Microsoft Defender XDR Flashcards
What does XDR stand for and what is its primary purpose?`
XDR stands for Extended Detection and Response. Its primary purpose is to provide protection, detection, and response to threats across devices, identities, emails, and other assets.
What are the main components of the Microsoft Defender XDR suite?
The suite includes:
Defender for Endpoint.
Defender for Cloud.
Defender Vulnerability Management.
Defender for Identity.
Defender for Office 365.
What is the role of Microsoft Security Copilot in Defender XDR?
Microsoft Security Copilot provides AI-assisted guidance to enhance threat management capabilities.
How does Defender for Endpoint enhance network security?
Defender for Endpoint protects organizational endpoints using Windows 10 technology such as:
Behavioral sensors.
Cloud security analytics.
Threat intelligence.
What is the purpose of the Defender Portal?
The Defender Portal is a centralized dashboard for monitoring and managing all XDR activities.
Describe the key features of Defender for Cloud Apps.
Key features include:
Cloud Access Security Broker (CASB) for secure app access.
SaaS Security Posture Management (SSPM) for configuration optimization.
Advanced Threat Protection against phishing.
App-to-App Protection to secure OAuth authentication.
What are the three phases of Defender for Office 365?
The phases are:
Prevent and Detect.
Investigate.
Respond.
What capabilities does Defender Vulnerability Management provide?
It offers:
Continuous Asset Discovery and Monitoring.
Risk-Based Intelligent Prioritization.
Remediation and Tracking.
Who can access the Microsoft Defender Portal?
Access is granted to users with roles such as:
Global Admin.
Security Admin.
Security Operator.
Security Reader.
How does Defender Threat Intelligence support organizations?
It provides tools like Threat Analytics, Intel Profiles, and Intel Explorer to analyze threats and gain insights on known threat actors.
Which network components are protected by Defender for Endpoint?
Devices, routers, URLs, and firewalls.
What key technologies support Defender for Endpoint?
Behavioral Sensors, Cloud Security Analytics, and Threat Intelligence.
List 3 key features of Defender for Endpoint.
Core Defender Vulnerability Management, Attack Surface Reduction, and Automated Investigation and Remediation (AIR).
What is the purpose of a Cloud Access Security Broker (CASB)?
It manages real-time access between the organization’s environment and cloud services.
What are the 3 steps involved in discovering SaaS apps?
Identify, Assess, and Manage.