Impersonation Protection's high-risk employee analysis...

... identifies users that are potential targets for spear phishing attacks.

 ... uses SPF and DKIM.

Impersonation Protection can identify novel variants of spearphishing attacks by training an

algorithm to detect unusual elements in emails,

False

 True

Administrators can configure "allowed senders" which are exempted from Impersonation
Protection mechanisms.

True

 False

You can change how Impersonation Protection handles detected spearphishing attacks.

False, detected spearphishing attacks will be moved to the recipient's Junk Email folder.

 False, detected spearphishing attacks will be deleted immediately.

 True, there are different options on how Impersonation Protection will handle detected

spearphishing attacks.
What tasks are NOT possible when creating an account takeover incident?

Impersonation Protection provides a list of tasks you need to perform on Microsoft 365 to secure the
account.

 The affected user is suspended from being able to send email.

 The identified malicious emails can be removed from the user's mailboxes.

 The identified malicious emails can be copied to the user's Junk folder.

Impersonation Protection reads data via...

 ...routing incoming and outgoing mail traffic through Impersonation Protection.

 ...PowerShell.

 ...API.

 ...mail journaling.

Which of the following are NOT indicators of a positive result for spearphishing analysis on an
email?

Confidence

 Key Indicators

 Intent Score

 New answer...

Impersonation Protection Reporting...

Mark all correct answers.

...is updated every 24 hours.

 ...is updated every 20 minutes.

 ...shows attacks over time.

 ...provides insights into impersonation and Business Email Compromise (BEC) attacks.

Impersonation Protection is available...

...in any public cloud.

 ...as a virtual machine.

 ...as a Barracuda Networks subscription.

  ...as a hardware appliance in different sizes.

Analysis provided for each spearphishing attack detected by Impersonation Protection provides
the type of attack (for example, Extortion). Which heading in the alert provides these details?

Confidence

 Determination

 Severity

The dangers of domain fraud include which of the following scenarios?

Mark all correct answers.

A company's reputation can be damaged.

 Attackers can impersonate someone within the company using the fraudulent domain.

 Hijacked domains can be used to send malware or phishing mails.

 Attackers can log into the mail accounts of the domains users.

Senders can be allowlisted so they will not be included in Impersonation Protection coverage.

True

 False

Account Takeover Protection allows you to check suspicious MS365 sign-ins.

False

 True

What does Impersonation Protection NOT protect against?

Account takeover.

 Network attacks.
  Spearphishing attacks.

Impersonation Protection's Account Takeover Protection Alerts are triggered by every sign-in of
your Microsoft 365 users.

True

 False

An administrator can manually create a new Incident from within any reporting screen in the
Account Takeover section of the Impersonation Protection user interface.

True

 False

If your Microsoft 365 tenant is routing mail via Email Gateway Defense, an email triggering an
alert in Impersonation Protection also triggers a marker in Email Gateway Defense Message
Log.

False

 True

Impersonation Protection's Account Takeover protection...

Mark all correct answers.

...shows alerts for suspicious sign-ins and inbox rules.

 ...deletes compromised email from internal users' inboxes.

 ...can send notifications to external users.

How are spearphishing attacks identified by Impersonation Protection?

By checking the sender reputation.

 By looking at the normal communication patterns within your organization, and checking if this

email looks suspicious.

  By applying a spam score.

An attacker can use hijacked accounts to...

Mark all correct answers.

...launch social engineering attacks.

 ...initiate transactions.

 ...use stolen accounts for (spear) phishing.

 ...gather sensitive information.

Account Takeover Protection is the part of Impersonation Protection that can collect and
combine information regarding...

...suspicious emails received by your users.

 ...suspicious emails sent by your Microsoft 365 users.

The Email Threat Scanner...

Mark all correct answers.

... is used to quarantine mail and force users to reset their passwords.

 ... shows the top fraud domains.

 ... shows phishing threats already received by the users in your Microsoft 365 tenant.

 ... shows top recipients of fraudulent mails.

Spearphishing alerts can be used to search for threats which may already exist in your tenant,
using interconnectivity with Incident Response.

False

 True

The primary function of Impersonation Protection is:

 Detect attacks before they arrive at the users' inbox.

 Remediate attacks after they have arrived at the users' inbox.

 Filter all email for spam and malware and block these before delivery.

The term "domain fraud" describes...

...attackers using social engineering to get access to sensitive data.

 ...hackers or spammers sending messages from a fake domain.

 ...hackers exploiting known backdoors in email security systems.

The maximum reporting period for sign-ins to the Microsoft 365 tenant is...

...1 month

 ...7 days

 ...24 hours

 ...96 hours

Administrators can opt to leave emails which trigger spearphishing alerts in their users' inboxes.

True

 False

The Impersonation Protection Real Time AI protects against which of the following?

Wrong answer

 Spearphishing