Get MS-102 Implement threat protection by using Microsoft 365 Defender Microsoft Quiz Answers
Table of Contents
This learning path examines how to manage the Microsoft 365 threat intelligence features that provide organizations with insight and protection against the internal and external cyber-attacks that threaten their tenants.
This learning path helps prepare you for Exam MS-102: Microsoft 365 Administrator.
Prerequisites:
- Students should have completed a role-based administrator training collection such as Messaging, Teamwork, Security and Compliance, or Collaboration.
- Students should have a proficient understanding of DNS and basic functional experience with Microsoft 365 services.
- Students must have a proficient understanding of general IT practices.
- Students should have a working knowledge of PowerShell.
Module 1: Explore threat intelligence in Microsoft 365 Defender
This module examines how Microsoft 365 Threat Intelligence provides admins with evidence-based knowledge and actionable advice that can be used to make informed decisions about protecting and responding to cyber-attacks against their tenants.
Learning objectives:
By the end of this module, you should be able to:
- Describe how threat intelligence in Microsoft 365 is powered by the Microsoft Intelligent Security Graph.
- Create alerts that can identify malicious or suspicious events.
- Understand how the Microsoft 365 Defender’s Automated investigation and response process works.
- Describe how threat hunting enables security operators to identify cybersecurity threats.
- Describe how Advanced hunting in Microsoft 365 Defender proactively inspects events in your network to locate threat indicators and entities.
Prerequisites:
None
This module is part of these learning paths:
- MS-102 Implement threat protection by using Microsoft 365 Defender
- Prepare for Microsoft 365 Copilot: Part 3 – Threat protection
Quiz 1: Run automated investigations and responses
Q1. Contoso wants to implement Microsoft 365 Defender’s automated investigation and response capability. When it does so, which of the following items triggers the start of an automated investigation?
- An incident
- An alert
- A verdict
Quiz 2: Explore threat hunting with Microsoft Threat Protection
Q1. Which of the following features does Microsoft Threat Protection use to generate meaningful alerts that identify threat components and activities that automated investigation and response (AIR) capabilities can remediate?
- Microsoft AI
- Microsoft Intelligent Security Graph
- Microsoft Threat Management
Quiz 3: Explore advanced threat hunting in Microsoft 365 Defender
Q1. How many days of raw data can you explore up to in an advanced threat hunting query?
- 30 days
- 60 days
- 90 days
Quiz 4: Knowledge check
Q1. What’s the basis of all incidents and indicate the occurrence of malicious or suspicious events in your environment?
- Alerts
- Automated investigations
- Alert story
Q2. What’s advanced threat hunting based upon?
- Event or activity data
- Kusto query language
- Threat Analytics dashboard
Q3. Which of the following Microsoft products powers Threat Intelligence in Microsoft 365?
- Microsoft AI
- Microsoft Threat Management
- Microsoft Intelligent Security Graph
Module 2: Implement app protection by using Microsoft Defender for Cloud Apps
This module examines how to implement Microsoft Defender for Cloud Apps, which identifies and combats cyberthreats across all your Microsoft and third-party cloud services.
Learning objectives:
By the end of this module, you should be able to:
- Describe how Microsoft Defender for Cloud Apps provides improved visibility into network cloud activity and increases the protection of critical data across cloud applications.
- Explain how to deploy Microsoft Defender for Cloud Apps.
- Control your cloud apps with file policies.
- Manage and respond to alerts generated by those policies.
- Configure and troubleshoot Cloud Discovery.
Prerequisites:
None
This module is part of these learning paths:
- MS-102 Implement threat protection by using Microsoft 365 Defender
- Prepare for Microsoft 365 Copilot: Part 3 – Threat protection
Quiz 1: Explore Microsoft Defender Cloud Apps
Q1. Which of the following Microsoft Defender for Cloud Apps tools uses traffic logs to dynamically discover and analyze the cloud apps that a company’s employees use?
- Cloud Discovery
- App connectors
- Conditional Access App Control
Quiz 2: Configure file policies in Microsoft Defender for Cloud Apps
Q1. Which of the following policies looks at the logs you use for discovering cloud apps and searches for unusual occurrences, such as when the number of transactions on a particular app are higher than usual?
- Anomaly detection policy
- App discovery policy
- Cloud Discovery anomaly detection policy
Quiz 3: Configure Cloud Discovery in Microsoft Defender for Cloud Apps
Q1. Cloud Discovery uses the event data in an organization’s traffic logs to generate a Cloud Discovery report. What’s the maximum age a traffic log event can be to appear on a Cloud Discovery report?
- 30 days old
- 60 days old
- 90 days old
Quiz 4: Knowledge check
Q1. A user who never used Dropbox before suddenly uploads 600 GB to Dropbox. Which cloud app policy type would detect this type of activity?
- Cloud Discovery anomaly detection policy
- App discovery policy
- Anomaly detection policy
Q2. Contoso received an alert in which: the alert is accurate, the activity is legitimate but not a security issue. How should Contoso categorize the alert?
- True positive
- False positive
- Benign positive
Q3. As the Microsoft 365 Administrator for Lucerne Publishing, Allan Deyoung wants to deploy Microsoft Defender for Cloud Apps. Which of the following actions is a prerequisite that Allan must complete before deploying Microsoft Defender for Cloud Apps?
- Obtain a license for every user protected by Microsoft Defender for Cloud Apps
- Set instant visibility, protection, and governance actions for the company’s apps
- Protect sensitive information with DLP policies
Module 3: Implement endpoint protection by using Microsoft Defender for Endpoint
This module examines how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats by using endpoint behavioral sensors, cloud security analytics, and threat intelligence.
Learning objectives:
After completing this module, you should be able to:
- Describe how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats.
- Onboard supported devices to Microsoft Defender for Endpoint.
- Implement the Threat and Vulnerability Management module to effectively identify, assess, and remediate endpoint weaknesses.
- Configure device discovery to help find unmanaged devices connected to your corporate network.
- Lower your organization’s threat and vulnerability exposure by remediating issues based on prioritized security recommendations.
Prerequisites:
None
This module is part of these learning paths:
- MS-102 Implement threat protection by using Microsoft 365 Defender
- Prepare for Microsoft 365 Copilot: Part 3 – Threat protection
Quiz 1: Explore Microsoft Defender for Endpoint
Q1. Which Microsoft Defender for Endpoint capability provides the first line of defense in the stack?
- Threat and vulnerability management
- Attack surface reduction
- Automated investigation and remediation
Quiz 2: Onboard devices in Microsoft Defender for Endpoint
Q1. As the Microsoft 365 Administrator for Fabrikam, Holly Spencer is considering whether to create both a device configuration policy and an endpoint detection and response policy to manage the same device setting – in this case, onboarding devices to Microsoft Defender for Endpoint. What could happen if Holly creates these policies?
- Fabrikam’s devices report their risk levels to Microsoft Defender for Endpoint
- Fabrikam could end up with policy conflicts for devices
- An administrator either blocks or selectively wipes the devices that don’t meet an acceptable device threat level
Quiz 3: Manage endpoint vulnerabilities with Microsoft Defender Vulnerability Management
Q1. Which feature of Microsoft Defender Vulnerability Management mitigates risk with the ability to block vulnerable applications for specific device groups?
- Asset discovery and inventory
- Vulnerability and configuration assessment
- Remediation and tracking
Quiz 4: Knowledge check
Q1. As the Microsoft 365 Administrator for Lucerne Publishing, Patti Fernandez wants to implement a device discovery mode that enables endpoints to actively find devices in the company’s network. Patti wants to implement a mode that enriches the collected data for devices and finds more devices than any other mode. Which device discovery mode should Patti implement to achieve these goals?
- Basic discovery
- Enhanced discovery
- Standard discovery
Q2. As the Microsoft 365 Administrator for Tailspin Toys, Allan Deyoung wants to shorten the time to mitigate or remediate vulnerabilities and drive compliance. What should Allan do to achieve this goal?
- Communicate with peers and management about the effect of security efforts
- Prioritize security recommendations
- Create exceptions for security recommendations
Q3. As the Microsoft 365 Administrator for Fabrikam, Holly Spencer is running a pilot project to implement Microsoft Defender for Endpoint. As part of the pilot, Holly has onboarded several devices. What should Holly do next to verify the devices are properly onboarded to the service?
- Run a detection test
- Use the appropriate management tool for the devices
- Correlate EDR insights with endpoint vulnerabilities and process them
Module 4: Implement threat protection by using Microsoft Defender for Office 365
This module examines the Microsoft Defender for Office 365 protection stack and its corresponding threat intelligence features, including Threat Explorer, Threat Trackers, and Attack simulation training.
Learning objectives:
After completing this module, you should be able to:
- Describe the protection stack provided by Microsoft Defender for Office 365.
- Understand how Threat Explorer can be used to investigate threats and help to protect your tenant.
- Describe the Threat Tracker widgets and views that provide you with intelligence on different cybersecurity issues that might affect your company.
- Run realistic attack scenarios using Attack Simulator to help identify vulnerable users before a real attack impacts your organization.
Prerequisites:
None
This module is part of these learning paths:
- MS-102 Implement threat protection by using Microsoft 365 Defender
- Prepare for Microsoft 365 Copilot: Part 3 – Threat protection
Quiz 1: Explore the Microsoft Defender for Office 365 protection stack
Q1. Which layer in the Microsoft Defender for Office 365 protection stack looks for suspicious message structure and word frequency, hyperlinks, and attachments?
- Edge protection layer
- Content filtering layer
- Post-delivery protection layer
Quiz 2: Identify cybersecurity issues by using Threat Trackers
Q1. Holly Dickson is the Microsoft 365 Administrator for Contoso. Holly wants Contoso’s security operations team to have visibility into the large and small threats and risks that Microsoft thinks an organization should be aware of. Which Threat Tracker feature provides this information?
- Tending trackers
- Tracked queries
- Noteworthy trackers
Quiz 3: Knowledge check
Q1. Which layer of the Microsoft Defender for Office 365 protection stack includes the following features: Safe Links, Zero-hour auto purge, and the Report Message and Report phishing add-ins?
- Post-delivery protection layer
- Content filtering layer
- Edge protection layer
Q2. Microsoft 365 Attack simulation training includes a phishing attack that performs the following actions in this order: 1) It sends the recipient a message containing a URL. 2) It directs the user to a sign-in site when the recipient selects the link. 3) It displays what appears to be a well-known website so that the user believes they’ve accessed a real site. Which simulation technique conducts this type of phishing attack?
- Link to malware
- Credential harvest
- Drive-by-url
Q3. As the Microsoft 365 Administrator for Fabrikam, Holly Spencer is searching for a report that enables the Security Operations team to effectively and efficiently investigate and respond to threats. This report should allow the Security Operations team to drill down and understand details related to threats targeting Fabrikam’s Microsoft 365 tenant. Which of the following Microsoft products provides Fabrikam with this reporting functionality?
- Microsoft Threat Explorer
- Microsoft Threat Dashboard
- Microsoft Threat Protection
Find More Microsoft Quiz Answers >>
Work Smarter with Microsoft PowerPoint Coursera Quiz Answers
Work Smarter with Microsoft Excel Coursera Quiz Answers
Introduction to Microsoft Azure Cloud Services Coursera Quiz Answers
