MS-102 – Explore Threat Intelligence in Microsoft Defender XDR

1. What is the primary goal of Microsoft 365 Threat Intelligence?

Recover data after security breaches

Provide evidence-based knowledge to proactively find and eliminate threats

Replace antivirus software

Threat intelligence helps organizations proactively detect and eliminate threats.

2. Which Microsoft feature powers threat intelligence in Microsoft 365?

Microsoft Intelligent Security Graph

Microsoft Threat Management

Microsoft Secure Score

The Intelligent Security Graph consumes trillions of signals daily.

3. Approximately how many signals does the Intelligent Security Graph consume daily?

500 million

100 billion

6.5 trillion

Microsoft processes trillions of security signals every day.

4. What type of data feeds the Intelligent Security Graph?

User activity, email, authentication, devices, and incidents

Only antivirus logs

Only firewall traffic

Signals come from across Microsoft 365, Windows, and Azure.

5. What is the purpose of the Microsoft Graph Security API?

Manage licensing

Provide a unified interface for security insights and actions

Replace SIEM solutions

It unifies alerts and threat intelligence across security solutions.

6. What are alerts in Microsoft Defender XDR?

Indicators of malicious or suspicious activity

Completed investigations

Security policies

Alerts signal potentially malicious activity.

7. What do related alerts form in Microsoft Defender XDR?

A verdict

A report

An incident

Incidents aggregate related alerts to show attack context.

8. Which event can trigger an automated investigation?

An incident

A verdict

A report view

An alert creates an incident, which can trigger investigation.

9. What does Automated Investigation and Response (AIR) do?

Deletes incidents automatically

Disables user accounts by default

Investigates alerts and takes or recommends remediation actions

AIR improves efficiency by automating investigations.

10. Where can pending remediation actions be approved?

Action center

Threat analytics dashboard

Secure Score

The Action center lists pending and completed actions.

11. What is threat hunting?

Proactively searching for hidden or undetected threats

Reviewing resolved alerts only

Responding only to incidents

Threat hunting looks for threats not flagged automatically.

12. Advanced hunting in Defender XDR uses which language?

SQL

Kusto Query Language (KQL)

PowerShell

Advanced hunting queries are written in KQL.

13. How many days of raw data can advanced hunting query?

30 days

60 days

90 days

Advanced hunting supports up to 30 days of data.

14. What is Threat Analytics in Microsoft Defender XDR?

In-product threat intelligence with expert analysis and guidance

A firewall management tool

A licensing dashboard

Threat Analytics provides insights on active and emerging threats.

15. Which report helps identify alerts and alert trends?

License report

Threat protection report

Device control report

Threat protection reports show alert trends and status.