Defending Exchange Online

Question 1

Your organization has a Microsoft 365 tenant with a primary domain of gitbit.org Your organization has the following safe links policy. 📷 Which URL can users access from Microsoft Office Online?

Accepted Answer

malware.gitbit.org. malware.com.

Question 2

You need to protect your organization against phishing attacks. The solution must meet the following requirements: Phishing email messages must be quarantined if the messages are sent from a spoofed domain. As many phishing email messages as possible must be identified. The solution must apply to the current SMTP domain names and any domain names added later. What steps should you take to complete the task?

Accepted Answer

Sign in to the Microsoft Defender admin center. Go to Threat Management. Click Policy. Select Anti-phishing. Enable the settings.

Question 3

You have a Microsoft 365 Enterprise E5 subscription. You use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). You plan to use Microsoft Office 365 Attack simulator. What is a prerequisite for running an Attack simulator?

Accepted Answer

Be a member of the global admins role.

Question 4

Your organization has recently been breached because a user clicked a link in an email. Your manager has set up a fake phishing site at NotARealSite.com. Your manager wants to track anyone that clicks the link but he doesn't want to block them from accessing the site. You've been tasked with updating the safe links policy. Your manager gives you the following requirement: Track user clicks on any links to NotARealSite.com. What steps need to be completed to fulfill the requirements?

Accepted Answer

Go to Microsoft 365 Defender admin center. Policies & rules. Threat policies. Safe links. Global settings. Disable Do not track when users click protected links in Office 365 apps. Click Save.

Question 5

Your organization has a Microsoft 365 tenant with all users hosted in Exchange Online. It's a new tenant and all the defaults are still in place. You manage email security. Where do suspicious emails go?

Accepted Answer

ATP quarantine. the user's junk email folder.

Question 6

Your organization has a Microsoft 365 tenant and you've already created a Microsoft Defender Safe Attachments policy. You've configured the policy to quarantine malware. Some users have complained that they go to check their quarantine but the emails are already deleted. Your manager has asked you to change the retention duration for the attachments that end up in quarantine. He needs you to extend the amount of time the emails will be in quarantine. Which threat management policy should you update from the Microsoft Defender admin center?

Accepted Answer

Anti-spam.

Question 7

Your organization has a hybrid Microsoft 365 tenant with an Exchange on-premises server. 📷 User1 has an on-premises mailbox and MFA is required. User2 has an on-premises mailbox and MFA is disabled. User3 has an Exchange Online mailbox and MFA is required. User4 has an Exchange Online mailbox and MFA is disabled. You've been asked to implement Microsoft 365 Attack Simulator but before you do your manager needs to know who can receive the fake threats. Which users should you tell your boss can receive the attack simulation fake threats?

Accepted Answer

User3. User4.

Question 8

All user users have a Microsoft 365 E5 license. You have a hybrid Microsoft Exchange Server. Some of your user's mailboxes are located in Microsoft 365 while others are located in the on-premises Exchange server You are tasked with setting up and configuring Microsoft Defender for Office 365 anti-phishing policy. Management has asked you to enable mailbox intelligence for all users. What do you need to do to verify all mailboxes have mailbox intelligence enabled and working?

Accepted Answer

Migrate all of the mailboxes hosted on-premises Microsoft 365.

Question 9

Several users in your organization have called in reporting they received an email that should have had an attachment but there was no attachment. You've been tasked with tracking down why the email attachment has been removed. As far as you know there haven't been any recent changes to your environment. What two places can you go to review the missing attachments?

Accepted Answer

Microsoft 365 Defender admin center. The Exchange admin center.

Question 10

Your organization has a Microsoft 365 tenant with Microsoft 365 E5 licenses. You've just implemented a Defender for Office 365 safe attachments policy for your entire organization. Your help desk is getting calls that emails containing attachments are taking a long to be received. You need to reconfigure the safe attachments policy so emails are received more quickly but the attachments still need to be scanned for malware and any attachments with malware must be blocked. How should you reconfigure the safe attachment policy?

Accepted Answer

Set the action to Dynamic Delivery.

Question 11

Your organization has a Microsoft 365 tenant with Microsoft 365 E5 licenses. Your manager has asked you to reconfigure the email filter to deliver any emails that contain malware without the attachment. What two options do you need to configure?

Accepted Answer

Replace. Safe attachments.

Question 12

You've been tasked with updating the safe links policy. Your manager gives you the following 2 requirements: Block any access to the GitBit.org domain Track user clicks on any links to gitbit.org. What steps need to be completed to fulfill the requirements?

Accepted Answer

Go to Microsoft 365 Defender admin center. Click Policies & rules. Click Threat policies. Click Tenant Allow/Block List. Click URLs then click Block. Add the URL to the "Add URLs with wildcards" section. Set the Remove block entry after to the number of days to block the URL.

Question 13

Your manager has asked you to block any access to the site malware.gitbit.org. He wants to ensure you block the site from being opened from within an email or any Microsoft Office application. How can you fulfill his request?

Accepted Answer

Open the Microsoft 365 Defender admin center. Click Policies & rules. Select Threat policies. Click Tenant Allow/Block List. Click URLs.

Defending Exchange Online

Questions for this test