SC-900
SEIM (Security Information and Event Management)
A SEIM system is a tool that an organization uses to collect data from across the whole estate, including infrastructure, software, and resources. It does analysis, looks for correlations or anomalies, and generates alerts and incidents.
SOAR Security orchestration automated response
A SOAR system takes alerts from many sources' such as a SEIM system. The SOAR system then triggers action-driven automated workflows and processes to run security tasks that mitigate the issue.
No hassle of managing NSGs
A fully managed platform PaaS service from Azure that's hardened internally to provide secure RDP/SSH connectivity. You don't need to apply any NSGs on an Azure Bastion subnet.
A company plans to use azure ADB 2B collaboration to give users from a partner organization access to azure resources. What type of identity should you create to configure and manage access?
A guest user identity for each external user
Defense in depth
A layered approach to approach to security, rather than relying on a single perimeter. It uses a series of mechanisms to slow the advance of an attack. Each layer provides protection so that, if one layer is breached, a, a subsequent layer will prevent an attacker from getting unauthorized access to data.
MD for end point Microsoft threat experts
A managed threat hunting service that provides security operation centers with monitoring And analysis tools to ensure critical threats don't get missed.
Active directory domain service
A on premises directory service that is used to store identities, groups, computers, and other objects. This stores passwords in the form of a hash value representation of the actual user password.
When using Microsoft 365 sensitivity labels a single item of content can have which of the following labels applied
A retention label and a single sensitivity label
Microsoft defender for endpoint Threat and vulnerability management
A risk based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. It uses sensors on devices to avoid the need of agents or scans and prioritizes vulnerabilities.
Secure Score
A tool in Microsoft 365 defender portal, is a representation of a company's security posture. The higher the score, the better your protection period from a centralized dashboard in the Microsoft 365 defender portal, organizations can monitor and work on security of their Microsoft 365 identities, apps, and devices
Azure AD B2C
Access management is an identity management solution for both customer and customer facing apps. This is an example of a customer identity access management (CIAM) solution. Azure AD B2C Allows external users to sign in with their own social, enterprise, or local account identities. For example call for example, you can Publish modern S AAS apps, Or custom developed apps with azure AD B2C.
Shared responsibility model customers are always responsible for?
Accounts and identities, information and data, Mobile and PC devices.
AC Detective actions
Actively monitor systems to identify irregularities that could represent risks, or that can be used to detect breaches or intrusions. Examples
System-assigned managed identity
Acts as the service principle for the linked resource. When you enable a system sign managed identity, it is linked to a single resource and tied to the resource life cycle. As your automatically deletes the managed identity when the resource identity is deleted.
Microsoft Defender for servers
Adds threat detection And advanced defenses for your windows and Linux machines.
Data lost prevention policies
Administrators can now define policies that can prevent users from sharing sensitive information in a Microsoft team's chat session or team's channel, whether this information is in the message, or in a file
Just in Time Access (JIT)
Allows lock down of the inbound traffic to your VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
Self-service password reset
Allows users to change or reset their own passwords there by reducing the cost of providing admins and help desk personnel.
Service Principal
An identity for an application. Enables core features such as authentication and authorization of the application to resources that are secured by the Azure AD tenant.
Modern authentication
An umbrella term for authentication and authorization methods between a client, such as your laptop or phone, and a server, like a website or application. At the center is the role of identity provider.
Conditional access
App control protection provides real time visibility and control over access and activities within your cloud apps. Avoid data leaks by blocking downloads before they happen, setting rules to require data stored in and downloaded from the cloud to be protected with encryption, and controlling access from non-corporate or risky networks.
Technical policy CSPM
Applies guard rails to audit and enforce the organizations standards and policies to technical systems.
Managed Identities
Are a type of service principle that are automatically managed in but are automatically managed in azure AD And eliminate the need for developers to manage credentials.They provide an identity for applications to use when Connecting to azure resources that support azure AD authentication and can be used without any extra cost.
AC Preventative actions
Are designed to handle specific risks, like using encryption to protect data at rest if there were breaches or attacks.
Software OATH tokeens
Are typically applications, Azure AD generates the secret key, or seed, that's input into the app and used to generate each OTP.
Information Barriers
Are used to establish two way restrictions to prevent individuals or groups from communicating. It support Microsoft Teams, OneDrive for Bussiness, and SharePoint Online as well as other Microsoft products.
Assess your cloud apps compliance
Assess if your cloud apps meet relevant compliance requirements, including regulatory compliance and industry standards. Prevent data leaks to non compliant apps and limit access to regulated data.
Track who does what, where, and how
Auditing
Prove that you are who you say you are
Authentication
Specify what data you are allowed to access
Authorization
MD for resource manager
Automatically monitors the resources management operations in your organization.
Self service password reset
Azure AD feature that enables users to change or reset their password or unlock their user account without administrator intervention. You can configure the number of authentication methods Users are required to register and the number of methods required to reset. The number of methods required can be set to 1 or 2. With either number option, administrator SSPR requires a strong 2 gate password policy. You cannot override this requirement.
What is the minimum azure active directory needed to support multi factor authentication, conditional access, and PIM ?
Azure AD premium P2
Azure AD Roles
Azure AD specific role, cross service role, and service specific role.
Hardening in one place to protect against zero-day exploits
Azure Bastion is a fully platform- managed PaaS service. Because it sits at the perimeter of your virtual network, you don't need to worry about hardening each virtual machine in the virtual network. The Azure platform protects against zero-day exploits by keeping the Azure Bastion hardened and always up to date for you.
Provision resources that are inclined with compliance requirements.
Azure Blueprints
Azure AD rules control access to azure AD resources Such as users, groups, and applications using?
Azure Graph API
What is the name of Microsoft's cloud based identity and access management service?
Azure active directory
No public IP required on the Azure VM
Azure bashin opens the RDP/SSH connection To your azure virtual machine using private IP on your VM. You. You don't need a public IP
Which solution can use the Microsoft threat intelligence feed to alert and deny traffic from from known malicious IP own malicious ip addresses?
Azure firewall
Your estate has many different data sources where data is stored. Which tool should be used with Microsoft sentinel to to quickly gain insights across your data as soon as a data source is connected?
Azure monitor workbooks
Monitor resources for compliance
Azure policy
Which azure solution can enforce Geo compliance requirements for the azure resources you deploy?
Azure policy
Is the fundamental building block of your organization's private network in azure which enables organizations to segment their networks.
Azure virtual network
Protection against port scanning
Because you don't need to expose your virtual machines to the internet, your VMs are protected against port scanning by rogue and missions users located outside your virtual network.
Microsoft defender for open source relational protections
Brings threat protections for open source relational databases
MD for end point Next generation protection
Brings together machine learning, big data analysis commada analysis, in depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization.
Privacy
Build a more privacy resilient workplace. Privacy management gives actionable insights on your organization's personal data to help you spot issues and reduce risk.
Sensitivity Labels
Can be applied to content in 3rd party apps and services and services. By using Microsoft cloud app security, you can label content in 3rd party apps and services, unif they do not read or support sensitivity labels by design.
Named location information CA
Can be created using IP address ranges, and used when making policy decisions. Also, administrators can opt to block or allow traffic from an entire country/region's IP range.
Retention policies
Can be used to define data retention for all documents in a sharepoint site
Azure Active Directory Bussiness to Customer (B2C)
Can help you provide identity and access management solutions for your customer facing apps.
Auditing
Capture access about users who perform actions actions and when they perform those actions. Also includes independent reporting, alerts, and governance of identities.
Azure AD B2B
Collaboration allows you to share your apps and resources with external users. This uses an invitation and a redemption process. You can also leverage single sign on user flows to external users. For example you can allow external users to sign in to your Microsoft applications or other enterprise applications, such as software as a service apps, custom developed apps, ETC.
As a lead admin, it's important to convince your team to start using Microsoft sentinel. You've put together a presentation. What are the 4 security operation areas of Microsoft sentinel that cover this area?
Collect, detect, investigate, and respond
Microsoft sentinel
Collects data from on premises and multiple clouds for all users, devices, applications, and infrastructure perand infrastructure. The text previously uncovered threats and minimizes false positives. Investigates threats and hunts suspicious activities at scale. Responds to incidences with Built-in orchestration and security task automation.
Measures your progress and reducing risk around regulatory standards
Compliance manager
Can be applied to external users and user groups. Helps enforce MFA
Conditional access
Resolving compliance issues with communication compliance
Configure, investigate, remediate, monitor
Zero Trust-based access control
Considers the active threat level during access control decisions.
Microsoft defender for cloud
Continously assess-your security posture, identify and track vulnerabilities. Secure- Harden all connected resources and services. Defend- Detect and resolve threats to resources, workloads, and services.
Microsoft 6 privacy principles
Control, transparency, security, strong legal protections, no Content based targeting, benefits to you.
Signing
Create a digital signature to verify that a message has not been tampered with and the content altered. Ithird. It does not allow an authorized user to read the message.
Identity Provider
Creates, maintains, and manages identity information while offering authentication, authorization, and auditing services.
End point DLP enables admins to audit and manage activities such as
Creating an item, renameing an item, copying items to remove a boom media, comma copying items to network shares, printing documents, accessing items using unallowed apps and browsers..
Azure AD Free
Creating, managing users, and groups Self service password change for cloud users Single Sign on Microsoft 365 Many SaaS apps Configure MFA
Sensitive information types
Credit card, passport, identification numbers, bank account numbers, health service numbers
What type of Azure AD built in role is a Security Administrator?
Cross Service role
Provide Microsoft Support access to data in SharePoint Online
Customer lockbox
E-E MS Collect
Data at cloud scale scross all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
Which component of Microsoft Purveiw allows users to quickly and easily find relevant data using searches based on glossary terms?
Data catalog
Data in transit
Data moving from one location to another do another, such as across the Internet or through a private network.
What is a good way to describe the concept of data sovereignty
Data particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected held is collected held or processed.
Data at rest
Data that stored on a physical device, such as a server. It may be stored in a database or a storage account but, regardless of where it's stored, encryption of data at rest ensures the data is unreadable without the keys and secrets needed to decrypt it.
Protect against cyber threats and anomalies
Detect unusual behavior across cloud apps to identify ransomware, compromised users, or rogue applications, analyze high-risk usage, and remediate automatically to limit risks.
Azure AD B2B
Direct connect establishes a mutual, 2 way trust with another azure AD organization For a seamless collaboration collaboration. For example, for example, B2B direct connect currently supports Microsoft teams shared channels. This enables external users to access your resources from their home instances of teams.
Azure AD Access Reviews
Enable organizations to efficiently manage group memberships and access enterprise applications and role Assignment. Access reviews can be used to review and manage access for both users and guest.
Password hash synchronization
Enable user authentication directly in azure AD without the involvement of on premises components. With this hybrid identity sign in method, you synchronize a hash of the End user's password to azure AD. Users can then be authenticated directly in the cloud.
Federation
Enables the access of services across organizational boundaries by establishing trust relationships between the identity providers of the 2 organizations. It uses the authentication of the trusted party to access the resources of the other party.
Federation
Enables the access of services across organizational or domain boundaries by establishing trust relationships between it's relationships between the respective domains identity provider. There is no need for a user to maintain a different username and passport when accessing resources and other domains.
Azure Active Directory Identity Protection
Enables you to detect, configure, and investigate potential vulnerabilities affecting your organization's identities.helps keep you informed of suspicious user and sign-in behavior in your environment.
Sensitivity labels are used for
Encrypt email only or email and documents Mark contact with Heather's, footer's, and watermarks Apply a label automatically or prompt users to apply a recommended label Mark the content by controlling access to the container Extend sensitivity levels to 3rd party apps and services Classify content without adding protection settings
Sensitivity labels can be configured to
Encrypt, mark the content, the content, apply the label automatically, protect content in containers such as sites and groups, extend sensitivity labels to 3rd party apps and services, and classified content without using any protection settings.
Blank Enables authorizied users to access data and make data unusable to unauthorized users.
Encryption
The human resources organization wants to ensure that stored employee data is encrypted. Which security mechanism would they use use.
Encryption at rest Encryption at rest could be part of a security strategy to protect stored employee data
Thrrat and vulnerability management (TVM) CSPM
Establishes a holistic view of the organization's attack surface and risk and integrates it into operations and engineering decision making.
Design to deliver enhanced security detection and response capabilities across an organization domain?
Extended detection and response XDR
Azure security benchmark
Focuses on cloud centric control areas to provide recommendations for best practices and recommendations to help improve the security of data, services, and workloads perand workloads. Provides recommendations and instructions but does not include the tools to apply the controls.
User risk CA
For customers with access to Identity Protection, user risk can be evaluated as part of a CA policy. User risk represents the probability that a given Identity or account is compromised. User risk can be configured for high medium or low probability.
What is the minimum azure AD license required forequired for monitor service health?
Free
Remote Session over TLS and firewall traversal for RDP/SSH
From the azure portal, a connection to the VM, will open and eand HTML5 based web client that is automatically streamed to your local device. You'll get your Remote Desktop Protocol (RDP) and Secure Shell to traverse the corporate firewalls securely. The connection is made secure by using the TLS (TLS) protocol to establish encryption.
Azure disk encryption is supported for?
Generation 1V m's, generation 2V m's, comma and V m's with premium storage. Good as your disk encryption is not supported on vms that do not have tempt disk.
Guest User
Gives you a way to enable anyone to collaborate with your organization. After creating the guest user, you can send an invitation with a redemption link or send a direct link to an app that the user should have access to.
You have implemented azure AD role based access control and your organization what are the 3 Built-in RBAC roles?
Global administrator Billing administrator Azure devops administrator
Microsoft Purveiw roles
Global administrator, compliance administrator, compliance data administrator.
Azure AD Built in roles
Global administrators, user administrator, billing administrator
Example of encryption in transit
HTTPS
AC Corrective actions
Help admins to minimize the adverse effects of security incidents, by undertaking
Sensitivity labels
Help ensure that emails can only be decrypted only by users authorized by the labels encryption settings
Records management
Helps an organization look after their legal obligations periobligations. Adds restrictions that prevent documents and emails from being edited or deleted.. Activities on documents and emails will be tracked. To declare documents and emails as records, you use retention labels that mark the content as a record or a regulatory record.
Defender for endpoint
Helps enterprise networks protect endpoints by preventing, detecting karma investigating karma and responding to advanced threats.
Transparent data encryption (TDE)
Helps protect Azure SQL Database and Azure Data Warhouse against the threat of malicious activity. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.
Transparent data encryption
Helps to protect azure SQL database and azure data warehouse against the threat of malicious activity. It also allows real time encryption and decryption of the database, associated backups, and transaction log files at rest.
Azure storage encryption
Helps to protect data at rest by automatically encrypting before persisting it to Azure-managed disks, Azure Blob Storage, Azure Files, or Azure Queue Storage, and decrypts the data before retrieval.
Azure Disk Encryption
Helps you encrypt Windows and Linux IaaS virtual machine disks. Azure Disk Encryption uses the industry-standard BitLocker feature of Windows and the dm-crypt feature of Linux to provide volume encryption for the OS and data disks.
IDaaS (Identity as a Service)
IDaaS is cloud-based authentication built and operated by a third-party provider. IDaaS companies supply cloud-based authentication or identity management to enterprises who subscribe. The X-as-a-service model in information technology is easy to understand.
Microsoft Defender for App Services
Identifies attacks targeting applications running over app service.
Shared responsibility
Identifies which security task are handled by the cloud provider and which security task are handled by you the customer.. The responsibilities vary depending on where the work load is hosted
Discover and control the use of Shadow IT
Identify the cloud apps, and IaaS and PaaS services used by your organization. Investigate usage patterns, assess the risk levels and business readiness of more than 25,000 SaaS apps against more than 80 risks.
With DLP policies admins can
Identify, monitor, and automatically protect sensitive information across Microsoft 365. Help users learn how compliance works without interrupting their workflow.. View DLP reports showing content that matches the organizations DLP policies.
Managing users identity lifecycle is at the heart of blank in Azure AD
Identity governance
Microsoft Purveiw Compliance Manager Card
In the Microsoft peer view compliance portal gives you access to a detailed breakdown of your compliance score.
Your organization is implementing the azure active directory free edition. Which 5 subscriptions are included in the azure AD free edition
In tune Office 365 Azure Dynamics 365 Power platform
Sanctioning and unsanctioning apps
In your organization by using the cloud apps catalog that includes over 25,000 cloud apps. The apps are ranked and scored based on industry standards. You can use the cloud app catalog to rate the risk for your cloud apps based on regulatory certs, industry standards, and best practices.
Hybrid azure AD join devices
Included are those supported in a hybrid environment with synced active directory domain services and azure AD identities. Supported devices are limited to devices owned by the organization and running windows 7 or later, or windows 2008 or later devices. Users sign in users sign in with an AD DS account owned by the organization.
Active alerts card
Includes a synopsis of the most effective alerts and a link where adamants can view more detailed communication, such as alert difficulty, level, category, and more
Limit access in microsoft teams between departments.
Information Barriers
Encryption of data in use
Involve securing data in non persistent storage, such as RAM or CPU caches. This can be achieved through technologies that create an enclave That protects the data and keeps data encrypted while the CPU processes the data.
Azure application gateway
Is a Web traffic load bouncer for Web applications. Supports Web application access only and does not provide direct access to vms
Microsoft defender for cloud apps
Is a cloud access security broker that lets you find uses of shadow IT and control its use. This is the process of identifying cloud apps, and IAAS and PAASServices not authorized by an organization's IT department. This means that without This tool the apps and services are not managed or controlled.
Microsoft Intune
Is a cloud based service for mobile device management management and mobile application management. It. It can be used to manage both corporate owned and personal devices.
Applications with Microsoft Defender for Cloud Apps
Is a comprehensive cross S AAAS solution that Brin that Briggs deep visibility, strong data controls, and enhanced thread protection to your cloud apps.
Microsoft 365 Defender
Is a comprehensive extended detection and response (XDR) Security solution. It represents a defense suite that coordinates detection, prevention, investigation, and response to determine the full scope and impact of threats.
Azure Bastion
Is a fully platformed-managed PaaS service that you provision inside your virtual network.
A control
Is a high level description of a feature or activity that needs to be addressed and is not specific to a technology or implementation. An example of a control would be data protection, which helps us to ensure critical data is protected
Threat analytics
Is a in product threat intelligent solution from expert Microsoft security researchers. It's designed to assist security teams track and respond to emerging threats. The dashboard highlights the reports that are most relevant to your organization. It includes the latest threats, high impact threats, and high exposure threats.
User assigned managed identity
Is a managed identity that you can create and then assign to one or more resources. You create the managed identity as a standalone as your resource peryour resource. Because the managed identity is a standalone resource, it is not linked to any other resource life cycle and is not automatically deleted.
Advanced hunting
Is a query based threat hunting tool that let security professionals explore up to 30 days of raw data. These queries enable security professionals to proactively search for threats, mauwear, and malicious activity across your endpoints.
CSPM Cloud Security Posture Management
Is a relatively new class of tools designed to improve your cloud security management.. It assesses your systems and automatically alert security staff in your IT tnear IT department when a vulnerability is a vulnerability is found.
User Identity
Is a representation of something that's managed by azure AD. Employees and guests are represented as blank in blank in azure AD. If you have several blank with the same access needs, you can create a group. You use groups to give access permissions to all members of the group, instead of having to assign access rights individually.
Control
Is a requirement of a regulation, standard, or policy. It defines how To assess and manage system configuration, Organizational process, and people people responsible for meeting a specific requirement of a regulation, standard, or policy.
Azure Front Door
Is a scalable and secure entry point that leverages Microsoft global edge network to redirect your clients request the fastest and most available Web application back end. Your back end can be equally hosted inside or outside of Azure.
Microsoft sentinel
Is a scalable cloud native security information event management and security orchestration automated response solution from Microsoft. It provides a solution for alert detection, visibility of threats, and proactive hunting proactive hunting of threats.
Privileged Identity Management
Is a service in azure AD that enables you to manage, control, and monitor access to important resources in your organization. It mitigates the risk of excessive, a of excessive, unnecessary, or misused access permissions. It requires justification to understand why users want permissions, and enforce multifactor authentication to activate any role.
Azure bastion
Is a service that provides secure connection to azure virtual machines without requiring a public IP address
Identity Protection
Is a tool that allows organizations to utilize security signals to identify potential threats
Compliance score
Is a tool to help measure your process as you complete Improvement actions within controls. It does not provide detailed information about label usage.
Endpoints with Microsoft Defender for endpoint
Is a unified and point platform For preventative protection, post breach detection, automated investigation, and response.
4 Pillars Authorization
Is about processing the incoming identity data to determine the level of access an authenticated person or service has within the application or service that it wants to access.
4 Pillars Auditing
Is about tracking who does what,when,where, and how.It includes having in-depth reporting, alerts, and governance of identities.
MD for Key vault
Is advanced threat protection for Azure key vault
Azure AD B2C
Is an authentication solution for customers that you can customize with your brand identity.
Azure AD Entitlement management
Is an identity governance feature that enables organizations torganizations to manage the identity and access life cycle to a set of resources. This set of resources could be group memberships, share oops, share point online sites, or organizational and technical rules for users, both within and outside of your organization.. With this specific feature, you can choose to automate approval workflows, access request, and also managed the entire lifecycle for a specific user.
Fast Identity Online (FIDO)
Is an open standard for passwords essentially authentication. Allows users and organizations to leverage the standard to sign in to their resources using an external security key or a platform key built into a device eliminating the need for a username and password.
Microsoft Defender for office 365
Is designed to protect against malicious threats such as those posed by malicious emails, unsafe links, fishing attacks, and attacks targeting collaboration tools.
SR Paas
Is hosted and managed by the cloud provider for the customer. It's usually licensed through a monthly or annual subscription. Microsoft Microsoft 365, Skype, and Dynamics CRM online are all examples. Requires the least amount of management by the cloud customer.. The cloud provider is responsible for managing everything except dataccept data, devices, accounts, comma and identities.
Access Review
Is implemented as part of the azure identity governance feature. It can make recommendations as to the need for continued access. It also requires azure AD premium Plan 2.
Conditional access
Is implemented through policies that are created and managed in azure and as you're AD. The policy is implemented by analyzing signals, including user or group membership, named location information, device, application, real time sign in risk detection, and user related risk to automate decisions for authorizing access to resources.
Microsoft Cloud App Security (MCAS)
Is is a cloud access security broker that acts as an intermediary between a cloud user and the cloud provider.
Azure CLI
Is the azure environment's command line interface through which you can run management commands.
Authentication
Is the process of proving that a person is who they say they are. When someone purchases an item with a credit card, they may be required to show an additional form of identification. This proves that they are the person whose name appears on the card. In this example, the the user may show a driver's license that serves as a form of authentication Improves their ID.
An identity
Is the set of things that define or characterize someone or something.
Customer Lockbox
Is used to provide access to customer data when Microsoft engineers are needed to help troubleshoot and fix reported issues. This prevents access to user data without explicit approval. It requires that the engineer request access to the data from the customer as the last step in the approval workflow for service request, giving the customer control over approving or denying the request.
Azure active directory connect
Is used when you are leveraging azure AD password hash synchronization. Allows us to extract the password hash from the on premises active directory instance.
Entitlement management
Is well suited to handling project based access needs. It automates access request, access assignments, reviews, and expiration for bundles of resources relevant to the project.
Azure Bastion
It is a service that provides secure remote desktop or desktop or secure shell access to your azure VM.. And enables such access in a browser via azure portal, eliminating the need to expose your VMS to the Internet via public IP.. The scope is limited to the virtual network that it is deployed in in the local VM it can establish secure RDP and SHH connectivity with.
Activity Explorer
It provides detailed information about sensitivity label activities, retention label activities, will activities, azure information protection action protection activity, and data loss prevention policy matches events, including end point data loss prevention.
Active Directory Domain Services
It stores information about members of the domain, including devices and users, verifies their credentials, and defines their access rights.
4 Pillars Administration
It's about the creation and management/governance of identities for users, devices, and services.You manage how and under what circumstances the characteristics of identities can change (be created, updated, deleted)
PIM is
Just in time, providing privileged access only when needed, and not before not before. Time bound, by assigning start and end dates that indicate when a user can access resources. Approval based, requiring specific approval to activate privileges. Visible, sending notification when privilege rules are activated. Auditable Allowing a full access history to be downloaded
AKV Certificate management
Key Vault let's you provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for Azure, and internally connected, resources more easily.
Security layer-Data
Layer security including controls to manage access to business and customer data and encryption to protect data.
Security layer- Compute
Layer security such as securing access to virtual machines either on premises or in the cloud by closing certain ports.
Security layer-Application
Layer security to ensure applications are secure and free of security vulnerabilities
Azure Bastion
Let's users establish an RDP/SSH Session through the azure portal. The connection is secured over the Internet using transport layer security. It is not necessary to configure public IP addresses for the V m's. Remote V m's are also protected against port scanning attempts. Microsoft is responsible for keeping blink hardened and up-to-date to prevent attacks such as the use of 0 day exploits against azure blank.
Microsoft purview reports
Let's view information about label usage and retention, data loss prevention policies, shared files, and 3rd party apps in use.
Microsoft purview policies
Let's you create and manage policies used govern data, manage devices, and receive compliance alerts. It also links you to your DLP your DLP and retention processes.
Attack Simulator
Let's you identify vulnerabilities by running realistic attacks scenarios. Plan 2 also provide support for threat Explorer and automated investigation and response. Plan 2 is included with office 365 E5 subscription.
Guiding principles of zero trust
Limiting user access with just in time access represents a guiding principle of Zero trust. Using least privilege access is one of the guiding principles of Zero trust. Limiting user access with just in time and just enough access is part of implementing a Zero trust policy.
Solution catalog card
Links to collections of integrated solutions to help you manage end and compliance scenarios.
Compliance Manager card
Links you to the compliance manager solution. Helps to simplify the way you manage compliance
What can be used to protect on premises and solutions in AWS and GCP Google cloud platform.
Microsoft Defender
You are looking to implement a unified data governance service in your organization, which will help you to manage and govern your on premises, multi cloud, and SaaS data by creating a holistic map of the data landscape within the organization, including data discovery, sensitive data classification, and end to end data lineage. Which of the following resource governance capabilities in Azure should you implement?
Microsoft Purview
Which of the following tools in the Microsoft 365 portal is a representation of a company's security posture?
Microsoft Secure Score
Which forms of verification can be used for Azure AD MFA
Microsoft authenticator app Windows Hello for business Fido2 Security Key OATH tokens SMS Voice call
What Microsoft feature provides a secure score?
Microsoft defender for cloud
You want to view consolidated map consolidated map of your network topology to check note connections and node configuration. What should you use?
Microsoft defender for cloud
Secure score
Microsoft defender for cloud continually assesses your resources, subscriptions, and organization for security issues. It then aggregates all the findings into a single score so that you can tell, at a glance, your current security situation, the higher the score, the lower identified risk level.
Cloud workload protection CWP
Microsoft defender for cloud is able to detect and resolve threats to resources workloads and services and services cloud workload protections are delivered through integrated Microsoft defender plans, specific to the types of resources and your subscriptions and provide enhanced security features to your workloads.
Is a unified endpoint platform for preventative protection, post breach detection, automated investigation, investigation, and response.
Microsoft defender for endpoint
Which Microsoft defender 365 service uses on premises active directory signals to reduce your attack surface by discovering identities that are used to move latterly inside your organization?
Microsoft defender for identity
Pre trained classifiers
Microsoft has created and Pre trained many classifiers that you can Start using without training them. These classifiers will appear with the status of ready to use. Microsoft purview Comes with 5 pretrained classifiers that detect and classify things like resumes, source code, harassment, profanity, and threat.
Security token
Microsoft identity platform authenticates users and provides security tokens, such as access tokens, refresh tokens, and ID tokens. Security tokens allow a client application to access protected resources on a resource server.
Compliance manager control types
Microsoft manage controls which are controls for Microsoft cloud services, which Microsoft is responsible for implementing. Your controls sometimes referred to as a customer managed controls, these are implemented and managed by the organization. Shared controls responsibility for implementing these controls is shared by the organization and Microsoft.
Makes meaningful choices for how and why data is collected and used.
Microsoft privacy principles
What is Microsoft's security information event management (SEIM) and security orchestration automated response security solution (SOAR)?
Microsoft sentinel
What service provides action driven automated responses to security threats across your organization?
Microsoft sentinel
Azure Network Watcher
Monitors and diagnoses and gets insights into network performance and the health of your infra as a Service IaaS resources in an Azure VNet. You can use it to capture data packets, understand network traffic patterns and diagnose common connectivity issues.
Regulatory compliance
Most organizations are expected to follow some regulatory compliance standards during their day-to-day operations.
Which of the following measures might an organization implement as part of the defense in depth security methodology.
Multi factor authentication for all users Multi factor authentication is an example of defense in depth at the identity and access layer.
Conditional Access let's you apply time sensitive access permissions that can be configured to automatically expire. YES OR NO
No
DLP capabilities cannot be implemented in Microsoft Teams messages in a private channels. YES OR NO
No
Do you need a Qualys license to enable vulnerability scanning in Microsoft Defender.?
No
When you enable self service password reset, you must also enable multi factor authentication. yes or no
No
The files and email scope for sensitivity levels is disabled by default?
No The files and email scope for sensitivity labels is not disabled by default. The files and email scope is enabled by default. 2 other scope options, groups and sites and Microsoft peer view assets, are enabled by default only if you configure their settings explicitly on the tenant level on the tenant level.
You can apply multiple sensitivity labels to an item?
No You cannot apply multiple sensitivity labels to an item periodo an item. An item, such as an office document, email, or share point site can only have one sensitivity label applied to it.
What devices in Zero trust are trustworthy?
None
Where does Windows store the biometric data used by Windows Hello for authentication in a hybrid betwork?
On the local device
Authorization
Once you authenticate a user you'll need to decide where they can go and what they're allowed to see and touch. Determines the level of access or the premises and offer the premises and authenticated person has to your data and resources.
Azure Blueprints
Orchestrates the deployment of various resources and resources and preserves a relationship between what should be deployed and what was deployed, supporting the tracking and Audi ding of deployments.
Protect your data
Organizations can apply flexible protection actions including encryption, access restrictions, and visual markings.
Govern your data
Organizations can automatically keep, delete, and store data and records in a compliant manner. Data life cycle management capabilities intimate capabilities, like retention policies, retention labels I'm a retention labels, and records management enabled organizations to govern their data.
Prevent data loss
Organizations can detect risky behavior and prevent accidental oversharing of sensitive information. Capabilities such as data loss prevention policies and endpoint data loss prevention enabled organizations to avoid data loss.
Know your data
Organizations can understand their data landscape and identify important data across On premises, cloud, and hybrid environment. Capabilities and tools such as trainable classifiers, activity Explorer, and contacts for allow organizations to know their data.
Is an Azure AD service that enables the management, control and monitoring of access to important orgizational resources in the cloud.
PIM
Defense in Depth layers
Physical Security Identity Perimeter Network Compute Application Data
User or group membership CA
Policies can be targeted to all users, specific groups of users, directory rules, or external guest users, giving administrators fine grain control over access.
What is the minimum Azure AD license required For create a custom rule for a specific resource?
Premium P1
Azure AD Terms of Use
Presents information to users before they access data and can be configured to require users to accept the terms of use.
E-E MS Detect
Previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence.
Enable temporary access to sensitive data.
Privileged access management
What azure AD feature should you use to implement time limiting on authorized users to redis to reduce the risk of an authorized user inadvertently affecting sensitive resources?
Privileged identity management
Azure AD registered devices
Provide users with support for bringing your own device or mobile device scenarios. In these scenarios Kaba a user could access your organizations resources using a personal device. These register to Asher AD without requiring an organizational account to sign in to the device. Supported operating systems for azure 80 registered devices include Windows 10 and above, I, IOS, ercomma android, and Mac OS
MD for endpoint management and APIs
Provides APIs to integrate with other solutions
Hybrid Identity
Provides a common user identity for authentication and authorization to all resources, irrespective irrespective of their location . It spans across on premises and cloud boundaries, allowing user identity management regardless of the user's location.
Content Explorer
Provides a snapshot view of items that have a sensitivity label, retention label, or classified as sensitive information.. It also lets you read the contents of scan files.
Microsoft defender for office 365 plan 2
Provides additional features such as threat tracker, attack simulator and automated investigation and response
MD for end point End point detection in response
Provides advanced attack detections that are near real time and actionable. Security analysts can prioritize alerts, see the full scope of a breach, and take response actions to remediate threats.
Microsoft Defender for DNS
Provides an additional layer of protection for resources that use azure DNS's azure provided name resolution capability.
SR PaaS
Provides an environment for building, testing, and deploying software applications. The goal is to help you create an application quickly without managing the underlying infrastructure. The cloud provider manages the hardware and operating systems, and the customer is responsible for applications and data.
Microsoft Defender for Kubernetes
Provides cloud-native Kubernetes security enviorment hardening, workload protection, and run time protection.
Azure AD privileged identity management
Provides extra controls tailored to securing access rights helps you minimize the number of people who have access to resources across azure AD, azure, and other Microsoft online services.
Solutions catalog card
Provides links to collections of integrated solutions to help you manage end-to-end compliance scenarios.. The following solution areas are included are included information protection and governance, privacy, inside a risk management and discovery and respond.
Data Privacy
Providing notice and being transparent about the collection, processing, use, and sharing of personal data are fundamental principles of privacy laws and regulations.. Personal data means any information relating to an identified or identifiable natural person. Privacy laws previously referenced PII or Personally identifiable information, but the laws have expanded the definition to any data that is directly linked or indirectly Lee linkable back to a person. Organizations are subject to, and must operate consistent with, a multitude of laws, regulations, codes of conduct, type of conduct, industry specific standards, and it's karma and compliance standards governing data privacy.
Integrity
Refers to keeping data or messages correct is correct. When you send an email message, you want to be sure that the message received is the same as the message you sent. When you store data in a database, you want to be sure that the data you retrieve is the same data as the data you stored. Encrypting data keeps it confidential, but you must then be able to decrypt it so that it's the same as before it was encrypted . It's about having confidence that data hasn't been tampered with or altered.
Availability
Refers to making data available to those who need it, when they need it. It's important to the organization to keep customer data secure, but at the same time it must also be available to employees who deal with customers. While it might be more secure to store the data in an encrypted format, employees need access to decrypted data.
Confidentiality
Refers to the need to keep confidential sensitive data such as customer information, password, or financial data. You can encrypt data to keep it confidential, but then you also need to keep the encryption keys confidential. It is The most visible part of security of security we can clearly see need for sensitive data, keys, passwords, and other secrets to be kept confidential.
Data residency
Regulations that govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally.
Protocol Attacks DDoS
Render a target inaccessible by exhausting server resources with false protocol request that exploit weaknesses in layer 3 and layer 4 Protocols. These these types of attacks are typically measured in packets per second period
Windows Hello for Business
Replaces passwords with strong two-factor authentication is a combination of a key or certificate tied to a device and something that the person knows or something the person is.
Secure score helps orginizations
Report on the current state of their security posture.. And prove their security posture by providing discoverability, visibility, guidance, and control.. Compare benchmarks and establish key performance indicators (KPIs)
SR IaaS
Requires the most management by the cloud customer. You're using the cloud provider's computing infrastructure.. The cloud customer isn't responsible for the physical components such as computers, the network, or the physical security of the data center. However , the cloud customer still has responsibility for software components such as operating systems, network controls, applications, and protecting data.
Cloud customer responsibility
Responsible for your own data and identities.You're responsible for protecting the security of your data and identities, and on premises resources.
Most items in an Exchange online shared mailbox should be kept for one year for legal reasons and then automatically deleted. A few items should be kept for five years and the deleted. What should you use?
Retention labels
Microsoft Defender for Office 365
Safeguards against malicious threats posed by email messages, links, and collaboration tools, including Microsoft teams, share point online, OneDrive for business, and other office clients.
Email and collaboration with Microsoft Defender for office 365
Safeguards your organization against malicious threats posed by email messages, link's, and collaboration tools.
A company has decided to implement hashing for storing passwords. It's. To protect against malicious hackers, the company has decided to implement an additional layer that adds a fixed length random value to the input of hash functions to create unique cashes for the same input. What is an example of this?
Salting
Information barrier policies determine and prevent the following kinds of unauthorized communication
Searching for a user, adding a member to a member to 18, starting a chat session with someone, starting a group chat, inviting someone to join a meeting, sharing a screen, placing a call, sharing a file with another user, access to file through sharing link
Microsoft Defender for SQL
Secures your databases and their data whenever they're located.
Security layers-Identity & Access
Security controls, such as multi factor authentication or condition based access, to control access to infrastructure and change control.
Security layer- Perimeter
Security of of your corporate network includes distributed denial of service protection to to filter large scale attacks before they can cause a denial of service for you service for users.
Security layers-Physical
Security such as limiting access to a data center to only authorized personnel.
Security layer- Network
Security, such as network segmentation and network access control's, to limit communication between resources.
SMS-based authentication
Short message service (SMS) used in mobile device text messaging can be used as a primary form of authentication. With SMS-based sign-in, users don't need to know a username and password to access applications and services. The user instead enters their registered mobile phone number, receives a text message with a verification code, enters that in sign-in interface.
Identity protection calculates and categorizes these 2 risk
Sign in risk and user identity risk
Real-time sign-in risk detection CA
Signals integration with Azure AD identity Protection allows CA policies to identify risky sign in behavior. the probability that a given sign in or authentication request, isn't authorized by the identity owner.
System-assigned managed identity
Some azure services allow you to enable a managed identity directly on a service instance. When you enable a system assigned managed identity, and identity is created in azure AD that's tied to the life cycle of that service incense.. When the resource is deleted, is deleted, as your automatically delete the identity for you. By design, only that azure resource can use this identity to request tokens from azure AD.
Azure Active Directory Multi-Factor Authentication requires
Something you know- typically a password or PIN Something you have-such as a trusted device that's not easily duplicated, like a phone or hardware key Something you are- biometrics like a fingerprint or face scan.
Encryption technology used to protect data at rest by automatically encrypting it before persisting it to azure managed disk, azure blob storage, azure files, or azure Queue storage
Storage service encryption
Password hash synchronization
Supports authentication of on-prem identities without passing the credentials of AD DS for authentication. Azure AD Connect synchronizes passwords by extracting password hashes from on-prem AD DS.
4 Pillars Authentication
Tells the story of how much an IT system needs to know about an identity to have sufficient proof that they really are who they say they are. It involves the act of challenging a party for legitimate credentials.
Azure ID
The Azure Security benchmark ID that corresponds to the recommendation.
Is MD4 end point Attack surface reduction
The attack service reduction set of capabilities provides the 1st line of defense in the stack. By assuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation this set of capabilities also includes network protection and Web protection, which regulate access to malicious ip addresses, domains, and URL and you are L, helping prevent apps from accessing dangerous locations
MD for end point Automated investigation and remediation
The automated investigation feature uses inspection algorithms and processes used by an analystTo examine alerts and take quick remediation action to resolve breaches. This process significantly reduces the volume of alerts that must be investigated individually.
Datatype sovereignty
The concept that data, particularly personal Emma particularly personal data, is subject to the laws and regulations of the country/region in which it's physically collected, held, or processed. This can add a layer of complexity when it comes to compliance because the same piece of data can be collected in one location, stored in another, and processed and still another, making it subject to laws from different countries/regions.
Azure control
The content is grouped by control domain area, as listed in the Azure Security benchmark and that is applicable to the service for which the security baseline is defined.
What is used as the basis for your initial compliance manager compliance score
The default Microsoft 365 data protection baseline assessment
An organization has deployed Microsoft 365 applications to all employees. Considering the shared responsibility model, who is responsible for the accounts and identities relating to these employees?
The organization In the shared responsibility model, the customer organization always has responsibility for their data, including information and data relating to employees, devices, and accounts and identities.
Customer guidance
The rationale for the recommendation and links to guidance on how to implement it.
Store secrets backed by hardware security modules (HSMs)
The secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.
Information protection & governance
The solutions help organizations classify, protect, and retain your data where it lives and wherever it goes. Included our data life cycle management, data loss prevention, information protection, and records management.
Microsoft Defender for storage
The text potentially harmful activity on your azure storage accounts.
What is the benefit of single sign on?
The user Signs in once and can then access many applications or resources.
Volumetric attacks DDoS
These are volume based attacks that flood the network was seemingly legitimate traffic, overwhelming the available band with. Legitimate traffic can't get through. Thereal. These types of attacks are measured in bits per second.
Resource DDoS
These attacks target web apps packets, to disrupt the transmission of data between hosts.
Insider risk management
These solutions help organizations identify, analyze MA analyze, and remediate internal risk before they cause harm. Included our communication compliance, information barriers, and insider risk management.
Discovery and respond
These solutions help organizations quickly find, investigate, investigate, and respond with relevant data. Included our audit, data subject request, and E discovery
Azure AD joined devices
They exist only In the cloud. Only Windows 10 devices and azure virtual machines running windows server 2019 can be configured as azure AD joined devices. The devices are owned by the organization. Users sign in with azure AD or synced AD work or school accounts only.
Margaret linked IP address
This Risk detection type indicates signs from IP addresses infected with malware that is known to actively communicate with a bot server
Office 365 Apps
This addition allows you to do everything included in the free version, plus self service password reset for cloud users, and device write band device right back, which offers 2 way synchronization between on premises directories and azure AD. This edition is included in Office 365 E1, E3, E5, F1, and F3.
Azure AD registered devices
This can include Windows 10 and mobile devices, are typically personal devices, and use a personal Microsoft account or another local account to sign in.
Azure Active Directory Premium P1
This edition includes all the features in the free and office 365 apps editions. It also supports advanced administration, such as dynamic groups, self service group management, Microsoft identity manager and cloud right back capabilities, which allow self service password reset for your own premises users.
Azure Active Directory Premium P2
This edition includes all the premium P1 features, and azure active directory identity protection to help provide risk Based conditional access to your apps and critical company data.. P2 also gives you privileged identity management to help discover, restrict, and monitor administrator and their access to resources, and to provide just in time access when needed.
Microsoft Purveiw Home
This gives you access to your summary compliance score but does not give you access to a detailed breakdown.
Insider risk management
This is a part of Microsoft purview compliance portal, It is a resolution that helps minimize internal hazards by enabling an organization to detect, investigate, investigate, and act on risky and malevolent behaviors.
Benchmark recommendation
This maps to the recommendation for the associated ASB ID. Each recommendation describes an individual control in a control domain.
Password spray
This risk detection is triggered when a password spray attack has been performed
Unfamiliar sign in properties
This risk detection type considers past sign in history to look for anomalous sign ins. The system stores information about previous locations used by a user, and considers these familiar locations. The risk detection is triggered when the sign in occurs from a location that is not already in the list of familiar locations.
Atypical travel
This risk detection type identifies 2 signs originating from geographically distant locations, where at least one of the locations may also be a typical for the user, given past behavior.
Anonymous IP address
This risk detection type indicates a sign in from an anonymous ip address, for example, a tor browser or anonymized VPNS
Azure AD threat intelligence
This risk detection type indicates sign in activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligent sources.
Leaked credentials
This risk detection type indicates the user's ballad credentials have been leaked when cybercriminals compromise valid passwords of legitimate users, they often share those credentials. This sharing is typically done by posting publicly on the dark Web, payside, or by trading and selling the credentials on the black market.
Azure AD threat intelligence
This risk detection type indicates user activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligent sources.
Azure Active Directory Free
This version allows you to administer users and create groups, 8 groups, synchronize with on premises active directory, create basic reports, configure self service password change for cloud users, and enable single sign on across azure, it's azure, Microsoft 365, and and many SaaS Apps. This is also included with subscriptions to office 365, azure, dynamics 365, in tunecomma and power platform.
CSPM is useful to what teams?
Threat intelligence team, comma IT, compliance and risk management teams, business leaders, SMEs, comma security architecture, operations, audit team
Threat Trackers
Threat trackers provide the most recent information on cyber security issues. And is a Microsoft Defender office 365 tool
E-E MS Investigate
Threats with artificial intelligence and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft.
Retention label
To assign retention settings at an item level.. This applies retention settings to the relevant folder, document, or email item.
Real-time risk scoring
To provide visibility into top risks
Discover risks CSPM
To understand the data exposure of enterprise intellectual prize intellectual property, on sanctioned and unsanctioned cloud services.
Insider risk management
Transparency, configurative, integrated, actionable
Encryption technology that protects azure SQL database and azure synapse analytics against the threat of malicious activity through the real time encryption and decryption of databases, associated backups, and transaction log files.
Transparent data encryption
Your company is researching information about Microsoft cloud services features that can be used to address specific requirements relating to the general data protection regulation.. Which Microsoft service trust portal feature should you use to retrieve this information?
Trust Center
Which relationship allows federated services to access resources?
Trust relationship
Protect your sensitive information anywhere in the cloud
Understand, classify, and protect the exposure of sensitive information at rest. Use out of the box polices and automated processes to apply controls in real time across all your cloud apps.
Trainable classifiers
Use artificial intelligence and machine learning to intelligently classify your data. They're most useful classifying data you need to an organization like specific kinds of contracts, invoices, or is, or customer records.
Dynamic Groups
Use to automatically manage access assignments.. Identity governance lets you manage access throughout a user's digital identity life cycle. You can Assign role based access control rules to dynamic groups. Group membership is automatically controlled through changes to user attributes specified in attribute based rules. When a rule no longer applies, the user is removed from the group.
Threat modeling systems and arhitectures CSPM
Used alongside other specific applications
App connectors
Used to integrate Microsoft and non-microsft cloud apps with Microsoft Defender for cloud apps, extending control and protection. Defender for cloud apps queries the app for activity logs, and it scans data, accounts, and cloud content that can be used to enforce policies, detect threats and provide governance actions to resolve issues.
Identities in this definition include?
Users and groups Employees External partners and customers Devices Cloud apps On promises apps
Application CA
Users attempting to access specific applications can trigger different CA policies.
Voice call verification
Users can use voice calls as a secondary form of authentication, to verify their identity, during self-service password reset (SSPR) or Azure AD Multi-Factor Authentication. With phone call verification, an automated voice call is made to the phone number registered by the user. To complete the sign-in process, the user is prompted to press # on their keypad. Voice calls are not supported as a primary form of authentication, in Azure AD.
Device CA
Users with blank of specific platforms or marked with a specific state can be used.
Global Admin role
Users with this role have access to all administrative features in azure active directory. The person who signs up for the azure active directory tenant automatically becomes a global administrator.
Billing Admin
Users with this role make purchases, managed subscriptions and support tickets, and monitor service health.
User Admin role
Users with this rule can create and manage all aspects of users and groups. This rule also includes the ability to manage support tickets and monitor service health.
Asymmetric encryption
Uses a public key and private key pair.
Asymmetric encryption
Uses a public key and private keypayer. Either key can encrypt data, but a single key cannot be used to decrypt encrypted data. To decrypt data, you need a paired key.
Identities with Microsoft Defender for Identity and Azure AD Identity Protection
Uses active directory signals to identify, details once do identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Hashing
Uses an algorithm to convert text to a unique fixed length value called blank. This is different from encryption because it doesn't use keys.
Symmetric encryption
Uses the same key to encrypt and decrypt the data.
Azure Disk Encryption for Windows VMs
Uses the windows bitlocker feature for volume encryption. This this can be configured to encrypt operating system and data disk volumes.
Authentication is the process of doing what?
Verifying that a user or device is who they say they are.
CSPM provides
Visibility- To help you understand your current security situation. Hardening guidance- to help you efficently and effectivley improve security.
Azure Graph API Access
When determining access, the user 1st acquires a token to the Microsoft graph or azure AD graph endpoint. Using the token, the user makes an APR it's an API call to Asher AD via Microsoft graph or azure AD graph. Azure AD uses this to evaluate the user's role membership Or retrieve their applicable role assignments.
Data residency
When it comes to compliance, blink blank regulations govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally internationally. These regulations can differ significantly depending on jurisdiction.
Responsibility
Who is responsible for implementing the control? Possible scenarios are customer responsibility, microsoft responsibility, or shared responsibility.
Administrator self service password reset requires a strong 2 gate password policy that cannot be overridden. Yes or No
YES
A network security group can filter inbound traffic based on its IP address and port number yes or no
Yes
A newly created network security group denies all inbound traffic from the Internet yes or no
Yes
Evaluating sign in risk and user risk as part of a Conditional access policy requires access to Azure Identity Protection. YES OR NO
Yes
If passwords are managed on premises you must configure self service password reset wruteback to enable users to reset passwords Yes or No
Yes
Microsoft defender fridentity can detect on premises attacks on AD federation services. Yes or no
Yes
The Zero trust security model always assumes breach
Yes
Users must 1st register their authentication methods before using self service password reset. Yes or No
Yes
Microsoft defender for office 365 plan 1
You can safeguard your organization with safe attachment commattachment, safelink, and anti phishing capabilities.
AKV Key management
You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys used to encrypt your data.
AKV Secrets managed
You can use Key Vault to store securely and tightly control access to tokens, passwords, certificates, Application Programming Interface (API) keys ,and other secrets.
AB RDP and SSH Azure portal
You get the RDP and SSH session directly in the azure portal, using a single click experience.
SR On promises data centers
You have responsibility for everything from physical security to encrypting sensitive data
User-assigned
You may create a managed ID as a standalone as your resource once you create a blank managed id you can assign it to one or more instances of an azure service. The identity is managed separately from the resources that use it.
MS Capacitiy
You're billed a fixed fee based on the selected tier, enabling a predictable total cost from Microsoft sentinel.
MS Pay as you go
You're billed per gigabyte for the volume of data ingested for analysis in microsoft sentinel and stored in the Azure monitor log analytics workspace.
Privileged Identity Management
adds protection to privileged groups that control access across a range of domain-joined computers and applications on those computers. It also adds more monitoring, more visibility, and more fine-grained controls. This allows organizations to see who their privileged administrators are and what are they doing.
OATH TOTP hardware tokens
are a small hardware devices that look like a key fob that displays a code that refreshes every 30 to 60 seconds. OATH TOTP hardware tokens typically come with a secret key, or seed, pre-programmed in the token. These keys and other information specific to each token must be input into Azure AD and then activated for use by end-users.
Managed Identities
are a type of service principal that are automatically managed in Azure AD and eliminate the need for developers to manage credentials.
Zero trust
assumes everything is on an open and untrusted network.
Encryption technology that encrypts windows and Linux IAA it's IAS virtual machine disk using the bitlocker feature of windows or the dm crypt feature of Linux.
azure disk encryption
Cloud apps or actions CA
can include or exclude Cloud applications or user actions that will be subject to the policy.
Microsoft defender for end point
delivers industry-leading endpoint security for Windows, macOS, Linux, Android, iOS, and network devices and helps to rapidly stop attacks, scale your security resources, and evolve your defenses.
Azure AD joined
devices are signed in to using an organizational Azure AD account. Access to resources can be controlled based on Azure AD account and Conditional Access policies applied to the device. Administrators can secure and further control Azure AD joined devices using Mobile Device Management (MDM) tools like Microsoft Intune or in co-management scenarios using Microsoft Endpoint Configuration Manager. These tools provide a means to enforce organization-required configurations like: Requiring storage to be encrypted Password complexity Software installation Software updates
Assessment
is a grouping of controls from a specific regulation, standard, or policy.
Entitlement management
is an identity governance feature that enables organizations to manage the identity and access lifecycle at scale. Auto.ates access request workforce, access assignments, reviews, and expiration.
OATH (Open Authentication)
is an open standard that specifies how time-based, one-time passwords codes are generated. One-time passwords codes can be used to authenticate a user. OATH TOTP is implemented using either software or hardware to generate the codes.
Cloud discovery
maps and identifies your cloud enviorment and the cloud apps your organization uses. Cloud Discovery uses your traffic logs to dynamically discover and analyze the cloud apps being used.
Network security groups can only filter in bound traffic yes or no
no
Central identity provider
organizations can establish authentication and authorization policies, monitor user behavior, identify suspicious activities, and reduce malicious attacks.
Self service password reset (SSRP)
password change: when a user knows there password but wants to change it to something new.
MD for container registries
protects all the Azure resource manager based registries in your subscription.
Data residency
refers to the physical or geographic location of an organization's data or information. Similar to data sovereignty, data residency also relates to the data laws or regulatory requirements imposed on data based on the data laws that govern a country or region in which it resides.
Azure AD hybrid identities
synchronize identities between on premises AD and Azure AD.
Action Catagories Mandatory
these actions shouldn't be bypassed. For example creating a policy to set requirements for password length or expiration.
AC Discretionary
these actions shouldn't depend on the user's understanding and adhering to a policy. For example a policy where users are required to ensure their devices are locked before they leave them.
E-E MS Respond
to incidents rapidly with built in orchestration and automation of common security tasks.
Zero Trust
trust no one, verify everything
