Answer-first summary for fast verification
Answer: Azure Active Directory (Azure AD) Identity Protection, Microsoft 365 Defender for Apps
To monitor user accounts that were potentially compromised, Azure Active Directory (Azure AD) Identity Protection should be used. It includes risk detections such as token issuer anomaly and suspicious inbox manipulation rules, which indicate potential account compromise. For monitoring users performing bulk file downloads from Microsoft SharePoint Online, Microsoft 365 Defender for Apps should be used. It has policies to detect mass downloads (data exfiltration) when a user accesses or downloads a significant number of files in a short period.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are managing a Microsoft 365 subscription and are tasked with enhancing the security monitoring capabilities. Specifically, you need to identify a solution that can monitor two critical activities:
What tools or features should be included in your recommendation to address each of these activities? To answer, drag the appropriate components to the corresponding activities. Each component may be used once, multiple times, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
A
Azure Active Directory (Azure AD) Identity Protection
B
Microsoft 365 Defender for Cloud
C
Microsoft 365 Defender for Apps
D
None of the above
No comments yet.