Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Learning items > Security theory > Flashcards

Security theory Flashcards

1
Q

What is MIG?

A

Microsoft Information Governance (MIG) is a collection of features to govern your data for compliance or regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between Retention Policies and RM?

A

While Records Management (RM) leverages Retention Policies, they perform differently.

Retention labels keep a copy of the content hidden from the user (but they can still delete/modify content from the UI), but RM blocks actions in the UI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

6 Pillars of Zero Trust

A
  • Identities must be verified
  • Devices create a large attack surface needing monitoring
  • Applications (inc Shadow IT) must be mapped & protected
  • Data must be classified, encrypted & labelled
  • Infrastructure must be monitored
  • Networks need segmenting, encryption & monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the THREE features you can configure to provide automated Data classification?

A

Trainable classifiers
Sensitive Information Types
Exact Data Matches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sensitivity labels are an example of Data classification. List THREE other areas.

A
  • (Sensitivity labels)
  • Retention policies
  • Communication compliance
  • Insider risk management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What FOUR actions can you view with the activity explorer?

A
  • Read
  • Deletion
  • Printed
  • Copied to network share/USB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True/False: Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user’s risk level

A

True. CA is a feature provided by Identity Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hot Area:

Answer Area
______ can use conditional access policies to control sessions in real time.

  • Azure Active Directory (Azure AD) Privileged - Identity Management (PIM)
  • Azure Defender
  • Azure Sentinel
  • Microsoft Cloud App Security
A

Cloud App Security /
MS Defender for Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How many trainable classifiers and specific file extensions can be applied to a single Insider Risk Policy?

A

5 classifiers / 50 file extensions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Sequence, in regards to Insider Risk Management?

A

A sequence is a group of two or more potentially risky activities performed one after the other that might suggest an elevated risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What FOUR categories of activity could trigger alerts for the Data leaks by the priority users sequence?

A
  • Collection eg. downloading files from SharePoint sites or moving files into a compressed folder.
  • Obfuscation eg. renaming files on a device.
  • Exfiltration eg. sending emails with attachments outside of your organisation.
  • Clean-up eg. deleting files from a device.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s required for an organisation to use Peer groups for cumulative exfiltration detection?

A

Your organisation agrees to share Azure AD data with the compliance portal, including organisation hierarchy and job titles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What data is typically contained in a security token (claim)?

A

Issuer
Audience
Expiry/Issued at/Not valid before
Subject
OID/TID
Name
Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What tech is the MS ID platform built on?

A

OpenID Connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does Peer groups for cumulative exfiltration detection work?

A

It looks for peers outside the organisation, based on the following criteria:

  • SharePoint sites: Insider risk management identifies peer groups based on users who access similar SharePoint sites.
  • Similar organization: Users with reports and team members based on organization hierarchy.
  • Similar job title: Users with a combination of organizational distance and similar job titles.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What TWO secondary authentication TYPES are supported in AAD?

A

OAuth software/hardware, voice-call verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What SIX authentication methods are available for SSPR?

A
  • Mobile app notification
  • Mobile app code
  • Mobile phone
  • Office phone
  • Email
  • Security questions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What licence is required to allow banned password lists?

A

Banned password lists are a feature of Azure AD Premium P1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What licence is required to allow PIM?

A

Azure AD Premium P2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

True/False: NSGs can deny inbound traffic from the Internet

A

TRUE, NSGs deny all in-bound Internet Traffic by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What’s an Access Package?

A

A group of access entitlements needed to fulfil a specific role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What licence is needed to allow Entitlement Management?

A

Azure AD Premium P2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What licence is needed to allow Access Reviews?

A

Azure Ad Premium P2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What THREE secondary authentication TECHNOLOGIES are supported in AAD?

A

Authenticator
Hello for Business
FIDO 2 keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What THREE services does Azure Identity Protection (AIP) provide?
- Automate the **detection** and **remediation** of identity-based risks. - **Investigate risks** using data in the portal. - **Export risk detection data** to third-party utilities for further analysis
26
What is Sign-in risk in AIP?
The probability that a given authentication request isn't authorized by the identity owner
27
What SIX sign-in risks can AIP detect?
Anonymous IP address. Malware linked IP address. Atypical travel. Unfamiliar sign-in properties. Password spray. Azure AD threat intelligence.
28
What is User risk in AIP?
The probability that a given identity or account is compromised
29
What are TWO user risks that AIP can detect?
Leaked credentials. Azure Ad Threat Intelligence
30
What THREE reports are produced by AIP?
Risky users Risky _sign-ins_ Risk detections
31
What licence is needed to allow Azure Identity Protection?
Azure AD Premium P2
32
Your organization has implemented important changes in their customer facing web-based applications. You want to ensure that any user who wishes to access these applications agrees to the legal disclaimers. Which Azure AD feature should you implement?
Azure AD Terms of Use
33
An organization is project-oriented with employees often working on more than one project at a time. Which solution is best suited to managing user access to this organization’s resources?
Entitlement management
34
An organization has recently conducted a security audit and found that four people who have left were still active and assigned global admin roles. The users have now been deleted but the IT organization has been asked to recommend a solution to prevent a similar security lapse happening in future. Which solution should they recommend?
PIM
35
What TWO licences allow use of Dynamic groups in AAD?
Azure AD Premium P1 Intune for Education
36
What are three types of DDOS attack?
**Volumetric** attacks: that flood the network with seemingly legitimate traffic, overwhelming the available bandwidth. **Protocol** attacks: Protocol attacks render a target inaccessible by exhausting server resources with false protocol requests that exploit weaknesses in layer 3 (network) and layer 4 (transport) protocols. **Resource (application) layer** attacks: These attacks target web application packets, to disrupt the transmission of data between hosts.
37
What three **TIERS** of Azure DDoS protection are available?
**Basic** (now renamed **Default**) DDoS **Network Protection** (SKU) DDoS **IP Protection** (preview)
38
True/False: By default, NSGs allow outbound traffic to access the Internet
**True**, unless specifically over-ridden by a higher-priority rule.
39
Describe use of Threat Intelligence with respect to Azure Firewall
Threat intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains
40
Describe FOUR advantages of Azure Firewall
Built-in high availability and availability zones Outbound SNAT and inbound DNAT to communicate with internet resources Threat intelligence Integration with Azure Monitor
41
Describe WAF
Web Application Firewall provides centralised protection of your web applications from common exploits and vulnerabilities
42
True/False: NSGs block incoming Internet Traffic by default?
Communication needs to be explicitly provisioned enables more control over how Azure resources in a VNet communicate with other Azure resources, the internet, and on-premises networks
43
True/False: You can associate multiple NSGs to VNet subnets or NICs?
False -You can associate only one network security group to each virtual network subnet and network interface in a virtual machine
44
True/False: You can associate an NSG with multiple subnets & NICs
True -The same network security group can be associated to as many different subnets and network interfaces as you choose
45
Intune is managed via: - AAD Admin Centre - M365 Compliance Centre - M365 Security Centre - Endpoint Admin Centre
**Microsoft Endpoint Admin Centre**
46
What THREE Inbound security rules are provided in NSGs by default?
**AllowVNetInBound**. This rule allows traffic from any Virtual Network (as defined by the service tag) on any port to any Virtual Network on any port, using any protocol. **AllowAzureLoadBalancerInBound**. This rule allows traffic from any Azure Load Balancer on any port to any IP address on any port, using any protocol. **DenyAllInBound** rule. This rule denies all traffic from any source IP address on any port to any other IP address on any port, using any protocol.
47
What is the difference between Network Security Groups (NSGs) and Azure Firewall?
NSGs provide traffic filtering to limit traffic WITHIN VNets in each subscription. Azure Firewall provides protection ACROSS different subscriptions and VNets.
48
True/False: Intune can be used to provision Azure subscriptions?
**False**
49
How widely does Bastion protect your VMs, VNets and subscriptions?
Bastion provides secure RDP and SSH connectivity to all VMs in the VNet, and peered VNets, in which it's provisioned. Bastion deployment is per VNet, not per subscription/account or virtual machine.
50
True/False: VMs accessed via Bastion need Public IPs
False. Bastion opens the RDP/SSH connection to your Azure virtual machine using private IP on your VM. You don't need a public IP.
51
True/False: The Bastion service eliminates the need for NSGs
True -The service is hardened internally to provide secure RDP/SSH connectivity. You don't need to apply any NSGs on an Azure Bastion subnet.
52
True/False: The Bastion service does NOT eliminate the need to harden VMs
False -Because it sits at the perimeter of your virtual network, you don’t need to worry about hardening each virtual machine in the virtual network
53
How does JIT protect VMs?
JIT allows you to select VM ports to which inbound traffic is blocked. Defender for Cloud places "deny all inbound traffic" rules for these ports in the NSG/Firewall rules. Defender applies RBAC to allow blocking to be lifted for a specified time & restores it afterwards.
54
True/False: JIT for VMs requires a Defender for Cloud subscription
True -JIT requires Microsoft Defender for servers to be enabled on the subscription
55
True/False: When JIT VM access expires, the connection is dropped
False -Defender for Cloud restores the NSGs to their previous states. Connections that are already established are not interrupted.
56
List THREE types of data encryption provided by Azure
**Storage encryption** (managed disks, blob storage, files & queues) **Disk encryption** Win/Linux VM disks (bitlocker/dm-crypt) **Transparent Data Encryption (TDE)** in SQL Db & Data Warehouse
57
List FOUR functions of Azure Key Vault
**Secrets Mgmt** (control access) **Key Mgmt** **Cert Mgmt** **Hardware Security Module (HSM)** (store secrets in FIPS 140-2 HSMs)
58
The security admin wants to protect Azure resources from DDoS attacks and needs logging, alerting, and telemetry capabilities. which Azure service can provide these capabilities? - Default DDoS infrastructure protection. - Both DDoS IP Protection and DDoS Network Protection. - Azure Bastion.
**DDoS IP Protection and DDoS Network Protection** provide advanced capabilities, including logging, alerting, and telemetry
59
Expand CSPM
**Cloud Security Posture Management** assesses systems and _alerts security staff when a vulnerability is found_.
60
Expand TVM
**Threat & Vulnerability Management** provides a holistic view of the organization's _attack surface and risk_ and integrates it into operations and engineering decision-making
61
Expand CWP
**Cloud Workload Protection** Through CWP, Defender for Cloud is able to _detect and resolve threats_ to resources, workloads, and services
62
An organization wants to add vulnerability scanning for its Azure resources to view, investigate, and remediate the findings directly within Microsoft Defender for Cloud. What functionality would they need to consider? - Secure score and recommendations functionality that is part of the CSPM pillar of Defender. - The enhanced functionality that is provided through the Microsoft Defender plans and is part of the CWP pillar of Defender. - Security Benchmarks.
**2** Microsoft Defender plans provide enhanced security features for your workloads, including vulnerability scanning. The Microsoft cloud security benchmark (MCSB) provides prescriptive best practices and recommendations, NOT vulnerability scanning.
63
List THREE deliverables provided by the Purview Governance Portal
- Create a holistic, up-to-date **map of your data landscape** with automated data discovery, sensitive data classification, and end-to-end data lineage. - Enable data curators to **manage and secure your data estate.** - Empower data consumers to **find valuable, trustworthy data.**
64
What functionality is provided by the Purview Data Map?
By scanning registered data sources, Azure Purview Data Map is able to **capture metadata** about enterprise data, to **identify and classify sensitive data.**
65
What services are provided by the Purview Data Catalogue?
Users can quickly and easily **find relevant data using a search with filters** based on various lenses like glossary terms, classifications, sensitivity labels etc.
66
What THREE insights are provided by Purview Data Estate Insights?
Data and security officers can get a bird’s eye view and at a glance understand: - What data is actively scanned - Where sensitive data is - How it moves.
67
What functionality is provided by the Purview Data Sharing & Data Policy (Preview)?
Access policies in Purview enable you to **manage access** to **different data systems** across your entire data estate. Eg. if a user needs read access to an Azure Storage account that has been registered in Purview, you can _grant this access directly from Purview_.
68
Which application in the Purview governance portal is used to capture metadata about enterprise data, to identify and classify sensitive data? - Data Catalog - Data Map - Data Estate Insights.
**2** Purview Data Map captures metadata about enterprise data, to identify and classify sensitive data.
69
What are the FOUR stages of Data Lifecycle Management?
- **Know** your data (ID important data) - **Protect** your data (encrypt, restrict) - **Prevent** data loss (oversharing) - **Govern** your data (retention/mgmt policies)
70
What THREE data classification methods are used by Purview?
- Manual - Auto pattern recognition - Machine learning
71
What are Sensitive Information Types?
Sensitive information types (SIT) are **pattern-based classifiers**. They have set patterns that can be used to identify them. Eg. credit card/bank account/passport numbers.
72
What is Exact Data Match (EDM) classification?
EDM-based classification enables you to create custom sensitive information types that refer to **exact values in a database of sensitive information**.
73
What are Trainable Classifiers?
**Trainable classifiers use AI to intelligently classify data.** They're most useful classifying data unique to an organization like specific kinds of contracts, invoices, or customer records.
74
What TWO types of Trainable Classifier are available in Purview?
- **Pre-trained** (source code/resumes/threats/profanity) - **Custom** (specific contracts/invoices/records)
75
Define "Seeding"
Training a custom trainable classifier by presenting many samples of example content.
76
What does the Content Explorer do?
Enable admins to view content that has been summarised in the overview pane.
77
What TWO roles have access to Purview's Content Explorer?
- Content explorer list viewer. - Content explorer content viewer. (List view shows matching objects, content enables viewing them).
78
List FOUR activities associated with a labelled document that can be analysed by Purview's Activity Explorer
- File copied to removable media - File copied to network share - Label applied - Label changed
79
List THREE properties of Labels
- **Customizable**. Admins can create different categories specific to the organization. - **Clear text**. Each label is stored in clear text in the content's metadata, third-party apps and services can read it and then apply their own protective actions, if necessary. - **Persistent**. After you apply a sensitivity label to content, the label is stored in the metadata of that email or document & moves with the content.
80
True/False: Labels cab be used to protect content in containers such as sites and groups.
**True** This doesn't result in documents being automatically labeled. Instead, the label settings protect content by controlling access to the container where documents are stored.
81
True/False: Multiple labels may be applied to one document or email
**False** Only one label can apply in each case.
82
True/False: Labels may mark content, encrypt it or do nothing
**True** Labels can: - Display watermarks - Encrypt emails and/or documents - Do nothing other than act as a classification
83
Why would labels be used without protective restrictions?
The label classification can be used to **generate usage reports and view activity data** for sensitive content.
84
True/False: Labels may be used to link users to custom help pages.
**True** It helps users to understand what the different labels mean and how they should be used.
85
What is endpoint data loss prevention?
Endpoint data loss prevention (Endpoint DLP) **extends the activity monitoring and protection capabilities of DLP** to sensitive items that are physically stored on **Windows 10, Windows 11, and macOS (Catalina 10.15 and higher)** devices
86
How do retention labels and assigning retention policies help organizations? (List THREE factors)
- **Comply proactively with industry regulations and internal policies** that require content to be kept for a minimum time. - **Reduce risk when there's litigation or a security breach** by permanently deleting old content that the organisation is no longer required to keep. - **Ensure users work only with content that's current and relevant** to them. When content has retention settings assigned to it, that content remains in its original location.
87
True/False: A user CANNOT delete or modify a document managed by a retention policy
**False** People can continue to work with their documents or mail as if nothing's changed. If they edit or delete retained content, a copy is made in a secure location. In most cases, people don't even need to know that their content is subject to retention settings.
88
What FIVE MS products support data retention?
SharePoint OneDrive Microsoft Teams Yammer Exchange
89
What THREE things happen to content when it's labeled as a record?
- Restrictions are put in place to **block certain activities.** - Activities are **logged**. - **Proof of disposal** is kept at the end of the retention period.
90
What TWO additional restrictions are placed on Regulatory Records?
- A regulatory label **can’t be removed** when an item has been marked as a regulatory record. - The **retention periods can’t be made shorter** after the label has been applied.
91
What are four FEATURES/SELLING POINTS of Azure Insider Risk Management?
- **Transparency**: Balance user privacy versus organisation risk with privacy-by-design architecture. - **Integrated**: Integrated workflow across Microsoft Purview solutions. - **Configurable**: Configurable policies based on industry, geographical, and business groups. - **Actionable**: Provides insights to enable user notifications, data investigations, and user investigations.
92
What FIVE steps comprise the Insider Risk workflow?
- Policies - Alerts - Triage - Investigation - Action
93
What THREE eDiscovery solutions are provided with Purview?
- Content search - eDiscovery (Standard) - eDiscovery (Premium)
94
What additional FIVE services are provided by eDiscovery (Premium)?
- **Workflow** (identify, preserve, collect review, analyse & export) - Manage **Custodians** - Use **Review Sets** to focus on content - **Tag** relevant content - Use **AI** to further narrow search scopes
95
What additional FOUR services are provided by Purview Audit (Premium)?
- **Retention** beyond 90 days - **Customise** retention periods - **Provides records** for crucial events - **Higher bandwidth** access to API
95
How long does it take for Purview Audit to log an event?
It can take anywhere from **30 minutes to 24 hours** for the corresponding audit log record to be returned in the results of a search.
96
What roles are required to access Audit services?
**View-Only Audit Logs** or **Audit Logs role** in _Exchange Online_ to search the audit log. By default, these roles are assigned to the **Compliance Management** & **Organisation Management** role groups on the _Permissions page_ in the _Exchange admin centre_.
97
How does a digital signature work?
A signed document is _hashed_, and the hash **encrypted with the user's private key**. The recipient decrypts the hash & checks it against the document's contents.
98
What is Credential stuffing?
**Re-using a password** in multiple sites/instances
99
What is pretexting?
**Gaining a victim's trust to extract secure info**, such as generating a fantasy pop star name from the name of a first pet and the place they were born.
100
What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
**Network protection**
101
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
Integration with **Microsoft 365 Defender**
102
True/False: Conditional access policies apply BEFORE first-factor authentication is complete?
**False** Conditional Access policies apply AFTER first-factor authentication is complete.
103
Conditional access policies can use WHAT SERVICE as a signal that provides the ability to control sessions in real time?
Azure **Cloud App Security** AKA **Defender for cloud**
104
Which layer can secure access to VMs either on-prem or in the cloud by closing certain ports?
The **Compute** layer
105
Which authentication method uses a software agent on an on-prem server to provide simple password validation?
Pass-through Authentication (PTA)
106
What are Microsoft's SIX privacy principles?
- **Control** over privacy - **Transparency** - **Security** - Strong **Legal protections** - No **content-based targeting** - **Benefits to you**
107
What Security Centre tool would you use to continuously monitor the status of your network?
**Network map** This provides a topology map of your network workloads, allowing you to block unwanted connections.
108
What is the purpose of Perimeter security in the defence in depth approach?
DDOS protection
109
Can Azure firewall encrypt traffic?
No
110
What's the max retention period for M365 Audit Logs?
10 years
111
Which THREE features are NOT included in the pricing plan for Office 365 apps? - Cloud App Discovery - Password protection - Group Access Management - Risk-based Conditional Access - MFA
- Cloud Discovery - Group Access Management - Conditional Access
112
What FOUR AAD editions are available?
- Free - Office 365 Apps - Premium P1 - Premium P2
113
List the FOUR AAD Identity types
- User - Service Principal (ID for an App) - Managed ID (Managed Service Principals) - Device
114
What's the function of Managed Identities?
Managed IDs are auto managed in AAD, **eliminating the need for Devs to manage credentials**. Managed IDs provide identity for apps to connect to Azure Resources at no extra cost.
115
What is a Service Principal used for?
A Service principal is an **identity for an app**. It's required to **register the app with AAD to integrate its ID and access functions**.
116
True/False: Application developers need to manage and protect Service Principal credentials used by their products
**True**. Managed Identities negate this requirement for supported Azure resources.
117
What licence is needed to use AAD External Identities?
AAD Premium P1
118
True/False: AD FS services will be lost if the on-prem DC service fails
**False** -AD FS _can be configured to use password hash sync_ should the on-prem service fail.
119
An organization has completed a full migration to the cloud and has purchased devices for all its employees. All employees sign in to the device through an organizational account configured in Azure AD. Select the option that best describes how these devices are set up in Azure AD. - These devices are set up as Azure AD registered. - These devices are set up as Azure AD joined. - These devices are set up as Hybrid Azure AD joined.
**AAD Joined**. An AAD joined device is joined to AAD through an organizational account, which is then used to sign in to the device. _Azure AD joined devices are generally owned by the organization_.
120
A developer wants an application to connect to Azure resources that support Azure AD authentication, without having to manage any credentials and without incurring any extra cost. Which option best describes the identity type of the application? - Service principal - Managed identity - Hybrid Identity
**Managed identities** are a type of service principal that are automatically managed in Azure AD and eliminate the need for developers to manage credentials.
121
What's the max of the NSG priority range? - 2096 - 3500 - 4000 - 4096 - 4128
NSG priorities are in the range 100 to **4096**
122
What mode can WAF operate in to avoid affecting live services during testing?
**Detection mode**. Later, it should be switched to _Prevention Mode_
123
What are FOUR uses of Cloud App Security (Defender for Cloud Apps)? - Prevent data leaks & limit access to regulated data - Provide pass-through authentication to on-prem apps - Provide secure connection to Azure VMs - Discover & control shadow IT - Protect sensitive info hosted anywhere in the cloud
Everything BUT **Provide secure connection to Azure VMs**
124
An audit team needs access to crucial events, such as when mail items were accessed, replied to and forwarded. What capability is required? - Advanced Auditing - Core Auditing - Alert policies to generate & view alerts when actions are performed on mail
**Advanced Auditing** is needed to access _crucial events_.
125
When considering Cloud App Security/Defender for Cloud Apps, what is a key consideration? - Data security of your entire estate - Architecture of your entire estate - Use of Shadow IT across your entire estate
**Architecture** of the estate
126
Settings may have been changed by a user in Teams. What capability is needed to investigate this? - Turn on MS Teams settings search & ensure you have the right role - Verify that auditing is enabled & that you have the right role - Block Teams & ensure you have the appropriate role
Verify that **auditing** is enabled & you have the appropriate role to perform the search.
127
Retention labels can be applied to _______? - Exchange (all mailboxes), SharePoint, OneDrive - Exchange & MS 365 Groups - Exchange, SharePoint, OneDrive & MS 365 Groups
Exchange, SharePoint, OneDrive & MS 365 Groups
128
Where does retention policy store copies for SharePoint/OneDrive?
Preservation Hold library
129
Where does retention policy store copies for Exchange mailboxes?
Recoverable items folder
130
Where does retention policy store copies for Teams & Yammer?
SubstrateHolds
131
Insider Risk Management exports alerting data for SIEM via what service?
Office 365 Management API integration
132
Where are all data files & emails associated with alert activities captures & displayed? - Case overview - User activity - Content explorer - Alerts
**Content Explorer** receives copies of alerts
133
What licence is required for Cloud App Discovery to identify Shadow IT?
AAD Premium P1
134
How long do content holds need to take effect?
Up to 24 hours
135
What service does Sentinel use to store security analytics data?
Azure Log Analytics Workspace
136
What EIGHT services are enabled through Azure AD Premium P1
- (_Banned_) Password Protection - _External_ Identities (B2B/B2C) - Dynamic Azure AD _Groups_ - Cloud App _Discovery_ (Shadow IT) - _Conditional_ access - Self-service password _Reset_ - Microsoft _Identity_ Manager (HR Connect) - Azure _Terms_ of Use
137
The Zero-Trust "Limit Blast Radius" principle involves what TWO elements?
Use **Identity-based segmentation** and **Least privilege access** ID Segmentation works by restricting access to apps or workloads, based on job role.
138
Which THREE roles can access the Compliance Centre?
Global Admin Compliance Admin Compliance Data Admin
139
What are the THREE features of Compliance Manager?
- Pre-built/custom **assessments** for common industry and regional standards - **Compliance score** - Step-by-step **guidance** to help achieve compliance
140
True/False: Conditional access policies can be applied only to users with AAD-joined devices?
**False**. Conditional access can ALSO be applied to AD DS-joined devices (Win 7 onwards).
141
True/False: With AAD Identity Protection, you can force use of MFA during a user sign-in?
**True**. Identity Protection can configure a Conditional Access policy for you that requires MFA, regardless of which modern authentication app you use.
142
Which of the following is NOT an Identity Governance feature in AAD? - PIM - Access reviews - Conditional access - Entitlement Management
Access reviews
143
Which of the following cards is NOT available within the M365 Security Centre? - Identities - Devices - Groups - Apps
Groups
144
Which of the four MCAS pillars is responsible for identifying and controlling sensitive information? - Visibility - Threat protection - Compliance - Data security
Data security
145
True/False: A system-assigned managed identity is created as a standalone Azure resource?
**False** _USER-assigned_ is stand-alone, _system assigned_ is created as part of a _VM or App Service_.
146
True/False: Responsibility for Network controls & Host infrastructure is SHARED between MS and users for IaaS solutions?
**True**
147
What is a message digest?
An alternative term for a **Hash value**
148
What are the most common hash lengths in use? - 256-288 - 128-160 - 512-1024 - 96-1016
128-160
149
What feature allows use of the same security key across multiple services? - Hmac-secret - Resident key - Multiple accounts per RP - Client PIN
Multiple accounts per RP (RelyingParty)
150
Which of the following is NOT an identity? - Services - Users - Networks - Devices
Networks
151
True/False: You can only add one resource lock to an Azure resource?
**False**. You can have ReadOnly & CanNotDelete locks on one resource and resources can inherit locks from parent objects. The most restrictive lock takes precedence.
152
Which of the following is a feature of Defender for Endpoint's behavioral sensors technology? - Behavioral signals are translated into insights, detections, and recommended responses to advanced threats. - It collects and processes behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint. - It generate alerts when they are observed in collected sensor data. - It ensures configuration settings are properly set and exploit mitigation techniques are applied
**2** It collects and processes behavioral signals from the operating system.

Learning items (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions