Data Loss Prevention Flashcards

1
Q

What is the logic in case multiple rules apply?

A

The order in which they are listed defined the priority order. The lower the number, the higher the priority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the logic in case multiple rules are matching?

A

The first rule with the most restrictive option is applied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the available options when crating a DLP policy?

A

(1) Available templates based on the SIT (can use the activity explorer to find which SIT are relevant) or (2) create a custom one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the limitations of OCR? (3)

A

Max 20MB for Teams/Exchange. Max 50MB for SP/OD/Enpoints. Images only between 50x50 and 16kx16k

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Where are DLP policies being applied?

A

To locations, with the option to include/exclude particular users and groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of groups can be selected as part of the configuration of DLP policy?

A

Distribution groups, mail-enabled security groups, M365 Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the DLP rule settings? (3)

A

(1) conditions (2) actions (3) notification (4) user overrides (5) incident report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are possible actions of a DLP rule?

A

1) Restrict access or encrypt the content in Microsoft 365 locations
2) (Devices only) Audit or restrict activities
3) (Exchange only) Many actions e.g. apply header, forward, add recipient, apply branding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which rule should come last in a policy?

A

The most restrictive one, to avoid less restrictive rule overriding a stricter one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which functionalities do Advanced DLP rules offer? (5)

A

(1) Customize the SIT to detect (2) Add exceptions (e.g., in case of many FP) (3) Severity level for incident reports (4) If there is a match for the rues, stop processing additional ones (only for Exchanges) (5) Change order of rules inside a policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which status can a DLP Alert take? (4)

A

Active, Investigating, Dismissed and Resolved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the default DLP policy defines?

A

It shows a policy tip and sends an email notification to users when they attempt to share outside of the organization (1) credit card number (2) source code (3) content under HIPAA (4) content containing Intellectual Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Cloud Access Security Broker (CASB)?

A

It is a software/hardware acting as an intermediary between users and Cloud service providers. It allows companies to extend the reach of their security policies to the Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Microsoft Cloud App Security?

A

It is Microsoft’s CASB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Where can Microsoft Cloud App Security be accessed?

A

From the Security Portal (Defender)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is PowerPlatform Connector?

A

A connector is a proxy or a wrapper around an API that allows the underlying service to talk to Microsoft Power Automate, Microsoft Power Apps, and Azure Logic Apps

17
Q

Which OS are supported by Endpoint DLP?

A

Windows 10 (and later) and macOS

18
Q

Which browser support Endpoint DLP rules for website access?

A

Edge and Chrome if you have the Purview extension for Chrome

19
Q

What are some Endpoint DLP actions?

A

Audit and restrict
1) Upoad to cloud service
2) Copy to USB, network share, remote session, bluetooth devide, clipboard
3) Paste to supported browser
4) Print document
5) Access by unallowed browser

Audit only
Create or rename item

20
Q

How can the Purview extension for Chrome be installed (3)?

A

(1) Group Policy (2) Intune (3) Manually on each machine

21
Q

How can you onboard devices to Endpoint DLP (5)?

A

(1) Group Policy (2) Endpoint manager (3) VDI (4) Intune (5) Local scripty

22
Q

How can you monitor DLP activity (2)?

A

(1) Purview > Alerts (2) DLP > Activity Explorer

23
Q

How many days of history does the DLP Activity Explorer contains?

A

30 days

24
Q

Which events are the DLPRuleMatch paired with?

A

User activity events

25
Q

Where can you manage DLP alerts?

A

Purview or Defender (where they are automatically combined into incidents)

26
Q

Where can you create DLP policies for non-Microsoft cloud apps? (3)

A

1) File policies in Defender for Cloud Apps
2) File policies in Defender
3) DLP policies in Purview, selecting Defender for Cloud Apps as the location

27
Q

What do you need to perform prior to creating file policies in Defender for Cloud Apps?

A

Activate file monitoring

28
Q

If you create a file policy in Defender for Cloud Apps, where will the alerts appear?

A

In Defender for Cloud Apps

29
Q

If you create a DLP policy in Purview with Defender for Cloud Apps as a location, where will the alerts appear?

A

In regular DLP reports