You are a Microsoft 365 administrator for a company.
You need to identify security vulnerabilities by using the Office 365 Attack Simulator.
Which three attack simulations are available? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
The Office 365 Attack Simulator provides three specific types of attack simulations for identifying security vulnerabilities: Brute-force password, Password-spray, and Display name spear-phishing. Brute-force password attacks involve trying numerous combinations of characters to guess a user's password. Password-spray attacks involve attempting a small set of commonly used passwords against many accounts. Display name spear-phishing involves sending phishing emails that appear to come from known contacts with the aim of tricking users into divulging sensitive information. Denial-of-service and Cross-site scripting are not available attack simulations in the Office 365 Attack Simulator.
The Office 365 Attack Simulator provides various attack simulations to help administrators identify and remediate security vulnerabilities in their organization. Here are the three attack simulations available: A. Brute-force password: This attack simulation attempts to guess a user's password by repeatedly trying different combinations of characters until the correct password is found. C. Password-spray: This attack simulation attempts to use a small number of commonly used passwords to gain access to multiple accounts. E. Display name spear-phishing: This attack simulation sends a phishing email to targeted users that appears to be from someone they know, but the email address is spoofed. The goal is to trick users into divulging sensitive information, such as usernames and passwords.
Note that Denial-of-service (DoS) and Cross-site scripting (XSS) are not available as attack simulations in the Office 365 Attack Simulator. DoS is a type of attack that attempts to overwhelm a server or network with traffic to render it unusable, while XSS is a type of attack that injects malicious code into a web page viewed by other users.
Apparently the Attack Simulator referenced in the question is now retired. It is now called Attack simulation training at https://security.microsoft.com/attacksimulator?viewid=overview. No idea what that means for the test.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide ACE are the right options
Correct answer
Is this Dump Still valid ?
I have been through the links and cant see any reference to Brute-force password or Password-spray. But 'spear-phishing' is an available option.
Just a question, has anyone used the AI tools to check these answers lately?
Now called Attack simulation training
https://www.enowsoftware.com/solutions-engine/m365-exchange-online-center/office-365-attack-simulator - according to this the answers are correct
this is correct, just posted 3/17/21: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide
ACE is correct