Exam MS-500 topic 2 question 20 discussion

C for sure. Only supported on EXO. Btw, MFA is to create and manage campaings.

A for sure *Your account needs to be configured for multi-factor authentication (MFA) to create and manage campaigns in Attack Simulator. For instructions, see Set up multi-factor authentication. *Attack Simulator only works on cloud-based mailboxes.

MFA (Multi-Factor Authentication) is not a requirement to use Attack Simulator in Microsoft Defender for Office 365. Attack Simulator can be used to simulate phishing and spear-phishing attacks regardless of whether MFA is enabled or disabled for user accounts. Thus, the Answer is C.

A. User3 only. Microsoft 365 Attack Simulator can be used to simulate phishing and other attacks against users in order to assess their security awareness and resilience. However, Attack Simulator requires certain prerequisites to be met, specifically the availability of Exchange Online mailboxes and the user's MFA status. In this scenario, User3 is the only user who meets both prerequisites. User3 has a mailbox in Microsoft Exchange Online, and MFA is enabled for this user. Therefore, you can use Attack Simulator against User3 to assess their response to simulated attacks. User1 is an on-premises Exchange Server user with MFA enabled, which does not meet the requirement of having a mailbox in Exchange Online. User2 is an on-premises Exchange Server user with MFA disabled, which does not meet the requirement of having MFA enabled. User4 is a Microsoft Exchange Online user, but MFA is disabled for this user, which does not meet the requirement of having MFA enabled.

It could be B, as per documentation: "Attack simulation training supports on-premises mailboxes, but with reduced reporting functionality. " -> https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide#what-do-you-need-to-know-before-you-begin

The links posted don't give any requirements, I thought MFA was a requirement and only that, mailbox AI is online only, for me even B woudl be correct, as it seems to not mention MFA/Mailbox type online anywhere!

I thought it was A but after some research C is correct. It used to be A.

Attack Simulator requires Exchange Online. It doesn't require MFA for the users.

Requirements for Attack simulator Your organization has Office 365 Threat Intelligence, with Attack simulator visible in the Security & Compliance Center (go to Threat management > Attack simulator) Your organization's email is hosted in Exchange Online. (Attack simulator is not available for on-premises email servers.) You are an Office 365 global administrator Your organization is using Multi-factor authentication for Office 365 users ANS:A

C is correct!

Only supported on EXO. MFA is to create and manage attack campaings.

It's most definitely C.

Definitely C. It is not asking about who is running Attack Simulator but who that admin is running it AGAINST. Those users need EXO.

ANSWER IS C 1) "MFA is only required for the admin who initiates the Attack Simulator" 2) "Attack Simulator only works on CLOUD-BASED mailboxes" The question clearly asks us to "identify the users against which you can use Attack Simulator". Hate the phrashing but they're asking who are our targeted users? Who are our victims? To be our test dummies, the user mailboxes MUST be cloud based. Regarding MFA, this is only relevant to the admins who CREATE/MANAGE the simulations. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide

I don't get the confusion on this one. C is the definitely the correct answer. If it were asking who could manage the Attack Simulation campaign why would it include the mailbox type being on-prem or EXO? As an admin your only requirement to manage the campaigns is to have MFA on your account. You don't need any mailbox what so ever. The question is clearly asking what users you can run the campaign against. As in who will be targeted. In this case it will be C. As the requirement to run the campaign is just to have EXO. MFA is only required on the Admin running the campaign. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide#what-do-you-need-to-know-before-you-begin

For me A is correct (User 3 only), because Attack Simulator only works on cloud-based mailboxes and with MFA enabled.