Data Loss Prevention Flashcards
What is the logic in case multiple rules apply?
The order in which they are listed defined the priority order. The lower the number, the higher the priority.
What is the logic in case multiple rules are matching?
The first rule with the most restrictive option is applied
What are the available options when crating a DLP policy?
(1) Available templates based on the SIT (can use the activity explorer to find which SIT are relevant) or (2) create a custom one
What are the limitations of OCR? (3)
Max 20MB for Teams/Exchange. Max 50MB for SP/OD/Enpoints. Images only between 50x50 and 16kx16k
Where are DLP policies being applied?
To locations, with the option to include/exclude particular users and groups
Which type of groups can be selected as part of the configuration of DLP policy?
Distribution groups, mail-enabled security groups, M365 Groups
What are the DLP rule settings? (3)
(1) conditions (2) actions (3) notification (4) user overrides (5) incident report
What are possible actions of a DLP rule?
1) Restrict access or encrypt the content in Microsoft 365 locations
2) (Devices only) Audit or restrict activities
3) (Exchange only) Many actions e.g. apply header, forward, add recipient, apply branding
Which rule should come last in a policy?
The most restrictive one, to avoid less restrictive rule overriding a stricter one
Which functionalities do Advanced DLP rules offer? (5)
(1) Customize the SIT to detect (2) Add exceptions (e.g., in case of many FP) (3) Severity level for incident reports (4) If there is a match for the rues, stop processing additional ones (only for Exchanges) (5) Change order of rules inside a policy
Which status can a DLP Alert take? (4)
Active, Investigating, Dismissed and Resolved
What does the default DLP policy defines?
It shows a policy tip and sends an email notification to users when they attempt to share outside of the organization (1) credit card number (2) source code (3) content under HIPAA (4) content containing Intellectual Property
What is Cloud Access Security Broker (CASB)?
It is a software/hardware acting as an intermediary between users and Cloud service providers. It allows companies to extend the reach of their security policies to the Cloud.
What is Microsoft Cloud App Security?
It is Microsoft’s CASB
Where can Microsoft Cloud App Security be accessed?
From the Security Portal (Defender)