MS-102 - Microsoft 365 Administrator Expert Managing Defender for Office 365 Questions and Answers

Question 1

An organization's CEO has been targeted by spear-phishing attacks where the sender's display name matches the CEO's, but the email address is external.
To mitigate this specific threat for executives, which Defender for Office 365 policy and setting should an administrator configure?

Accepted Answer

Anti-phishing policy, with 'Enable users to protect' and adding the executives to the protected users list.

Answer

Safe Links policy, with 'On: Safe Links checks a list of known, malicious links' enabled.

Answer

Anti-malware policy, with 'Enable the common attachments filter' enabled.

Answer

Safe Attachments policy, with the 'Block' action for unknown malware.

Question 2

A company wants to minimize email delivery delays for recipients while still ensuring attachments are scanned for zero-day threats. Which action in a Safe Attachments policy achieves this by delivering the email body immediately with a placeholder for the attachment while it is being scanned?

Accepted Answer

Dynamic Delivery

Answer

Block

Answer

Replace

Answer

Monitor

Question 3

An administrator needs to proactively investigate the scope of a potential phishing campaign. They need to find all emails with a specific malicious URL that were delivered to user mailboxes across the organization within the last 7 days, including messages that were not clicked. Which Defender for Office 365 tool should be used?

Accepted Answer

Threat Explorer

Answer

Message Trace

Answer

Quarantine

Answer

Secure Score

Question 4

Your organization wants to implement Microsoft's recommended security configurations with minimal administrative effort. You decide to use preset security policies. What is the primary difference in protection level between the 'Standard' and 'Strict' preset policies?

Accepted Answer

Strict applies more aggressive detection thresholds for spam, phishing, and malware, leading to potentially more false positives.

Answer

Standard uses Safe Links but not Safe Attachments, while Strict uses both.

Answer

Standard applies to all users by default, while Strict must be manually assigned.

Answer

Strict requires a Microsoft 365 E5 license, while Standard is available with an E3 license.

Question 5

An administrator has configured a quarantine policy to allow users to release messages that were quarantined as 'Spam'. However, users report they cannot release messages that were quarantined because of a 'Malware' verdict from a Safe Attachments policy. What is the reason for this behavior?

Accepted Answer

By design, users can never release messages quarantined as malware or high-confidence phishing, regardless of quarantine policy permissions.

Answer

The quarantine policy has not been applied to the Safe Attachments policy correctly.

Answer

Users must be assigned the 'Security Reader' role to release messages quarantined as malware.

Answer

The global quarantine notification setting has been disabled by the administrator.

Question 6

A security team wants to assess how susceptible employees are to credential harvesting attacks. They plan to send a simulated phishing email to a group of users that directs them to a fake login page. Which feature within the Microsoft 365 Defender portal is specifically designed for this purpose?

Accepted Answer

Attack simulation training

Answer

Threat Explorer Campaigns View

Answer

Tenant Allow/Block List

Answer

Threat protection status report