Practice 5 Flashcards
True or False: In Microsoft Entra, workload identities are applications, service principals, and managed identities.
answer: True
In the Microsoft Entra system, workload identities refer to non-human identities that require access to resources. These workload identities primarily encompass applications, service principals, and managed identities. Applications are software programs that need to access services or resources in the Microsoft Entra environment. Service principals represent the local instance, or application object, as it’s used within a specific tenant and grants specific permissions
Which roles in Microsoft Entra provide permissions across various services, such as those that grant access to multiple security services within Microsoft 365 or manage Compliance-related settings across different platforms?
A. Microsfot Entra
B. Service Specific Roles
C. Cross Service Roles
D. MS 365 User Roles
Answer: Cross-service roles
Cross-service roles in Microsoft Entra are roles that grant permissions spanning multiple services. Roles like Security Administrator or Compliance Administrator exemplify cross-service roles as they provide access across a range of security services or compliance settings within Microsoft 365, respectively.
Which RBAC system is designed specifically to manage access to Microsoft Entra resources like users, groups, and applications?
A. Azure RBAC
B. MS Entra RBAC
C. Azure AD Roles
D. MS Resource RBAC
Answer: Microsoft Entra RBAC
Microsoft Entra RBAC (Role-Based Access Control) is tailored to control access to Microsoft Entra resources. This includes managing permissions related to users, groups, and applications within the Microsoft Entra ecosystem.
What term describes the real-time evaluation determining that a particular authentication request might not be authorized by the actual identity owner?
A. Identity Validation
B. Sign-In Risk
C. User Verifcation
D. Autentication Threat
Answer: Sign-in Risk
Sign-in Risk refers to the real-time assessment or calculation made during an authentication request, evaluating the likelihood that the request isn’t genuinely authorized by the identity owner. This is a crucial component in detecting potential unauthorized or malicious access attempts.
Which enterprise defense suite natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to offer comprehensive protection against advanced threats?
A. Azure Active Directory Guard
B. MS 365 Advanced Threat Protection
C. MS 365 Defender
D. Windows Security Suite
Answer: Microsoft 365 Defender
Microsoft 365 Defender is designed as a unified pre- and post-breach enterprise defense suite. It integrates and coordinates various security functions across multiple domains, such as endpoints, identities, email, and applications. Its main goal is to provide robust protection against sophisticated attacks, ensuring that potential threats are detected, prevented, investigated, and responded to in a seamless and integrated manner.
What function does Microsoft Defender Vulnerability Management primarily serve?
A. Safegaurding aginst email threats
B. Identifying and investgating compromised ID’s
C. Delvierying Continious Asset visibility and remediation tools for Vulnerabiliities and misconfiguaations
D. Providing deep visibility and threat protection for cloud apps
Answer: Delivering continuous asset visibility and remediation tools for vulnerabilities and misconfigurations
In an ever-evolving cyber threat landscape, ensuring that an organization’s digital assets remain secure is paramount. Microsoft Defender Vulnerability Management serves this critical need by offering continuous visibility into the assets within an organization. Beyond just visibility, it provides intelligent, risk-based assessments that determine the potential impact and likelihood of vulnerabilities being exploited. To aid IT and security teams, built-in remediation tools are included, making it easier to address the most critical vulnerabilities and misconfigurations, thereby reinforcing an organization’s security posture.
Which of the following best describes the core protections offered by Exchange Online Protection (EOP) that serves as a foundation for Microsoft Defender for Office 365?
A. It adds post breach investigation, hunting and resposne automation
B. EOP Primarily focuses on traning sims to education users
C. It helds prevent broad, volume based, known attacks and is present in subscritions with Exchagne online
D. It focuses on zero day malware and phish protection
Answer: It helps prevent broad, volume-based, known attacks and is present in subscriptions with Exchange Online mailboxes.
Exchange Online Protection, or EOP, serves as the foundational layer of security for Microsoft Defender for Office 365. Its primary role is to counteract broad, volume-driven attacks that are already known to security services. Examples of such attacks might include widespread phishing campaigns or widely recognized malware. EOP is designed to be omnipresent across any subscription that features Exchange Online mailboxes, making it a fundamental protection mechanism for businesses and organizations using Microsoft services. Given its nature, EOP acts as the first line of defense, intercepting and mitigating threats before they reach more specialized filters and protections present in the Microsoft Defender for Office 365 suite.
Which feature is unique to Microsoft Defender for Office 365 Plan 2 when compared to Plan 1?
A. Core protections offered by exchange online protection
B. Protection from zero day malware, phish and business email compromise
C. Post breach investigation, hunting, response automation and traning simulation
D. The basic security structure found in every Office365 plan
Answer: Post-breach investigation, hunting, response, automation, and training simulation.
Microsoft Defender for Office 365 offers two distinct subscription plans: Plan 1 (P1) and Plan 2 (P2). While both plans are built on the foundational protections provided by Exchange Online Protection (EOP) – which counteracts broad and well-known attacks – they cater to different levels of security needs. Plan 1 goes beyond EOP’s capabilities by providing protection against sophisticated, targeted threats such as zero-day malware, phish, and business email compromise.
Which subscription level of Microsoft Defender for Office 365 offers protection against zero-day malware, phish, and business email compromise, and is built upon the foundational security provided by Exchange Online Protection?
A. Microsoft 365 Basic
B. Microsoft Defendr for office 365 Plan1
C. Microsoft defender for office 365 plan2
D. Excahgne onilne protection plus
Answer: Microsoft Defender for Office 365 Plan 1.
Microsoft Defender for Office 365 Plan 1 is specifically designed to enhance the core security services offered by Exchange Online Protection (EOP). While EOP helps prevent broad, volume-based, known attacks, Defender for Office 365 Plan 1 goes a step further by protecting against advanced threats like zero-day malware, phishing, and business email compromise. It’s a robust solution tailored for those who require a higher level of security for their email and collaboration tools without the necessity for advanced post-breach investigation tools.
Which component of Microsoft Defender for Endpoint is designed to proactively search for threats, offering prioritization, context, and insights to aid Security operation centers (SOCs) in rapid and accurate threat response?
A. MS Secure score
B. Endpoint detection and response
C. Microsoft threat Experts
D. Core Defender Vulnerabilty Management
Answer: Microsoft Threat Experts.
Explanation: Microsoft Threat Experts serves as a managed threat hunting service within Microsoft Defender for Endpoint. It is tailored to provide proactive hunting capabilities, giving Security operation centers (SOCs) the ability to effectively prioritize threats. Additionally, this service delivers enhanced context and insights, equipping SOCs with the necessary information to swiftly and accurately respond to potential threats.
Which feature of Microsoft Defender for Endpoint focuses on making sure configuration settings are aptly set and exploit mitigation techniques are applied, in addition to providing network and web protection that regulates access to malicious IP addresses, domains, and URLs?
A. Endpoint Detetion and response
B. Attack Surface Reduction
C. Microsfot Theat Experts
D. Core Defender Vulnerability Management
Answer: Attack surface reduction.
Attack surface reduction is a pivotal capability within Microsoft Defender for Endpoint. Its primary function is to safeguard devices by making sure that configuration settings are properly aligned and that exploit mitigation techniques are systematically applied. Furthermore, this set of capabilities encompasses network and web protection tools, which play a critical role in restricting access to potentially harmful IP addresses, domains, and URLs, ensuring that endpoints remain secure from these threats.
Which functionality within Microsoft Defender for Endpoint is responsible for offering real-time, behavior-based, heuristic antivirus protection, coupled with cloud-delivered protection that ensures almost immediate detection and blocking of newly emerging threats?
A. Next Gen Protection
B. Endpoint Detection and Response
C. Microsfot Secure score for Devices
D. Management and API’s
Answer: Next generation protection.
Next generation protection in Microsoft Defender for Endpoint is architected to handle a diverse array of emerging threats. Its foundation lies in providing behavior-based and heuristic antivirus protection in real time. To complement this, the feature is also fortified with cloud-delivered protection mechanisms. This cloud integration means that the system can detect and block new and emerging threats almost instantly. In addition to this, dedicated protection and product updates ensure that the antivirus component remains updated and effective against evolving threats.
Which functionality of Microsoft Defender for Cloud Apps serves as a mediator to provide real-time access between enterprise users and their cloud resources, offering capabilities like discovering cloud app usage, protecting against app-based threats, ensuring information protection, and maintaining compliance?
A. Cloud Application Security Managment
B. Information Protection Suite
C. Fundamental CLoud Access Security broker (CASB)
D. Cloud Compliance Manager
Answer: Fundamental cloud access security broker (CASB) functionality.
The Fundamental cloud access security broker (CASB) functionality is an integral part of Microsoft Defender for Cloud Apps. It operates as a gatekeeper, bridging the gap and providing real-time access between enterprise users and the cloud resources they engage with. One of its primary roles is to offer visibility and discovery into the usage of cloud apps, shedding light on potential shadow IT scenarios. Beyond discovery, the CASB functionality also provides robust protection against threats emanating from any part of the cloud. Additionally, it ensures that information remains secure and that organizations maintain compliance with various standards and regulations.
Which authentication method allows third-party services to access a user’s account information without exposing the user’s password and might be susceptible to compromise due to its extensive permissions?
A. OpenAuth
B. Two-Factor Autehntication
C. OAuth
D. Passwordless Autehntication
Answer: OAuth
OAuth is an open standard for token-based authentication and authorization. It permits third-party services to utilize a user’s account data without revealing the user’s password. Due to the broad permissions that apps using OAuth might possess, there’s a potential vulnerability for compromise, making option C the correct choice.
Which Microsoft solution offers asset visibility, intelligent assessments, and remediation tools across multiple platforms, and uses threat intelligence to prioritize vulnerabilities on critical assets?
A. Microsfot Threat Protection
B. Azure Security Center
C. Defender Vulnerabilty Management
D. Microsoft Info protection
Explanation
Answer: Defender Vulnerability Management
Which platform centralizes the protection, detection, investigation, and response across devices, identities, endpoints, email & collaboration, and cloud apps, and is tailored to the needs of security teams with a focus on quick access and simpler layouts?
A. Microsoft Security Hub
B. Azure Security Center
C. Microsfot 365 Defender Portal
D. Windows Security Dashboard
Answer: Microsoft 365 Defender portal
The Microsoft 365 Defender portal is an all-encompassing platform that merges protection, detection, investigation, and response capabilities for a wide array of assets including devices, identities, endpoints, email & collaboration, and cloud apps. Designed specifically for the requirements of security teams, it places a high premium on ensuring rapid access to critical information and offers a user-friendly layout. This portal also provides users the ability to assess the security health of their organization. Among the choices provided, option C directly correlates with the information given.
Which tool integrated with Microsoft Sentinel allows SOC engineers and analysts to visualize data, providing a canvas for data analysis and the creation of rich visual reports within the Azure portal?
A. Azure Data Sheets
B. Azure Monitor Workbooks
C. Sentinel Data Canvas
D. Azure Visual Reports
Answer: Azure Monitor Workbooks
Azure Monitor Workbooks is the integrated tool in Microsoft Sentinel that enables the visualization of data. Once data sources are connected to Microsoft Sentinel, these workbooks provide a platform for SOC engineers and analysts to create and view rich visual reports within the Azure portal. This is especially useful for making sense of large amounts of data and presenting it in a manner that’s easy to understand and analyze. The main intent behind Azure Monitor Workbooks is to aid in data analysis, making it a valuable tool for security operations centers.
Which AI-powered security tool, exclusive to Microsoft, provides rapid risk exposure assessments and allows analysts to process signals at machine speed, facilitating quick responses to threats?
A. Azure Rapid Defender
B. Microsoft Threat Analyzer
C. MS Security Copilot
D. AT Shield for Microsoft
Answer: Microsoft Security Copilot
Microsoft Security Copilot stands out as the premier generative AI security product from Microsoft designed to bolster defenses against threats at both machine speed and scale. It’s crafted to assist security analysts in swiftly addressing potential threats by processing signals at an unparalleled speed. By utilizing this tool, risk exposure assessments can be executed within minutes, emphasizing its capability to act quickly and efficiently in the realm of security analysis.
Which of the following is an identity created in each Microsoft Entra ID tenant for an application to delegate its identity and access functions, enabling features such as authentication and authorization to resources secured by the tenant?
A. Managed Identiy
B. Application Registration
C. Service Principal
D. Resource Delegate
Answer: Service Principal
A Service Principal represents the identity that an application assumes when it needs to interact with resources in a Microsoft Entra ID tenant. It is created when an application is registered with Microsoft Entra ID, enabling its integration. This service principal facilitates core functionalities, such as authenticating the application and authorizing it to access specific resources secured by the tenant. While application developers are tasked with managing the credentials for service principals to ensure they can access these resources, this responsibility can also be offloaded using managed identities to prevent potential security vulnerabilities.
Which type of managed identity is directly tied to the lifecycle of an Azure resource and gets automatically deleted when the resource is removed?
A. User Assigned ID
B. Azure Assigned ID
C. System Assigned ID
D. Resource assigned ID
Answer: System-assigned identity
A system-assigned managed identity is directly linked to an Azure resource, such as a virtual machine. When this identity is enabled on an Azure resource, Microsoft Entra ID creates an identity that shares the lifecycle of that specific Azure resource. This ensures that when the resource is deleted, Azure will automatically handle the deletion of the identity as well. A typical scenario where one might use a system-assigned identity is when a specific task or workload is wholly contained within a single Azure resource.
Which type of managed identity is created as a standalone Azure resource, can be assigned to multiple Azure service instances such as VMs, and exists independently of the resources it’s assigned to, requiring explicit deletion?
A. System Assigned Identity
B. User Assigned Identity
C. Resource Assigned Identity
D. Group Assigned Identity
Answer: User-assigned Identity
A user-assigned managed identity is created as a separate Azure resource. This type of identity can be assigned to one or more Azure service instances. Unlike system-assigned managed identities, user-assigned identities are not tied to a specific resource’s lifecycle, which means they persist even after the resources they are attached to are deleted. They have to be deleted explicitly. This structure is particularly beneficial when dealing with scenarios where multiple Azure resources, like VMs, require the same permissions but may frequently change or get recycled.
Which device registration type in Microsoft Entra ID best supports the “bring your own device” (BYOD) scenario where users can access organizational resources using personal devices without needing an organizational account to sign in?
A. Microsoft Entra ID Registered Devices
B. Microsfot Entra ID Joined devices
C. Hybird Microsoft Entra ID joined devices
D. None of the Above
Answer: Microsoft Entra ID registered devices
Which type of group in Microsoft Entra ID is tailored for collaboration and can grant members access to shared resources like mailboxes, calendars, and SharePoint sites?
A. Access Group
B. Security Group
C. M365 Group
D. Collaboration Group
Answer: Microsoft 365 Group
A Microsoft 365 group, often known as a distribution group, is specifically designed for the purpose of grouping users in line with their collaboration requirements. This group type allows members to have access to shared resources such as mailboxes, calendars, files, SharePoint sites, and more. As Microsoft 365 groups prioritize collaboration, users are typically permitted by default to create these groups, eliminating the need for an administrator role.
Which of the following best describes the primary function of a security group in Microsoft Entra ID?
A. Grouping users for email distributions
B. Managing Users adn device access to shared resources
C. Prioritizing system updates for devices
D. Allocating storage space for applications
Answer: Managing user and device access to shared resources
In Microsoft Entra ID, a security group is predominantly used to control user and device access to shared resources. Instead of assigning permissions individually, security groups allow for collective assignment, streamlining access management. Members within a security group can encompass users (including external ones), devices, other groups, and service principals. For functions like creating security groups, a Microsoft Entra ID administrator role is typically required.
