Crucial Exams

Microsoft 365 Administrator Expert MS-102 Practice Question

While investigating a phishing campaign, you locate a newly delivered message in Microsoft 365 Defender's Threat Explorer. The tenant is licensed for Microsoft Defender for Office 365 Plan 2 and Automated Investigation and Response (AIR) is enabled. You must remove the message from every affected mailbox and have Microsoft 365 automatically analyze related senders, URLs, and attachments so that similar threats are blocked in the future with the least manual effort. Which action should you take first in Threat Explorer?

  • Create a transport (mail flow) rule that deletes messages containing the malicious URL.

  • Add the sender's domain to the Exchange Online Protection blocked senders list.

  • Submit the message to Microsoft for analysis in the Submissions portal.

  • Select the message and choose "Trigger automated investigation".

Microsoft 365 Administrator Expert MS-102
Manage security and threats by using Microsoft Defender XDR
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot