Get MS-102 Explore security metrics in Microsoft 365 Defender Microsoft Quiz Answers
Table of Contents
This learning path examines the threat vectors and data breaches organizations face today in their cybersecurity landscape, and the wide range of security solutions that Microsoft 365 provides to combat those threats.
This learning path helps prepare you for Exam MS-102: Microsoft 365 Administrator.
Prerequisites:
- Students should have completed a role-based administrator training collection such as Messaging, Teamwork, Security and Compliance, or Collaboration.
- Students should have a proficient understanding of DNS and basic functional experience with Microsoft 365 services.
- Students must have a proficient understanding of general IT practices.
- Students should have a working knowledge of PowerShell.
Quiz 1: Examine how phishing retrieves sensitive information
Q1. Which of the following payloads can be delivered through malware?
- Spam
- Spyware
- Data exfiltration
Quiz 2: Compare spam and malware
Q1. As Microsoft 365 Administrator for Lucerne Publishing, Inc., Holly Dickson is concerned about the recent rash of malware infections that have plagued the company’s computers. Holly knows that attackers use JavaScript to exploit users’ computers to plant payloads. What else do attackers typically use to plant payloads on users’ computers?
- Macros
- Bulk email
- Spam
Quiz 3: Examine elevation of privilege attacks
Q1. As the Microsoft 365 Administrator for Lucerne Publishing, Inc., Holly Dickson is concerned about several users who recently fell for elevation of privilege attacks. Which of the following strategies can Holly implement to help prevent future elevation of privilege attacks?
- Account isolation
- Variable password mitigation
- Microsoft Entra multifactor authentication
Quiz 4: Examine how attackers delete data from your tenant
Q1. As the Microsoft 365 Administrator for Lucerne Publishing, Inc., Holly Dickson is concerned about the recent data deletion attacks that have affected the company. To address these attacks, Holly wants to focus Lucerne’s initial data protection mechanisms on preventing account breaches and elevation of privilege. If a data deletion attack is still successful, which of the following strategies can Holly use to minimize the impact of the attack?
- Back up critical data to online stores
- Build redundancies into data management processes
- Implement role-based delegation
Quiz 5: Knowledge check
Q1. Preventing data exfiltration is most effective when a data classification scheme is used in combination with which of the following?
- Access Control Lists
- Data loss prevention policies
- External sharing policies
Q2. As the Microsoft 365 Administrator for Fabrikam, Inc., Patti Fernandez is focused on educating Fabrikam’s users about the effect of spoofing campaigns on the company. Besides whaling and malware delivery, what’s another common intention of a spoofing campaign that Patti must educate Fabrikam’s users about?
- Phishing
- Message deletion
- Account isolation
Q3. As the Microsoft 365 Administrator for Tailspin Toys, Allan Deyoung is worried about several recent attempts by hackers to obtain a user’s account credentials by using a password cracking tool. Which of the following strategies can Allan implement to protect against future password cracking attempts?
- Enable directory controls against multiple failed sign-in attempts
- Determine a set of risk tiers and then require sites and documents to tag data in your systems with the appropriate classification.
- Create external sharing policies in Microsoft 365
Module 2: Explore the Zero Trust security model
This module examines the concepts and principles of the Zero Trust security model, as well as how Microsoft 365 supports it, and how your organization can implement it.
Learning objectives:
By the end of this module, you should be able to:
- Describe the Zero Trust approach to security in Microsoft 365
- Describe the principles and components of the Zero Trust security model
- Describe the five steps to implementing a Zero Trust security model in your organization
- Explain Microsoft’s story and strategy around Zero Trust networking
Prerequisites:
None
This module is part of these learning paths:
Quiz 1: Examine the principles and components of the Zero Trust model
Q1. Which of the following items is an underlying principle that’s part of the foundation of the Zero Trust model?
- Implicit trust
- Use most privileged access
- Assume breach
Quiz 2: Examine Microsoft’s strategy for Zero Trust networking
Q1. As the Microsoft 365 Administrator for Lucerne Publishing, Inc., Holly Spencer wants to implement a Zero Trust network approach. Which of the following items can Holly use to control access to resources at Lucerne Publishing?
- External sharing policies
- Terms of use
- Data loss prevention policies
Quiz 3: Knowledge check
Q1. Organizations should follow five steps to secure their identity infrastructure. Four of these steps include strengthening your credentials, automating threat response, increasing your awareness, and enabling user self-help. What is the fifth step to secure their identity infrastructure?
- Implement multi-factor authentication
- Reducing the time criminals have to embed themselves into your environment
- Reduce your attack surface area
Q2. As the Microsoft 365 Administrator for Adventure Works Cycles, Patti Fernandez wants to adopt a Zero Trust approach to security protection throughout the organization. Which of the following features is the policy engine at the heart of Microsoft’s Zero Trust solution?
- Threat Analytics
- Microsoft Purview Insider Risk Management
- Microsoft Entra Conditional Access
Q3. As the Microsoft 365 Administrator for Fabrikam, Inc., Allan Deyoung wants to implement a Zero Trust security model across the organization. What tool can Allan use to help determine where Fabrikam is in its journey across its identities, devices, apps, infrastructure, network, and data?
- Microsoft Entra Conditional Access wizard
- Zero Trust Assessment
- Microsoft Defender for Office 365
Module 3: Explore security solutions in Microsoft 365 Defender
This module introduces you to several features in Microsoft 365 that can help protect your organization against cyberthreats, detect when a user or computer has been compromised, and monitor your organization for suspicious activities.
Learning objectives:
By the end of this module, you should be able to:
- Identify the features of Microsoft Defender for Office 365 that enhance email security in a Microsoft 365 deployment
- Explain how Microsoft Defender for Identity identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization
- Explain how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats
- Describe how Microsoft 365 Threat Intelligence can be beneficial to your organization’s security officers and administrators
- Describe how Microsoft Cloud App Security enhances visibility and control over your Microsoft 365 tenant through three core areas
Prerequisites:
None
This module is part of these learning paths:
Quiz 1: Enhance your email security using Exchange Online Protection and Microsoft Defender for Office 365
Q1. As the Microsoft 365 Administrator for Lucerne Publishing, Inc., Allan Deyoung is interested in implementing Microsoft Defender for Office 365. Allan is especially interested in providing time-of-click protection, which prevents users from going to malicious web sites. Which Microsoft Defender for Office 365 feature provides this functionality?
- Safe Links
- Spoof intelligence
- Anti-phishing
Quiz 2: Protect your enterprise network against advanced threats using Microsoft Defender for Endpoint
Q1. As Microsoft 365 Administrator for Contoso, Holly Dickson wants to implement Microsoft Defender for Endpoint. Holly likes the fact that Defender for Endpoint combines Microsoft’s robust cloud service and Windows 11 technology. For example, Holly likes how embedded Windows 11 technology collects and processes behavioral signals from the operating system. Windows 11 then sends this data to an organization’s private, isolated, cloud instance of Microsoft Defender for Endpoint. Which Windows 11 technology performs these operations?
- Threat intelligence
- Cloud security analytics
- Endpoint behavioral sensors
Quiz 3: Provide insight into suspicious activity using Microsoft Cloud App Security
Q1. What does Cloud App Security use to map and identify your cloud environment and the cloud apps your organization is using?
- Cloud Discovery
- Conditional Access App Control
- App Connectors
Quiz 4: Knowledge check
Q1. As hackers around the globe launch increasingly sophisticated attacks, organizations need tools that provide extra protection. A typical outbreak consists of two parts. The first part is a zero-day attack that consists of malware with unknown signatures. What is the second part of the attack?
- A lateral move inside the network to gain further control of sensitive users
- An elongated period of attack
- Compromising user credentials using brute force attacks, user group membership changes, and other methods
Q2. As the Microsoft 365 Administrator for Contoso, Holly Dickson has been researching a Microsoft product that monitors and analyzes user activities and information across a company’s network. This product then creates a behavioral baseline for each user, which the product uses to identify user anomalies with adaptive built-in intelligence. What product provides these features?
- Microsoft Defender for Identity
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
Q3. As the Microsoft 365 Administrator for Fabrikam, Holly Spencer has been researching a Microsoft product that provides an organization’s security analysts with reports and graphical views of the threat landscape in the company’s tenant. This product provides actionable insights and recommendations on policy and enforcement. What product provides these features?
- Microsoft Cloud App Security
- Microsoft Defender for Endpoint
- Microsoft 365 Threat explorer
Module 4: Examine Microsoft Secure Score
This module examines how Microsoft Secure Score helps organizations understand what they’ve done to reduce the risk to their data and show them what they can do to further reduce that risk.
Learning objectives:
By the end of this module, you should be able to:
- Describe the benefits of Secure Score and what kind of services can be analyzed
- Describe how to collect data using the Secure Score API
- Describe how to use the tool to identify gaps between your current state and where you would like to be regarding security
- Identify actions that increase your security by mitigating risks
- Explain where to look to determine the threats each action mitigates and the impact it has on users
Prerequisites:
None
This module is part of these learning paths:
Quiz 1: Explore Microsoft Secure Score
Q1. Which of the following statements accurately reflects Secure Score functionality?
- Secure Score displays the possible improvements you can make depending on the product licenses your organization owns
- Microsoft Secure Score represents the extent to which you have adopted security controls in your Microsoft 365 environment
- Secure Score syncs weekly to receive system data about your achieved points for each action
Quiz 2: Knowledge check
Q1. As the Microsoft 365 Administrator for Fabrikam, Holly Spencer is interested in implementing Microsoft Secure Score. Holly has researched this product and discovered that the Secure Score framework is based on a score relative to three factors. The first two factors include the features enabled by the organization, and the features available in the service. What is the third factor upon which the Secure Score framework is built?
- What the risks might look like
- The roadmap of recommended actions
- The security recommendations that address possible attack surfaces
Q2. As the Microsoft 365 Administrator for Contoso, Holly Dickson wants to implement Microsoft Secure Score. Holly wants to begin by implementing actions that affect user productivity the least while providing immediate gains. Which of the following actions should Holly complete that meets this requirement?
- Implement Data Loss Prevention policies
- Enable multifactor authentication on all administrator accounts
- Enable Information Rights Management
Q3. Which of the following statements accurately reflects Secure Score functionality?
- All improvement actions only give points when fully completed
- The highest ranked improvement actions have a large number of points remaining with high difficulty, user impact, and complexity
- Secure Score shouldn’t be interpreted as a guarantee against security breach in any manner
Module 5: Examine Privileged Identity Management
This module examines how Privileged Identity Management ensures users in your organization have just the right privileges to perform the tasks they need to accomplish.
Learning objectives:
By the end of this module, you should be able to:
- Describe how Privileged Identity Management enables you to manage, control, and monitor access to important resources in your organization
- Configure Privileged Identity Management for use in your organization
- Describe how Privileged Identity Management audit history enables you to see all the user assignments and activations within a given time period for all privileged roles
- Explain how Privileged Access Management provides granular access control over privileged admin tasks in Microsoft 365
Prerequisites:
None
This module is part of these learning paths:
Quiz 1: Configure Privileged Identity Management
Q1. As Fabrikam’s Microsoft 365 Administrator, Holly Spencer wants to implement Privileged Identity Management. Holly configured PIM settings for the selected Microsoft Entra roles. What is the next step that Holly should complete as part of Fabrikam’s PIM implementation?
- Mitigate privileged role access
- Assign role to users
- Approve or deny requests
Quiz 2: Knowledge check
Q1. As the Microsoft 365 Administrator for Lucerne Publishing, Patti Fernandez wants to reduce or eliminate standing admin access to privileged roles. What feature of Microsoft Entra Privileged Identity Management should Patti employ to meet this requirement?
- Azure roles
- Elevate access to the User Access Administrator role in Azure
- Eligible admins
Q2. As the Microsoft 365 Administrator for Fabrikam, Inc., Holly Spencer wants to enable Microsoft Purview Privileged Access Management (PAM). After Holly enables PAM at Fabrikam, its users must request just-in-time access to complete elevated and privileged tasks through an approval workflow that is highly scoped and time-bound. This process gives Fabrikam’s users just-enough-access to complete the task at hand, without risking exposure of sensitive data or critical configuration settings. How will this feature benefit Fabrikam?
- It can reduce legacy authentication workflows
- It can operate with zero standing privileges
- It reduces or eliminates standing admin access to privileged roles
Module 6: Examine Azure Identity Protection
This module examines how Azure Identity Protection provides organizations the same protection systems used by Microsoft to secure identities.
Learning objectives:
By the end of this module, you should be able to:
- Describe Azure Identity Protection (AIP) and what kind of identities can be protected
- Enable the three default protection policies in AIP
- Identify the vulnerabilities and risk events detected by AIP
- Plan your investigation in protecting cloud-based identities
- Plan how to protect your Microsoft Entra environment from security breaches
Prerequisites:
None
This module is part of these learning paths:
Quiz 1: Explore Azure Identity Protection
Q1. How does Azure Identity Protection investigate risk events?
- It uses Conditional Access autoremediation to intercept the risk event with an adaptive two-factor challenge
- It uses advanced machine learning to detect suspicious activities based on signals
- It triggers Risk-Based Conditional Access policies
Quiz 2: Explore the vulnerabilities and risk events detected by Azure Identity Protection
Q1. As Fabrikam’s Microsoft 365 Administrator, Holly Spencer is in the process of implementing Azure Identity Protection. One of Holly’s biggest concern is that their IT department is often unaware of all the cloud applications being used by Fabrikam’s users to do their work. Fabrikam’s administrative staff has concerns that this situation leads to unauthorized access to corporate data, possible data leakage, and other security risks. What action should Holly recommend to address this situation?
- Deploy Cloud App Discovery
- Use PIM to manage identity access to user apps
- Require Microsoft Entra multifactor authentication for user sign-in attempts to user apps
Quiz 3: Knowledge check
Q1. What happens when Azure Identity Protection’s threat intelligence or advanced machine-learning algorithms indicate that a user’s credentials are compromised?
- Risk-based conditional access policies can be triggered
- Microsoft Entra multifactor authentication is enabled for the user
- Azure Identity Protection notifies the Security Admin of the compromised credentials
Q2. When a risk event is created, which risk level identifies events that are potentially risky, and any affected user accounts should be remediated?
- High
- Medium
- Low
Find More Microsoft Quiz Answers >>
Work Smarter with Microsoft PowerPoint Coursera Quiz Answers
Work Smarter with Microsoft Excel Coursera Quiz Answers
Introduction to Microsoft Azure Cloud Services Coursera Quiz Answers
