Microsoft SC-200 Study Guide Latest

Microsoft SC-200 Study Guide Latest Threat and vulnerability management - provides real-time visibility and helps identify ways to improve your security posture. attack surface reduction (ASR) - eliminates risky or unnecessary surface areas and restricts dangerous code from running. Advanced protection - uses machine learning and deep analysis to protect against file-based malware advanced persistent threats (APT) - Associated in high severity alerts uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences. High Severity Alert - credential theft tools activities, ransomware activities not associated with any group, tampering with security sensors, or any malicious activities indicative of a human adversary. Medium Severity Alert - observed behaviors typical of attack stages, anomalous registry change, execution of suspicious files Low Severity Alert - Alerts on threats associated with prevalent malware. hack-tools, non-malware hack tools, such as running exploration commands, clearing logs, isolated security tool by a user in organization. Informational (Grey) Alerts - might not be considered harmful to the network but can drive organizational security awareness on potential security issues. MDE vs MD AV Alert Severity - AV scope represents the absolute severity of the detected threat (malware) and is assigned based on the risk of the individual. MDE represent risk on device and risk to the organization. Incident Linking - You can create a new incident from the alert or link to an existing incident. Where can remediation actions be reviewed? - Action Center Automated investigation and remediation (AIR) - Full automation - (recommended) means remediation actions are taken automatically on artifacts determined to be malicious. Semi-automation - some remediation actions are taken automatically, but other remediation actions await approval before being taken What are the 7 pillars of MS ATP - Threat & Vulnerability management, Attack Surface Reduction, Next Generation AV, EDR, Auto investigation & Remediation, Microsoft Threat Experts, Management & APIs Hardware Isolation - Isolates untrusted websites and documents in a container Application Control - Allows only trusted applications to run Ransomware protection - Controlled Folder Access - Network Protection - Prevents any app from accessing dangerous locations Web Protection - Exploit Protection - Device control - Graph API - Where is attack surface reduction located? - MDE Endpoint Security Attack Surface reduction What is SmartScreen? - checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe Where is controlled folder access? - MDE Devices Configuration profiles Endpoint protection Request Remediation - creates an activity item which can be used to monitor the remediation progress of this recommendation Remediation Progress - is a real-time reflection of the endpoint patch state that is continuously assessed by the defender for Endpoint sensor What services does azure defender protect? - Servers, app services, Azure SQL DBs, Storage, Kubernetes, Container registries, key vault