You have a Microsoft 365 tenant that uses Microsoft Exchange Online and Microsoft Defender for Office 365. What should you use to identify whether zero-hour auto purge (ZAP) moved an email message from the mailbox of a user?
A.
the Threat Protection Status report in Microsoft Defender for Office 365
B.
the mailbox audit log in Exchange
C.
the Safe Attachments file types report in Microsoft Defender for Office 365
A) answer refers to Threat Explorer
To determine if ZAP moved your message, you have the following options:
Number of messages: Use the Mailflow view in the Mailflow status report to see the number of ZAP-affected messages for the specified date range.
Message details: Use Threat Explorer (and real-time detections) to filter All email events by the value ZAP for the Additional action column.
answer D (Exchange mailflow) ≠ Mailflow view in the Mailflow status report
Yes, the answer D said "mail flow report in Exchange", this is not the same as "Mail Status Report" at Microsoft Defender for Office 365.
A is correct as per: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-worldwide#threat-protection-status-report
"The report provides the count of email messages with malicious content, such as files or website addresses (URLs) that were blocked by the anti-malware engine, zero-hour auto purge (ZAP), and Defender for Office 365 features like Safe Links, Safe Attachments, and impersonation protection features in anti-phishing policies."
To determine if ZAP moved your message, you have the following options:
• Number of messages: Use the Mailflow view in the Mailflow status report to see the number of ZAP-affected messages for the specified date range.
• Message details: Use Threat Explorer (and real-time detections) to filter All email events by the value ZAP for the Additional action column.
D should be.,=
While the Threat Protection Status report in Microsoft Defender for Office 365 provides an overview of threats detected and actions taken, it doesn't specifically track individual email movements caused by zero-hour auto purge (ZAP).
The mailbox audit log in Exchange is more precise for this purpose because it logs detailed actions on emails, including those moved by ZAP. This allows you to see exactly when and why an email was moved from a user's mailbox.
It is the Mailbox Audit Log and all the other answers are wrong:
Zero-hour auto purge (ZAP) is a feature in Exchange Online Protection (EOP) that detects and removes emails containing malware even after they have been delivered to mailboxes.
Correct seems to be A based on provided article. Section: How to see if ZAP moved your message.
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide
B - does not make sense to check Safe Attachments when we're looking for mails.
C & D: ZAP is not logged in the Exchange mailbox audit logs as a system action.
Yes.. The correct option to identify whether ZAP moved an email message from the mailbox of a user is the Threat Protection Status report in Microsoft Defender for Office 365. This report provides information about the actions taken by Microsoft Defender for Office 365, including ZAP, to protect the tenant against malicious email messages.
The zero-hour auto purge (ZAP) is not logged as a system action in the Exchange mailbox audit logs. So B is incorrect.
To determine if ZAP moved your message, you can use either the Threat Protection Status report or Threat Explorer (and real-time detections).
So the answer is - A
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide
Correct Answer,
Just check this https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide#how-to-see-if-zap-moved-your-message
A by process of elimination.
Not the following:
b = ZAP is not logged as system action in auditlog in exchange
c = The Safe attachment file types report has been deprecated and is now replaced by the Threat Protection Status Report.
d= The mail flow report in "Exchange". Not the "Mail Flow status Report". The mail flow reports in "Exchange" are not relevant here.
Keyword here is 'an' email message. Not how many email messages.
Number of messages: Use the Mailflow view in the Mailflow status report to see the number of ZAP-affected messages for the specified date range.
Message details: Use Threat Explorer (and real-time detections) to filter All email events by the value ZAP for the Additional action column.
To check 'an email', use Threat Explorer first
The answer is A. The mail flow report does show the flow of all mail on aggregate - so you do see the number of mails moved by ZAP - but the questions state a mail from a specific user - that you see in the Threat Explorer.
it should be D the mail flow report in Exchange .
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide#how-to-see-if-zap-moved-your-message
upvoted 5 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
us3r
Highly Voted 2 years, 7 months agovincenttoolate
2 years, 5 months agordy4u
Highly Voted 2 years, 7 months agoHAjouz
Most Recent 1 day, 23 hours agoNikki0222
1 month, 2 weeks agochepeerick
1 year, 1 month agoOryx360
1 year, 3 months agodanlo
1 year, 1 month agoAnko6116
1 year, 10 months agoLone__Wolf
1 year, 10 months agoUmarCyber
1 year, 10 months agoRamkid
1 year, 11 months agoAbdulMueez
2 years, 1 month agoMetasploit
2 years, 1 month agoamsioso
2 years, 3 months agoWhatsamattr81
2 years, 4 months agoprjreddit
2 years, 4 months agoMthaher
2 years, 7 months ago