Security III

Question 1

Security in the cloud is a partnership (T/F)

Answer 1

True

Question 2

Security of your data on-premises and cloud components you control is your responsibility (T/F)

Answer 2

True

Question 3

What are Microsoft’s trusted cloud principles?

Answer 3

Security using state-of-the-art tech, processes and encryption
Privacy by design with a commitment to use customer information only for services (not advertisements)
Compliance with standards and certifications in the industry
Transparency

Question 4

SaaS Responsibilities

Answer 4

Microsoft: Operates and secures the infrastructure, host OS, and application layers
You: Control access and secure your data and identities, including configuring application controls available in the cloud

Question 5

PaaS Responsibilities

Answer 5

Microsoft: Operates and secures the infrastructure, host OS
You: Control access and security, application code and configuration

Question 6

IaaS Responsibilities

Answer 6

Microsoft: Operates and secures base infrastructure and host OS layers
You: Control access and security including any infrastructure controls available from the cloud

Question 7

Private Cloud Responsibilities

Answer 7

Owned, operated, and secured by you

Question 8

Enterprise organizations do not benefit from taking a methodical approach to cloud security (T/F)

Answer 8

False

Question 9

Key to success involves investing in core capabilities within the organization that lead to secure environments (T/F)

Answer 9

True

Question 10

Microsoft recommends developing policies that minimize creation of inconsistencies and vulnerabilities that attackers can exploit (T/F)

Answer 10

True

Question 11

What does ensuring governance and security policies are up to date and implemented across the organization include?

Answer 11

Identity policies
Data policies
Compliance policies and documentation

Question 12

Consistent access control policies are not a dependency for cloud security (T/F)

Answer 12

False

Question 13

Identity services provide the foundation of security systems and need to be secured at or above the level of cloud services (T/F)

Answer 13

True

Question 14

Threats to your organization should be evaluated and put into context by leveraging resources like threat intelligence and ISACs (T/F)

Answer 14

True

Question 15

What are ISACs?

Answer 15

Information Sharing and Analysis Centers

Question 16

You should classify your sensitive data and ensure it is protected and monitored with appropriate access control policies whenever stored or in transit (T/F)

Answer 16

True

Question 17

Microsoft makes it easier to achieve compliance by providing customers with compliant, independently verified cloud services (T/F)

Answer 17

True

Question 18

What is GDPR?

Answer 18

General Data Protection Regulation (EU-centric).
Can be applied anywhere and deals with how end user data is stored, handled and processed. It came into effect May 25th 2018.

Question 19

What does Microsoft’s SDL include?

Answer 19

Risk assessments
Attack surface analysis/reduction
Threat modelling
Incident response
Release review and certification

Question 20

What is OSA?

Answer 20

Operational Security for Online Services: a framework that focuses on infrastructure issues to help ensure secure operations throughout the lifecycle of cloud-based services.