ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-203 All Questions

View all questions & answers for the MS-203 exam
Go to Exam

Exam MS-203 topic 4 question 64 discussion

Actual exam question from Microsoft's MS-203
Question #: 64
Topic #: 4
[All MS-203 Questions]

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: [email protected]

Microsoft 365 Password: xxxxxx -
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only.

Lab Instance: XXXXXX -
You need to prevent email messages from a domain named fabrikam.com from being delivered to the mailboxes of your organization.
To complete this task, sign in to the Microsoft 365 admin center.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
1. In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & Collaboration > Policies & Rules > Threat policies > Anti-spam in the Policies section. To go directly to the Anti-spam policies page, use https://security.microsoft.com/antispam.
2. On the Anti-spam policies page, click Create policy and then select Inbound from the drop down list.
3. The policy wizard opens. On the Name your policy page, configure these settings:
- Name: Enter a unique, descriptive name for the policy.
- Description: Enter an optional description for the policy.
When you're finished, click Next.
4. On the Users, groups, and domains page that appears, identify the internal recipients that the policy applies to (recipient conditions):
- Users: The specified mailboxes, mail users, or mail contacts in your organization.
- Groups: The specified distribution groups, mail-enabled security groups, or Microsoft 365 Groups in your organization.
- Domains: All recipients in the specified accepted domains in your organization.
Click in the appropriate box, start typing a value, and select the value that you want from the results. Repeat this process as many times as necessary. To
ֳ—
remove an existing value, click remove
next to the value.
For users or groups, you can use most identifiers (name, display name, alias, email address, account name, etc.), but the corresponding display name is shown in the results. For users, enter an asterisk (*) by itself to see all available values.
Multiple values in the same condition use OR logic (for example, <recipient1> or <recipient2>). Different conditions use AND logic (for example, <recipient1> and <member of group 1>).
- Exclude these users, groups, and domains: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions.
When you're finished, click Next.
5. On the Bulk email threshold & spam properties page that appears, configure the following settings:
- Bulk email threshold: Specifies the bulk complaint level (BCL) of a message that triggers the specified action for the Bulk spam filtering verdict that you configure on the next page (greater than the specified value, not greater than or equal to). A higher value indicates the message is less desirable (more likely to resemble spam). The default value is 7. For more information, see Bulk complaint level (BCL) in EOP and What's the difference between junk email and bulk email?.
By default, the PowerShell only setting MarkAsSpamBulkMail is On in anti-spam policies. This setting dramatically affects the results of a Bulk filtering verdict:
✑ MarkAsSpamBulkMail is On: A BCL that's greater than the threshold is converted to an SCL 6 that corresponds to a filtering verdict of Spam, and the action for the Bulk filtering verdict is taken on the message.
✑ MarkAsSpamBulkMail is Off: The message is stamped with the BCL, but no action is taken for a Bulk filtering verdict. In effect, the BCL threshold and Bulk filtering verdict action are irrelevant.
- Increase spam score, Mark as spam
and Test mode: Advanced Spam Filter (ASF) settings that are turned off by default.
*
The Contains specific languages and from these countries settings are not part of ASF.
- Contains specific languages: Click the box and select On or Off from the drop down list. If you turn it on, a box appears. Start typing the name of a language in the box. A filtered list of supported languages will appear. When you find the language that you're looking for, select it. Repeat this step as many times
ֳ—
as necessary. To remove an existing value, click remove
next to the value.
- From these countries*: Click the box and select On or Off from the drop down list. If you turn it on, a box appears. Start typing the name of a country in the box. A filtered list of supported countries will appear. When you find the country that you're looking for, select it. Repeat this step as many times as necessary. To
ֳ—
remove an existing value, click remove
next to the value.
When you're finished, click Next.
6. On the Actions page that appears, configure the following settings:
- Message actions: Select or review the action to take on messages based on the following spam filtering verdicts:
✑ Spam
✑ High confidence spam
✑ Phishing
✑ High confidence phishing
✑ Bulk
- Retain spam in quarantine for this many days: Specifies how long to keep the message in quarantine if you selected Quarantine message as the action for a spam filtering verdict. After the time period expires, the message is deleted, and is not recoverable. A valid value is from 1 to 30 days.
- Add this X-header text: This box is required and available only if you selected Add X-header as the action for a spam filtering verdict. The value you specify is the header field name that's added to the message header. The header field value is always This message appears to be spam.
- Prepend subject line with this text: This box is required and available only if you selected Prepend subject line with text as the action for a spam filtering verdict. Enter the text to add to the beginning of the message's subject line.
- Redirect to this email address: This box is required and available only if you selected the Redirect message to email address as the action for a spam filtering verdict. Enter the email address where you want to deliver the message. You can enter multiple values separated by semicolons (;).
- Enable safety Tips: By default, Safety Tips are enabled, but you can disable them by clearing the checkbox.
- Enable zero-hour auto purge (ZAP): ZAP detects and takes action on messages that have already been delivered to Exchange Online mailboxes.
ZAP is turned on by default. When ZAP is turned on, the following settings are available:
✑ Enable ZAP for phishing messages: By default, ZAP is enabled for phishing detections, but you can disable it by clearing the checkbox.
✑ Enable ZAP for spam messages: By default, ZAP is enabled for spam detections, but you can disable it by clearing the checkbox.
When you're finished, click Next.
7. On the Allow & block list flyout that appears, you are able to configure message senders by email address or email domain that are allowed to skip spam filtering.
In the Allowed section, you can configure allowed senders and allowed domains. In the Blocked section, you can add blocked senders and blocked domains.
The steps to add entries to any of the lists are the same:
- Click the link for the list that you want to configure:
✑ Allowed > Senders: Click Manage (nn) sender(s).
✑ Allowed > Domains: Click Allow domains.
✑ Blocked > Senders: Click Manage (nn) sender(s).
✑ Blocked > Domains: Click Block domains.
- In the flyout that appears, do the following steps:
+

Click -
✑ Add senders or Add domains.
✑ In the Add senders or Add domains flyout that appears, enter the sender's email address in the Sender box or the domain in the Domain box. As you're typing, the value appears below the box. When you're finished typing the email address or domain, select the value below the box.
ֳ—
Repeat the previous step as many times as necessary. To remove an existing value, click remove
✑ next to the value.
When you're finished, click Add senders or Add domains.
- Back on the main flyout, the senders or domains that you added are listed on the page. To remove an entry from this page, do the following steps:
✑ Select one or more entries from the list. You can also use the Search box to find values in the list.
✑ After you select at least one entry, the delete icon appears
✑ Click the delete icon to remove the selected entries
When you're finished, click Done.
Back on the Allow & block list page, click Next when you're read to continue.
8. On the Review page that appears, review your settings. You can select Edit in each section to modify the settings within the section. Or you can click Back or select the specific page in the wizard.
When you're finished, click Create.
9. On the confirmation page that appears, click Done.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-worldwide
by PawelNotts at Sept. 19, 2022, 5:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PawelNotts
Highly Voted 1 year, 8 months ago
Would a simple mail flow rule not suffice? If recipient address contains @domain.name then silently drop the message without explanation. Job done.
upvoted 5 times
99redeyeflight
1 year, 8 months ago
"Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task." With that being said, mail flow rule would be simpler and to the point
upvoted 2 times
...
...
Nyamnyam
Most Recent 7 months, 2 weeks ago
Mail flow rule will be quicker to configure. Don't use Tenant Allow/Block List. Why? One reason with SCL=9 and the undetermined anti-spam policy is mentioned in comments below. Second reason: Users in the organization can't send email to these blocked domains. This is NOT what the task describes. It states that you must block incoming, aka delivery to your tenant.
upvoted 1 times
...
Forkbeard
1 year, 3 months ago
Spam filter, tenant allow/block list, and mail flow rule will all do the job. In practice I would choose Tenant Allow/Block Lists because that's where I would look if I were troubleshooting mail delivery from that domain.
upvoted 1 times
EGZAMSY
1 year, 3 months ago
Tenant Allow/Block Lists will only mark email as high confidence spam (SCL = 9). What happens to the messages is determined by the anti-spam policy that detected the message for the recipient. By default, it would get delivered to Junk folder. I would rather use Mail Flow Rules
upvoted 1 times
...
...
JoeGuan
1 year, 7 months ago
It would be simple to create a block list for whateverdomain.com security.microsoft.com > Policies & rules > Threat policies > Tenant Allow/Block List
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel