Sentinel for Cyber Threats

1. Alice received a phishing email during a drill. What tool does Bob mention their organization uses to tackle phishing issues?

A) Firewalls
B) Microsoft Sentinel
C) Antivirus Software
D) Email Filters

2. Bob explains that the first step in using Microsoft Sentinel is to get all security data into one place. Which feature of Sentinel is used for this purpose?

A) Playbooks
B) Analytics Rules
C) Data Connectors
D) Workbooks

3. In the scenario, Bob mentions using Analytics Rules to detect phishing attempts. What specific keywords do these rules look for?

A) "Congratulations," "You won"
B) "Urgent," "Password reset"
C) "Free," "Gift voucher"
D) "Alert," "Security breach"

4. Bob describes a feature that checks for Correlation in suspicious activities. Which of the following scenarios would raise a red flag according to this feature?

A) A user receives a suspicious email and then immediately has a failed login attempt.
B) A user changes their password successfully.
C) A user logs in from their usual location.
D) A user receives a congratulatory email.

5. Once Sentinel detects a phishing attempt, what automated response does Bob say their organization has set up using Playbooks?

A) Sending a warning email to the user
B) Blocking the phishing sender, resetting the affected user's password, and alerting the security team
C) Logging the incident for future reference
D) Manually investigating the incident

6. Bob mentions using Kusto Query Language (KQL) for proactive threat hunting. What is the primary purpose of using KQL in Microsoft Sentinel?

A) Generating reports
B) Automating responses
C) Searching for suspicious patterns and threats
D) Visualizing data

7. To keep track of security information, Bob says they built Workbooks. What do these Workbooks provide?

A) Automated responses to threats
B) Interactive visualizations of security data and key metrics
C) Alerts for suspicious activities
D) Data ingestion from various sources