Manage & Protect Flashcards

1
Q

What does Windows Defender ATP stand for?

A

Windows Defender Advanced Threat Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where are two places you can get Windows Defender ATP?

A

Windows 10 Enterprise/Education E5 Subsciption

Part of Microsoft Threat Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can you find the Security portal in Azure?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Six features of Windows Defender ATP?

A

Threat Vulnerability
-Constantly looking at your system for vulnerabilities

Attack Surface Reduction
-Example by not running services Organisation does not need

Endpoint Detection

Automated Remediation
-Attack is detected and ATP takes steps to eradicate

Secure Score
-x/100. Represents how secure your Infrastructure is overall

APIs
-Makes it easy to implement in your existing security workflows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does Credential Guard do?

A

Virtualizes security of credentials, meaning the credential is separated from the OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Requirements of Credential Guard

A

Virtulization
-64 Bit Cpu

Secure Boot

TMP 1.2 or 2.0

UEFI Lock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are 3 ways you can configure Credential Guard?

A

Group Policy

Registry

Hardware Readiness Tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

4 Components for Exploit Guard?

A

Exploit Protection

Attack Surface Reduction Rules

Network protection

Controlled folder access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Do all 4 of the Exploit Guard rely on Windows Defender Antivirus? (Real Time protection)

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where can you locate the Virus Real Time protection settings?

A

Settings -> Updates & Security -> Windows Security -> Virus & Threat Protection settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can you use an Evaluation Tool for Exploit Guard to see if it is right for your environment?

A

Yes through scrips provided by Microsoft, an audit mode and a Windows defender Test Ground

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does Application Control Limit?

A

Apps

Scripts including Powershell

MSIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Two ways to configure Windows Defender Application Control?

A

Group Policy

Intune

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the 2 components of the retired Windows Defender Device Guard?

A

Windows Defender Exploit Guard

Windows Defender Application Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the Windows Defender Application Guard protect within?

A

IE

Edge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do you turn on Windows Defender Application Guard?

A

Windows Feature on and Off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

If you upload On Prem AD to the cloud, does it become Azure AD?

A

No, when you upload On Prem AD it just stays in the cloud and acts as infrastructure as a service and receive the benefits of the cloud things.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Does Hybrid AD join Azure AD?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is an Azure Tenant?

A

Your instance of Azure AD when you sign up for the Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a Single Tenant?

A

You only access resources in your oganization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a Multi Tenant?

A

You access resources across organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is an Azure AD Acct?

A

Identity stored in Azure AD; Work or School account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a Custom Domain?

A

Domain other than onmicrosoft.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is an Acct Admin?

A

Billing owner of the subscription (classic)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a Service Admin?

A

Manage all resources (classic)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is an Owner?

A

Manage all resources (RBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is an Azure AD Global Admin?

A

Persons who created the Azure ad Tenant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a MSA?

A

Microsoft Account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a directory role?

A

A role within Azure such as admin roles and permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What do you get as part of the Azure AD Free License?

A

User & Group Management

On Prem directory sync

Basic Reports

SS0 - Azure, O365, SaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What do you get as part of the Azure AD Basic License?

A

All of Azure AD Free

Cloud-Centric app access

Azure AD Application Proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What do you get as part of the Azure AD Premium P1?

A

Hybrid users for On-Prem and cloud resource access

Advanced administration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What do you get as part of the Azure AD Premium P2?

A

Azure Directory Identity Protection

Privileged Identity Management (control what Admins can do)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What do you get as part of the “Pay as you go”

A

Pay as you go…

Azure AD Business to client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is the goal of device management in Azure AD?

A

To support a BYOD infrastructure and have “anytime, anywhere” availability and to protect corporate data

36
Q

What devices do Azure AD accomodate?

A

Windows

iOS

Anroid

macOS

37
Q

What does “registering” mean withing the Azure AD?

A

Providing an identity for a device (to enable or disable device)

MDM for security and compliance (Intune)

38
Q

What does “joining” mean withing the Azure AD?

A

An extension of registering (changes local state)

User logon using identity: Autopilot, bulk, self service

Designed for cloud but works with hybrid

Windows 10 ONLY

39
Q

What are the benefits of “joining” the Azure AD?

A

SSO

Roaming

Windows Store for Business

Windows Hello

Restriction of access

Seamless on-prem access

40
Q

What are the some use cases of “joining” the Azure AD?

A

Transitioning
-From On-Prem to Azure AD

On-Prem AD not possible

Users really just need O365 or other MS SaaS

Seasonal Workers, Contractors

41
Q

What are the some use cases of “joining” a Hybrid Azure AD?

A

SCCM & GP

Win32 apps might rely on traditional AD

You love imaging

Have a bunch of W7 or W8.1

42
Q

How would (4 way) devices authenticate before joining Azure AD in a Federated Environment?

A

Authenticate through two required protocols:
WS-Fed (join) and WS-Trust (login)

SAML
-Authentication through a web interface

Smartcards with AD Federation Services

Windows Hello for Business (recommendation)

43
Q

What does the MDM Migration Analysis Tool (MMAT) do?

A

Tells you what would happen if you transfer your Group Policies to Intune

44
Q

What should you use to manage your devices?

A

EITHER:

MDM-only (strongly recommened by Microsoft)

Co-management (Intune + SCCM)

MDM Migration Analysis Tool (MMAT)

45
Q

Ways to get device joined to Azure AD?

A

Self Service

  • User Interaction
  • OOBE
  • Default admin right when done this way
  • 1511+

Autopilot

  • User interaction
  • OOBE
  • CAN configure admin rights
  • 1709+

Bulk Enrollment

  • No user interaction
  • OOBE
  • No admin Rights
  • 1703+
46
Q

What options should you consider during your planning of Azure AD Join?

A

How devices authenticate to join Azure AD (eg. Federated Environments)

What will you use to manage devices (Either Intune or SCCM or both)

How devices are joined to Azure AD (Self Services, Autopilot or Bulk Enrollment)

47
Q

Where do you add a custom domain name in Azure?

A

Azure Active Directory -> Custom Domain Names

48
Q

Where can you add Groups in Azure? and what group types can you choose from?

A

Azure Active Directory -> Groups

Security or office 365

49
Q

How do you add groups/users to Azure AD?

A

Azure Active Directory -> Devices -> Device Settings

Click “users may join devices to Azure AD” and choose SELECTED

50
Q

How would a user join Azure AD by themselves?

A

Settings -> Accounts -> Access work or school|

“Join Azure Active Directory”

51
Q

What is required to be setup when joining the Azure AD on behalf on the user?

A

Windows Hello and MFA

52
Q

How do you enroll devices in Intune?

A

Azure Active Directory -> Mobility (MDM and MAM) -> Intune -> Configure

Change scope to “Some” and add the groups

Configure the user profile making sure usage location is filled

53
Q

Do you have to assign a License to a user to use Intune?

A

Yes, choose one of the licences that has Intune eg E3

54
Q

What does the app Company portal do?

A

Deploy company apps and configurations to users

55
Q

Where can you find documentation within Intune?

A

Azure -> Intune -> Quick Start

56
Q

Where can you change the default Compliance policy settings and should you?

A

Intune -> Device Compliance -> Compliance policy Settings

Yes you definitely should as devices with no compliance settings are set to compliant…by default..

57
Q

How do you check the hardware specifications of a device?

A

Intune -> Devices - All devices -> Click into device

Click on hardware

58
Q

Which Windows Analytics solution uses Windows diagnostic data to provide notification of Windows Information Protection misconfigurations that send prompts to end users?

A

Device Health

59
Q

Which components of Windows Defender Exploit Guard protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP through Windows Defender SmartScreen?

A

Network Protection

60
Q

What action does the Fresh Start reset feature in Intune perform on a PC running Windows 10, version 1703 or later?

A

Removes any apps that are installed

61
Q

Which component of Windows Intune creates a configuration profile that includes that best practices and recommendations on settings that impact security?

A

Security Baseline

62
Q

If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, what allows Microsoft Edge to open the site in an Isolated Hyper-V-enabled container, which is separate from the host operating system?

A

Windows Defender Application Guard

63
Q

What are the two ways to get devices enrolled in Intune?

A

Users can self-enroll their devices

You can configure policies to force automatic enrollment without any user involvement

64
Q

What is the maximum number of devices can a single Intune user enroll with a single Intune license?

A

15

65
Q

What happens to Windows Defender Antivirus if you have another antivirus product running and up-to-date on your Windows 10 device?

A

Windows 10 will disable Windows Defender Antivirus

66
Q

Which service of Windows defender is designed to lock down the device against a wide variety of attack vectors and block behaviors commonly used in malware attacks, while enabling enterprises to balance their security risk and productivity requirements?

A

Exploit Guard

67
Q

Which actions can be performed on a device enrolled in Intune?

A

Retire

Wipe

Remote Lock

Synchronize Device

Reset Passcode

68
Q

How many mobile devices can the device enrollment manager (DEM) account enroll in Intune?

A

1000

69
Q

Which Windows Analytics solution provides for the identification of devices that crash frequently, and therefore might need to be rebuilt or replaced and identification of device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes?

A

Device health

70
Q

What kind of non-Windows devices can you enroll with Company Portal?

A

Android

macOS

iOS

71
Q

How can you provide and up to the minute listing of devices enrolled in Intune?

A

Browse the list of enrolled devices in Intune:

then “Devices > All devices”

72
Q

Which port does the Linux and Windows Log Analytics agent communicate outbound to the Azure Monitor service?

A

TCP Port 443

73
Q

Yes or No:

Can Intune allow you to configure and enable MAM policies over managed applications, without implementing Intune MDM or any 3rd party MDM solution?

A

Yes

You will need to push a certificate for trust

74
Q

Which methods does Intune support for enrolling iOS company-owned devices?

A

Apple’s Device Enrollment Program (DEP)

Apple School Manager

Apple Configurator Setup Assistant enrollment

Apple Configurator direct enrollment

75
Q

For optimal performance, Microsoft recommends how much RAM for computers that have Application Guard enabled?

A

8GB

76
Q

What happens if you install .msi files from the Internet on a computer protected by Windows Defender Application Control?

A

It’s blocked

77
Q

Which components of Windows Defender Exploit Guard is a set of exploit mitigations that replaced the Enhanced Mitigation Experience Toolkit?

A

Exploit Protection

78
Q

Which components of Windows Defender Exploit Guard is a set of controls that enterprises can enable to prevent malware from getting on the machine by blocking Office, scripts and email-based threats?

A

Attack Surface Reduction

79
Q

Yes Or No

Is Windows Defender Application Guard supported on VMS and VDI environment?

A

No….but seen it tho…

80
Q

What is the difference in the recommendations for Windows security baselines for group policy vs Intune?

A

All settings are the same except some settings in group policy baseline that are specific to an on-premises domain controller

81
Q

What are the four components of Windows Defender Exploit Guard?

A

Exploit Protection

Attack surface reduction

Network Protection

Controlled folder access

82
Q

What happens when you check the “Retain enrollment state and user account” option when you perform a Wipe in Intune?

A

Keeps user accounts and data

Wipes all MDM Policies

Resets user settings back to default

Resets the operating system to its default state and settings

83
Q

Which component of Windows Defender Exploit Guard protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders?

A

Controlled Folder Access

84
Q

What is the difference between a “Wipe” and “Retire” in Intune?

A

Retire leaves the user’s personal data on the device while a Wipe does not retain user files, user-installed apps or non-default settings

85
Q

What version of Android operating system is required to enroll the device with the Microsoft Intune App?

A

Android 6.0+