MS-102 - Microsoft 365 Administrator Expert Managing Defender for Office 365 Questions and Answers

Question 1

An organization's CEO has been targeted by spear-phishing attacks where the sender's display name matches the CEO's, but the email address is external. To mitigate this specific threat for executives, which Defender for Office 365 policy and setting should an administrator configure?

Accepted Answer

Anti-phishing policy, with 'Enable users to protect' and adding the executives to the protected users list.

Answer

The 'Enable users to protect' setting within an anti-phishing policy is specifically designed to prevent user impersonation attacks. By adding high-profile individuals like executives to this protected list, Defender for Office 365 applies advanced checks to detect when their display names are being used by different email addresses, which is the exact scenario described.

Question 2

A company wants to minimize email delivery delays for recipients while still ensuring attachments are scanned for zero-day threats. Which action in a Safe Attachments policy achieves this by delivering the email body immediately with a placeholder for the attachment while it is being scanned?

Accepted Answer

Dynamic Delivery

Answer

The Dynamic Delivery action is designed to avoid message delays. It delivers the email to the recipient immediately but replaces any attachments with a placeholder. The attachment is scanned in a sandbox environment, and if it's deemed safe, it is reattached to the email in the user's mailbox. If it's malicious, it is quarantined.

Question 3

An administrator needs to proactively investigate the scope of a potential phishing campaign. They need to find all emails with a specific malicious URL that were delivered to user mailboxes across the organization within the last 7 days, including messages that were not clicked. Which Defender for Office 365 tool should be used?

Accepted Answer

Threat Explorer

Answer

Threat Explorer (available in Defender for Office 365 Plan 2) is the primary tool for threat hunting and investigation. It allows administrators to search for emails based on various criteria, including sender, recipient, subject, and specific URLs, across a 30-day period. Unlike Message Trace, it provides rich security details and threat information.

Question 4

Your organization wants to implement Microsoft's recommended security configurations with minimal administrative effort. You decide to use preset security policies. What is the primary difference in protection level between the 'Standard' and 'Strict' preset policies?

Accepted Answer

Strict applies more aggressive detection thresholds for spam, phishing, and malware, leading to potentially more false positives.

Answer

The primary difference between the Standard and Strict preset security policies is the aggressiveness of the protection settings. The Strict policy uses more sensitive thresholds for detecting threats like phishing and impersonation, which offers a higher level of security for high-risk users but may also increase the rate of false positives compared to the Standard policy.

Question 5

An administrator has configured a quarantine policy to allow users to release messages that were quarantined as 'Spam'. However, users report they cannot release messages that were quarantined because of a 'Malware' verdict from a Safe Attachments policy. What is the reason for this behavior?

Accepted Answer

By design, users can never release messages quarantined as malware or high-confidence phishing, regardless of quarantine policy permissions.

Answer

Microsoft Defender for Office 365 has a built-in security control that prevents end-users from releasing certain high-risk message types from quarantine themselves. Messages classified as malware or high-confidence phishing can only be managed by administrators. Even if a quarantine policy grants users release permissions, for these specific threat types, the user will only be able to request release, not perform the release directly.

(MS-102) Microsoft 365 Administrator Expert Practice Test

(MS-102) Microsoft 365 Administrator Expert Practice Test

MS-102 - Microsoft 365 Administrator Expert Managing Defender for Office 365 Questions and Answers