Exam MS-900 topic 1 question 189 discussion

For the purpose of clearing exam: 'Advanced Threat Protection anti-phishing' is the answer I gave zero-hour auto purge and got it wrong!!!

D is correct: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge

To address the issue of malicious PDF attachments, you should implement zero-hour auto purge (ZAP). ZAP is a feature in Microsoft 365 that automatically detects and removes malicious emails from user inboxes after they have been delivered. This helps to mitigate the threat by removing harmful messages even after they have been received.

It is D ''imilarly, while zero-hour auto purge can help in quickly removing malicious emails, it's more reactive than preventive. Advanced Threat Protection, on the other hand, is specifically designed to handle such threats and provide proactive protection against them.'' In this question the users are already pointing out they recieve these mails. So in this specific question ZAP would be the best option imo.

To address the issue of malicious PDF attachments in emails, you should implement the following features: C. Advanced Threat Protection anti-phishing Microsoft 365's Advanced Threat Protection (ATP) anti-phishing features are designed to help protect against malicious content, including harmful attachments in emails. ATP uses advanced algorithms and machine learning to detect and block phishing attempts, malware, and other threats. In this case, the anti-phishing feature would be particularly relevant for identifying and blocking emails with malicious PDF attachments. Options A (Microsoft Exchange Admin Center block lists), B (Sender Policy Framework), D (zero-hour auto purge), and E (DKIM signed messages with mail flow rules) are not specifically designed to address the issue of malicious attachments or phishing threats in emails. While these features may have their own security benefits, they are not the most direct solution for the described problem.

correct answer is c for the purpose of this exam

Answer: C To address the reported issue of malicious PDF attachments, you should implement Advanced Threat Protection (ATP) anti-phishing in Microsoft 365. This feature provides protection against various types of advanced threats, including phishing emails with malicious attachments. In this scenario, ATP anti-phishing can help to remove the message from the inboxes of affected users and disable the PDF threat if an affected document is opened. It uses machine learning and other advanced techniques to detect and prevent phishing attacks, including those with malicious attachments like PDFs.

D is the answer

Zap is right

D is the correct answer Zero-hour auto purge (ZAP) for phishing For read or unread messages that are identified as phishing after delivery, the ZAP outcome depends on the action that's configured for a Phishing email filtering verdict in the applicable anti-spam policy Ref :- https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide

C is correct

100% sure it is C because the question says - IF an affected document is opened. Means if an affected document is not opened, it does not do anything. Option D will remove even if the affected document is not opened.

Correct answer is D see for yourself: Question says: "You need to remove the message from inboxes" CTRL+F "remove" in https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide

Basic features of ZAP In Microsoft 365 organizations with mailboxes in Exchange Online, zero-hour auto purge (ZAP) is an email protection feature that retroactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered to Exchange Online mailboxes. Its D!

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide: "In Microsoft 365 organizations with mailboxes in Exchange Online, zero-hour auto purge (ZAP) is an email protection feature that retroactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered to Exchange Online mailboxes." D is the answer

The answer is D: the 'key' to the question is "... several Users reported..."; means the infected PDF with the malicious code had "slipped past" ATP already, and the action being performed by the Admin (YOU) is retroactive. "In Microsoft 365 organizations with mailboxes in Exchange Online, zero-hour auto purge (ZAP) is an email protection feature that retroactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered to Exchange Online mailboxes." Info found here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-worldwide ZAP which is option D