Microsoft Defender XDR Flashcards

1
Q

What does XDR stand for and what is its primary purpose?`

A

XDR stands for Extended Detection and Response. Its primary purpose is to provide protection, detection, and response to threats across devices, identities, emails, and other assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the main components of the Microsoft Defender XDR suite?

A

The suite includes:

Defender for Endpoint.
Defender for Cloud.
Defender Vulnerability Management.
Defender for Identity.
Defender for Office 365.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the role of Microsoft Security Copilot in Defender XDR?

A

Microsoft Security Copilot provides AI-assisted guidance to enhance threat management capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does Defender for Endpoint enhance network security?

A

Defender for Endpoint protects organizational endpoints using Windows 10 technology such as:

Behavioral sensors.
Cloud security analytics.
Threat intelligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of the Defender Portal?

A

The Defender Portal is a centralized dashboard for monitoring and managing all XDR activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the key features of Defender for Cloud Apps.

A

Key features include:

Cloud Access Security Broker (CASB) for secure app access.
SaaS Security Posture Management (SSPM) for configuration optimization.
Advanced Threat Protection against phishing.
App-to-App Protection to secure OAuth authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three phases of Defender for Office 365?

A

The phases are:

Prevent and Detect.
Investigate.
Respond.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What capabilities does Defender Vulnerability Management provide?

A

It offers:

Continuous Asset Discovery and Monitoring.
Risk-Based Intelligent Prioritization.
Remediation and Tracking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who can access the Microsoft Defender Portal?

A

Access is granted to users with roles such as:

Global Admin.
Security Admin.
Security Operator.
Security Reader.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does Defender Threat Intelligence support organizations?

A

It provides tools like Threat Analytics, Intel Profiles, and Intel Explorer to analyze threats and gain insights on known threat actors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which network components are protected by Defender for Endpoint?

A

Devices, routers, URLs, and firewalls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What key technologies support Defender for Endpoint?

A

Behavioral Sensors, Cloud Security Analytics, and Threat Intelligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List 3 key features of Defender for Endpoint.

A

Core Defender Vulnerability Management, Attack Surface Reduction, and Automated Investigation and Remediation (AIR).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the purpose of a Cloud Access Security Broker (CASB)?

A

It manages real-time access between the organization’s environment and cloud services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 3 steps involved in discovering SaaS apps?

A

Identify, Assess, and Manage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which recommendation framework does the SaaS Security Posture Management (SSPM) align with?

A

The Centre for Internet Security (CIS) recommendations.

17
Q

How does App-to-App protection enhance security?

A

It eliminates OAuth vulnerabilities, allowing secure authentication with third-party apps.

18
Q

What type of attacks does Defender for Identity protect against?

A

Identity-related attacks, such as credential theft and misuse.

19
Q

What are the 3 primary functions of Defender Vulnerability Management?

A

Continuous Asset Discovery and Monitoring, Risk-Based Intelligent Prioritization, and Remediation and Tracking.

20
Q

How does Defender Vulnerability Management prioritize risks?

A

It uses a risk-based approach to focus on the most critical vulnerabilities first.

21
Q

What are the 4 main components of Defender Threat Intelligence?

A

Threat Analytics, Intel Profiles, Intel Explorer, and Intel Projects

22
Q

What is the purpose of Intel Profiles in Defender Threat Intelligence?

A

To provide shareable knowledge on known threat actors.

23
Q

Which component of Defender Threat Intelligence enables deep threat investigation?

A

Intel Explorer.