Microsoft MS-203 Practice Test - Questions Answers, Page 27

Answer: A

Explanation:

1. Navigate to Mail flow in the Exchange Admin Center, > Connectors. The Connectors screen appears.

2. Click +Add a connector. The New connector screen appears.

3. Under Connection from, choose Partner organization.

4. Click Next. The Connector name screen appears.

5. Provide a name for the connector and click Next. The Authenticating sent email screen appears.

6. Choose one of the two options between By verifying that the sender domain matches one of the following domains and By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization.

7. Click Next. The Security restrictions screen appears.

8. Check the check box for Reject email messages if they aren't sent over TLS.

9. Check the check box for Reject email messages if they aren't sent from within this IP address range, and provide the IP address range.

10.Click Next. The Review connector screen appears.

11.Review the settings you have configured, and click Create connector.

Reference:

https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up- connectors-for-secure-mail-flow-with-a-partner

Answer: A

Explanation:

1. Go to the Microsoft 365 admin center and then click Users > Active users.

2. Select Pradeep Gupta.

3. On the properties flyout page, click the Mail tab, and then under More actions, click Manage litigation hold.

4. On the Manage litigation hold flyout page, select the Turn on litigation hold checkbox and then enter the following optional information:

Hold duration (days): Use this box to create a time-based hold and specify how long mailbox items are held when the mailbox is placed on Litigation hold. The duration is calculated from the date a mailbox item is received or created. When the hold duration expires for a specific item, that item will no longer be preserved. If you leave this box blank, items are preserved indefinitely or until the hold is removed. Configure 90 days.

Note visible to the user: Use this box to inform the user their mailbox is on Litigation hold. The note will appear on the Account Information page in the user's mailbox if they're using Outlook 2010 or later. To access this page, users can click File in Outlook.

Web page with more information for the user: Use this box to direct the user to a website for more information about Litigation hold. This URL appears on the Account Information page in the user's mailbox if they are using Outlook 2010 or later. To access this page, users can click File in Outlook.

Click Save changes on the Litigation hold flyout page to create the hold.

The system displays a banner saying it might take up to 240 minutes for the change to take effect.

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/create-a-litigation-hold?view=o365-worldwide

Answer: A

Explanation:

1. In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & Collaboration > Policies & Rules > Threat policies > Anti-spam in the Policies section. To go directly to the Antispam policies page, use https://security.microsoft.com/antispam.

2. On the Anti-spam policies page, click Create policy and then select Inbound from the drop down list.

3. The policy wizard opens. On the Name your policy page, configure these settings:

- Name: Enter a unique, descriptive name for the policy.

- Description: Enter an optional description for the policy.

When you're finished, click Next.

4. On the Users, groups, and domains page that appears, identify the internal recipients that the policy applies to (recipient conditions):

- Users: The specified mailboxes, mail users, or mail contacts in your organization.

- Groups: The specified distribution groups, mail-enabled security groups, or Microsoft 365 Groups in your organization. - Domains: All recipients in the specified accepted domains in your organization.

Click in the appropriate box, start typing a value, and select the value that you want from the results. Repeat this process as many times as necessary. To remove an existing value, click remove × next to the value.

For users or groups, you can use most identifiers (name, display name, alias, email address, account name, etc.), but the corresponding display name is shown in the results. For users, enter an asterisk (*) by itself to see all available values. Multiple values in the same condition use OR logic (for example, or ). Different conditions use AND logic (for example, and ). - Exclude these users, groups, and domains: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. When you're finished, click Next.

5. On the Bulk email threshold & spam properties page that appears, configure the following settings:

- Bulk email threshold: Specifies the bulk complaint level (BCL) of a message that triggers the specified action for the Bulk spam filtering verdict that you configure on the next page (greater than the specified value, not greater than or equal to). A higher value indicates the message is less desirable (more likely to resemble spam). The default value is

7. For more information, see Bulk complaint level (BCL) in EOP and What's the difference between junk email and bulk email?. By default, the PowerShell only setting MarkAsSpamBulkMail is On in anti-spam policies. This setting dramatically affects the results of a Bulk filtering verdict:

MarkAsSpamBulkMail is On: A BCL that's greater than the threshold is converted to an SCL 6 that corresponds to a filtering verdict of Spam, and the action for the Bulk filtering verdict is taken on the message.

MarkAsSpamBulkMail is Off: The message is stamped with the BCL, but no action is taken for a Bulk filtering verdict. In effect, the BCL threshold and Bulk filtering verdict action are irrelevant. - Increase spam score, Mark as spam* and Test mode: Advanced Spam Filter (ASF) settings that are turned off by default. The Contains specific languages and from these countries settings are not part of ASF.

- Contains specific languages: Click the box and select On or Off from the drop down list. If you turn it on, a box appears. Start typing the name of a language in the box. A filtered list of supported languages will appear. When you find the language that you're looking for, select it. Repeat this step as many times as necessary. To remove an existing value, click remove × next to the value.

- From these countries*: Click the box and select On or Off from the drop down list. If you turn it on, a box appears. Start typing the name of a country in the box. A filtered list of supported countries will appear. When you find the country that you're looking for, select it. Repeat this step as many times as necessary. To remove an existing value, click remove × next to the value.

When you're finished, click Next.

6. On the Actions page that appears, configure the following settings:

- Message actions: Select or review the action to take on messages based on the following spam filtering verdicts:

Spam

High confidence spam

Phishing

High confidence phishing

Bulk

- Retain spam in quarantine for this many days: Specifies how long to keep the message in quarantine if you selected Quarantine message as the action for a spam filtering verdict. After the time period expires, the message is deleted, and is not recoverable. A valid value is from 1 to 30 days.

- Add this X-header text: This box is required and available only if you selected Add X-header as the action for a spam filtering verdict. The value you specify is the header field name that's added to the message header. The header field value is always This message appears to be spam.

- Prepend subject line with this text: This box is required and available only if you selected Prepend subject line with text as the action for a spam filtering verdict. Enter the text to add to the beginning of the message's subject line. - Redirect to this email address: This box is required and available only if you selected the Redirect message to email address as the action for a spam filtering verdict. Enter the email address where you want to deliver the message. You can enter multiple values separated by semicolons (;).

- Enable safety Tips: By default, Safety Tips are enabled, but you can disable them by clearing the checkbox. - Enable zero-hour auto purge (ZAP): ZAP detects and takes action on messages that have already been delivered to Exchange Online mailboxes.

ZAP is turned on by default. When ZAP is turned on, the following settings are available:

Enable ZAP for phishing messages: By default, ZAP is enabled for phishing detections, but you can disable it by clearing the checkbox. Enable ZAP for spam messages: By default, ZAP is enabled for spam detections, but you can disable it by clearing the checkbox.

When you're finished, click Next.

7. On the Allow & block list flyout that appears, you are able to configure message senders by email address or email domain that are allowed to skip spam filtering. In the Allowed section, you can configure allowed senders and allowed domains. In the Blocked section, you can add blocked senders and blocked domains. The steps to add entries to any of the lists are the same:

- Click the link for the list that you want to configure:

Allowed > Senders: Click Manage (nn) sender(s). Allowed > Domains: Click Allow domains.

Blocked > Senders: Click Manage (nn) sender(s).

Blocked > Domains: Click Block domains.

- In the flyout that appears, do the following steps:

Click + Add senders or Add domains.

In the Add senders or Add domains flyout that appears, enter the sender's email address in the Sender box or the domain in the Domain box. As you're typing, the value appears below the box. When you're finished typing the email address or domain, select the value below the box.

Repeat the previous step as many times as necessary. To remove an existing value, click remove × next to the value. When you're finished, click Add senders or Add domains.

- Back on the main flyout, the senders or domains that you added are listed on the page. To remove an entry from this page, do the following steps: Select one or more entries from the list. You can also use the Search box to find values in the list. After you select at least one entry, the delete icon appears

Click the delete icon to remove the selected entries When you're finished, click Done.

Back on the Allow & block list page, click Next when you're read to continue.

8. On the Review page that appears, review your settings. You can select Edit in each section to modify the settings within the section. Or you can click Back or select the specific page in the wizard. When you're finished, click Create. 9. On the confirmation page that appears, click Done.

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365- worldwide

Answer: A

Explanation:

1. Go to Mail flow > Rules.

2. Create the rule by using one of the following options:

- To create a rule from a template, click Add and select a template.

- To copy a rule, select the rule, and then select Copy .

- To create a new rule from scratch, Add and then select Create a new rule.

3. In the New rule dialog box, name the rule, and then select the conditions and actions for this rule:

- In Apply this rule if..., select the condition you want from the list of available conditions:

Some conditions require you to specify values. For example, if you select The sender is... condition, you must specify a sender address. If you're adding a word or phrase, note that trailing spaces are not allowed.

If the condition you want isn't listed, or if you need to add exceptions, select More options. Additional conditions and exceptions will be listed.

If you don't want to specify a condition, and want this rule to apply to every message in your organization, select [Apply to all messages] condition.

- In Do the following..., select the action you want the rule to take on messages matching the criteria from the list of available actions:

Some of the actions will require you to specify values. For example, if you select the Forward the message for approval to... condition, you will need to select a recipient in your organization. If the condition you want isn't listed, select More options. Additional conditions will be listed.

- Specify how rule match data for this rule is displayed in the Data Loss Prevention (DLP) reports and the Mail protection reports.

- Set the mode for the rule. You can use one of the two test modes to test the rule without impacting mail flow. In both test modes, when the conditions are met, an entry is added to the message trace:

Enforce: This turns on the rule and it starts processing messages immediately. All actions on the rule will be performed. Test with Policy Tips: This turns on the rule, and any Policy Tip actions ( Notify the sender with a Policy Tip) will be sent, but no actions related to message delivery will be performed. Data Loss Prevention (DLP) is required in order to use this mode.

Test without Policy Tips: Only the Generate incident report action will be enforced. No actions related to message delivery are performed.

Exchange Online admins can create mail flow rules in the Exchange admin center (EAC) at Mail flow > Rules. You need permissions to do this procedure. After you start to create a new rule, you can see the full list of attachment-related conditions by clicking More options > Any attachment under Apply this rule if. The attachment-related options are shown in the following diagram.

Reference:

https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments

Box 1: Yes

The authentication in the Outlook Connection Status exhibit is “Clear”. This means that Basic authentication is being used. Box 2: No

In the first exhibit, the OAuth2ClientProfileEnabled parameter is False. This means that Modern Authentication is not enabled. A value of True means that Modern Authentication is enabled.

Box 3: No

The Authentication Requirement for User3 in the second exhibit is Single-factor authentication. This means that the Microsoft Authenticator App is not being used.