20+ practice questions focused on Manage security and threats by using Microsoft Defender XDR — one of the most tested topics on the Microsoft 365 Administrator MS-102 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Manage security and threats by using Microsoft Defender XDR PracticeA security administrator needs a single console to investigate and respond to a complex incident involving alerts from endpoints, email, and identities. Which Microsoft portal should they use?
Explanation: The Microsoft 365 Defender portal (security.microsoft.com) is the correct choice because it provides a unified incident management console that correlates alerts from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Defender for Identity. This allows the security administrator to investigate and respond to a complex incident spanning endpoints, email, and identities from a single pane of glass, leveraging automated investigation and response (AIR) capabilities.
An organization uses Microsoft Defender for Cloud Apps to monitor shadow IT. They want to enforce policies that block downloads from risky cloud apps. Which Microsoft Defender XDR component provides this capability?
Explanation: Microsoft Defender for Cloud Apps is the correct component because it is specifically designed to provide visibility into shadow IT and enforce policies on cloud applications. Its 'Governance' actions include blocking downloads from risky apps by integrating with the cloud app's API to prevent data exfiltration, which directly addresses the requirement.
An organization wants to prevent users from running executable files from the Windows Temp folder. Which Microsoft Defender for Endpoint capability should be configured?
Explanation: Attack surface reduction (ASR) rules are a Microsoft Defender for Endpoint capability that can block executable files from running from specific locations, such as the Windows Temp folder. Rule GUID 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 specifically targets this behavior by preventing executables and scripts from launching from temporary folders. This is the correct capability because ASR rules are designed to reduce the attack surface by controlling common malware entry points and persistence mechanisms.
A security team wants to automatically investigate and respond to security incidents across endpoints, email, and identities without manual intervention. Which Microsoft Defender XDR capability provides this automation?
Explanation: Automated investigation and response (AIR) is the Microsoft Defender XDR capability that automatically investigates alerts and takes remediation actions across endpoints, email, and identities without manual intervention. It uses playbooks and machine learning to triage incidents, determine scope, and apply actions like isolating devices or deleting malicious emails.
A security administrator notices that users are receiving phishing emails that evade built-in anti-spam filters. The administrator wants to enable users to report these suspicious emails from Outlook and have them automatically trigger an investigation and block the sender. Which feature should be configured in Microsoft Defender for Office 365?
Explanation: User reported settings in the Microsoft 365 Defender portal allow administrators to configure how user-reported messages are handled. When enabled, users can report suspicious emails directly from Outlook, and these reports can automatically trigger an investigation and block the sender via automated investigation and response (AIR) policies. This directly addresses the requirement to have user-reported emails initiate security actions.
+15 more Manage security and threats by using Microsoft Defender XDR questions available
Practice all Manage security and threats by using Microsoft Defender XDR questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Manage security and threats by using Microsoft Defender XDR. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Manage security and threats by using Microsoft Defender XDR questions on the MS-102 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Manage security and threats by using Microsoft Defender XDR is tested as part of the Microsoft 365 Administrator MS-102 blueprint. Practicing with targeted Manage security and threats by using Microsoft Defender XDR questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free MS-102 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Manage security and threats by using Microsoft Defender XDR is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Manage security and threats by using Microsoft Defender XDR practice session with instant scoring and detailed explanations.
Start Manage security and threats by using Microsoft Defender XDR Practice →