sc900

Question 1

Microsoft Entra Verified ID

Answer 1

a service for securely managing and verifying digital credentials. It automates identity verification while maintaining privacy.

Question 2

Microsoft Entra Permissions Management

Answer 2

a Cloud Infrastructure Entitlement Management (CIEM) solution that helps organizations manage permissions for identities and resources across Microsoft Azure, AWS, and GCP, supporting a Zero Trust security model with least privilege access.

Question 3

Microsoft Entra ID Protection

Answer 3

helps organizations detect, investigate, and remediate identity-based risks by analyzing signals from user and workload identities. It integrates with tools like Conditional Access and SIEM for better security.

Question 4

Six Foundational Pillars of Zero Trust

Answer 4

Identities, Device, Applications, Data, Infrastructure, Networks (IDADIN)

Question 5

Data Residency

Answer 5

Refers to regulations governing the physical location where data can be stored and how it can be transferred, processed, or accessed internationally. These regulations vary by jurisdiction, making it crucial for organizations to be aware of local laws when handling data across borders.

Question 6

Data Sovereignty

Answer 6

This principle states that data, especially personal data, is subject to the laws and regulations of the country or region in which it is collected, stored, or processed. This can create complexity as data may cross multiple jurisdictions, each with different laws.

Question 7

Data Privacy:

Answer 7

transparency about the collection, use, and sharing of personal data. Organizations must comply with various laws and regulations to protect privacy

Question 8

Authentication

Answer 8

is the process of verifying a person’s identity, proving they are who they claim to be.

Question 9

Authorization

Answer 9

happens after authentication and determines what resources a person can access and what actions they can perform.

Question 10

Four Pillars of Identity Infrastructure

Answer 10

Administration, Authentication, Authorization, Auditing

Question 11

The Microsoft Service Trust Portal (STP)

Answer 11

how Microsoft protect data, maintain compliance

Question 12

Microsoft Priva

Answer 12

is a set of privacy solutions designed to help organizations manage privacy operations, ensure compliance with regulations, and mitigate privacy risks.

Question 13

Microsoft Purview

Answer 13

is a set of integrated data security, data governance, and data compliance solutions that can help organizations secure and govern their entire data estate, while helping them meet their compliance requirements

Question 14

Data Loss Prevention (DLP) in Microsoft Purview

Answer 14

helps organizations protect sensitive information from being shared inappropriately.

Question 15

Describe audit in Microsoft Purview (standard and premium)

Answer 15

log retention policies, high-value intelligent insights, and higher bandwidth to API.

Question 16

The following authentication methods are available for SSPR:

Answer 16

Mobile app notification
Mobile app code
Email
Mobile phone
Office phone
Security questions

Question 17

service password reset (SSPR) is a

Answer 17

feature of Microsoft Entra ID that allows users to change or reset their password, without administrator or help desk involvement

Question 18

azure Bastion provides

Answer 18

secure RDP and SSH connectivity to all of the VMs in the virtual network for which it’s provisioned.

Question 19

Microsoft Purview Compliance Manager

Answer 19

helps reduce risks related to data protection.

Question 20

Microsoft Purview Communication Compliance

Answer 20

helps detect, capture, and address inappropriate messages that may lead to breaches or compliance incidents.

Question 21

Microsoft Purview Data Lifecycle Management

Answer 21

provides tools for managing data retention and deletion, helping organizations meet compliance requirements.

Question 22

Microsoft Purview data governance

Answer 22

enables organizations to securely manage, access, and utilize their data across a distributed environment while ensuring compliance, improving data quality, and supporting innovation.

Question 23

Microsoft Purview Data Catalog

Answer 23

provides a comprehensive solution for organizing, managing, and securing data across the organization.

Question 24

federation

Answer 24

When multiple identity providers work together where users only need to log in once, and their credentials can be used to access multiple applications

Question 25

FIDO2

Answer 25

passwordless authentication standard using security keys or built-in device keys. It’s more secure than passwords, resistant to phishing, and supports single sign-on for both cloud and on-premises resources.

Question 26

Windows Hello for Business

Answer 26

something you have, something you know, and something that's part of you.

Question 27

Conditional Access

Answer 27

extra layer of security by automating access decisions based on user, location, device, application, and risk factors

Question 28

Microsoft Global Secure Access dashboard

Answer 28

a security solution that unifies Microsoft Entra Internet Access (SAAS) and Private Access (VPN) to protect users, devices, and data

Question 29

Microsoft Entra ID different identity types

Answer 29

User Identities: Workload Identities: Device Identities: Hybrid Identities: external Identities

Question 30

In entra ID there are three basic terminologies

Answer 30

Tenant: is an instance of entra ID Directory: a database or catalog of identities and resources associated with an organization's tenant. Multi-tenant: is an organization that has more than one instance of Entra ID. including organizations with multiple subsidiaries, organizations that merge or acquire companies

Question 31

Microsoft Entra ID Governance

Answer 31

who should have access, what users do with that access, and whether controls are working effectively

Question 32

Microsoft Entra access reviews

Answer 32

manage group memberships, application access, and role assignments, ensuring only the right people have access to resources

Question 33

Entitlement Management in Microsoft Entra automates

Answer 33

access requests, assignments, reviews, and expirations, helping manage access at scale. It allows non-administrators to create access packages and define access policies.

Question 34

Network Security Groups (NSGs):

Answer 34

NSGs filter inbound and outbound network traffic to Azure resources, like virtual machines (VMs). An NSG consists of rules that define traffic flow based on criteria such as source, destination, port, protocol, and direction

Question 35

NSGs vs Azure Firewall:

Answer 35

While NSGs provide distributed network-level filtering, Azure Firewall is a firewall that offers both network and application-level protection across multiple virtual networks and subscriptions. Together, they provide a defense-in-depth approach to security.

Question 36

Microsoft Defender for Cloud

Answer 36

is a cloud-native application protection platform (CNAPP) designed to secure cloud-based applications from cyber threats and vulnerabilities

Question 37

Microsoft Sentinel

Answer 37

is a cloud SIEM solution that provides intelligent security analytics and threat intelligence to protect enterprises.

Question 38

Microsoft Defender XDR

Answer 38

is an enterprise security suite designed to protect against sophisticated cyberattacks by integrating threat signals from endpoints, applications, email, and identities.

Question 39

Microsoft Defender for Office 365

Answer 39

protects organizations from threats like phishing, malware, and attacks targeting email links, attachments

Question 40

Microsoft Defender for Endpoint

Answer 40

is a platform designed to protect enterprise networks by securing endpoints such as laptops, phones, tablets, PCs, routers, and firewalls

Question 41

Microsoft Defender for Cloud Apps

Answer 41

provides comprehensive protection for Software-as-a-Service (SaaS) applications

Question 42

Microsoft Defender for Identity

Answer 42

is a cloud-based security solution that leverages on-premises identity infrastructure signals to detect and respond to identity-based threats

Question 43

Microsoft Defender Vulnerability Management

Answer 43

provides organizations with asset visibility, intelligent risk assessments,

Question 44

Microsoft Defender Threat Intelligence (TI)

Answer 44

helps security teams efficiently aggregate, analyze, and prioritize threat intelligence data to protect organizations from the most impactful threats.

Question 45

Microsoft Purview Information Protection

Answer 45

provides data classification capabilities to help organizations manage sensitive information and comply with regulatory requirements

Question 46

OATH (Open Authentication): A standard for generating time-based one-time passwords (TOTP) for user verification.

Answer 46

* Software OATH tokens: Apps generating OTPs using a secret key. * Hardware OATH tokens: Devices like key fobs showing changing codes every 30-60 seconds. Used as secondary authentication in Microsoft Entra ID for password resets or multifactor authentication.

Question 47

Cloud security posture management (CSPM

Answer 47

CSPM provides detailed visibility into the security state of your assets and workloads and offers hardening guidance to help you improve your security posture.

Question 48

An identity provider (IdP)

Answer 48

is a service responsible for creating, maintaining, and managing identity information. Examples of Identity Providers: Microsoft Entra ID, Google, Amazon, LinkedIn, and GitHub.

Question 49

Single Sign-On (SSO):

Answer 49

An important feature of modern identity providers is Single Sign-On (SSO). With SSO, users only need to log in once, and their credentials can be used to access multiple applications or resources. When multiple identity providers work together in this manner, it is called federation.

Question 50

Data Residency: .

Answer 50

the physical location where data can be stored and how it can be transferred, processed, or accessed internationally

Question 51

Data Sovereignty:

Answer 51

personal data, is subject to the laws and regulations of the country or region in which it is collected, stored, or processed.

Question 52

Data Privacy:

Answer 52

transparency about the collection, use, and sharing of personal data.

Question 53

Defense in Depth is a layered security approach that prevents unauthorized access by using multiple security mechanisms

Answer 53

Physical : Identity and access control: Perimeter Network : Compute : Application : Data :

Question 54

Key Principles of Zero Trust:

Answer 54

Verify Explicitly: Least Privilege Access: Assume Breach:

Question 55

shared responsibility model

Answer 55

Devices & accounts always CUSTOMER On-premises datacenters: The organization is fully responsible for everything IaaS: customer responsible for everything except physical PaaS: customer responsible shared with applications and network SaaS: Organization responsible for everything

Question 56

eDiscovery

Answer 56

eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases

Question 57

Lockbox

Answer 57

Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval.