MS-102 – Implement Threat Protection (Defender for Office 365)

1. How many layers are in the Microsoft Defender for Office 365 protection stack?

Three

Five

Four

The stack has Edge, Sender intelligence, Content filtering, and Post-delivery protection.

2. Which layer is the first point of contact for inbound messages?

Edge protection layer

Sender intelligence layer

Content filtering layer

Edge protection is the first security checkpoint.

3. Which feature blocks messages from known bad IP addresses?

IP reputation and throttling

Mailbox intelligence

Safe Links

IP reputation blocks mail from malicious IPs.

4. Which authentication methods help prevent spoofing?

TLS and VPN

SPF, DKIM, DMARC, ARC

SMTP only

Email authentication verifies sender legitimacy.

5. Which layer analyzes message structure, links, and attachments?

Edge protection layer

Post-delivery protection layer

Content filtering layer

Content filtering examines email contents.

6. Which feature sandboxes attachments to detect zero-day threats?

Safe Attachments

Safe Links

ZAP

Safe Attachments detonates files in a sandbox.

7. What does Safe Links provide?

Time-of-click URL protection

Attachment sandboxing

Spam filtering

Safe Links checks URLs when clicked.

8. Which feature retroactively removes malicious phishing emails?

Safe Attachments

Zero-hour auto purge (ZAP)

Mailbox intelligence

ZAP removes threats after delivery.

9. Which report enables detailed investigation and remediation?

Threat Dashboard

Secure Score

Threat Explorer

Threat Explorer allows deep investigation.

10. Which Threat Tracker highlights new and important threats?

Noteworthy trackers

Tracked queries

Saved queries

Noteworthy trackers show risks Microsoft flags.

11. Which license is required for Attack simulation training?

Defender for Office 365 Plan 2 or Microsoft 365 E5

Microsoft 365 E3

Exchange Online Plan 1

Simulation training requires advanced licensing.

12. Which simulation technique redirects users to a fake sign-in page?

Drive-by-URL

Credential harvest

Link to malware

Credential harvest steals login details.

13. What is the goal of Attack simulation training?

Change user behavior before real attacks

Block all emails

Replace antivirus

Training improves user awareness.

14. Which layer includes Safe Links and ZAP?

Sender intelligence layer

Content filtering layer

Post-delivery protection layer

Post-delivery handles after-delivery actions.

15. Which product allows security teams to drill into tenant-specific threats?

Microsoft Threat Explorer

Microsoft Threat Dashboard

Microsoft Defender Antivirus

Threat Explorer provides deep tenant analysis.