Security theory Flashcards
What is MIG?
Microsoft Information Governance (MIG) is a collection of features to govern your data for compliance or regulations.
What is the difference between Retention Policies and RM?
While Records Management (RM) leverages Retention Policies, they perform differently.
Retention labels keep a copy of the content hidden from the user (but they can still delete/modify content from the UI), but RM blocks actions in the UI.
6 Pillars of Zero Trust
- Identities must be verified
- Devices create a large attack surface needing monitoring
- Applications (inc Shadow IT) must be mapped & protected
- Data must be classified, encrypted & labelled
- Infrastructure must be monitored
- Networks need segmenting, encryption & monitoring
What are the THREE features you can configure to provide automated Data classification?
Trainable classifiers
Sensitive Information Types
Exact Data Matches
Sensitivity labels are an example of Data classification. List THREE other areas.
- (Sensitivity labels)
- Retention policies
- Communication compliance
- Insider risk management
What FOUR actions can you view with the activity explorer?
- Read
- Deletion
- Printed
- Copied to network share/USB
True/False: Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user’s risk level
True. CA is a feature provided by Identity Protection
Hot Area:
Answer Area
______ can use conditional access policies to control sessions in real time.
- Azure Active Directory (Azure AD) Privileged - Identity Management (PIM)
- Azure Defender
- Azure Sentinel
- Microsoft Cloud App Security
Cloud App Security /
MS Defender for Cloud
How many trainable classifiers and specific file extensions can be applied to a single Insider Risk Policy?
5 classifiers / 50 file extensions
What is a Sequence, in regards to Insider Risk Management?
A sequence is a group of two or more potentially risky activities performed one after the other that might suggest an elevated risk.
What FOUR categories of activity could trigger alerts for the Data leaks by the priority users sequence?
- Collection eg. downloading files from SharePoint sites or moving files into a compressed folder.
- Obfuscation eg. renaming files on a device.
- Exfiltration eg. sending emails with attachments outside of your organisation.
- Clean-up eg. deleting files from a device.
What’s required for an organisation to use Peer groups for cumulative exfiltration detection?
Your organisation agrees to share Azure AD data with the compliance portal, including organisation hierarchy and job titles.
What data is typically contained in a security token (claim)?
Issuer
Audience
Expiry/Issued at/Not valid before
Subject
OID/TID
Name
Signature
What tech is the MS ID platform built on?
OpenID Connect
How does Peer groups for cumulative exfiltration detection work?
It looks for peers outside the organisation, based on the following criteria:
- SharePoint sites: Insider risk management identifies peer groups based on users who access similar SharePoint sites.
- Similar organization: Users with reports and team members based on organization hierarchy.
- Similar job title: Users with a combination of organizational distance and similar job titles.
What TWO secondary authentication TYPES are supported in AAD?
OAuth software/hardware, voice-call verification
What SIX authentication methods are available for SSPR?
- Mobile app notification
- Mobile app code
- Mobile phone
- Office phone
- Security questions
What licence is required to allow banned password lists?
Banned password lists are a feature of Azure AD Premium P1
What licence is required to allow PIM?
Azure AD Premium P2
True/False: NSGs can deny inbound traffic from the Internet
TRUE, NSGs deny all in-bound Internet Traffic by default.
What’s an Access Package?
A group of access entitlements needed to fulfil a specific role
What licence is needed to allow Entitlement Management?
Azure AD Premium P2
What licence is needed to allow Access Reviews?
Azure Ad Premium P2
What THREE secondary authentication TECHNOLOGIES are supported in AAD?
Authenticator
Hello for Business
FIDO 2 keys
What THREE services does Azure Identity Protection (AIP) provide?
- Automate the detection and remediation of identity-based risks.
- Investigate risks using data in the portal.
- Export risk detection data to third-party utilities for further analysis
What is Sign-in risk in AIP?
The probability that a given authentication request isn’t authorized by the identity owner
What SIX sign-in risks can AIP detect?
Anonymous IP address.
Malware linked IP address.
Atypical travel.
Unfamiliar sign-in properties.
Password spray.
Azure AD threat intelligence.
What is User risk in AIP?
The probability that a given identity or account is compromised
What are TWO user risks that AIP can detect?
Leaked credentials.
Azure Ad Threat Intelligence
What THREE reports are produced by AIP?
Risky users
Risky sign-ins
Risk detections
What licence is needed to allow Azure Identity Protection?
Azure AD Premium P2
Your organization has implemented important changes in their customer facing web-based applications. You want to ensure that any user who wishes to access these applications agrees to the legal disclaimers. Which Azure AD feature should you implement?
Azure AD Terms of Use
An organization is project-oriented with employees often working on more than one project at a time. Which solution is best suited to managing user access to this organization’s resources?
Entitlement management
An organization has recently conducted a security audit and found that four people who have left were still active and assigned global admin roles. The users have now been deleted but the IT organization has been asked to recommend a solution to prevent a similar security lapse happening in future. Which solution should they recommend?
PIM
What TWO licences allow use of Dynamic groups in AAD?
Azure AD Premium P1
Intune for Education
What are three types of DDOS attack?
Volumetric attacks: that flood the network with seemingly legitimate traffic, overwhelming the available bandwidth.
Protocol attacks: Protocol attacks render a target inaccessible by exhausting server resources with false protocol requests that exploit weaknesses in layer 3 (network) and layer 4 (transport) protocols.
Resource (application) layer attacks: These attacks target web application packets, to disrupt the transmission of data between hosts.
What three TIERS of Azure DDoS protection are available?
Basic (now renamed Default)
DDoS Network Protection (SKU)
DDoS IP Protection (preview)
True/False: By default, NSGs allow outbound traffic to access the Internet
True, unless specifically over-ridden by a higher-priority rule.
Describe use of Threat Intelligence with respect to Azure Firewall
Threat intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains
Describe FOUR advantages of Azure Firewall
Built-in high availability and availability zones
Outbound SNAT and inbound DNAT to communicate with internet resources
Threat intelligence
Integration with Azure Monitor
Describe WAF
Web Application Firewall provides centralised protection of your web applications from common exploits and vulnerabilities
True/False: NSGs block incoming Internet Traffic by default?
Communication needs to be explicitly provisioned enables more control over how Azure resources in a VNet communicate with other Azure resources, the internet, and on-premises networks
True/False: You can associate multiple NSGs to VNet subnets or NICs?
False -You can associate only one network security group to each virtual network subnet and network interface in a virtual machine
True/False: You can associate an NSG with multiple subnets & NICs
True -The same network security group can be associated to as many different subnets and network interfaces as you choose
Intune is managed via:
- AAD Admin Centre
- M365 Compliance Centre
- M365 Security Centre
- Endpoint Admin Centre
Microsoft Endpoint Admin Centre
What THREE Inbound security rules are provided in NSGs by default?
AllowVNetInBound. This rule allows traffic from any Virtual Network (as defined by the service tag) on any port to any Virtual Network on any port, using any protocol.
AllowAzureLoadBalancerInBound. This rule allows traffic from any Azure Load Balancer on any port to any IP address on any port, using any protocol.
DenyAllInBound rule.
This rule denies all traffic from any source IP address on any port to any other IP address on any port, using any protocol.
What is the difference between Network Security Groups (NSGs) and Azure Firewall?
NSGs provide traffic filtering to limit traffic WITHIN VNets in each subscription.
Azure Firewall provides protection ACROSS different subscriptions and VNets.
True/False: Intune can be used to provision Azure subscriptions?
False
How widely does Bastion protect your VMs, VNets and subscriptions?
Bastion provides secure RDP and SSH connectivity to all VMs in the VNet, and peered VNets, in which it’s provisioned.
Bastion deployment is per VNet, not per subscription/account or virtual machine.
True/False: VMs accessed via Bastion need Public IPs
False. Bastion opens the RDP/SSH connection to your Azure virtual machine using private IP on your VM. You don’t need a public IP.
True/False: The Bastion service eliminates the need for NSGs
True -The service is hardened internally to provide secure RDP/SSH connectivity. You don’t need to apply any NSGs on an Azure Bastion subnet.
True/False: The Bastion service does NOT eliminate the need to harden VMs
False -Because it sits at the perimeter of your virtual network, you don’t need to worry about hardening each virtual machine in the virtual network
How does JIT protect VMs?
JIT allows you to select VM ports to which inbound traffic is blocked.
Defender for Cloud places “deny all inbound traffic” rules for these ports in the NSG/Firewall rules.
Defender applies RBAC to allow blocking to be lifted for a specified time & restores it afterwards.
True/False: JIT for VMs requires a Defender for Cloud subscription
True -JIT requires Microsoft Defender for servers to be enabled on the subscription
True/False: When JIT VM access expires, the connection is dropped
False -Defender for Cloud restores the NSGs to their previous states. Connections that are already established are not interrupted.
List THREE types of data encryption provided by Azure
Storage encryption (managed disks, blob storage, files & queues)
Disk encryption Win/Linux VM disks (bitlocker/dm-crypt)
Transparent Data Encryption (TDE) in SQL Db & Data Warehouse
List FOUR functions of Azure Key Vault
Secrets Mgmt (control access)
Key Mgmt
Cert Mgmt
Hardware Security Module (HSM) (store secrets in FIPS 140-2 HSMs)
The security admin wants to protect Azure resources from DDoS attacks and needs logging, alerting, and telemetry capabilities. which Azure service can provide these capabilities?
- Default DDoS infrastructure protection.
- Both DDoS IP Protection and DDoS Network Protection.
- Azure Bastion.
DDoS IP Protection and DDoS Network Protection provide advanced capabilities, including logging, alerting, and telemetry
Expand CSPM
Cloud Security Posture Management assesses systems and alerts security staff when a vulnerability is found.
Expand TVM
Threat & Vulnerability Management provides a holistic view of the organization’s attack surface and risk and integrates it into operations and engineering decision-making
Expand CWP
Cloud Workload Protection
Through CWP, Defender for Cloud is able to detect and resolve threats to resources, workloads, and services
An organization wants to add vulnerability scanning for its Azure resources to view, investigate, and remediate the findings directly within Microsoft Defender for Cloud. What functionality would they need to consider?
- Secure score and recommendations functionality that is part of the CSPM pillar of Defender.
- The enhanced functionality that is provided through the Microsoft Defender plans and is part of the CWP pillar of Defender.
- Security Benchmarks.
2 Microsoft Defender plans provide enhanced security features for your workloads, including vulnerability scanning.
The Microsoft cloud security benchmark (MCSB) provides prescriptive best practices and recommendations, NOT vulnerability scanning.
List THREE deliverables
provided by the Purview Governance Portal
- Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage.
- Enable data curators to manage and secure your data estate.
- Empower data consumers to find valuable, trustworthy data.
What functionality is provided by the Purview Data Map?
By scanning registered data sources, Azure Purview Data Map is able to capture metadata about enterprise data, to identify and classify sensitive data.
What services are provided by the Purview Data Catalogue?
Users can quickly and easily find relevant data using a search with filters based on various lenses like glossary terms, classifications, sensitivity labels etc.
What THREE insights are provided by Purview Data Estate Insights?
Data and security officers can get a bird’s eye view and at a glance understand:
- What data is actively scanned
- Where sensitive data is
- How it moves.
What functionality is provided by the Purview Data Sharing & Data Policy (Preview)?
Access policies in Purview enable you to manage access to different data systems across your entire data estate.
Eg. if a user needs read access to an Azure Storage account that has been registered in Purview, you can grant this access directly from Purview.
Which application in the Purview governance portal is used to capture metadata about enterprise data, to identify and classify sensitive data?
- Data Catalog
- Data Map
- Data Estate Insights.
2 Purview Data Map captures metadata about enterprise data, to identify and classify sensitive data.
What are the FOUR stages of Data Lifecycle Management?
- Know your data (ID important data)
- Protect your data (encrypt, restrict)
- Prevent data loss (oversharing)
- Govern your data (retention/mgmt policies)
What THREE data classification methods are used by Purview?
- Manual
- Auto pattern recognition
- Machine learning
What are Sensitive Information Types?
Sensitive information types (SIT) are pattern-based classifiers. They have set patterns that can be used to identify them.
Eg. credit card/bank account/passport numbers.
What is Exact Data Match (EDM) classification?
EDM-based classification enables you to create custom sensitive information types that refer to exact values in a database of sensitive information.
What are Trainable Classifiers?
Trainable classifiers use AI to intelligently classify data. They’re most useful classifying data unique to an organization like specific kinds of contracts, invoices, or customer records.
What TWO types of Trainable Classifier are available in Purview?
- Pre-trained (source code/resumes/threats/profanity)
- Custom (specific contracts/invoices/records)
Define “Seeding”
Training a custom trainable classifier by presenting many samples of example content.
What does the Content Explorer do?
Enable admins to view content that has been summarised in the overview pane.
What TWO roles have access to Purview’s Content Explorer?
- Content explorer list viewer.
- Content explorer content viewer.
(List view shows matching objects, content enables viewing them).
List FOUR activities associated with a labelled document that can be analysed by Purview’s Activity Explorer
- File copied to removable media
- File copied to network share
- Label applied
- Label changed
List THREE properties of Labels
- Customizable. Admins can create different categories specific to the organization.
- Clear text. Each label is stored in clear text in the content’s metadata, third-party apps and services can read it and then apply their own protective actions, if necessary.
- Persistent. After you apply a sensitivity label to content, the label is stored in the metadata of that email or document & moves with the content.
True/False: Labels cab be used to protect content in containers such as sites and groups.
True This doesn’t result in documents being automatically labeled. Instead, the label settings protect content by controlling access to the container where documents are stored.
True/False: Multiple labels may be applied to one document or email
False Only one label can apply in each case.
True/False: Labels may mark content, encrypt it or do nothing
True Labels can:
- Display watermarks
- Encrypt emails and/or documents
- Do nothing other than act as a classification
Why would labels be used without protective restrictions?
The label classification can be used to generate usage reports and view activity data for sensitive content.
True/False: Labels may be used to link users to custom help pages.
True It helps users to understand what the different labels mean and how they should be used.
What is endpoint data loss prevention?
Endpoint data loss prevention (Endpoint DLP) extends the activity monitoring and protection capabilities of DLP to sensitive items that are physically stored on Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) devices
How do retention labels and assigning retention policies help organizations?
(List THREE factors)
- Comply proactively with industry regulations and internal policies that require content to be kept for a minimum time.
- Reduce risk when there’s litigation or a security breach by permanently deleting old content that the organisation is no longer required to keep.
- Ensure users work only with content that’s current and relevant to them. When content has retention settings assigned to it, that content remains in its original location.
True/False: A user CANNOT delete or modify a document managed by a retention policy
False People can continue to work with their documents or mail as if nothing’s changed. If they edit or delete retained content, a copy is made in a secure location.
In most cases, people don’t even need to know that their content is subject to retention settings.
What FIVE MS products support data retention?
SharePoint
OneDrive
Microsoft Teams
Yammer
Exchange
What THREE things happen to content when it’s labeled as a record?
- Restrictions are put in place to block certain activities.
- Activities are logged.
- Proof of disposal is kept at the end of the retention period.
What TWO additional restrictions are placed on Regulatory Records?
- A regulatory label can’t be removed when an item has been marked as a regulatory record.
- The retention periods can’t be made shorter after the label has been applied.
What are four FEATURES/SELLING POINTS of Azure Insider Risk Management?
- Transparency: Balance user privacy versus organisation risk with privacy-by-design architecture.
- Integrated: Integrated workflow across Microsoft Purview solutions.
- Configurable: Configurable policies based on industry, geographical, and business groups.
- Actionable: Provides insights to enable user notifications, data investigations, and user investigations.
What FIVE steps comprise the Insider Risk workflow?
- Policies
- Alerts
- Triage
- Investigation
- Action
What THREE eDiscovery solutions are provided with Purview?
- Content search
- eDiscovery (Standard)
- eDiscovery (Premium)
What additional FIVE services are provided by eDiscovery (Premium)?
- Workflow (identify, preserve, collect review, analyse & export)
- Manage Custodians
- Use Review Sets to focus on content
- Tag relevant content
- Use AI to further narrow search scopes
What additional FOUR services are provided by Purview Audit (Premium)?
- Retention beyond 90 days
- Customise retention periods
- Provides records for crucial events
- Higher bandwidth access to API
How long does it take for Purview Audit to log an event?
It can take anywhere from 30 minutes to 24 hours for the corresponding audit log record to be returned in the results of a search.
What roles are required to access Audit services?
View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log.
By default, these roles are assigned to the Compliance Management & Organisation Management role groups on the Permissions page in the Exchange admin centre.
How does a digital signature work?
A signed document is hashed, and the hash encrypted with the user’s private key.
The recipient decrypts the hash & checks it against the document’s contents.
What is Credential stuffing?
Re-using a password in multiple sites/instances
What is pretexting?
Gaining a victim’s trust to extract secure info, such as generating a fantasy pop star name from the name of a first pet and the place they were born.
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
Network protection
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
Integration with Microsoft 365 Defender
True/False: Conditional access policies apply BEFORE first-factor authentication is complete?
False
Conditional Access policies apply AFTER first-factor authentication is complete.
Conditional access policies can use WHAT SERVICE as a signal that provides the ability to control sessions in real time?
Azure Cloud App Security
AKA Defender for cloud
Which layer can secure access to VMs either on-prem or in the cloud by closing certain ports?
The Compute layer
Which authentication method uses a software agent on an on-prem server to provide simple password validation?
Pass-through Authentication (PTA)
What are Microsoft’s SIX privacy principles?
- Control over privacy
- Transparency
- Security
- Strong Legal protections
- No content-based targeting
- Benefits to you
What Security Centre tool would you use to continuously monitor the status of your network?
Network map
This provides a topology map of your network workloads, allowing you to block unwanted connections.
What is the purpose of Perimeter security in the defence in depth approach?
DDOS protection
Can Azure firewall encrypt traffic?
No
What’s the max retention period for M365 Audit Logs?
10 years
Which THREE features are NOT included in the pricing plan for Office 365 apps?
- Cloud App Discovery
- Password protection
- Group Access Management
- Risk-based Conditional Access
- MFA
- Cloud Discovery
- Group Access Management
- Conditional Access
What FOUR AAD editions are available?
- Free
- Office 365 Apps
- Premium P1
- Premium P2
List the FOUR AAD Identity types
- User
- Service Principal (ID for an App)
- Managed ID (Managed Service Principals)
- Device
What’s the function of Managed Identities?
Managed IDs are auto managed in AAD, eliminating the need for Devs to manage credentials. Managed IDs provide identity for apps to connect to Azure Resources at no extra cost.
What is a Service Principal used for?
A Service principal is an identity for an app.
It’s required to register the app with AAD to integrate its ID and access functions.
True/False: Application developers need to manage and protect Service Principal credentials used by their products
True.
Managed Identities negate this requirement for supported Azure resources.
What licence is needed to use AAD External Identities?
AAD Premium P1
True/False: AD FS services will be lost if the on-prem DC service fails
False -AD FS can be configured to use password hash sync should the on-prem service fail.
An organization has completed a full migration to the cloud and has purchased devices for all its employees. All employees sign in to the device through an organizational account configured in Azure AD. Select the option that best describes how these devices are set up in Azure AD.
- These devices are set up as Azure AD registered.
- These devices are set up as Azure AD joined.
- These devices are set up as Hybrid Azure AD joined.
AAD Joined. An AAD joined device is joined to AAD through an organizational account, which is then used to sign in to the device. Azure AD joined devices are generally owned by the organization.
A developer wants an application to connect to Azure resources that support Azure AD authentication, without having to manage any credentials and without incurring any extra cost. Which option best describes the identity type of the application?
- Service principal
- Managed identity
- Hybrid Identity
Managed identities are a type of service principal that are automatically managed in Azure AD and eliminate the need for developers to manage credentials.
What’s the max of the NSG priority range?
- 2096
- 3500
- 4000
- 4096
- 4128
NSG priorities are in the range 100 to 4096
What mode can WAF operate in to avoid affecting live services during testing?
Detection mode. Later, it should be switched to Prevention Mode
What are FOUR uses of Cloud App Security (Defender for Cloud Apps)?
- Prevent data leaks & limit access to regulated data
- Provide pass-through authentication to on-prem apps
- Provide secure connection to Azure VMs
- Discover & control shadow IT
- Protect sensitive info hosted anywhere in the cloud
Everything BUT Provide secure connection to Azure VMs
An audit team needs access to crucial events, such as when mail items were accessed, replied to and forwarded. What capability is required?
- Advanced Auditing
- Core Auditing
- Alert policies to generate & view alerts when actions are performed on mail
Advanced Auditing is needed to access crucial events.
When considering Cloud App Security/Defender for Cloud Apps, what is a key consideration?
- Data security of your entire estate
- Architecture of your entire estate
- Use of Shadow IT across your entire estate
Architecture of the estate
Settings may have been changed by a user in Teams. What capability is needed to investigate this?
- Turn on MS Teams settings search & ensure you have the right role
- Verify that auditing is enabled & that you have the right role
- Block Teams & ensure you have the appropriate role
Verify that auditing is enabled & you have the appropriate role to perform the search.
Retention labels can be applied to _______?
- Exchange (all mailboxes), SharePoint, OneDrive
- Exchange & MS 365 Groups
- Exchange, SharePoint, OneDrive & MS 365 Groups
Exchange, SharePoint, OneDrive & MS 365 Groups
Where does retention policy store copies for SharePoint/OneDrive?
Preservation Hold library
Where does retention policy store copies for Exchange mailboxes?
Recoverable items folder
Where does retention policy store copies for Teams & Yammer?
SubstrateHolds
Insider Risk Management exports alerting data for SIEM via what service?
Office 365 Management API integration
Where are all data files & emails associated with alert activities captures & displayed?
- Case overview
- User activity
- Content explorer
- Alerts
Content Explorer receives copies of alerts
What licence is required for Cloud App Discovery to identify Shadow IT?
AAD Premium P1
How long do content holds need to take effect?
Up to 24 hours
What service does Sentinel use to store security analytics data?
Azure Log Analytics Workspace
What EIGHT services are enabled through Azure AD Premium P1
- (Banned) Password Protection
- External Identities (B2B/B2C)
- Dynamic Azure AD Groups
- Cloud App Discovery (Shadow IT)
- Conditional access
- Self-service password Reset
- Microsoft Identity Manager (HR Connect)
- Azure Terms of Use
The Zero-Trust “Limit Blast Radius” principle involves what TWO elements?
Use Identity-based segmentation and Least privilege access
ID Segmentation works by restricting access to apps or workloads, based on job role.
Which THREE roles can access the Compliance Centre?
Global Admin
Compliance Admin
Compliance Data Admin
What are the THREE features of Compliance Manager?
- Pre-built/custom assessments for common industry and regional standards
- Compliance score
- Step-by-step guidance to help achieve compliance
True/False: Conditional access policies can be applied only to users with AAD-joined devices?
False. Conditional access can ALSO be applied to AD DS-joined devices (Win 7 onwards).
True/False: With AAD Identity Protection, you can force use of MFA during a user sign-in?
True. Identity Protection can configure a Conditional Access policy for you that requires MFA, regardless of which modern authentication app you use.
Which of the following is NOT an Identity Governance feature in AAD?
- PIM
- Access reviews
- Conditional access
- Entitlement Management
Access reviews
Which of the following cards is NOT available within the M365 Security Centre?
- Identities
- Devices
- Groups
- Apps
Groups
Which of the four MCAS pillars is responsible for identifying and controlling sensitive information?
- Visibility
- Threat protection
- Compliance
- Data security
Data security
True/False: A system-assigned managed identity is created as a standalone Azure resource?
False
USER-assigned is stand-alone, system assigned is created as part of a VM or App Service.
True/False: Responsibility for Network controls & Host infrastructure is SHARED between MS and users for IaaS solutions?
True
What is a message digest?
An alternative term for a Hash value
What are the most common hash lengths in use?
- 256-288
- 128-160
- 512-1024
- 96-1016
128-160
What feature allows use of the same security key across multiple services?
- Hmac-secret
- Resident key
- Multiple accounts per RP
- Client PIN
Multiple accounts per RP (RelyingParty)
Which of the following is NOT an identity?
- Services
- Users
- Networks
- Devices
Networks
True/False: You can only add one resource lock to an Azure resource?
False.
You can have ReadOnly & CanNotDelete locks on one resource and resources can inherit locks from parent objects. The most restrictive lock takes precedence.
Which of the following is a feature of Defender for Endpoint’s behavioral sensors technology?
- Behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
- It collects and processes behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
- It generate alerts when they are observed in collected sensor data.
- It ensures configuration settings are properly set and exploit mitigation techniques are applied
2 It collects and processes behavioral signals from the operating system.
