MS-102 Flashcards

Question

Defender for Cloud apps features

Answer 1

identify cyber threats across Microsoft and 3rd party cloud services, detects unusual behavior across cloud apps, manage compliance of cloud apps, supports Firewall devices, policies to define user behavior in the cloud

Answer 2

shows alerts, what kind of attack, where attack originated, what machines were affected

Answer 3

licenses, email notifications, Roles, permissions, device groups

Answer 4

show all --> security --> settings -->Endpoints

Answer 5

settings --> onboarding --> download onboarding package (not for large scale deployments)

Answer 6

Billing --> purchase services --> "Defender"

Answer 7

endpoint behavioral sensors, cloud security analytics, threat intelligence, threat and vulnerability management, attack surface reduction, next-gen protection, automated investigation, Secure score, threat experts

Answer 8

Microsoft Defender --> Review

Answer 9

Show all --> Security --> attack sim training --> simulations --> Launch

Answer 10

only shows threat information

Answer 11

Go to show all ---> security --> Explorer

Answer 12

sends email but shows that the attachment cannot be opened yet

Answer 13

attachment is opened in a "detonation chamber", +create to make your own, can monitor, block, or dynamically deliver

Answer 14

auto-purge feature, common attachments feature, custom notifications, quarantine policy

Answer 15

inbound, outbound, connection filter

Answer 16

can be applied to specific groups

Answer 17

show all --> Security --> Policies and Rules --> +create to create a custom policy

Answer 18

Safe attachments, safe links, support for sharepoint, OneDrive and Teams, anti-phishing

Answer 19

Protects against various threats, originally was just for email

Answer 20

show all --> security --> threat intelligence

Answer 21

Show all --> Security --> Reports

Answer 22

Show all --> Security -->Incidents and Alerts

Answer 23

gives a score based on how secure your environment is , will provide step by step guidance on how to implement security improvements

Answer 24

Show All-->Security-->Secure Score

Answer 25

Show All -->Security

Answer 26

at their simplest are if-then statements; if a user wants to access a resource, then they must complete an action. For example: If a user wants to access an application or service like Microsoft 365, then they must perform multifactor authentication to gain access.

Answer 27

Security --> Conditional access

Answer 28

Identities, endpoints, applications, data, infrastructure, network

Answer 29

data points used to assess and manage security risks, especially in relation to user sign-in behavior and potential threats

Answer 30

Shows sign-in risk settings

Answer 31

Security-->Protect-->Identity Protection

Answer 32

Security Admin, Security Operator, Security Reader, Global Reader, Global Admin

Answer 33

Users who have one or more risky sign ins

Answer 34

helps organizations detect, investigate, and remediate identity based risk

Answer 35

Security --> Authentication Methods -->Activity

Answer 36

Security --> Conditional Access --> Create new policy "under 'grant' select MFA

Answer 37

Security --> Authentication methods

Answer 38

skip MFA for certain IP ranges, change verification options, remember MFA on certain devices

Answer 39

Users --> Per user MFA "Click enforce to make it mandatory"

Answer 40

Something you are, Something you have, Something you know

Answer 41

how many times you can enter the password wrong before you are logged out

Answer 42

Security --> Manage -->Authentication Methods --> password protection

Answer 43

Entra ID --> password reset

Answer 44

show all --> security --> Policies

Answer 45

Smart card, Windows 'Hello', Dynamic lock, GPO Password Policies

Answer 46

Entra ID --> Entra Connect --> Status --> Entra Connect Health

Answer 47

Allow you to select a specific group / OU to sync over

Answer 48

Lets you sync a single user

Answer 49

for smaller environments, lightweight, Entra Connect-->Cloud Sync, Need server 2016 or later

Answer 50

Entra ID Connect --> Health and Analytics or you can install an AD DS agent to track health on prem

Answer 51

need a domain admin account will enable sso

Answer 52

allows Entra ID to query the directory of on prem AD DS

Answer 53

attributes from apps are exported to Entra ID

Answer 54

Allows on prem attributes to sync to the cloud

Answer 55

changing the password in Entra ID will sync to on prem domain

Answer 56

cloud based apps will sync down to local domain

Answer 57

created account with the permissions needed for sync, must be enterprise admin

Answer 58

Microsoft Entra Connect in Entra ID menu

Answer 59

run against the domain, cannot run on the server, clicking query on the tool will display any errors in the domain

Answer 60

Cannot have a space, sync will fail

Answer 61

need AD FS services, need proxy servers in DMZ, more hardware

Answer 62

password validation goes through on premise software agent, password validation happens on prem (new)

Answer 63

simplest, same username in cloud and onsite, allows access to premium features, sync runs every 2 minutes

Answer 64

"immutable ID" typically ms-ds-consistencyguid is used. uniquely identifies object as the same object on prem and in Entra ID

Answer 65

makes the server active for import and synchronization, but it doesn't run any exports. A server in staging mode isn't running password sync or password writeback, even if you selected these features during installation.

Answer 66

remove known buckets of objects that don't need to be synced ex. unused service accounts, servers

Answer 67

large enterprises, user accounts are managed on prem, implements with 3rd party authentication

Answer 68

Entra ID has AD DS perform authentication (on prem AD), IF AD goes down you cannot authenticate

Answer 69

Entra ID performs authentication

Answer 70

Entra ID redirects the client computer trying to be authenticated to another identity provider

Answer 71

MOST COMMON, Entra ID handles the authorization process by using locally stored hashed versions of passwords or send credentials on premise

Answer 72

most common choice, allows you to manage identities in ADDS (on prem) and all updates are synced to Entra ID (Cloud)

Answer 73

All services --> PIM -->Microsoft Entra Roles

Answer 74

user that is activated

Answer 75

user that has active role assignment

Answer 76

process of performing one more actions to use a role

Answer 77

doesn't require user to perform any actions to use role

Answer 78

user must perform one or more actions to use the role

Answer 79

Identity governance > Privileged Identity Management > My roles

Answer 80

Privileged Role Admin or Global Admin

Answer 81

time-bound access, approval to activate the role, MFA, Access Review, Audit history

Answer 82

gives the ability to control, manage, monitor access to resources in your org (need Entra ID P2 or Entra ID governance)

Answer 83

a Microsoft Entra resource that can be a container for other Microsoft Entra resources. An administrative unit can contain only users, groups, or devices (requires Azure AD premium 1)

Answer 84

--->Permissions

Answer 85

Show All--> Security

Answer 86

Roles--> Role Assignments

Answer 87

Click on the role --> Assignments--> Add Assignments

Answer 88

Roles-->Administrators

Answer 89

giving out the least amount of rights needed for someone to do their job

Answer 90

manage --> Licenses

Answer 91

Marketplace -->

Answer 92

Billing --> Licenses

Answer 93

Less Features// Cheapest Web and mobile versions of Microsoft 365 apps Standard security capabilities Centralized hub for collaboration and productivity Custom apps to automate tasks and processes Microsoft 365 Copilot, available as an add-on2

Answer 94

NO TEAMS! Everything in Microsoft 365 E3, plus: Advanced security and compliance capabilities Scalable business analytics with Power BI Microsoft 365 Copilot, available as an add-on

Answer 95

NO TEAMS! Microsoft 365 apps for desktop and mobile Windows for Enterprise 1 TB of cloud storage Core security and identity management capabilities Microsoft 365 Copilot, available as an add-on2

Answer 96

designed for larger organizations with advanced security, compliance, and customization needs

Answer 97

Add desktop Apps + more features

Answer 98

ideal for smaller businesses requiring core productivity tools and cloud storage

Answer 99

Groups --> All groups --> New Group, only two options: security and M365// will no automatically create a team when group is made

Answer 100

specify a query to automatically add/remove users from a group

Answer 101

cannot be dynamically assigned

Answer 102

Used for device management, only group where you can add Devices, no email associated

Answer 103

has access to OneDrive and Sharepoint, gets an email address

Answer 104

mostly for email purposes, gets an email address

Answer 105

can do almost anything, team collab, gets email address and shared calendar

Answer 106

Teams and Groups-->Active-->Add

Answer 107

Directory-->contacts

Answer 108

users-->contacts-->add

Answer 109

people outside of the organization that you'd like to keep in touch with

Answer 110

Users-->Guests-->Add a guest-->(Will direct you to Entra ID)

Answer 111

users-->New-->Invite External Users

Answer 112

not part of the org but you want to invite them temporarily ex:consultant, more monitored than regular user, uses their own email address

Answer 113

Users-->Active Users--> Add User

Answer 114

Manage-->users-->Create New+

Answer 115

M365 Admin Center --> Reports --> Adoption Score

Answer 116

M365 Admin Center-->Health-->Service Health-->Customize-->Email

Answer 117

M365 Admin Center -->Health-->Service Health

Answer 118

Customize organizational information, customize themes

Answer 119

Privileged Access, Microsoft Support Password resets

Answer 120

shows settings for different apps/services

Answer 121

M365 Admin Center --> Org Settings

Answer 122

Microsoft Entra ID --> Custom Domain -- > + add

Answer 123

M365 Admin Center -- > Domains --> Add Domain -->Verify the Domain

Answer 124

Go to Microsoft Entra ID --> manage tenants --> create

Answer 125

a dedicated instance of the services of Microsoft 365 and your organization data stored within a specific default location, such as Europe or North America. Also includes a Microsoft Entra tenant

Answer 126

a Microsoft application that facilitates hybrid identity solutions by connecting on-premises Active Directory with Microsoft Entra ID

Answer 127

access to download compliance reports from the Security & Compliance admin center.

Answer 128

This enables seamless integration between your on-premises AD and Entra ID, providing a seamless user experience

Answer 129

Entra ID feature allows you to define access policies based on various conditions, including user location.

Answer 130

view a list of the features that were recently updated in the tenant.

Answer 131

provides an overview of the Microsoft 365 services your organization has subscribed to, not user-specific license assignments

Answer 132

typically involve broader security configurations, such as managing anti-malware or anti-phishing settings at a higher level

Answer 133

policies in Microsoft 365 are used to classify and protect sensitive information by applying sensitivity labels to documents and emails

Answer 134

are specifically designed to detect and block phishing emails, spam, and other malicious content by leveraging Microsoft’s advanced threat protection capabilities

Answer 135

Powershell cmdlet making sure that the primary email address of all new mailboxes uses the new domain

Answer 136

command to make sure that the new user accounts synchronize to Azure AD in the shortest time required.

Answer 137

Filtering is where you select the OU‘s to be synchronized with AAD.

Answer 138

1.) Add Custom Domain 2.) Move Mailboxes 3.) Update DNS Records (MX, SPF) to point to EXO

Answer 139

The license blade does not give you information about the enabled services for induvial users, only the license and list of services within the license that can be enabled for the users

Answer 140

has broad access to compliance-related settings, including retention policies

Answer 141

responsible for managing eDiscovery cases (searching and exporting content for legal investigations)

Answer 142

focuses on security-related configurations, such as threat management and security alerts

Answer 143

grants users the ability to create, manage, and publish retention labels and policies,

Answer 144

fix the issues with the attributes of the users which would show up in the sync errors when syncing on prem ad to cloud

Answer 145

focus on preventing sensitive data from leaving the organization.

Answer 146

Supervision policies are used to monitor and archive communications, but they don’t directly block user sign-ins

Answer 147

designed to detect risky sign-ins and automatically take action to protect user accounts. The error message “Your sign-in was blocked…we’ve detected something unusual…” is a classic indicator of an Identity Protection policy being triggered. These policies can be configured to block sign-ins or require additional verification steps (like MFA) when a risky sign-in is detected.

Answer 148

To see DLP Alerts

Answer 149

Required licenses for ENDPOINT DLP

Answer 150

To edit ENDPOINT DLP settings in Purview

Answer 151

To implements DLP for ENDPOINTS

Answer 152

Custom DLP Policies

Answer 153

To create a DLP policy in Purview

Answer 154

Data Loss Prevention DLP

Answer 155

To create Sensitivity Labels in Purview

Answer 156

Retention labels

Answer 157

Retention Policy

Answer 158

To create Retention labels in Purview

Answer 159

To create new Sensitive Info types in Purview

Answer 160

Microsoft Purview license requirements

Answer 161

Purview Sensitivity Labels

Answer 162

Defender for Cloud Apps: App Discovery Policy

Answer 163

Defender for Cloud Apps: Session Policy

Answer 164

Defender for Cloud Apps: Access Policy

Answer 165

Defender for Cloud Apps: File Policy

Answer 166

Defender for Cloud Apps: Malware Detection Policy

Answer 167

Defender for Cloud Apps: OAuth Policy

Answer 168

Defender for Cloud Apps: Anomaly Detection Policy

Answer 169

Defender for Cloud Apps: Activity Policy

Answer 170

To configure a Defender for Cloud Apps policy

Answer 171

Defender for Cloud apps features

Answer 172

Security --> Settings --> Endpoints

Answer 173

Defender for Endpoint settings include

Answer 174

To access Defender for Endpoint settings

Answer 175

To onboard defender for Endpoint onto the user machines

Answer 176

To purchase Defender licensing

Answer 177

Defender for Endpoint Features:

Answer 178

To show blocked users

Answer 179

To use m365 attack simulation

Answer 180

Threat tracker

Answer 181

To show malware, phishing, blocked email attempts, linked URLs, IP Addresses

Answer 182

Dynamic delivery

Answer 183

Safe Attachments policy

Answer 184

Anti Malware policy

Answer 185

Anti Spam policies

Answer 186

Anti Phishing policies

Answer 187

To implement Defender policies

Answer 188

Defender for Office 365 policies include

Answer 189

Defender for Office 365

Answer 190

To access Microsoft Defender Threat Intelligence

Answer 191

To view Microsoft Defender reports

Answer 192

To access Defender incidents and alerts

Answer 193

Defender Secure Score

Answer 194

To access your Microsoft Defender Secure Score

Answer 195

To access Microsoft Defender from M365

Answer 196

Conditional Access Policies

Answer 197

To implement conditional access

Answer 198

Common Signals

Answer 199

Sign in Risk Policy

Answer 200

View identity protection in Entra ID

Answer 201

Required Roles for Identity Protection

Answer 202

Risky Users

Answer 203

Identity Protection

Answer 204

To resolve authentication issues in Entra ID

Answer 205

Implement multi-user MFA

Answer 206

Where to manage authentication methods and Self service password resets

Answer 207

Per user MFA options

Answer 208

Turn on per user MFA in Entra ID

Answer 209

Multifactor Authentication is made up of

Answer 210

Lockout threshold

Answer 211

To enable password protection in Entra ID

Answer 212

To implement self service password reset

Answer 213

To enable password protection policies

Answer 214

Local Domain authentication methods

Answer 215

How to troubleshoot your Sync

Answer 216

Scoping Filters

Answer 217

Provision on Demand

Answer 218

Entra ID "Cloud" Sync

Answer 219

Where to monitor the Entra Connect Sync

Answer 220

Entra ID Connect: Enable SSO

Answer 221

Entra ID Connect: Directory Extensions

Answer 222

Entra ID Connect: Entra ID Attributes

Answer 223

Entra ID Connect: Directory Extension Attribute Sync

Answer 224

Entra ID Connect: Password Writeback

Answer 225

Entra ID Connect: App and Attribute Filtering

Answer 226

Forest Account

Answer 227

Downloading Entra Connect

Answer 228

IDFix tool

Answer 229

Usernames in Entra ID

Answer 230

Entra ID Passthrough authentication

Answer 231

Entra ID Password Hash Sync

Answer 232

Source Anchor

Answer 233

Staging Mode

Answer 234

Scope and Object Filtering

Answer 235

Why use Federated Authentication?

Answer 236

Pass-Through Authentication (PTA)

Answer 237

Password Hash Synchronization (PHS)

Answer 238

Federated Authentication

Answer 239

Managed Authentication

Answer 240

Hybrid Identity Sync

Answer 241

Implement PIM in Entra ID

Answer 242

PIM Terminology: Activated

Answer 243

PIM Terminology: Assigned

Answer 244

PIM Terminology: Activate

Answer 245

PIM Terminology: Active

Answer 246

PIM Terminology: Eligible

Answer 247

How to access PIM

Answer 248

Roles Required to manage PIM

Answer 249

PIM Key Features

Answer 250

Privileged Identity Management (PIM)

Answer 251

Administrative Units

Answer 252

To show/create roles in Microsoft Defender

Answer 253

To get to Microsoft Defender

Answer 254

Add a Role Assignment to a user in M365

Answer 255

Add a Role Assignment to a user in Entra ID

Answer 256

Manage roles in Entra ID

Answer 257

Principle of Least Privilege

Answer 258

To manage license in Entra ID

Answer 259

To buy more licenses in M365

Answer 260

To manage licenses in M365

Answer 261

Microsoft 365 F3

Answer 262

Microsoft 365 E5

Answer 263

Microsoft 365 E3

Answer 264

Microsoft 365 Enterprise Plans

Answer 265

Microsoft 365 Standard Plans

Answer 266

Microsoft 365 Basic Plans

Answer 267

Creating a group in Entra ID

Answer 268

Dynamic Group (Entra ID)

Answer 269

Assigned Group

Answer 270

Security Group*

Answer 271

Mail-Enabled Group

Answer 272

Distribution Group

Answer 273

M365 Group

Answer 274

To create a group in M365

Answer 275

Where to see contacts in Outlook?

Answer 276

To add contacts in M365

Answer 277

To add guest user in M365

Answer 278

To add guest user in Entra ID

Answer 279

Guest User

Answer 280

To create users in M365

Answer 281

To create users in Entra ID

Answer 282

To monitor adoption score

Answer 283

To turn on service health notifications

Answer 284

To check service health status (of Microsoft cloud services)

Answer 285

In Org Settings --> Org Profile

Answer 286

In Org Settings--> Security &Privacy

Answer 287

In Org Settings--> Services

Answer 288

To configure organization settings

Answer 289

To add a domain (in Entra)

Answer 290

To add a domain

Answer 291

To create a new Tenant

Answer 292

Microsoft 365 Tenant

Answer 293

Microsoft Entra Connect

Answer 294

Security Reader role group

Answer 295

Entra ID Seamless Single Sign-On (SSO)

Answer 296

Conditional Access Policy

Answer 297

The most frequent schedule you can set for delivering DLP incident reports in Microsoft 365

Answer 298

Message center in the Microsoft 365 admin center

Answer 299

number of days that Microsoft 365 retains PST file before deleting them automatically?

Answer 300

Microsoft 365 admin center – Products blade:

Answer 301

Threat management policy

Answer 302

Label policy

Answer 303

spam filter policy

Answer 304

A tenant user has submitted a fraud alert for his account, how long is the account automatically blocked?

Answer 305

Set-EmailAddressPolicy

Answer 306

Start-ADSyncSyncCycle

Answer 307

Entra ID Connect filtering settings

Answer 308

MX Records

Answer 309

Entra ID Licenses Blade

Answer 310

Compliance Administrator

Answer 311

eDiscovery Manager

Answer 312

Security Administrator

Answer 313

Records Management role group

Answer 314

Security & Compliance data loss prevention (DLP) policies

Answer 315

Security & Compliance supervision policies

Answer 316

microsoft Azure Active Directory (Azure AD) Identity Protection policies

MS-102 Flashcards

(348 cards)