MS-203 - Microsoft 365 Messaging Message Hygiene and Protection Questions and Answers

Question 1

Your organization is concerned about malicious attachments in emails.
You want to implement a solution where attachments are analyzed in a sandbox environment, but users receive the email body immediately to avoid workflow delays.
A placeholder attachment should indicate that the original is being scanned.
Which Microsoft Defender for Office 365 Safe Attachments policy action should you configure?

Accepted Answer

Dynamic Delivery

Answer

Block

Answer

Replace

Answer

Monitor

Question 2

An administrator has successfully implemented SPF and DKIM. To complete the email authentication setup, they need to create a DMARC record. Which DMARC policy tag (`p=`) should be used to instruct receiving email servers to move messages that fail DMARC checks to the recipient's junk or spam folder?

Accepted Answer

p=quarantine

Answer

p=reject

Answer

p=none

Answer

p=monitor

Question 3

A messaging administrator is configuring an anti-phishing policy in Microsoft Defender for Office 365 to protect senior executives from spear-phishing and whaling attacks. Which specific feature allows the administrator to define a list of high-profile users to protect from attacks where the sender's display name and address mimic the user?

Accepted Answer

Impersonation protection

Answer

Spoof intelligence

Answer

Mailbox intelligence

Answer

First contact safety tip

Question 4

An organization wants to give users the ability to release messages quarantined as 'Spam' but prevent them from releasing messages quarantined as 'High-confidence phish'. Users should only be able to request the release of high-confidence phish messages for an administrator to review. Where must this granular control be configured?

Accepted Answer

In a Quarantine policy

Answer

In the Anti-spam policy actions

Answer

In a mail flow rule

Answer

In the Tenant Allow/Block List

Question 5

An email message containing a previously unknown malware variant was delivered to several users' inboxes because it was not detected by the initial real-time scans. A few hours later, Microsoft's threat intelligence services are updated with a signature for this new threat. Which Exchange Online Protection feature retroactively removes the malicious message from the user inboxes?

Accepted Answer

Zero-hour auto purge (ZAP)

Answer

Safe Links time-of-click verification

Answer

Dynamic Delivery

Answer

Connection filtering

Question 6

A user clicks a link in an email that has been processed by a Microsoft Defender Safe Links policy. The URL in the browser's address bar starts with `https://nam01.safelinks.protection.outlook.com`. What is the primary function of this URL rewriting?

Accepted Answer

To check the destination URL against a blocklist and scan its content for threats at the time of the click.

Answer

To add the original website to the user's trusted sites list.

Answer

To translate the website content into the user's default language.

Answer

To ensure the link can only be clicked once by the recipient.