MS-102 β Manage Safe Attachments
1. How does Safe Attachments test email attachments?
Executes attachments in a virtual environment and performs behavioral analysis
Scans attachments using antivirus signatures only
Sends attachments to admins for manual review
Safe Attachments detonates files in sandboxed environments and analyzes behavior.
2. Does Microsoft Defender for Office 365 include a default Safe Attachments policy?
No, protection comes from the Built-in preset security policy
Yes, a default policy is always enabled
Only for Exchange Online mailboxes
Thereβs no default policy; Built-in protection provides coverage.
3. Which Safe Attachments action is recommended and blocks infected messages?
Block
Monitor
Off
Block quarantines messages and prevents repeat attacks.
4. Which Safe Attachments action avoids email delivery delays?
Dynamic delivery
Block
Replace
Dynamic delivery sends the message immediately with a placeholder.
5. What happens if Dynamic Delivery finds an attachment infected?
The attachment is replaced with a malware notification
The message is deleted silently
The attachment is delivered with a warning
The system updates the message to warn about malware.
6. Which role is required to manage Safe Attachments policies?
Security Administrator or Organization Management
Reports Reader
Helpdesk Administrator
Only security and org management roles can manage policies.
7. In PowerShell, what must be created FIRST?
Safe Attachments policy
Safe Attachments rule
Transport rule
A rule must reference an existing policy.
8. How long does it usually take for a new Safe Attachments policy to apply?
About 30 minutes
Immediately
24 hours
Policy propagation typically takes around 30 minutes.
9. What is the highest priority value for a Safe Attachments rule?
0
1
10
Lower numbers mean higher priority; 0 is highest.
10. How can an organization bypass Safe Attachments for trusted senders?
Create a transport rule that skips Safe Attachments scanning
Disable the Safe Attachments policy
Set the policy to Monitor
Mail flow rules can bypass Safe Attachments for trusted sources.
11. Which header is used to bypass Safe Attachments scanning?
X-MS-Exchange-Organization-SkipSafeAttachmentProcessing
X-MS-Bypass-Attachment-Scan
X-Defender-Skip-Attachment
This header tells Exchange to skip Safe Attachments.
12. What is the best user experience option for Safe Attachments?
Dynamic delivery
Block
Replace
Dynamic delivery avoids delays while maintaining protection.