Implement and Manage Threat Protection - Questions

Question 1

Office 365 ATP Plan 1 comes with ___.

Office 365 ATP Plan 2 comes with ___.

Answer 1

O365 ATP Plan 1 comes with real-time detections.

O365 ATP Plan 2 comes with the Threat Mgmt Explorer.

Question 2

What are the Threat Trackers and what license is required?

Answer 2

Widgets that can provide more information on global threats to keep admin informed about what is happening across cyber security.
-> Required O365 ATP Plan 2

Question 3

How do you access O365 ATP incidents?

Answer 3

Security & Compliance Portal

• > Threat Management
• > Review
• > Incidents

Question 4

What license is required for using Attack Simulator? What 3 tools are included?

Answer 4

Required O365 ATP Plan2
->3 tools
1. Spear Phishing
2. Brute-force password attack (dictionary attack)
3. Password Spray Attack
MFA is required for your account before launching any attacks

Question 5

How do you access the Attack Simulator?

Answer 5

in Security & Compliance at protection.office.com

• > choose Threat Mgmt
• > Attack Simulator

Question 6

What is Azure Sentinel?

Answer 6

It is a next-generation SIEM because it includes the ability to respond automatically to events using Playbooks, bringing Security Orchestration Automated Response (SOAR)

Question 7

What is needed to implement Azure Sentinel?

Answer 7

• > An Active Azure Subscription
• > A Log Analytics Workspace
• > At least Contributor permissions to the Azure Subscription
• > At least Contributor or Reader permissions on the Resource group to which Workspace belongs

Question 8

How do you access Azure Sentinel?

Answer 8

Azure Portal portal.azure.com

• > in Search field type “Azure Sentinel”
• > select Add
• > select or create Workspace
• > select Add Azure Sentinel
• > click Data Connectors
• > select Data Connectors
• > click Open Connector Page to configure Connector