SC-900 Flashcards
(158 cards)
1
Q
What is the shared responsibility model?
A
identifies which security tasks are handled by the cloud provider and which are are handled by the customer
2
Q
True or False: For all cloud deployment types, you, the cloud customer, own your data and identities
A
True
3
Q
What are the typical layers for defense in depth?
A
Physical, Identity and Access, Perimeter, Network, Compute, Applications, Data
4
Q
What is CIA?
A
Confidentiality, Integrity, and Availability
5
Q
Explain the C in CIA
A
confidentiality refers to the need to keep confidential sensitive data such as customer information, passwords, or financial data.
6
Q
Explain the I in CIA
A
Integrity refers to keeping data or messages correct.
7
Q
Explain the A in CIA
A
Availability refers to making data available to those who need it, when they need it.
8
Q
What are the Zero Trust Model’s guiding principles?
A
Verify Explicitly, Use Rule of Least Privilege, Assume Breach
9
Q
What are the six pillars of Zero Trust Model?
A
Identities, Devices, Applications, Data, Infrastructure, Networks
10
Q
What is the pithy Zero Trust saying?
A
Trust no one, verify everything
11
Q
What is encryption?
A
The process of making data unreadable and usable to unauthorized viewers
12
Q
What decrypts encrypted data?
A
a key
13
Q
What is symmetric encryption?
A
uses the same key to encrypt and decrypt the data
14
Q
What is asymmetric encryption?
A
uses a public key and private key pair
15
Q
What is hashing?
A
uses an algorithm to convert text to a unique fixed length value called a hash
16
Q
When using a hash, will it produce the same hash value every time identical text is put into it?
A
Yes
17
Q
What does it mean to salt a hash?
A
Adding a fixed length random value to the input of the has functions
18
Q
What is Governance?
A
A system of rules, practices, and processes an organization uses to direct and control its activities.
19
Q
What is Risk Management?
A
the process of identifying, assessing, and responding, to threats or events that can impact company or customer objectives
20
Q
What is Compliance?
A
refers to the country/region, state, or federal laws or even multi-national regulations that an organization must follow
21
Q
An organization has deployed Microsoft 365 applications to all employees. Considering the shared responsibility model, who is responsible for the accounts and identities relating to these employees?
A
The organization
22
Q
Describe data sovereignty
A
Data, particularly personal data, is subject to the laws and regulations of the country/region in which it’s physically collected, held, or processed
23
Q
What is Authentication?
A
the process of proving a person is who they say they are
24
Q
What is Authorization?
A
the process of deciding what access an authorized individual has
25
What is an Identity?
the set of things that define or characterize someone/something
26
What are the 4 pillars of an identity infrastructure?
Administration, Authentication, Authorization, and Auditing
27
What does an identity provider do?
creates, maintains, and manages identity information while offering authentication, authorization, and auditing services
28
What is a directory?
a hierarchical structure that stores information about objects on the network
29
What is the Windows on-prem directory service?
Active Directory
30
Does Azure Directory Domain Services support modern authentication?
No
31
What provides Identity as a Service solutions for all an organization's apps across the cloud and on-prem?
Microsoft Entra ID
32
What is Federation?
enables access of services across organizational or domain boundaries by establishing trust relationships between the respective domain's identity provider
33
What service means there's no need for a user to maintain a different username and password when accessing resources in other domains?
Federation
34
Which relationship allows federated services to access resources?
Trust relationships
35
What is Microsoft Entra ID?
Microsoft's cloud based identity and access management service
36
What is Entra ID's identity secure score?
a percentage for how aligned you are with Microsoft's best practices
37
What is an Entra tenant?
an instance of Microsoft Entra ID
38
What is an Entra directory?
a logical container within a Microsoft Entra tenant that holds and organizes the various resources and objects related to identity and access management including users, groups, applications, devices, and other directory objects.
39
What is a multi-tenant organization?
An organization that has more than one Entra tenant
40
What are the three categories of things you can assign Microsoft Entra ID's to?
Humans, physical devices, software applications
41
What are the two types of managed identities?
system assigned and user assigned
42
What are the two kinds of groups?
Security groups and 365 groups
43
What is a security group created for?
manage user and device access to shared resources
44
What is a 365 group for?
grouping users according to collaboration needs
45
What is Entra Cloud Sync?
designed to meet and accomplish your hybrid identity goals for provisioning and synchronization of users, groups, and contacts
46
What can you do with B2B direct connect?
you create two-way trust relationships with other Microsoft Entra organizations to allow users to seamlessly sign in to your shared resources and vice versa.
47
An organization has completed a full migration to the cloud and has purchased devices for all its employees. All employees sign in to the device through an organizational account configured in Microsoft Entra ID. Select the option that best describes how these devices are set up in Microsoft Entra ID?
These devices are set up as Microsoft Entra joined
48
A developer wants an application to connect to Azure resources that support Microsoft Entra authentication, without having to manage any credentials and without incurring any extra cost. What best describes the identity type of the application?
Managed Identity
49
What two phone verification options does Microsoft Entra support?
SMS and Voice call
50
What is OAUTH?
Open Authentication is an open standard that specifies how time-based, one-time password (TOTP) codes are generated. One-time password codes can be used to authenticate a user.
51
What does Windows Hello do?
Replaces passwords with strong two factor authentication on devices
52
What is FIDO?
Fast Identity Online allows users and organizations to leverage the standard to sign in to their resources using an external security key or a platform key built into a device, eliminating the need for a username and password.
53
What is CBA?
Certificate based authentication enables customers to allow or require users to authenticate directly with X.509 certificates against their Microsoft Entra identity, for applications and browser sign-in.
54
What is SSPR?
Self-service password reset is a way for users to reset their password without an admin
55
What is the feature of Entra ID that limits users ability to set weak passwords?
Password protection
56
True or False: A global banned password list with known weak passwords is automatically updated and enforced by Microsoft.
True
57
True or False: Admins can also create custom banned password lists to support specific business security needs.
True
58
What is conditional access?
a feature of Microsoft Entra ID that provides an extra layer of security before allowing authenticated users access to resources
59
What is conditional access picking up to make a decision?
signals like user, location, device, application,
60
What is managing access using roles known as?
RBAC -- role based access control
61
An organization plans to implement Conditional Access. What do admins need to do?
Create policies that enforce organizational rules.
62
Sign-in risk is a signal used by Conditional Access policies to decide whether to grant or deny access. What is sign-in risk?
The probability that the authentication request isn't authorized by the identity owner.
63
What gives organizations the ability to do the following tasks:
Govern the identity lifecycle.
Govern access lifecycle.
Secure privileged access for administration.
ID governance
64
What are access reviews?
enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment.
65
What is entitlement management?
an identity governance feature that enables organizations to manage the identity and access lifecycle at scale. Entitlement management automates access request workflows, access assignments, reviews, and expiration.
66
What is privileged identity management?
a service of Microsoft Entra ID that enables you to manage, control, and monitor access to important resources in your organization.
67
What is Entra Identity protection?
a tool that allows organizations to accomplish three key tasks:
Automate the detection and remediation of identity-based risks.
Investigate risks using data in the portal.
Export risk detection data to third-party utilities for further analysis.
68
True or False: risk can be detected at the user and sign-in level, can be categorized as low, medium, or high, and may be calculated in real-time or offline with identity protection
True
69
What are the three reports identity protection can provide?
risk detection, risk sign-ins, risky-users
70
What is Entra permissions management?
a cloud infrastructure entitlement management (CIEM) product that provides comprehensive visibility and control over permissions for any identity and any resource in Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP).
71
What is Entra Verified ID?
a managed verifiable credentials service based on open standards. Verified ID automates verification of identity credentials and enables privacy-protected interactions between organizations and users.
72
Your organization has implemented important changes in their customer facing web-based applications. You want to ensure that any user who wishes to access these applications agrees to the legal disclaimers. Which Microsoft Entra feature should you implement?
Entra Terms of Use
73
An organization is project-oriented with employees often working on more than one project at a time. Which solution is best suited to managing user access to this organization’s resources?
Entitlement management.
74
An organization has recently conducted a security audit and found that four people who have left were still active and assigned global admin roles. The users have now been deleted but the IT organization has been asked to recommend a solution to prevent a similar security lapse happening in future. Which solution should they recommend?
Privileged Identity Management.
75
Your IT organization recently discovered that several user accounts in the finance department have been compromised. The CTO has asked for a solution to reduce the impact of compromised user accounts. The IT admin team is looking into Microsoft Entra features. Which one should they recommend?
Identity Protection.
76
Your IT organization is looking for a solution that provides comprehensive visibility and control over permissions for any identity and any resource in their multi-vendor cloud environment. Which Microsoft solution is best suited to address these needs?
Permissions Management.
77
At what layers does Azure DDoS offer protection?
Layer 3 (network) and Layer 4 (application)
78
What is Azure firewall?
a managed, cloud-based network security service that provides threat protection for your cloud workloads and resources running in Azure.
79
What is WAF?
Web application firewall provides centralized protection of your web applications from common exploits and vulnerabilities.
80
What is Azure Virtual Network?
the fundamental building block for your organization's private network in Azure.
81
What is a virtual network?
A virtual network is similar to a traditional network that you'd operate in your own data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation.
82
What is a network security group?
lets you filter network traffic to and from Azure resources in an Azure virtual network
83
Does Azure Firewall or NSG provide security within virtual networks?
NSG's
84
What is Azure Bastion?
a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal.
85
What is Azure Key Vault?
a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.
86
How can application developers benefit from using Azure Key Vault?
To securely store and retrieve application secrets
87
True or False: Azure Bastion cannot be deployed per virtual network, with support for virtual network peering.
False
88
The security admin wants to protect Azure resources from DDoS attacks and needs logging, alerting, and telemetry capabilities. which Azure service can provide these capabilities?
DDoS network protections
89
What is Microsoft Defender for Cloud?
a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities
90
What is an Azure policy definition?
A rule about specific security conditions that you want controlled.
91
What is a security initative?
a collection of Azure Policy definitions, or rules, grouped together towards a specific goal or purpose.
92
Can security admins build custom security initatives?
Yes
93
What is the microsoft cloud security benchmark?
a Microsoft-authored set of guidelines for security and compliance that provides best practices and recommendations to help improve the security of workloads, data, and services on Azure and your multicloud environment.
94
What is CSPM?
Cloud security posture management provides you with hardening guidance that helps you efficiently and effectively improve your security. CSPM also gives you visibility into your current security situation.
95
What is the central feature in Microsoft Defender for Cloud that provides visibility to your current security posture?
secure score
96
What is Defender for DevOps?
empowers security teams to manage DevOps security across multi-pipeline environments.
97
What are the three pillars of Microsoft Defender for Cloud?
CSPM, CWP (cloud workload protection), Cloud security benchmark
98
Microsoft Defender for Cloud covers three pillars of cloud security. Which pillar provides visibility to help you understand your current security situation and provides hardening recommendations?
CSPM
99
An organization wants to add vulnerability scanning for its Azure resources to view, investigate, and remediate the findings directly within Microsoft Defender for Cloud. What functionality of Microsoft Defender for Cloud would they need to consider?
The enhanced functionality that is provided through the Microsoft Defender plans and is part of the CWP pillar of Microsoft Defender for Cloud.
100
Which framework does Microsoft Defender for Cloud apply as a default initiative for security and compliance and provides best practices and recommendations to help improve the security of workloads, data, and services on Azure and your multicloud environment?
Microsoft Cloud security benchmark
101
Which capability allows you to manage your connected DevOps environments and provides your security teams with visibility to discovered issues within those environments?
The Defender for DevOps console
102
What is SIEM?
Security information and event management is a tool that an organization uses to collect data from across the whole estate, including infrastructure, software, and resources. It does analysis, looks for correlations or anomalies, and generates alerts and incidents.
103
What is SOAR?
Security Orchestration, Automation , and Response system takes alerts from many sources, such as a SIEM system. The SOAR system then triggers action-driven automated workflows and processes to run security tasks that mitigate the issue.
104
What is Microsoft Sentinel?
a scalable, cloud-native SIEM/SOAR solution that delivers intelligent security analytics and threat intelligence across the enterprise. It provides a single solution for alert detection, threat visibility, proactive hunting, and threat response.
105
What is Azure Monitor Workbooks?
Workbooks are intended for SOC engineers and analysts of all tiers to visualize data. You'll see a canvas for data analysis and the creation of rich visual reports within the Azure portal.
106
What kind of tasks do playbooks work best with?
single, repeatable tasks
107
What is Microsoft Security Copilot?
is the first and only generative AI security product to help defend organizations at machine speed and scale. It's an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes.
108
What are the three primary use cases of Security Colpilot?
Security posture management, incident response, and security reporting
109
As the lead admin, it's important to convince your team to start using Microsoft Sentinel. You’ve put together a presentation. What are the four security operation areas of Microsoft Sentinel?
Collect, Detect, Investigate, Respond
110
Your estate has many different data sources where data is stored. Which tool should be used with Microsoft Sentinel to quickly gain insights across your data as soon as a data source is connected?
Azure Monitor Workbooks
111
What is Microsoft XDR?
an enterprise defense suite that protects against sophisticated cyberattacks. With Microsoft Defender XDR, you can natively coordinate the detection, prevention, investigation, and response to threats across endpoints, identities, email, and applications.
112
What is Microsoft Defender for 365?
a seamless integration into your Office 365 subscription that provides protection against threats, like phishing and malware that arrive in email links (URLs), attachments, or collaboration tools like SharePoint, Teams, and Outlook.
113
What is Microsoft Defender for Endpoint?
a platform designed to help enterprise networks protect endpoints including laptops, phones, tablets, PCs, access points, routers, and firewalls.
114
What is Microsoft Defender for Cloud Apps?
delivers full protection for SaaS applications
115
What is microsoft defender for identity?
a cloud-based security solution that uses your on-premises Active Directory data (called signals) to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
116
What is Defender Vulnerability Management?
delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices
117
What is Microsoft Defender Threat intelligence?
helps streamline security analyst triage, incident response, threat hunting, and vulnerability management workflows. Defender TI aggregates and enriches critical threat information in an easy-to-use interface.
118
What provides proprietary reputation scores for any Host, Domain, or IP Address?
Defender TI
119
What is the Defender portal?
combines protection, detection, investigation, and response to devices, identities, endpoints, email & collaboration, and cloud apps, in a central place.
120
A lead admin for an organization is looking to protect against malicious threats posed by email messages, links (URLs), and collaboration tools. Which solution from the Microsoft Defender XDR suite is best suited for this purpose?
Microsoft Defender for office 365
121
A cloud access security broker (CASB) provides protection across 4 areas/pillars: visibility to detect all cloud services, data security, threat protection, and compliance. These pillars represent the basis of the Cloud App Security framework upon which Microsoft Defender for Cloud Apps is built. Which pillar is responsible for identifying and controlling sensitive information?
Data security
122
Which of the following is a cloud-based security solution that identifies, detects, and helps to investigate advanced threats, compromised identities, and malicious insider actions directed at your organization?
Microsoft Defender for Identity
123
Admins in the organization are using the Microsoft Defender portal every day. They want to quickly get an understanding of the organization's current security posture. Which capability in the Microsoft Defender portal will they use?
Secure score
124
Your security and IT teams want to implement a solution that helps address critical vulnerabilities and misconfigurations across your organization. Which solution in the Microsoft Defender XDR suite can help address these requirements?
Defender Vulnerability Management
125
What is the Microsoft Service Trust Portal?
provides a variety of content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.
126
What are Microsoft's six principles of privacy?
Control, transparency, security, strong legal protection, no content based targeting, benefit the consumer
127
What is Microsoft Priva?
helps you understand the data your organization stores by automating discovery of personal data assets and providing visualizations of essential information.
128
When browsing Microsoft compliance documentation in the Service Trust Portal, you have found several documents that are specific to your industry. What is the best way of ensuring you keep up to date with the latest updates?
Save the documents to your My Library
129
What is Microsoft Purview compliance portal?
brings together all of the tools and data that are needed to help understand and manage an organization’s compliance needs.
130
What is Purview compliance manager?
a feature in the Microsoft Purview compliance portal that helps admins to manage an organization’s compliance requirements with greater ease and convenience.
131
What is the compliance score?
measures progress in completing recommended improvement actions within controls. The score can help an organization to understand its current compliance posture. It also helps organizations to prioritize actions based on their potential to reduce risk.
132
A new admin has joined the team and needs to be able to access the Microsoft Purview compliance portal. Which of the following roles could the admin use to access the compliance portal?
Compliance Administrator Role
133
Your new colleagues on the admin team are unfamiliar with the concept of shared controls in Compliance Manager. How would the concept of shared controls be explained?
Controls that both your organization and Microsoft share responsibility for implementing.
134
What is Microsoft Information Protection?
discovers, classifies, and protects sensitive and business-critical content throughout its lifecycle across your organization. It provides the tools to know your data, protect your data, and prevent data loss.
135
What are trainable classifiers?
use artificial intelligence and machine learning to intelligently classify your data.
136
What are sensitivity labels?
enable the labeling and protection of content, without affecting productivity and collaboration.
137
How do you implement data loss prevention?
In microsoft purview by defining and applying DLP policies.
138
What helps organizations to manage and govern information by ensuring content is kept only for a required time, and then permanently deleted.
Retention policies and retention labels
139
What is the Microsoft Purview governance portal?
provides a unified data governance service that helps you manage your on-premises, multicloud, and software-as-a-service (SaaS) data.
140
Which part of the concept of know your data, protect your data, prevent data loss, and govern your data addresses the need for organizations to automatically retain, delete, store data and records in a compliant manner?
Govern your data
141
As part of a new data loss prevention policy, the compliance admin needs to be able to identify important information such as credit card numbers, across the organization's data. How can the admin address this requirement?
Use sensitive information types
142
Within the organization, some emails are confidential and should be encrypted so that only authorized users can read them. How can this requirement be implemented?
Use sensitivity labels
143
Your organization uses Microsoft Teams to collaborate on all projects. The compliance admin wants to prevent users from accidentally sharing sensitive information in a Microsoft Teams chat session. What capability can address this requirement?
use data loss prevention policies
144
Due to a certain regulation, your organization must now keep hold of all documents in a specific SharePoint site that contains customer information for five years. How can this requirement be implemented?
use retention policies
145
Which application in the Microsoft Purview governance portal is used to capture metadata about enterprise data, to identify and classify sensitive data?
Data map
146
What is Purview Insider Risk Management?
a solution that helps minimize internal risks by enabling an organization to detect, investigate, and act on risky and malicious activities.
147
What is Purview Communication Compliance
an insider risk solution that helps you detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within your organization.
148
To comply with corporate policies, the compliance admin needs to be able to identify and scan for offensive language across the organization. What solution can the admin implement to address this need?
Purview Communication Compliance
149
What is eDiscovery?
the process of identifying and delivering electronic information that can be used as evidence in legal cases.
150
A new admin has joined the compliance team and needs access to eDiscovery (Standard) to be able to add and remove members, create and edit searches, and export content from a case. To which role should the admin be assigned?
Add them as a member of the eDiscovery Manager role group.
151
The compliance admin team needs to be able to collect and copy data into review sets and to be able filter, search, and tag content, which solution can best address their needs?
eDiscovery Premium
152
The compliance team wants to obtain intelligent insights to help investigate possible breaches and determine the scope of compromise. Which solution can best address that need?
Audit Premium
153
Which of the following allows you to invite guest users and provide them access to Azure resources within your organization?
Azure B2B
154
Your company is planning on making use of Azure Active Directory Privileged Identity Management. Can Privileged Identity Management be used to provide time-bound access for Azure virtual machines?
No
155
Which of the following is a component of the Cloud App Security Framework?
Control/discover the use of shadow IT
156
You are considering the use of sensitivity labels in Microsoft 365. Can sensitivity labels be used to encrypt the contents in documents?
yes
157
What is the maximum time frame for which you can retain audit logs in Microsoft 365?
10 years
158
