agent must not proceed without explicit approval. Which pattern is most appropriate?

An agentic workflow uses several tools (CRM lookup, credit check, document generation). Intermittently, the final output is missing the credit-check result even though the tool succeeded. Your telemetry shows the tool returned after the orchestrator timed out and the agent continued. What is the best fix?

A team is choosing between an agent that uses retrieval-augmented generation (RAG) and one that fine-tunes a model on internal documents. The primary requirement is that answers must reflect frequent policy updates with minimal maintenance. What is the recommended approach?

Your organization requires that all prompts and responses containing customer data be retained for audit, but only accessible to a small compliance team. Which approach best meets the requirement while minimizing unnecessary exposure?

A multi-agent system generates inconsistent recommendations because different agents interpret the same customer segment definitions differently. You need consistent business logic across agents while preserving agent specialization. What should you do?

You are designing an agent that can automatically negotiate contract terms within a bounded playbook. The legal team requires provable enforcement that the agent cannot accept prohibited clauses, even if prompted by an internal user. Which solution best satisfies this requirement?

A global enterprise runs an agentic AI platform across regions. Data residency rules require that customer content never leaves its originating region, but the company still wants a single global view of operational metrics (latency, tool failure rate, token usage). What architecture best meets both requirements?

You are designing an agentic AI solution that must answer employee questions using internal policies and procedures. The business requires that answers cite the specific source passages used, and that the system can later prove what information was used for a given response. Which design choice best meets this requirement?

A business AI agent uses several tools (CRM lookup, order status, and a knowledge base). The agent must run a deterministic, auditable sequence of steps for regulatory reasons, and the team wants to prevent the model from inventing new steps at runtime. What is the best implementation approach?

An agent calls a third-party shipping API that enforces strict rate limits. During peak times, you see intermittent failures and increased latency. You need to stabilize the agent with minimal changes to business logic. Which solution is the most appropriate?

A multi-agent solution generates a customer-facing quote. One agent gathers product data, another applies discount rules, and a third formats the quote. In production, quotes sometimes include a discount that violates policy. You need to identify whether the issue is tool output drift, agent handoff errors, or prompt regressions. What is the most effective troubleshooting approach?

Your organization requires that an internal HR agent never exposes personal data (PII) in responses unless the user has an approved role. The agent uses a vector index containing employee records. Which control best enforces this requirement at the architecture level?

A sales agent must call an internal pricing service that requires a managed identity. The team accidentally hardcoded a client secret in the tool configuration. As the architect, what is the recommended fix?

You are implementing a business agent that needs to update records in an ERP system. The ERP requires that changes are idempotent and that duplicate requests do not create duplicate records. The agent sometimes retries tool calls after timeouts. Which design best prevents duplicates?

An agent uses a large knowledge base and multiple tools, and users report that responses are occasionally grounded in outdated policy text. Policies are versioned and new versions must take effect immediately. Which approach best ensures the agent always uses the newest policy content?

You are designing an enterprise agent that can approve refunds. The business demands a separation-of-duties control: the same user request cannot both propose and execute a high-value refund without independent verification. Which design satisfies this requirement most robustly?

A customer support agent uses tool calling to take actions (reset password, update address, cancel subscription). A security review finds the agent is vulnerable to prompt injection from retrieved content (for example, a malicious knowledge base article instructing the agent to call the cancel-subscription tool). What is the best mitigation strategy?