Module quiz: Microsoft 365 Defender threat protection :Cybersecurity Solutions and Microsoft Defender (Microsoft Cybersecurity Analyst Professional Certificate) Answers 2025
1. How Microsoft 365 Defender prevents threats from escalating
❌ Separates domains
❌ Blocks only isolated threats
✅ Coordinates automatic defenses across all domains
❌ Only manages network alerts
Explanation:
Microsoft 365 Defender correlates signals across identity, email, endpoint, and cloud apps to stop attack progression.
2. Service designed to identify compromised identities
❌ Defender for Office 365
❌ Defender for Endpoint
✅ Microsoft Defender for Identity
❌ Defender for Cloud Apps
Explanation:
Defender for Identity detects identity-based attacks and compromised accounts.
3. What is an “incident” in Microsoft 365 Defender?
❌ System status report
✅ A correlated set of alerts providing attack context
❌ Single endpoint alert
❌ Identity-only alert
Explanation:
Multiple related alerts are grouped into one incident for easier investigation.
4. Feature that monitors for misconfigurations
✅ Defender Vulnerability Management
❌ Endpoint Discovery
❌ Threat Analytics
❌ Automated Investigation and Remediation
Explanation:
Vulnerability Management continuously checks for misconfigurations & weaknesses.
5. Purpose of Threat Analytics
✅ Provides threat intelligence reports on emerging threats
❌ Automatically manages vulnerabilities
❌ Restricts access to M365 services
❌ Removes malware automatically
Explanation:
Threat Analytics is an intel-driven research feed to help defenders prepare and respond.
6. Encryption method for internal hard drives
✅ Full Disk Encryption (BitLocker)
❌ File and Folder Encryption
❌ Cloud Storage Encryption
❌ BitLocker To Go
Explanation:
BitLocker protects local/internal drives, while BitLocker To Go is for removable media.
7. Factor added via MFA to enhance security
❌ Time-based access limits
❌ IP address restriction
❌ Scheduled sessions
✅ Biometric verification
Explanation:
MFA adds additional factors, including biometrics like fingerprint or face scan.
8. How Defender for Cloud Apps secures data movement
✅ Monitors and restricts data flow between cloud applications
❌ Tracks endpoint file changes
❌ Encrypts endpoint data
❌ Integrates only on-prem networks
Explanation:
It provides Cloud Access Security Broker (CASB) capabilities including data control.
9. Advantage of automation in Microsoft 365 Defender
✅ Reduces manual investigation via automated actions
❌ Encrypts all interactions
❌ Applies access controls
❌ Blocks all threats at perimeter
Explanation:
Automation handles investigation, containment, and remediation steps.
10. Role-management function in Defender portal
✅ Create custom roles with specific permissions
❌ Merge accounts
❌ Force all users to Viewer
❌ Auto-remove inactive accounts
Explanation:
Defender allows granular RBAC roles for security operations.
🧾 Summary Table
| Q | Correct Answer | Key Concept |
|---|---|---|
| 1 | Coordinates defenses across domains | Cross-domain protection |
| 2 | Defender for Identity | Identity compromise detection |
| 3 | Correlated set of alerts | Incidents |
| 4 | Defender Vulnerability Management | Misconfiguration monitoring |
| 5 | Threat intelligence reports | Threat Analytics |
| 6 | BitLocker | Disk encryption |
| 7 | Biometric verification | MFA |
| 8 | Monitors/restricts data flow | Cloud Apps CASB |
| 9 | Automated investigation | Automation |
| 10 | Custom security roles | RBAC |