Crucial Exams

Microsoft 365 Administrator Expert MS-102 Practice Question

Your SOC monitors Microsoft Defender XDR. Yesterday Microsoft Threat Intelligence Center published intelligence on a phishing campaign that uses the domain update-contoso.biz and a specific SHA-256 file hash. You must rapidly determine whether any assets in your tenant have interacted with the campaign and ensure that future traffic to the domain is blocked. Which Defender XDR capability should you use first to obtain tenant-specific exposure insights, and which immediate follow-up action will meet the blocking requirement?

  • Open the relevant Threat analytics report and then add a URL/domain indicator to block update-contoso.biz.

  • Review Microsoft Secure Score improvement actions and enable the recommended preset security policies in Exchange Online.

  • Run an Advanced hunting query for the domain and hash, then save the query as a custom detection rule.

  • Inspect Vulnerability management recommendations and add the domain to an attack surface reduction blocklist.

Microsoft 365 Administrator Expert MS-102
Manage security and threats by using Microsoft Defender XDR
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot