Microsoft Security Operations Analyst Associate SC-200 Practice Question
You receive an alert in Microsoft 365 Defender indicating that a phishing email has been delivered to multiple mailboxes. You must confirm how widely the email was delivered and immediately remove it from all affected mailboxes. Which Microsoft Defender for Office 365 capability should you use to achieve both tasks?
Microsoft 365 Defender advanced hunting query exported to CSV
Threat Explorer with a Move messages to quarantine action
Submit the message as a sample through the Submissions portal
An Exchange Online transport rule that deletes messages with the subject line
Threat Explorer (also called Explorer or Real-time detections in Defender for Office 365 Plan 2) lets analysts search for a suspicious message, see every mailbox to which it was delivered, and then take remediation actions directly from the same interface. Selecting the email in Explorer and choosing Take action > Move messages to quarantine (or Delete) purges the message from all selected mailboxes. Advanced hunting can identify the message but offers no built-in removal action. A transport rule only blocks future mail and does not retroactively purge existing messages. Submitting a sample to Microsoft assists in improving detection but does not automatically pull existing copies from user mailboxes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Defender for Office 365 Threat Explorer?
Open an interactive chat with Bash
How does the Move messages to quarantine action work in Threat Explorer?
Open an interactive chat with Bash
Why is using Threat Explorer preferred over Advanced hunting for email remediation tasks?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .