How Well Do You Know Microsoft Cloud Security Policies and Remediation Technique...
6 Questions
1 Views

How Well Do You Know Microsoft Cloud Security Policies and Remediation Technique...

Created by
@GraciousViolet

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which role should be assigned to User2 when deploying Azure Defender?

  • Contributor (correct)
  • Security Administrator
  • Reader
  • Owner
  • What should be done to detect connections to Microsoft 365 apps from botnet networks?

  • Enable custom network indicators in Microsoft Defender for Endpoint
  • Configure the GCP Security Command Center API
  • Create a custom template-based policy in Microsoft Cloud App Security using IP address tag filters (correct)
  • Create a custom template-based policy in Azure Defender
  • What should be done to enable JIT VM access and network detections for Azure resources?

  • Enable Azure Defender at the network level
  • Enable Azure Defender at the virtual machine level
  • Enable Azure Defender at the resource group level
  • Enable Azure Defender at the subscription level (correct)
  • Which role should be assigned to User2 when deploying Azure Defender?

    <p>Contributor</p> Signup and view all the answers

    What should be done to ingest Google Cloud Platform (GCP) data into Azure Defender?

    <p>Configure the GCP Security Command Center, enable the GCP Security Command Center API, create a dedicated service account and private key, and from Azure Security Center, add cloud connectors, and finally enable Security Health Analytics.</p> Signup and view all the answers

    What query should be used to return every email that contains an attachment named Document.pdf?

    <p>EmailAttachmentInfo | where Timestamp &gt; ago(1h) | where Subject == “Document Attachment” and FileName == “Document.pdf” | join kind=inner ( … ) on SHA256</p> Signup and view all the answers

    Study Notes

    Microsoft Cloud Security: Policies, Roles, and Remediation

    • To detect connections to Microsoft 365 apps from botnet networks, create a custom template-based policy in Microsoft Cloud App Security using IP address tag filters.
    • When deploying Azure Defender, assign User1 the Contributor role to assign initiatives, edit security policies, and enable automatic provisioning, and assign User2 the Contributor role to view alerts and recommendations, apply security recommendations, and dismiss alerts.
    • To identify impacted entities in an aggregated DLP alert, review the Events tab of the alert in the DLP alert management dashboard of the Microsoft 365 compliance center.
    • To allow or block a user-specified range of IP addresses and URLs in Microsoft Defender for Endpoint, enable custom network indicators in the Advanced features from the Endpoints Settings in the Microsoft 365 Defender portal.
    • To delegate tasks related to Microsoft Defender for Servers, assign User1 the task of enabling Microsoft Defender for Servers on virtual machines and assign User2 the task of reviewing security recommendations and enabling server vulnerability scans.
    • To create a hunting query that will return every email that contains an attachment named Document.pdf, use the query: EmailAttachmentInfo | where Timestamp > ago(1h) | where Subject == “Document Attachment” and FileName == “Document.pdf” | join kind=inner ( … ) on SHA256, ensuring that it only shows emails sent during the last hour and optimizes query performance.
    • To remediate the security risk associated with unsecure Kerberos delegation in Microsoft Defender for Identity, modify the properties of the computer objects listed as exposed entities.
    • To ingest Google Cloud Platform (GCP) data into Azure Defender, configure the GCP Security Command Center, enable the GCP Security Command Center API, create a dedicated service account and private key, and from Azure Security Center, add cloud connectors, and finally enable Security Health Analytics.
    • To use an Azure Resource Manager template to create a workflow automation that will trigger an automatic remediation when specific security alerts are received by Azure Security Center, provision the required Azure resources by defining the properties of the Microsoft.Security/automations type.
    • To enable just-in-time (JIT) VM access and network detections for Azure resources, enable Azure Defender at the subscription level.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on Microsoft Cloud Security policies, roles, and remediation techniques with this quiz. Learn how to detect connections from botnet networks, assign roles for deploying Azure Defender, identify impacted entities in DLP alerts, enable custom network indicators in Microsoft Defender for Endpoint, delegate tasks related to Microsoft Defender for Servers, create hunting queries for email attachments, remediate security risks in Microsoft Defender for Identity, ingest GCP data into Azure Defender, use Azure Resource Manager templates for workflow automation, and enable just

    More Like This

    Use Quizgecko on...
    Browser
    Browser