HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
NNY
https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-premium?view=o365-worldwide#send
Investigators can use the Send event to identify email sent from a compromised account. The audit record for a Send event contains information about the message, such as when the message was sent, the InternetMessage ID, the subject line, and if the message contained attachments. This auditing information can help investigators identify information about email messages sent from a compromised account or sent by an attacker. Additionally, investigators can use a Microsoft 365 eDiscovery tool to search for the message (by using the subject line or message ID) to identify the recipients the message was sent to and the actual contents of the sent message.
https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-premium?view=o365-worldwide#searchqueryinitiatedexchange
Investigators can use the SearchQueryInitiatedExchange event to determine if an attacker who may have compromised an account looked for or tried to access sensitive information in the mailbox. The audit record for a SearchQueryInitiatedExchange event contains information such as the actual text of the search query. The audit record also indicates the Outlook environment the search was performed in. By looking at the search queries that an attacker may have performed, an investigator can better understand the intent of the email data that was searched for.
No, "The actual content of the message is not displayed."
https://docs.microsoft.com/en-ca/learn/modules/describe-ediscovery-capabilities-of-microsoft-365/5b-describe-purpose-value-advanced-auditing
I am confused about this "Content Explorer Content viewer: Membership in this role group allows you to view the contents of each item in the list. The data classification content viewer role has been pre-assigned to this role group." There is also an alert on that page "Important: These permissions supercede permissions that are locally assigned to the items, which allows viewing of the content."
Send
The Send event is also a mailbox auditing action and is triggered when a user performs one of the following actions:
Sends an email message
Replies to an email message
Forwards an email message
Investigators can use the Send event to identify email sent from a compromised account. The audit record for a Send event contains information about the message, such as when the message was sent, the InternetMessage ID, the subject line, and if the message contained attachments. This auditing information can help investigators identify information about email messages sent from a compromised account or sent by an attacker. Additionally, investigators can use a Microsoft 365 eDiscovery tool to search for the message (by using the subject line or message ID) to identify the recipients the message was sent to and the actual contents of the sent message.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JohnnyBas
Highly Voted 2 years, 6 months agozellck
Most Recent 1 year, 5 months agozellck
1 year, 5 months agoJA2018
2 years, 8 months agoRandy8
2 years, 8 months agojaaake
1 year, 3 months agojaaake
1 year, 3 months agoJA2018
2 years, 8 months agoJA2018
2 years, 8 months ago[Removed]
2 years, 11 months ago