Ms-102 Implement Threat Intelligence in Microsoft Defender

Question 1

To get to the Alerts Queue in Defender

Answer 1

In the navigation pane, you must select the Incidents & alerts group to expand it, and then select Alerts.

Question 2

The manage alert pane allows you to

Answer 2

view or specify:

The alert status (New, Resolved, In progress).

The user account which Microsoft Defender XDR assigned to the alert.

The alert’s classification:

Not set. This option is the default setting.

True positive. Use this classification for alerts that accurately indicate a real threat. Specifying the threat type helps your security team see threat patterns and act to defend your organization from them.

Informational, expected activity. Use the options in this category to classify alerts. For example, for security tests, red team activity, and expected unusual behavior from trusted apps and users.

False positive. Use this classification for the type of alerts related to nonmalicious activity. Classifying alerts as false positive helps Microsoft Defender XDR improve its detection quality.

Question 3

(AIR)

Answer 3

Automated investigation and response

Question 4

to select an item in the Action center

Answer 4

Go to the Microsoft Defender portal and sign in.
In the navigation pane, select Actions & submissions, and then select Action center.
On the Action center pane, the Pending tab is displayed by default. Select either the Pending or History tab and then select an item. The system displays a detail pane for the selected item.

Question 5

which of the following items triggers the start of an automated investigation?

Answer 5

An incident, in turn, can start an automated investigation. The automated investigation results in a verdict for each piece of evidence.

Question 6

How many days of raw data can you explore up to in an advanced threat hunting query?

Answer 6

30 days of raw data.

Question 7

To access Threat Analytics

Answer 7

Threat Intelligence –> Threat Analytics

Question 8

Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security)

Answer 8

identifies and combats cyberthreats across all your Microsoft and third-party cloud services.

Question 9

Cloud Discovery

Answer 9

uses an organization’s traffic logs to dynamically discover and analyze the cloud apps that it’s using.

Question 10

Cloud app catalog

Answer 10

growing catalog of over 25,000 cloud apps. Microsoft ranked and scored the apps based on industry standards.

Question 11

App connectors

Answer 11

facilitate the integration between the Cloud App Security service and cloud applications.

Question 12

Policy control

Answer 12

detect risky behavior, violations, or suspicious data points and activities in an organization’s cloud environment.

Question 13

Access the Defender for Cloud Apps portal

Answer 13

in the Microsoft Defender portal, the Cloud Apps section in the left-hand navigation pane provides links to the Microsoft Defender for Cloud Apps features. Select Settings to navigate to the Settings page.

On the Settings page, select Cloud Apps to navigate to the Settings page for Cloud Apps.

Question 14

Create a new file policy

Answer 14

On the Microsoft Defender for Cloud Apps portal, select Control in the navigation pane, and then select Policies.

On the Policies page, the All policies tab is displayed by default. Select the Information protection tab.

In the Information protection tab, select +Create policy on the menu bar. In the drop-down menu that appears, select File policy.

Question 15

Monitor alerts

Answer 15

n the Microsoft Defender portal, in the left-hand navigation pane, select Incidents & alerts to expand the group, and then select Alerts.
On the Alerts page, select Add filter on the menu bar.