MS-102 Manage your security services in Microsoft Defender XDR

Question 1

To add, modify, and delete anti-malware policies, you must be a member of what role group?

Answer 1

Organization Management or Security Administrator role groups.

Question 2

Exchange Online Protection

Answer 2

Organizations that host mailboxes in Exchange Online rely on Exchange Online Protection (EOP) to protect incoming and outgoing mail.

Question 3

Microsoft Defender’s Safe Attachments

Answer 3

scans all file attachments. In fact, it scans files even if they don’t appear to be suspicious. By doing so, it protects against malware that doesn’t have a known anti-virus signature.

Question 4

to create an anti-malware policy in the Microsoft Defender portal:

Answer 4

In the Microsoft Defender portal, under the Email & Collaboration section in the navigation pane, select Policies & rules.

On the Policies & rules page, in the list of policies, select Threat policies.

On the Threat policies page, under the Policies section, select Anti-malware.

On the Anti-malware page, the Default policy is displayed in the list of policies. Select Create to create a custom policy.

Question 5

common attachments filter

Answer 5

The file types that you specify are automatically identified as malware. As such, Microsoft Defender automatically quarantines messages containing these types of file

Question 6

Create anti-malware policies using Exchange PowerShell

Answer 6

create a malware filter policy,new-MalwareFilterPolicy -Name “<PolicyName>"</PolicyName>

Question 7

Use Exchange PowerShell to create a malware filter rule

Answer 7

New-MalwareFilterRule -Name “<RuleName>"</RuleName>

Question 8

MX record

Answer 8

ensures that email sent to the tenant’s domain arrives in mailboxes hosted in Exchange Online through the EOP service.

Question 9

How to bypass spam filtering on incoming messages

Answer 9

you can use Exchange mail flow rules (also known as transport rules) to bypass most spam filtering on incoming messages. For example, you might route email through a non-Microsoft protection service or device before delivery to Microsoft 365.

Question 10

Zero-hour auto purge (ZAP)

Answer 10

retroactively detects and neutralizes malicious phishing, spam, or malware messages the system already delivered to Exchange Online mailboxes

Question 11

Spoofing

Answer 11

the fraudulent practice of sending emails purporting to be from reputable companies.

Question 12

Sender Policy Framework

Answer 12

a DNS record that helps to prevent spoofing and phishing. It does so by verifying the domain name from which the sender sent the message.

Question 13

Domain Keys Identified Mail

Answer 13

adds a digital signature to email messages in the message header.

Question 14

Domain-based Messaging and Reporting Compliance

Answer 14

This authentication technique protects organizations from phishers who spoofed the 5322.From email address.

Question 15

How does EOP handle a message marked as ‘High confidence phishing’?

Answer 15

Quarantine’s the message

Question 16

Microsoft Defender for Office 365 P1

Answer 16

Protects email and collaboration from zero-day malware, phish, and business email compromise

Question 17

Microsoft Defender for Office 365 P2

Answer 17

Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training).

Question 18

Safe Attachments

Answer 18

When a user receives an email with an attachment, Safe Attachments tests the file to determine if it’s safe.

Safe Attachments opens the attachment in a virtual environment and executes it in a sandboxed environment to check for any suspicious behavior or activity.

Question 19

Safe Links

Answer 19

feature that helps protect users from malicious links in emails, documents, and other content. When a user selects a link, Safe Links tests the URL to determine if it’s safe.

Question 20

spoof intelligence insight in the Microsoft Defender

Answer 20

quickly identify spoofed senders who are legitimately sending you unauthenticated email.

Question 21

to open the spoof intelligence insight in the Microsoft Defender portal:

Answer 21

In the Microsoft Defender portal at https://security.microsoft.com, go to Email & Collaboration, then Policies & Rules, then Threat policies, and then Tenant Allow/Block Lists in the Rules section.

On the Tenant Allow/Block Lists page,

Question 22

The outbound spam filter policy.

Answer 22

Specifies the actions for outbound spam filtering verdicts and the notification options.

Question 23

The outbound spam filter rule

Answer 23

Specifies the priority and sender filters (who the policy applies to) for an outbound spam filter policy.

Question 24

Create outbound spam policies in the Microsoft Defender portal

Answer 24

In the Microsoft Defender portal at https://security.microsoft.com, select Email & Collaboration, then Policies & Rules, then Threat policies, and then Anti-spam in the Policies section.

On the Anti-spam policies page, select Create policy and then select Outbound from the drop-down list that appears.

Question 25

daily message limit

Answer 25

A valid value is 0 to 10000.

Question 26

PowerShell to create an outbound spam filter policy

Answer 26

New-HostedOutboundSpamFilterPolicy -Name

Question 27

PowerShell to create an outbound spam filter rule

Answer 27

New-HostedOutboundSpamFilterRule -Name

Question 28

Restricted Access list in mail flow rules in Exchange Online

Answer 28

Primarily used to prevent specific users from sending outbound emails. When you add a user to this list, they're restricted from sending emails but can still receive them

Question 29

Blocking domains or user email addresses in Microsoft Defender for Office 365.

Answer 29

Provides robust email filtering capabilities. Blocking domains or specific email addresses helps protect your organization from phishing, spam, and other threats.

Question 30

Perform the following steps to create mail flow rules using the EAC:

Answer 30

Sign in to the new EAC. Navigate to Recipients > Mailboxes. Select the user mailbox for which you want to establish a mail flow rule. In the user mailbox pane that appears, the General tab is displayed by default. Select the Mailbox tab. In the Message Delivery Restrictions section, select Manage message delivery restrictions.

Question 31

create mail flow rules using Exchange Online PowerShell.

Answer 31

Set-Mailbox -Identity "UserEmailAddress" -AcceptMessagesOnlyFromSendersOrMembers "Organization"

Question 32

To create block entries for domains and email addresses, use either of the following methods:

Answer 32

From the Emails tab on the Submissions page. When you submit a message as Should have been blocked (False negative), you can select Block all emails from this sender or domain to add a block entry to the Domains & email addresses tab on the Tenant Allow/Block Lists page

Question 33

Use Microsoft Defender to create block entries

Answer 33

In the Microsoft Defender portal, go to Policies & rules > Threat Policies > Rules section > Tenant Allow/Block Lists. On the Tenant Allow/Block Lists page, verify that the Domains & addresses tab is selected. On the Domains & addresses tab, select +Block.

Question 34

Creating a custom Safe Attachments policy in Microsoft Defender XDR

Answer 34

In the Microsoft 365 admin center, select Show All in the left-hand navigation pane, and then under Admin centers, select Security. In the Microsoft Defender portal, select Policies & rules in the left-hand navigation pane. On the Policies & rules page, select Threat policies. On the Threat policies page, under the Policies section, select Safe Attachments. On the Safe Attachments page, select Create.

Question 35

priority of Safe Attachments policies

Answer 35

automatically assigns policies a priority based on their order of creation. So the first policy you create is assigned priority 0, which is the highest priority policy.

Question 36

To create, modify, and delete Safe Links policies, you must be a member of

Answer 36

The Organization Management or Security Administrator role groups in the Microsoft Defender portal.

Question 37

reating a custom Safe Links policy in Microsoft Defender XDR

Answer 37

In the Microsoft Defender portal, select Policies and rules in the left-hand navigation pane. On the Policies and rules page, select Threat policies. On the Threat policies page, under the Policies section, select Safe Links. On the Safe Links page, select Create.

Question 38

correct sequence of steps to setting up a Safe Links policy in Microsoft Defender for Office 365.

Answer 38

Create Safe Links policy, turn on Safe Links protection, turn on real-time URL scanning, create Safe Links rule, specify recipient filters