Your company has a Microsoft 365 E5 subscription. The company plans to deploy 45 mobile self-service kiosks that will run Windows 10. You need to provide recommendations to secure the kiosks. The solution must meet the following requirements: ✑ Ensure that only authorized applications can run on the kiosks. ✑ Regularly harden the kiosks against new threats. Which two actions should you include in the recommendations? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. Implement Automated investigation and Remediation (AIR) in Microsoft Defender for Endpoint. B. Onboard the kiosks to Microsoft intune and Microsoft Defender for Endpoint. C. Implement threat and vulnerability management in Microsoft Defender for Endpoint. D. Onboard the kiosks to Azure Monitor. E. Implement Privileged Access Workstation (PAW) for the kiosks. Suggested Answer: BE Community Answer: BC Onboard devices and configure Microsoft Defender for Endpoint capabilities. Deploying Microsoft Defender for Endpoint is a two-step process. * Onboard devices to the service * Configure capabilities of the service B: Depending on the device, follow the configuration steps provided in the onboarding section of the Defender for Endpoint portal. E: A Privileged workstation provides a hardened workstation that has clear application control and application guard. The workstation uses credential guard, device guard, app guard, and exploit guard to protect the host from malicious behavior. All local disks are encrypted with BitLocker and web traffic is restricted to a limit set of permitted destinations (Deny all). Note: Privileged Access Workstation (PAW) ג€" This is the highest security configuration designed for extremely sensitive roles that would have a significant or material impact on the organization if their account was compromised. The PAW configuration includes security controls and policies that restrict local administrative access and productivity tools to minimize the attack surface to only what is absolutely required for performing sensitive job tasks. This makes the PAW device difficult for attackers to compromise because it blocks the most common vector for phishing attacks: email and web browsing. To provide productivity to these users, separate accounts and workstations must be provided for productivity applications and web browsing. While inconvenient, this is a necessary control to protect users whose account could inflict damage to most or all resources in the organization. Incorrect: Not A: What is automated investigation and remediation? Automated investigation and response capabilities help your security operations team by: Determining whether a threat requires action. Taking (or recommending) any necessary remediation actions. Determining whether and what other investigations should occur. Repeating the process as necessary for other alerts. Not C: Threat & Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities. - Invaluable device vulnerability context during incident investigations. - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager. Note: Microsoft's threat and vulnerability management is a built-in module in Microsoft Defender for Endpoint that can: Discover vulnerabilities and misconfigurations in near real time. Prioritize vulnerabilities based on the threat landscape and detections in your organization. If you've enabled the integration with Microsoft Defender for Endpoint, you'll automatically get the threat and vulnerability management findings without the need for additional agents. As it's a built-in module for Microsoft Defender for Endpoint, threat and vulnerability management doesn't require periodic scans. Not D: You do not use Azure Monitor for onboarding. Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/onboard-configure https://docs.microsoft.com/en-us/security/compass/privileged-access-devices https://docs.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-tvm This question is in SC-100 Exam For getting Microsoft Cybersecurity Architect Expert Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Microsoft. The website does not contain actual questions and answers from Microsoft's Certification Exams. Trademarks, certification & product names are used for reference only and belong to Microsoft.
Please login or Register to submit your answer