Microsoft 365 Fundamentals — Question 16

You are a Microsoft 365 administrator for a company.
Several users report that they receive emails which have a PDF attachment. The PDF attachment launches malicious code.
You need to remove the message from inboxes and disable the PDF threat if an affected document is opened.
Which feature should you implement?

Answer options

• A. Microsoft Exchange Admin Center block lists
• B. Sender Policy Framework
• C. Advanced Threat Protection anti-phishing
• D. zero-hour auto purge
• E. DKIM signed messages with mail flow rules

Correct answer: D

Explanation

The correct answer is D, zero-hour auto purge, which automatically removes harmful emails from user inboxes after they have been detected as a threat. Options A, B, C, and E do not provide the same immediate response to existing threats in users' inboxes, making them less effective for the scenario described.