CS-900 Microsoft Security Fundamentals Flashcards
(160 cards)
1
Q
Describe the shared responsibility model
A
Identifies which security tasks are handled by the cloud provider, and which security tasks are handled by you, the customer. The responsibilities vary depending on where the workload is hosted. It makes responsibilities clear.
2
Q
Defense in Depth
A
Layered approach to security, rather than relying on a single perimeter. A defense in-depth strategy uses a series of mechanisms to slow the advance of an attack. Each layer provides protection so that, if one layer is breached, a subsequent layer will prevent an attacker getting unauthorized access to data.
3
Q
Zero Trust Model
A
Assumes everything is on an open and untrusted network, even resources behind the firewalls of the corporate network. The Zero Trust model operates on the principle of “trust no one, verify everything.”
4
Q
Encryption
A
Is the process of making data unreadable and unusable to unauthorized viewers. To use or read encrypted data, it must be decrypted, which requires the use of a secret key. There are two top-level types of encryptions: symmetric and asymmetric.
5
Q
Hashing
A
Uses an algorithm to convert text to a unique fixed-length value called a hash. Each time the same text is hashed using the same algorithm, the same hash value is produced.
6
Q
Salted
A
Refers to adding a fixed-length random value to the input of hash functions to create unique hashes for same input.
7
Q
Data Compliance
A
Regulations to help protect and govern the use of data. From personal and financial information to data protection and
privacy, organizations can be accountable for meeting dozens of regulations to be compliant
8
Q
Data residency
A
Governs the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally. These regulations can differ significantly depending on jurisdiction.
9
Q
Data sovereignty
A
The concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it’s physically collected, held, or processed. Can be subject to laws from different countries/regions if processing, storage or collection are done in different locations
10
Q
Data privacy
A
Providing notice and being transparent about the collection, processing, use, and sharing of personal data are fundamental principles of privacy laws and regulations
11
Q
Personal Data or PII
A
Any data that is directly linked or indirectly linkable back to a person
12
Q
Azure Policy
A
Enforce standards and assess compliance across your organization no matter who you are, evaluates all
resources in Azure and Arc enabled resources
13
Q
Azure Role Based Access Control (RBAC)
A
Manages who has access to Azure resources, what they can do with those resources,
and what areas they can access
14
Q
Data Catalog
A
Find relevant data using a search experience with filters based on various lenses like glossary terms, classifications, sensitivity labels, and more
15
Q
Data Estate Insights
A
Gives a bird’s eye view and at a glance understanding of what data is actively scanned, where sensitive data is, and how it moves
16
Q
Data Map
A
Scanning registered data sources is able to capture metadata about enterprise data, to identify and classify sensitive data
17
Q
Authentication (AuthN)
A
Process of proving that a person is who they claim to be.
18
Q
Authorization (AuthZ)
A
What that person can see and touch and where they can go (Permissions).
19
Q
Identity
A
Set of things that define or characterize someone or something. (Username and password)
20
Q
4 Pillars:
A
Administration – creation and management/governance of identities for users, devices, and services
Authentication – sufficient proof that you are who you claim to be
Authorization – level of access granted to entity
Auditing – tracking of who does what, when, where, and how (in-depth reporting)
21
Q
Identity Provider
A
Creates, maintains, and manages while providing authentication, authorization, and auditing
22
Q
Active Directory
A
Stores info about members of the domain including devices and users, verifies their credentials and defines their access rights
23
Q
Federation
A
Enables the access of services across organizational or domain boundaries by establishing trust relationships between the respective domain’s identity provider.
24
Q
Azure AD Free
A
You can administer users, create groups, sync with on premise AD, create basic reports, config self service passwords, and enable single sign on
25
Office 365 Apps – Everything from free plus self-service password reset, device writeback (2-way access with on prem).
Everything from free plus self-service password reset, device writeback (2-way access with on premise).
26
Azure AD Premium 1
Everything from Free and Office 365 plus advanced admin, dynamic groups, self-service group management, Microsoft IAM, and cloud write back.
27
Azure Ad Premium 2
All of the above plus Azure ID protection (risked based conditional access to apps), Privileged ID Management (discover, restrict, and monitor) admins and their access
28
Users
Representations of something that is managed in Azure (employees, guests).
29
Service Principal
Identity for an application, register with Azure AD, enables AuthN and AuthZ
30
Managed Identities
Type of service principal that are automatically managed in Azure AD. Eliminate the need for developers to manage credentials
31
System Assigned Identity
When you enable managed identity on a service instance. Tied to lifecycle and is deleted when resource is deleted.
32
User Assigned Identity– manage as a stand alone can be assigned to 1 or more instances of a service.
Manage as a stand alone can be assigned to 1 or more instances of a service.
33
Azure AD Registered Devices
Provides users with support for bring your own device (BYOD) or mobile device.
34
Azure AD Joined
Device joined to Azure AD through an organizational account, which is then used to sign into the device. Azure AD joined devices are generally owned by the organization
35
Hybrid Azure AD Joined
Existing on-premises Active Directory implementations can benefit from the functionality provided by Azure AD. The devices are joined to your on-premises Active Directory and Azure AD requiring organizational account to sign into the device
36
External Identities
Set of capabilities that enable organizations to allow access to external users, such as customers or partners
37
B2B
Allows you to share your organization’s applications and services with guest users from other organizations, while maintaining control over your own data
38
B2C
Customer identity access management (CIAM) solution. allows external users to sign in with their preferred social, enterprise, or local account identities
39
Hybrid Identity
Identity solutions span on-premises and cloud-based capabilities and create a common user identity for authentication and authorization to all resources, regardless of location
40
Azure AD Password hash synchronization
Simplest way to enable authentication for on-premises directory objects in Azure AD
41
Azure AD pass through authentication
Allows users to sign into both on-premises and cloud-based applications using the same passwords
42
Federated authentication
Azure AD hands off the authentication process to a separate trusted authentication system, to validate the user’s password
43
Windows Hello
Replaces passwords with strong two-factor authentication on devices. Key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (biometrics)
44
Fido2
Open standard for password less authentication uses an external security key, or a platform key built into a device
45
Azure AD Password Protection
Detects, and blocks known weak passwords and their variants, and can also block other weak terms that are specific to your organization
46
Protecting against password spray
Password spray attacks submit only a few of the known weakest passwords against each of the accounts in an enterprise
47
Hybrid security
Component installed in the on-premises environment receives the global banned password list and custom password protection policies from Azure AD
48
Conditional Access
Policies that provides an extra layer of security before allowing authenticated users to access data or other assets.
49
Conditional Access Signals
User or group membership, Named Location, Device, Application, Real time sign in risk detection, Cloud apps or actions, User risk
50
Access Controls
Decisions to grant access, block access, that require extra verification (MFA, Device or App is Compliant, etc.)
51
Sessions controls
Enable limited experiences within specific cloud apps. (Blocking copy, paste, cut, print, etc.…)
52
Built-in-Roles
Pre-Configured and can not be altered in anyway (Global Admin, User Admin, Billing Admin)
53
Custom Roles
Allows you to choose permissions from a list of available permissions in the system
54
Scope
Set of Azure AD resources the role member has access to.
55
Azure AD Specific
Grant permissions to manage resources with Azure only
56
Azure AD Service Specific
For major Microsoft 365 services Azure has built in roles that grant permissions to manage those services
57
Azure AD Cross Service
Roles that span across services like security admin and compliance admin
58
Azure AD Cross Service
Roles that span across services like security admin and compliance admin
59
Azure AD RBAC
Control access to Azure AD resources like groups, users, and apps
60
Azure RBAC
Control access to Azure resource like virtual machines or storage
61
Identity Governance
Gives the ability to control the identity lifecycle, access lifecycle, and secure privileged access for admins
62
Identity Lifecycle
No access (Pre-Employment), Join (Hired), Move (Role change), Leave (retirement). Updating access to what a user needs access to at each point in the journey
63
Privileged access Lifecycle
Monitoring of admin access to reduce risk of misuse
64
Entitlement Management
Enables managing identity and access at scale by automating access request workflows, access assignments, reviews, and expirations
65
Challenges when managing employee access to resources
Access for external users
Internal users do not know what access they need
Getting approval for access
Holding access for longer than needed
66
Capabilities to address these challenges
Delegate to non admins
| users can be invited into directory and removed automatically
67
Access Reviews
Enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment
68
Terms of use
Are presented to users prior to access, relevant disclaimers
69
Conditional Access
Requires users to accept terms of use prior to gaining access
70
Privileged Identity Management (PIM)
Enables you to manage, control, and monitor access to important resources
71
Security information and event management (SIEM)
Identity protection tool like Microsoft Sentinel
72
Sign-in Risks Detected by Azure AD
```
Anonymous IP address
Atypical travel
Malware linked IP address
Unfamiliar sign-in properties
Password spray
Azure AD threat intelligence
```
73
User Risks Detected by Azure AD
Leaked credentials
| Azure AD threat intelligence
74
Azure Identity Protection reports
risky user, risky sign ins, risk detections
75
Distributed Denial of Service (DDoS)
Purpose is to overwhelm the resources of your apps and services making them slow and unresponsive
76
Volumetric attacks
Flood the network with seemingly legitimate traffic, overwhelming the available bandwidth.
77
Protocol attacks
Render a target inaccessible by exhausting server resources with false protocol requests that exploit weaknesses in layer 3 (network) and layer 4 (transport) protocols.
78
Resource (application) layer attacks
Target web application packets, to disrupt the transmission of data between hosts.
79
Azure DDoS Protection
Designed to protect apps and servers by analyzing network traffic and discarding anything that looks like a DDoS attack
Always on
80
Azure Firewall
Managed, cloud-based network security service that protects your Azure virtual network (VNet) resources from attackers
81
Azure Firewall Features
Built-in high availability and availability zones
Network and application-level filtering
Outbound SNAT and inbound DNAT to communicate with internet resources
Multiple public IP addresses
Threat intelligence
Integration with Azure Monitor
82
Web Application Firewall (WAF)
Centralized protection of your web applications from common exploits and vulnerabilities
83
Azure Virtual Network (VNet)
Fundamental building block for your organization's private network in Azure.
84
Network security groups (NSGs)
Allow you to filter network traffic to and from Azure resources in an Azure virtual network
85
Inbound & Outbound Security
Evaluated by priority using five information points: source, source port, destination, destination port, and protocol to either allow or deny the traffic
****Can not be removed but can be overwritten by new rules with higher priority****
86
NSG Rule Properties
```
unique name that describes its purpose
priority order, with lower numbers processed before higher numbers.
Source or destination
Protocol
Direction, in or out
Port range
Action
```
87
Azure Bastion
Service you deploy that lets you connect to a virtual machine using your browser and the Azure portal
88
Just in Time Access (JIT)
Allows lock down of the inbound traffic to your VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed
****Microsoft Defender for servers to be enabled****
89
Bastion Features
DP and SSH directly in Azure portal
Remote session over TLS and firewall traversal for RDP/SSH:
No Public IP required on the Azure VM
No hassle of managing NSGs
Protection against port scanning
Hardening in one place to protect against zero-day exploits
90
Azure Storage Service Encryption
Protects data at rest by automatically encrypting it and decrypts the data before retrieval
91
Azure Disk Encryption
Encrypt Windows and Linux IaaS virtual machine disks (bitlocker)
92
Transparent Data Encryption (TDE)
Real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application
93
Azure Key Vault
Centralized cloud service for storing your application secrets
94
Cloud security posture management (CSPM)
New class of tools designed to assess system automatically and alert IT if vulnerability is found
95
Microsoft Defender for Cloud
Tool for threat protection and security posture management by protecting workloads running in
Azure, hybrid, and other cloud platforms by continuously assessing, securing, and defending
96
Cloud workload Protection (CWP)
Detect and resolve threats to resources, workloads, and services
97
Defender for Cloud Free
Provides the secure score and its related features: security policy, continuous security assessment, and actionable security recommendations
98
Defender for Cloud Enhanced Security
Extends the capabilities of the free mode to workloads running in Azure, hybrid, and other cloud platforms, providing unified security management and threat protection across your workloads
99
Defender Enhanced Security Features:
Comprehensive endpoint detection and response.
Vulnerability scanning for virtual machines, container registries, and SQL resources
Multi-cloud security
Hybrid security
Threat protection alerts
Track compliance with a range of standards
Access and application controls
100
Azure Security Benchmark (ASB) - provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure (Very similar to the CCM)
Provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure (Very similar to the CCM)
101
Security Baselines for Azure
Provide organizations a consistent experience when securing their environment through improved tooling, tracking, and security features
102
Security information event management (SIEM)
Tool to collect data from across the whole estate, including infrastructure, software, and resources and analyzes, looks for correlations or anomalies, and generates alerts and incidents
103
Security orchestration automated response (SOAR)
Takes the alerts and triggers action driven automated workflows and process to run security and mitigate issues
104
Sentinel
Single solution for alert detection, threat visibility, proactive hunting, and threat response.
105
End-to-end functionality of Microsoft Sentinel
Collect
Detect
Investigate
Respond
106
Capacity Reservations
You're billed a fixed fee based on the selected tier, enabling a predictable total cost for Microsoft Sentinel
107
Pay-As-You-Go
You're billed per gigabyte (GB) for the volume of data ingested for analysis in Microsoft Sentinel and stored in the Azure Monitor Log Analytics workspace.
108
365 Defender
Enterprise defense suite that protects against sophisticated cyberattacks that can natively coordinate the detection, prevention, investigation, and response to threats across endpoints, identities, email, and applications
109
Defender for Office 365
Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools
110
Defender for Office 365 Keys areas of cover
Threat protection policies
Reports
Threat investigation and response capabilities
Automated investigation and response capabilities
111
Defender for Endpoint
Is a platform designed to help enterprise networks protect endpoints by preventing, detecting, investigating, and responding to advanced threats. This technology built into Windows 10 and MSFT cloud services.
112
Defender for Endpoint includes
```
Threat and vulnerability management
Attack surface reduction
Next generation protection
Endpoint detection and response
Automated investigation and remediation
Microsoft Threat Experts
Management and APIs
```
113
Defender for cloud
Comprehensive cross-SaaS solution that operates as an intermediary or CASB between a cloud user and the cloud provider
114
Cloud Access Security Broker (CASB) - a gatekeeper to broker real-time access between your enterprise users and the cloud resources they use at all times and on any device
Gatekeeper to broker real-time access between your enterprise users and the cloud resources they use at all times and on any device
115
Defender for cloud Four Pillars
Visibility
Threat Protection
Data Security
Compliance
116
Defender for cloud Framework
Discover and control the use of Shadow IT
Protect against cyberthreats and anomalies
Protect your sensitive information anywhere in the cloud
Assess your cloud apps' compliance
117
Defender for Cloud Features and Functionality
```
Cloud Discovery
Sanction and un-sanctioning apps
App Connectors
Conditional Access
Policies
```
118
Defender for Identity
Uses on premises Active Directory Data to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions
119
Defender Portal
Natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks
****Must be assigned the appropriate role to access the Portal****
120
Hunting
Query-based threat-hunting tool that lets security professionals explore up to 30 days of raw data
121
Threat Analytics
Threat intelligence solution from expert Microsoft security researchers
122
Secure Score
Represents a company security posture
123
Learning Hub
Official guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation at docs.microsoft.com
124
Reports
General security report, and branch into specific reports about endpoints, email & collaboration
125
Service Trust Portal
Provides information, tools, and other resources about Microsoft security, privacy, and compliance practices
126
Trust Portal Provides Access to
```
Compliance Manager
Trust Documents
Industries & Regions
Trust Center
Resources
My Library
More - Global admin only
```
127
Privacy Principles
```
Control
Transparency
Security
Strong Legal Protection
No Content Based Targeting
Benefits to You
```
128
Priva
Microsoft’s way of assisting customers with privacy. Using a privacy by default stance
129
Purview Compliance Portal
Tools and data that are needed to help understand and manage an organization’s compliance needs
Requires Global Admin, Compliance Admin, or Compliance data admin to access
130
Compliance Manager
Feature of Purview to help with compliance requirements by inventorying risks, managing controls, staying current with regulations and certs
131
Compliance Manager Key Elements
Controls - requirement of a regulation, standard, or policy defining how to assess and manage
Assessments - grouping of controls from a specific regulation, standard, or policy
Templates - help admins to quickly create assessments, can be modified for specific needs
Improvement Actions - centralize compliance activities, recommended guidance to align with data protection regulations and standards
132
Benefits of Compliance Manager
Translating complicated regulations, standards, company policies, or other control framework
Providing access to a large variety of out-of-the-box assessments and custom assessments
Mapping regulatory controls against recommended improvement actions
Providing step-by-step guidance on how to implement the solutions
Helping admins and users to prioritize actions that will have the highest impact
133
Use and Benefits of Compliance Score
Measures progress in completing recommended improvement actions within controls
Understand current compliance posture
Prioritize actions based on their potential to reduce risk
134
Purview Data Lifecycle Management
Import, store, and classify business-critical data so you can keep what you need and delete what you don't
135
Know your data
Understand data landscape and identify important data across on-premises, cloud, and hybrid environments
136
Protect your data
Apply flexible protection actions including encryption, access restrictions, and visual markings
137
Prevent data loss
Detect risky behavior and prevent accidental oversharing of sensitive information
138
Govern your data
Automatically keep, delete, and store data and records in a compliant manner
139
Three ways to identify items for classification:
Manually, pattern recognition, machine learning
140
Sensitivity Labels
Add layer of security that is used to determine what can be done with the content
141
Label Policies
Publish labels to be used to groups or users
142
Endpoint data loss Prevention
Extends the activity monitoring and protection to items that are physically stored
143
Data loss prevention in Microsoft Teams
Administrators can define policies that prevent users from sharing sensitive information in a Teams chat session or channel, whether in a message, or a file
144
Retention Label and Policies
Help organizations to manage and govern information by ensuring content is kept only for a required time, and then permanently deleted
145
Records Management
solution to manage regulatory, legal, and business-critical records across their corporate data
146
Records Management Features
Labeling content as a record.
Establishing retention and deletion policies within the record label
Triggering event-based retention.
Reviewing and validating disposition.
Proof of records deletion.
Exporting information about disposed items.
147
Insider Risk Management
Helps minimize internal risks by enabling an organization to detect, investigate, and act on risky and malicious activities.
148
Insider risk management workflow
Identify, investigate, and address internal risks using policy templates, comprehensive activity signaling across Microsoft 365, and a flexible workflow
149
Insider risk management is centered around
Transparency
Configurability
Integrated
Actionable
150
Communication Compliance
Helps minimize communication risks by enabling organizations to detect, capture, and take remediation
actions for inappropriate messages
151
Information Barriers
policies that admins can configure to prevent individuals or groups from communicating with each other
Can only be used as a two-way solution. Cannot block in one direction
152
eDiscovery Solutions in Purview
identifying and delivering electronic information that can be used as evidence in legal cases.
153
Three Levels of eDiscovery Solutions
Content Search - tool to search for content across Microsoft 365 data sources and then export the search results to a local computer
eDiscovery (Standard) – above plus, enabling you to create eDiscovery cases and assign eDiscovery managers to specific cases.
eDiscovery (Premium) – above plus, provides an end-to-end workflow to identify, preserve, collect, review, analyze, and export content that's responsive to your organization's internal and external investigations
154
Audit Solutions in Purview
help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations
155
Audit Standard
Ability to log and search for audited activities and power your forensic, IT, compliance, and legal investigations. On by default for all orgs
156
Audit Premium
Builds on standard with audit log retention policies and longer retention of audit records, audit records for high-value crucial events to help investigate possible security or compliance breaches and determine the scope of compromise, more bandwidth to access auditing logs
157
Azure Policy
Enforce standards and assess compliance across your organization no matter who you are, evaluates all resources in Azure and Arc enabled resources
158
Azure Policy Triggers
A resource has been created, deleted, or updated in scope with a policy assignment.
A policy or an initiative is newly assigned to a scope.
A policy or an initiative that's been assigned to a scope is updated.
The standard compliance evaluation cycle (happens once every 24 hours
159
Azure Blueprints
Way to define a repeatable set of Azure resources, for rapid deployment and provisioning of new environments
160
Microsoft Purview
Unified data governance service that helps organizations manage and govern their on-premises, multi-cloud, and software-as-a-service (SaaS) data. With Microsoft Purview, organization can create a holistic, up-to-date map of the organization's data landscape with automated data discovery, sensitive data
classification, and end-to-end data lineage.
