🔥 3-day streak
Microsoft Security Operations Analyst5 / 190
Question 5 of 190
Your organization plans to deploy Microsoft Defender for Endpoint attack surface reduction (ASR) rules to block credential stealing from LSASS. The security team is concerned that enabling the rule in Block mode immediately could disrupt legitimate line-of-business applications. What is the recommended first step to safely evaluate the impact of this ASR rule across the environment?
Reviewed for accuracy · Report an issueNext question