Describe threat protection with Microsoft Defender XDR

Question 1

Microsoft Defender XDR

Answer 1

enterprise defense suite that protects against sophisticated cyberattacks

Question 2

t or f

With Microsoft Defender XDR, you can natively coordinate the detection, prevention, investigation, and response to threats across endpoints, identities, email, and applications.

Answer 2

true

Question 3

Microsoft Defender XDR allows admins to assess threat signals from

Answer 3

endpoints
applications
email
identities
to determine an attacks scope and impact

Question 4

Microsoft Defender XDR suite protects:

Answer 4

Endpoints with Microsoft Defender for Endpoint

Assets with Defender Vulnerability Management

Email and collaboration with Microsoft Defender for Office 365

Identities with Microsoft Defender for Identity

Applications with Microsoft Defender for Cloud Apps

Question 5

Endpoints with Microsoft Defender for Endpoint

Answer 5

unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.

Question 6

Assets with Defender Vulnerability Management

Answer 6

delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.

Question 7

Email and collaboration with Microsoft Defender for Office 365

Answer 7

safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.

Question 8

Identities with Microsoft Defender for Identity

Answer 8

uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Question 9

Applications with Microsoft Defender for Cloud Apps

Answer 9

comprehensive cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Question 10

subscribers to Microsoft Defender Threat Intelligence (Defender TI) can now access threat intelligence from

Answer 10

inside the Microsoft Defender portal

Question 11

Microsoft Defender TI helps streamline

Answer 11

security analyst triage, incident response, threat hunting, and vulnerability management workflows

Question 12

Microsoft Defender for Office 365

Answer 12

a seamless integration into your Office 365 subscription that provides protection against threats, like phishing and malware that arrive in email links (URLs), attachments, or collaboration tools like SharePoint, Teams, and Outlook

Question 13

t or f

Defender for Office 365 does not provides real-time views of threats

Answer 13

false. it does provide real time views of threats

Question 14

Microsoft Defender for Office 365 safeguards organizations against malicious threats by providing admins and security operations (sec ops) teams a wide range of capabilities

Answer 14

Preset security policies
Threat protection policies
Reports
Threat investigation and response capabilities
Automated investigation and response capabilities

Question 15

preset security policies

Answer 15

allow you to apply protection features to users based on Microsoft recommended settings

A use case for preset security policies is during installation

Question 16

Threat protection policies

Answer 16

define threat protection policies to set the appropriate level of protection for your organization

Question 17

Reports

Answer 17

view real time reports to monitor Microsoft Defender for Office 365 performance

Question 18

Threat investigation and response capabilities:

Answer 18

use leading-edge tools to investigate, understand, simulate, and prevent threats.

Question 19

Automated investigation and response capabilities

Answer 19

Save time and effort investigating and mitigating threats

Question 20

Microsoft Defender for Office 365 is available in two plans

Answer 20

Plan 1
Plan 2

Question 21

The security services of Defender for Office 365 are built on the core protections offered by

Answer 21

EOP - Exchange Online Protection

Question 22

EOP - Exchange Online Protection

Answer 22

helps prevent broad, volume-based, known attacks and is present in any subscription where Exchange Online mailboxes can be found

Question 23

Microsoft Defender for Office 365 P1 contains

Answer 23

EOP in it plus protects email and collaboration from zero-day malware, phish, and business email compromise

Question 24

Defender for Office 365 P2

Answer 24

contains P1 and EOP and adds post-breach investigation, hunting, response, automation, and training simulation.

The structure is cumulative.

Question 25

Microsoft Defender for Endpoint

Answer 25

a platform designed to help enterprise networks protect endpoints including laptops, phones, tablets, PCs, access points, routers, and firewalls.

Question 26

Microsoft Defender for Endpoint tech includes

Answer 26

Endpoint behavioral sensors
Cloud Security analytics
Threat intelligence

Question 27

Microsoft Defender for Endpoint includes

Answer 27

Core Defender Vulnerability Management
Attack Surface reduction
Next generation protection
Endpoint detection and response
Automated investigation and remediation (AIR)
Microsoft Secure Score for Devices
Microsoft Threat Experts
Management and APIs

Question 28

Core Defender Vulnerability Management:

Answer 28

use a risk based approach to the discovery, assessment, prioritization, and remediation of endpoint vulnerabilities and misconfigurations

Question 29

Attack surface reduction

Answer 29

first line defense in the stack

By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation.

also includes network protection and web protection, which regulate access to malicious IP addresses, domains, and URLs.

Question 30

Next generation protection

Answer 30

designed to catch all types of emerging threats

behavior based, heuristic, & real time antivirus protection

cloud delivered protection - includes near instant detection and blocking of new and emerging threats

dedicated protection and product updates - includes updates related to keeping Microsoft Defender Antivirus up to date

Question 31

Endpoint detection and response

Answer 31

Provides advanced attack detections that are near real time and actionable

Security analysts can prioritize alerts, see the full scope of a breach, and take response actions to remediate threats

Question 32

Automated investigation and remediation (AIR)

Answer 32

capabilities are designed to examine alerts and take immediate action to resolve breaches

significantly reduce alert volume, allowing security operations to focus on more sophisticated threats and other high-value initiatives

Question 33

Microsoft Secure Score for Devices

Answer 33

helps you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.

Question 34

Microsoft Threat Experts

Answer 34

provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.

Question 35

Management and APIs

Answer 35

offers an API model designed to expose entities and capabilities through a standard Microsoft Entra ID based authentication and authorization model

Question 36

t or f

Microsoft Defender for Endpoint also integrates with various components in the Microsoft Defender suite, and with other Microsoft solutions including Intune and Microsoft Defender for Cloud.

Answer 36

true

Question 37

How many plans are available for Microsoft Defender for Cloud?

Answer 37

2

plan 1 and plan 2

Question 38

t or f

Microsoft Defender for Cloud Apps delivers full protection for SaaS applications

Answer 38

true

Question 39

Microsoft Defender for Cloud Apps helps monitor and protect app data with

Answer 39

Fundamental cloud access security broker (CASB)

SaaS security posture management (SSPM)

Advanced threat protection

app to app protection

Question 40

Fundamental cloud access security broker (CASB)

Answer 40

acts as a gatekeeper to broker real-time access between your enterprise users and the cloud resources they use

Question 41

SaaS security posture management (SSPM)

Answer 41

enable security teams to improve the organization’s security posture

Question 42

Advanced threat protection

Answer 42

enabling powerful correlation of signal and visibility across the full kill chain of advanced attacks

Question 43

app to app protection

Answer 43

extending the core threat scenarios to OAuth-enabled apps that have permissions and privileges to critical data and resources

Question 44

Defender for Cloud Apps shows the full picture with

Answer 44

Identify
Assess
Manage

Question 45

t or f

Defender for Cloud Apps connects to SaaS apps to scan for files containing sensitive data uncovering which data is stored where and who is accessing it

Answer 45

true

Question 46

How can Defender for Cloud apps protect data?

Answer 46

apply a sensitivity label

block downloads to an unmanaged device

remove external collaborators on confidential files

Question 47

The Defender for Cloud Apps integration with Microsoft Purview also enables

Answer 47

security teams to leverage out-of-the-box data classification types in their information protection policies and control sensitive information with data loss protection (DLP) features.

Question 48

SaaS Security Posture Management (SSPM)

Answer 48

Defender for Cloud Apps automatically provides SSPM data in Microsoft Secure Score, for any supported and connected app

Question 49

Defender for Cloud Apps offers built in

Answer 49

adaptive access control (AAC)

Question 50

OAuth

Answer 50

an open standard for token-based authentication and authorization, enables a user’s account information to be used by third-party services, without exposing the user’s password

Question 51

Microsoft Defender for Identity

Answer 51

cloud based security solution

uses your on-premises Active Directory data (called signals) to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Question 52

Microsoft Defender for Identity provides security professionals managing hybrid environments functionality to:

Answer 52

monitor users, entity behavior, & activities with learning based analytics

protect user identities and credentials stored in AD

identify and investigate suspicious activities & advanced attacks

provide clear incident information on a simple timeline for fast triage

Question 53

t or f? Defender for Identity identifies anomalies with adaptive built in intelligence

Answer 53

true

Question 54

t or f

Defender for Identity gives insights into suspicious activities and events, revealing the advanced threats, compromised users, and insider threats facing your organization.

Answer 54

true

Question 55

kill chain:

Answer 55

reconnaissnce
compromised credentials
lateral movements
domain dominance

Question 56

Defender Vulnerability Management

Answer 56

delivers asset visibility, intelligent assessments, and built in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices

Question 57

t or f

Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk

Answer 57

true

Question 58

t or f

Defender Vulnerability Management built-in and agentless scanners continuously monitor and detect risk in your organization even when devices aren’t connected to the corporate network.

Answer 58

true

Question 59

what does consolidated inventories provide real time views of?

Answer 59

visibility into software & vulnerabilities

network share assessment

browser extensions assessment

digital certificates assessment

Question 60

Risk-based intelligent prioritization

Answer 60

focuses on emerging threats to align the prioritization of security recommendations with vulnerabilities currently being exploited in the wild and emerging threats that pose the highest risk

Question 61

Risk-based intelligent prioritization pinpoints

Answer 61

active breaches and protects high value assets

Question 62

Remediation request sent to IT

Answer 62

create a remediation task in Microsoft Intune from a specific security recommendation

Question 63

Block vulnerable applications

Answer 63

mitigate risk with the ability to block vulnerable applications for specific device groups

Question 64

Alternate mitigations

Answer 64

gain insights on other mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities

Question 65

Real time remediation status

Answer 65

real time monitoring of the status and progress of remediation activities across the organization

Question 66

You can use the vulnerability management capability in the Microsoft Defender portal to

Answer 66

view exposure score & Microsoft Secure Score

correlate endpoint detection and response (EDR)

select & track remediation options

select & track exception options

Question 67

Microsoft Defender Threat Intelligence (Defender TI)

Answer 67

helps streamline security analyst triage, incident response, threat hinting, and vulnerability management workflows

Question 68

Defender TI Articles

Answer 68

provide insight into threat actors, tooling, attacks, and vulnerabilities

Question 69

t or f

Defender TI Articles link actionable content and key indicators of compromise to help users take action

Answer 69

True

Question 70

Vulnerability articles

Answer 70

provide key context behind CVEs of interest

Question 71

t or f

Vulnerability Articles also include a Defender TI Priority Score and severity indicator (high, medium, low)

Answer 71

True

Question 72

Defender TI Priority Score

Answer 72

unique algorithm that reflects the priority of a CVE based on the Common Vulnerability Scoring System (CVSS) score, exploits, chatter, and linkage to malware

Question 73

internet data is categorized into two groups

Answer 73

traditional
advanced

Question 74

Traditional data sets

Answer 74

include Resolutions
WHOIS
SSL Certifications
Subdomains
DNS
Reserve DNS
Services

Question 76

How are Trackers, Components, Host Pairs, and Cookies data sets collected?

Answer 76

observing the Document Object Model (DOM) of web pages crawled.

Question 77

Defender TI provides proprietary reputation scores for any

Answer 77

host
domain
IP address

Question 78

Insights are meant to be

Answer 78

small facts or observations about a domain or IP address to determine if an indication is malicious, suspicious or benign

Question 79

Microsoft Defender portal combines

Answer 79

protection
detection
investigation
response to devices, identities, endpoints, email &collaboration and cloud apps in a central place

Question 80

Microsoft Defender portal is designed to

Answer 80

meet the needs of security teams
emphasize quick access to info
simpler layouts

Question 81

t or f

Through the Microsoft Defender portal you can view the security health of your organization.

Answer 81

true

Question 82

t or f

Microsoft defender portal is role based accessed

Answer 82

true

Question 83

What does it mean for Microsoft defender portal being role based accessed

Answer 83

every role will see cards that are more meaningful to their day to day jobs

Question 84

t or f

Admins can customize the navigation pane to show or hide functions and services based on their specific preferences

Answer 84

true

Question 85

t or f

Microsoft 365 services and apps create alerts when they detect a suspicious or malicious event or activity

Answer 85

true

Question 86

Selecting an incident name displays a summary of the incident and provides access to tabs with additional information, including:

Answer 86

full story of the attack - alerts, assets, remediation taken

all alerts
all assets
all automated investigations triggered
all the supported evidence and response

Question 87

Hunting

Answer 87

query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities

Question 88

T OR F

You can build custom detection rules and hunt for specific threats in your environment.

Answer 88

true

Question 89

threat intelligence

Answer 89

threat analytics
intel profiles
intel explorer

Question 91

secure score in Microsoft Defender for Cloud

Answer 91

measure of the security posture of your Azure subscriptions

Question 92

Secure score in the Microsoft Defender portal

Answer 92

measure of the security posture of the organization across your apps, devices, and identities.

Question 93

Learning hub

Answer 93

bubbles up official guidance from resources

Question 94

reports

Answer 94

security reports
specific reports - endpoints, email & collab

Question 95

A lead admin for an organization is looking to protect against malicious threats posed by email messages, links (URLs), and collaboration tools. Which solution from the Microsoft Defender XDR suite is best suited for this purpose?

Answer 95

Microsoft Defender for Office 365.

Question 96

A cloud access security broker (CASB) provides protection across 4 areas/pillars: visibility to detect all cloud services, data security, threat protection, and compliance. These pillars represent the basis of the Cloud App Security framework upon which Microsoft Defender for Cloud Apps is built. Which pillar is responsible for identifying and controlling sensitive information?

Answer 96

data security

Question 97

Which of the following is a cloud-based security solution that identifies, detects, and helps to investigate advanced threats, compromised identities, and malicious insider actions directed at your organization?

Answer 97

microsoft defender for identity

Question 98

Admins in the organization are using the Microsoft Defender portal every day. They want to quickly get an understanding of the organization’s current security posture. Which capability in the Microsoft Defender portal will they use?

Answer 98

secure score

Question 99

Your security and IT teams want to implement a solution that helps address critical vulnerabilities and misconfigurations across your organization. Which solution in the Microsoft Defender XDR suite can help address these requirements?

Answer 99

Microsoft Defender Vulnerability Management.