Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsMS-102TopicsManage security and threats by using Microsoft Defender XDR
Free · No Signup RequiredMicrosoft · MS-102

MS-102 Manage security and threats by using Microsoft Defender XDR Practice Questions

20+ practice questions focused on Manage security and threats by using Microsoft Defender XDR — one of the most tested topics on the Microsoft 365 Administrator MS-102 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Manage security and threats by using Microsoft Defender XDR Practice

Exam Domains

Deploy and manage a Microsoft 365 tenantImplement and manage Microsoft Entra identity and accessManage security and threats by using Microsoft Defender XDRManage compliance by using Microsoft PurviewManage users, groups, licensing, and supportImplement and manage identity and access in Microsoft Entra IDAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Manage security and threats by using Microsoft Defender XDR Questions

Practice all 20+ →
1.

A security administrator needs a single console to investigate and respond to a complex incident involving alerts from endpoints, email, and identities. Which Microsoft portal should they use?

A.Microsoft 365 Defender portal
B.Microsoft Sentinel
C.Microsoft Defender for Cloud
D.Microsoft 365 compliance center

Explanation: The Microsoft 365 Defender portal (security.microsoft.com) is the correct choice because it provides a unified incident management console that correlates alerts from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Defender for Identity. This allows the security administrator to investigate and respond to a complex incident spanning endpoints, email, and identities from a single pane of glass, leveraging automated investigation and response (AIR) capabilities.

2.

An organization uses Microsoft Defender for Cloud Apps to monitor shadow IT. They want to enforce policies that block downloads from risky cloud apps. Which Microsoft Defender XDR component provides this capability?

A.Microsoft Defender for Cloud Apps
B.Microsoft Defender for Endpoint
C.Microsoft Defender for Identity
D.Microsoft Defender for Office 365

Explanation: Microsoft Defender for Cloud Apps is the correct component because it is specifically designed to provide visibility into shadow IT and enforce policies on cloud applications. Its 'Governance' actions include blocking downloads from risky apps by integrating with the cloud app's API to prevent data exfiltration, which directly addresses the requirement.

3.

An organization wants to prevent users from running executable files from the Windows Temp folder. Which Microsoft Defender for Endpoint capability should be configured?

A.Attack surface reduction rules
B.Network protection
C.Exploit protection
D.Controlled folder access

Explanation: Attack surface reduction (ASR) rules are a Microsoft Defender for Endpoint capability that can block executable files from running from specific locations, such as the Windows Temp folder. Rule GUID 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 specifically targets this behavior by preventing executables and scripts from launching from temporary folders. This is the correct capability because ASR rules are designed to reduce the attack surface by controlling common malware entry points and persistence mechanisms.

4.

A security team wants to automatically investigate and respond to security incidents across endpoints, email, and identities without manual intervention. Which Microsoft Defender XDR capability provides this automation?

A.Automated investigation and response (AIR)
B.Advanced hunting
C.Threat analytics
D.Attack surface reduction rules

Explanation: Automated investigation and response (AIR) is the Microsoft Defender XDR capability that automatically investigates alerts and takes remediation actions across endpoints, email, and identities without manual intervention. It uses playbooks and machine learning to triage incidents, determine scope, and apply actions like isolating devices or deleting malicious emails.

5.

A security administrator notices that users are receiving phishing emails that evade built-in anti-spam filters. The administrator wants to enable users to report these suspicious emails from Outlook and have them automatically trigger an investigation and block the sender. Which feature should be configured in Microsoft Defender for Office 365?

A.Attack simulation training
B.Threat Explorer
C.User reported settings in the Microsoft 365 Defender portal
D.Safe Links

Explanation: User reported settings in the Microsoft 365 Defender portal allow administrators to configure how user-reported messages are handled. When enabled, users can report suspicious emails directly from Outlook, and these reports can automatically trigger an investigation and block the sender via automated investigation and response (AIR) policies. This directly addresses the requirement to have user-reported emails initiate security actions.

+15 more Manage security and threats by using Microsoft Defender XDR questions available

Practice all Manage security and threats by using Microsoft Defender XDR questions

How to master Manage security and threats by using Microsoft Defender XDR for MS-102

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Manage security and threats by using Microsoft Defender XDR. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Manage security and threats by using Microsoft Defender XDR questions on the MS-102 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many MS-102 Manage security and threats by using Microsoft Defender XDR questions are on the real exam?

The exact number varies per candidate. Manage security and threats by using Microsoft Defender XDR is tested as part of the Microsoft 365 Administrator MS-102 blueprint. Practicing with targeted Manage security and threats by using Microsoft Defender XDR questions ensures you can handle any format or difficulty that appears.

Are these MS-102 Manage security and threats by using Microsoft Defender XDR practice questions free?

Yes. Courseiva provides free MS-102 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Manage security and threats by using Microsoft Defender XDR one of the harder MS-102 topics?

Difficulty is subjective, but Manage security and threats by using Microsoft Defender XDR is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Manage security and threats by using Microsoft Defender XDR practice session with instant scoring and detailed explanations.

Start Manage security and threats by using Microsoft Defender XDR Practice →

Topic Info

Topic

Manage security and threats by using Microsoft Defender XDR

Exam

MS-102

Questions available

20+