ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 297 discussion

Actual exam question from Microsoft's MS-102
Question #: 297
Topic #: 1
[All MS-102 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription.

You are investigating a suspicious email message that generated alerts in the Microsoft Defender portal.

You need to examine the email message header and submit the message to Microsoft for review.

Which two settings should you use? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by GetEsn at Oct. 16, 2024, 12:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
GetEsn
Highly Voted 9 months, 3 weeks ago
I think it shoulb be: Analysis Take Action : https://learn.microsoft.com/en-us/defender-office-365/submissions-admin
upvoted 9 times
Ody
8 months, 3 weeks ago
You are correct. Analysis allows you to see the header information Take action allows you to "Submit to Microsoft for Review"
upvoted 2 times
...
...
Shreekb27
Most Recent 1 month, 2 weeks ago
1. Analysis 2. Take Action The fundamental difference between Analysis and Email Preview is: Email Preview shows you what the user saw. Analysis shows you the evidence behind the message. Think of it like a piece of mail delivered to your house. Email Preview is like reading the beautifully printed letter inside the envelope. Analysis is like being a detective who ignores the letter for a moment and instead inspects the envelope for clues: Is the postmark from a strange location? Does the return address look forged? Is the stamp counterfeit?
upvoted 1 times
...
Frank_2022
3 months, 1 week ago
I think answer should be: Email preview: This option allows you to view the content of the email message, including the full headers. Examining the headers is crucial for identifying the message's origin, path, and any potential manipulation. Take action: Within the "Take action" menu, you will find options to investigate and respond to the suspicious email. One of the actions available is typically to submit the email for analysis by Microsoft. This sends the message to Microsoft for further review and can help improve the effectiveness of their security filters. Therefore, the two correct settings are Email preview and Take action.
upvoted 3 times
...
skids222
3 months, 2 weeks ago
What the Analysis view shows: - Message ID - Sender IP and domain - Authentication results (SPF, DKIM, DMARC) - Detection verdicts (Spam, Phish, etc.) - Policy matches - Attachments and URLs - Partial header-related metadata (e.g., X-MS-Exchange-Organization-* fields in summary form) What it does not show: - The full raw message header — you don’t get the complete SMTP headers as-is. For full investigation, you still need: Email preview → to access and copy full message headers
upvoted 2 times
...
justITtopics
6 months, 1 week ago
I vote for Analysis, where you can see headers https://learn.microsoft.com/en-us/defender-office-365/mdo-email-entity-page#analysis-view Take Action, where you can submit to Microsoft for review https://learn.microsoft.com/en-us/defender-office-365/threat-explorer-threat-hunting#the-take-action-wizard
upvoted 1 times
...
AdamRachel
9 months ago
To see the header i think you need to open Email preview no?
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel