Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC-200 2024 Update > Investigations > Flashcards

Investigations Flashcards

1
Q

What are the automated investigation and remediation (AIR) levels in Defender for Endpoint?

A
  • Non protected
  • Semi- require approval for any remediation
  • Semi- require approval for non-temp folders
  • Semi- require approval for Core folders
  • Full – Remediate threats automatically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What functionalities does the Action Center offer in terms of managing investigations?

A

The Action center keeps track of all the investigations that were initiated automatically, along with details, such as investigation status, detection source, and any pending or completed actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does the Action Center handle additional alerts generated from a device while an investigation is ongoing?

A

While an investigation is running, any other alerts generated from the device are added to an ongoing automated investigation until that investigation is completed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

If the same malicious file was detcted on the any other devices during the investigation, how will the automated investigation handle that?

A

If the same threat is seen on other devices, those devices are added to the investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How are threats remediated by AIR?

A

Every triggred alert gets a vetrtict. Verdicts are then assigned to each piece of evidence investigated, categorized as Malicious, Suspicious, or No Threats Found. These verdicts may prompt one or multiple remediation actions, such as quarantining a file, stopping a service, or removing a scheduled task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What factors affect whether a Vertic is flagged as Malicious, Suspicious, or No threats found?

A

. Type of threat

. Resulting verdict

. How the organization’s device groups are
configured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which action sources are possibly found in the action center?

A

.Manual device action

.Manual email action

.Automated device action

.Automated email action

.Advanced hunting action

.Explorer action

.Manual live response action

.Live response action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some examples of Automated device action?

A

An automated action taken on an entity, such as a file or process. Examples of automated actions include sending a file to quarantine, stopping a process, and removing a registry key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SC-200 2024 Update (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions