SC-900
On what principle does Zero-Trust operate?
"trust no one, verify everything"
What is a DDOS attack?
- attack attempts to exhaust an application's resources, making the application unavailable for legitimate users
What criteria can be configured for audit log?
1) Activities, 2) Start and end date, 3) Users, 4) File, folder, or site
What does the advanced eDiscovery workflow look like?
1) Add custodian to case, 2) Search custodial data sources for relevant data, 3) Add data to a review set, 4) Review and analyze data in a review set, 5) Export and download case data
4 fundamental pillars of identity when creating an identity infrastructure
1) Administration, 2) Authentication, 3) Authorization, 4) Auditing
With which devices does Microsoft Defender for Endpoint work with?
1) Android, 2)ios/ipados, 3) Windows 10 or later
Benefits of using managed identities
1) App developers can authenticate to services that support managed identities for Azure resources, 2) to authenticate other Azure services, 3) can be used without any additional costs.
Sign-in risk signals
1) Atypical travel, 2) Anonymous IP address
Options for getting devices in AAD
1) Azure AD registered devices, 2) Azure AD joined devices, 3) Hybrid Azure AD joined devices
What is included in each Azure security baseline?
1) Azure ID, 2) Recommendation, 3) Guidance, 4) Responsibility, 4) Azure Security center monitoring
Types of data encryption in Microsoft Azure
1) Azure Storage Service Encryption, 2) Azure Disk Encryption, 3) Transparent data encryption (TDE)
Two types of Azure AD External identities
1) B2B, 2) B2C
Which two tiers of Azure DDoS Protection exist?
1) Basic, 2) Standard
What do Label Policies allow admins to do?
1) Choose users/groups that can see labels, 2) Apply a default label, 3) Require justification for label changes, 4) Require users to apply a label, 5) Link users to custom help pages
How does MCAS integrate visibility into your cloud?
1) Cloud Discovery, 2) (un)sanctioning apps, 3) straightforward app connectors, 4) Conditional Access App Control, 5) setting and continually fine-tuning policies
What is the end-to-end functionality of Azure Sentinel?
1) Collect, 2) Detect, 3) Investigate, 4) Respond
What can be accessed from the Service Trust Portal main menu?
1) Compliance manager, 2) Trust Documents, 3) Industries & Regions, 4) Trust Center, 5) Resources, 6) My Library
What does the Privileged Access Management workflow look like?
1) Configure a privileged access policy, 2) Access request, 3) Access approval, 4) Access processing
What does the Communication Compliance workflow look like?
1) Configure, 2) Investigate, 3) Remediate, 4) Monitor
Which two roles have access to context explorer?
1) Content explorer list viewer, 2) Content explorer content viewer
What foes eDiscovery in M365 entail?
1) Content search, 2) Core eDiscovery, 3) Advanced eDiscovery
What are important compliance areas where communication compliance policies can assist?
1) Corporate policies, 2) Risk management, 3) Regulatory compliance
What does the Core eDiscovery workflow look like?
1) Create eDiscovery holds, 2) Search for content, 3) Export and download search results
What characterizes Sensitivity Labels? They are ...
1) Customizable, 2) Clear text, 3) Persistent
What are common Disruptive Attacks?
1) DDOS, 2) Coin miners, 3) Root kits, 4) Trojans, 5) Worms, 6) Exploits, 7) Exploit Kits.
What are the two common methods of using conditional access with Intune?
1) Device-based, 2) App-based
What can Sensitivity Labels be used for?
1) Encryption, 2) Marking content, 3) Automatic application, 4) Protection of content in containers, 5) Extend labels to third-party apps an services, 6) Classify content without using any protection setting
What do the Security defaults enable?
1) Enforcing Azure AD MFA registration for all users, 2) Forcing admins to use MFA, 3) Requiring all user to perform MFA when needed
Which users can access the Compliance Center?
1) Global admins, 2) Compliance admins, 3) Compliance data administrators
Reulgations that organizations and institutions commonly work with include....
1) HIPAA, 2) FERPA, 3) ISO 27701
Six foundational pillars of Zero-Trust
1) Identities, 2) Devices, 3) Applications, 4) Data, 5) Infrastructure, 6) Networks
What is protected by the Microsoft 365 Defender suite?
1) Identities, 2) Endpoints, 3) Applications, 4) Email and collaboration
Which components are defined in assessments?
1) In-scope services, 2) Microsoft-managed controls, 3) Your controls, 4) Shared controls, 5) Assessment score
What is always the responsibility of the customer in a cloud model?
1) Information and data, 2) Devices, and 3) Accounts and identities
Which compliance solutions areas are considered in the Solution Catalog Card?
1) Information protection & governance, 2) Insider risk management, 3) Discovery & respond section
What features are included with Azure Security Center's threat protection?
1) Integration with Microsoft Defender, 2) Protect PaaS, 3) Block brute force attacks, 4) Protect data services
What characterizes PIM?
1) Just in time, 2) time-bound, 3) approval-based, 4) visible, 5) auditable
Which crucial events are provided with Advanced Auditing?
1) MailItemsAccessed, 2) Send, 3) SearchQueryInitiatedExchange, 4) SearchQueryInitiatedSharePoint
To which two (main) categories are actions assigned?
1) Mandatory, 2) Discretionary
Services that Windows Hello can let users authenticate to
1) Microsoft Account, 2) AD account, 3) Azure AD account, 4) Identity Provider Services or Relying Party Services that support FIDO authentication
Additional forms of verification that can be used with Azure AD multi-factor authentication are
1) Microsoft Authenticator app, 2) SMS, 3) Voice call, 4) OATH Hardware token
Which types of controls are tracked in Compliance Manager?
1) Microsoft-managed controls, 2) Your controls, 3) Shared controls
Authentication methods available for SSPR
1) Mobile app notification, 2) Mobile app code, 3) Email, 4) Mobile phone, 5) Office phone, 6) Security questions
Which key areas are covered by Microsoft Defender for Identity?
1) Monitor and profile user behavior and activities, 2) Protect user identities and reduce the attack service, 3) Identify suspicious activities and advanced attacks across the cyberattack kill-chain
Three authentication methods (for hybrid identities)
1) Password hash synchronization, 2) Pass-through authentication (PTA), 3) Federated Authentication
What does the Insider Risk Management workflow look like?
1) Policies, 2) Alerts, 3) Triage, 4) Investigate, 5) Action
Which 3 (sub)categories are defined for actions?
1) Preventive, 2) Detective, 3) Corrective
Key features of Azure Bastion are
1) RDP and SSH directly in Azure portal, 2) Remote session over TLS and firewall traversal for RDP/SSH, 3) No public IP required on the Azure VM, 4) No hassle of managing NSGs, 5) Protection against port scanning, 6) Protect against zero-day exploits
What three security challenges does Azure Security Center address?
1) Rapidly changing workloads, 2) Increasingly sophisticated attacks, 3) Security skills are in short supply
What are known vulnerabilities to web applications?
1) SQL injection, 2) cross-site scripting
What is covered in MS Defender for Office 365 Plan 1?
1) Safe attachments, 2) Safe links, 3) Safe attachments for Sharepoint, OneDrive, and Teams, 4) Anti-phishing protection, 5) Real-time detections
For which scenarios is Key Vault helpful?
1) Secrets management, 2) Key management, 3) Certificate management, 4) Store secrets backed by hardware security modules (HSMs).
With which workloads do Retention settings work?
1) Sharepoint & OneDrive, 2) Teams, 3) Yammer, 4) Exchange
Types of Password Based Attacks
1) Spray attacks, 2) Brute Force Attacks
The steps of the cloud adoption lifecycle
1) Strategy, 2) Plan, 3) Ready, 4) Adopt, 5) Govern, 6) Manage
What does Azure Security Center provide tools to?
1) Strengthen security posture, 2) Protect against threats, 3) Get secure faster
Two top-level types of encryption
1) Symmetric, 2) Asymmetric
What is (supplementary) covered in MS Defender for Office 365 Plan 2?
1) Threat Trackers, 2) Threat Explorer, 3) Automated investigation and response (AIR), 4) Attack Simulator
What is included in Microsoft Defender for Endpoint?
1) Threat and vulnerability management, 2) Attack surface reduction, 3) Next generation protection, 4) Endpoint detection and response, 5) Automated investigation and remediation, 6) Microsoft Threat Experts, 7) Management and APIs
Which are the principles that Insider Risk Management is centered around?
1) Transparency, 2) Configurable, 3) Integrated, 4) Actionable
Signals that Conditional Access can use to control a policy
1) User or group membership, 2) Named location information, 3) Device, 4) Application, 5) Real-time sign in risk detection, 6) Cloud apps or actions, 7) User risk
The 3 guiding principles of Zero-Trust
1) Verify explicitly, 2) Least privileged access, 3) Assume breach
What are the 3 most popular types of DDoS attacks?
1) Volumetric attacks, 2) Protocol attacks, 3) Resource (application) layer attacks
Two configurations of Windows Hello
1) Windows Hello, 2) Windows Hello for Business
Which two types of actions are defined under compliance score?
1) Your improved actions, 2) Microsoft actions
What tasks does Identity Protection help with?
1) automate the detection and remediation of identity-based risks, 2) investigate risks using data in the portal, 3) export risk detection data to third-party utilities for further analysis
What are the key features of Azure Firewall?
1) built-in high availability and availability zones, 2) network and application level filtering, 3) outbound SNAT and inbound DNAT to communicate with internet resources, 4) Multiple public IP addresses, 5) Threat intelligence, 6) Integration with Azure Monitor
How can you manage incidents in Azure Sentinel?
1) changing status, 2) assigning for investigation, 3) investigation functionality
Advantages of applying retention labels?
1) comply proactively with regulations or internal policies, 2) reduce risk when there's litigation or a security breach, 3) ensure users work only with content that's current and relevant to them.
How do DLP policies protect content?
1) conditions, 2) actions, 3) locations
What are the 6 Microsoft privacy principles?
1) control, 2) transparency, 3) security, 4) strong legal protections, 5) no content-based targeting, 6) benefits for you
How does entitlement management address challenges regarding access to resources?
1) delegate the creation of access packages to non-administrators, 2) managing external users.
What Azure Defender plans are available?
1) for servers, 2) app service, 3) storage, 4) SQL, 5) Kubernetes, 6) container registries, 7) Key Vault
Four editions of Azure AD
1) free, 2) Office 365 Apps, 3) Premium P1, 4) Premium P2
Azure AD built-in roles include
1) global administrator, 2) user administrator, 3) billing administrator
What does Azure AD identity governance enable organizations to do?
1) govern the identity lifecycle, 2) govern access lifecycle, 3) secure privileged access for administration
What is required to use self-service password reset?
1) have an Azure AD license, 2) SSPR is enabled by an admin, 3) the user is registered with the authentication methods they want to use
What do DLP policies help admins do?
1) identify, monitor, and automatic protection of sensitive information, 2) help users learn how compliance works, 3) view DLP reports
Which categories are cards grouped by in security report
1) identities, 2) data, 3) Devices, 4) apps
What are the benefits of Self-service password reset (SSPR)?
1) increase security, 2) saves money by reducing calls/requests to help desk staff, 3) increases productivity
Which options do you have regarding eDiscovery holds?
1) infinite, 2) date range
Three tiers of risk in Identity Protection
1) low, 2) medium, 3) high
Which properties are specified by a security rules?
1) name, 2) priority, 3) source or destination, 4) protocol, 5) direction, 6) port range, 7) action
What two types of classifiers are available?
1) pre-trained, 2) custom trainable
What can Azure Defender be used for in a hybrid cloud environment?
1) protect non-Azure servers, 2) protect VMs in other clouds
What happens when content is labeled as records?
1) restrictions are put in place to block certain activities, 2) activities are logged, 3) proof of disposition is kept at the end of the retention period
What are the topics you can arrange cards by in security report?
1) risk, 2) detection trends, 3) configuration and health, 4) other
Three reports that Identity Protection provides organizations with
1) risky user, 2) risky sign-ins, 3) risk detection
Which five information points are evaluated by NSG security rules?
1) source, 2) source port, 3) destination, 4) destination port, 5) protocol
The 2 types of managed identities
1) system-assigned, 3) user-assigned
What reports are included in endpoint reports?
1) threat protection report, 2) device health, 3) compliance report, 4) vulnerable devices report
Which signals are used to calculate user risk?
1) unfamiliar sign-in properties, 2) Malware linked IP address, 3) Leaked credentials, 4) Password spray, 5) Azure AD threat intelligence
Two types of risk
1) user risk, 2) sign-in risk
Azure AD manages 4 different types of identities
1) users, 2) service principals, 3) managed identities, 4) devices
Through which capabilities is protection provided in MCAS?
1) visibility, 2) data security, 3) threat protection, 4) compliance.
When are Access reviews helpful?
1) you have too many users in privileged roles, 2) automation isn't possible, 3) you want to control business critical data access, 4) your governance policies require periodic review of access permissions
What settings can a Resource Lock be given?
1)CanNotDelete, 2) ReadOnly
What tools and services does CSPM use?
1)Zero trust-based access control, 2) Real-time risk scoring, 3) Threat and vulnerability management (TVM), 4) Discover sharing risks, 5) Technical policy, 6) Threat modeling systems and architectures
Azure AD enables access to....
1)internal resources, 2) external services
When does Self-service password reset work?
10 password change, 2) password reset, 3) account unlock
How long is an audit record kept?
90 days for core capability
Which roles can access the M365 Defender portal?
Admins, security operator or security readers
Which subscription is required for Access reviews?
Azure AD Premium 2
In which subscription is Identity Protection a feature?
Azure AD Premium P2
Which subscription is needed to use Entitlement Management?
Azure AD Premium P2
Which subscription is required for PIM?
Azure AD Premium P2
How does Federated authentication work?
Azure AD hands off the authentication process to a separate trusted authentication system, such as AD FS
What is required to use custom roles?
Azure AD premium P1 or P2
How can you monitor the data in Azure Sentinel?
Azure Monitor Workbooks
What is enable by the MDM Security Baseline?
BitLocker for removable drives, password to unlock a device, automatically disables basic authentication.
CIA (abbrev)
Confidentiality, Integrity, Availability
What is required for Advanced Auditing?
E5, or E3 with add-ons
What is Azure AD?
Microsoft's cloud-based identity and access management service
What does MAM stand for?
Mobile Application Management
TRUE/FALSE: Federation is always bi-directional
NO, only if that trust relationship is configured
Which subscriptions have Advanced eDiscovery?
Office 365 and Microsoft 365 E5
Which Azure subscription includes banned password lists?
Premium 1 or 2
What does SIEM stand for?
Security incident and event management
SSO (abbrev)
Single sign-on
What does Azure AD Multi-Factor Authentication require?
Something you 1) Know, 2) Have, 3) Are.
TRUE/FALSE: An NSG is made up of inbound and outbound security rules
TRUE
TRUE/FALSE: Azure Bastion is deployed per virtual network
TRUE
TRUE/FALSE: Azure Security Center protects non-Azure servers and virtual machines in the cloud or on premises by installing the Log Analytics agent
TRUE
TRUE/FALSE: You cannot remove default security rules
TRUE
TRUE/FALSE: the higher the score in Security Center, the lower the identified risk level
TRUE
What is Microsoft Cloud App Security (MCAS)?
a Cloud Access Security Broker (CASB)
Why is Windows Hello safer than a password?
a PIN is not transmitted nor stored on a server
What is Core eDiscovery ?
a basic tool that can be used to search and export content in M365
What is Azure Defender?
a built-in tool that provides threat protection for workloads running in Azure, on-premises, and other clouds.
What is Azure Key vault?
a centralized cloud service for storing your application secrets
What is Microsoft Intune?
a cloud-based service that focuses on MDM and MAM management
What are incidents
a collection of correlated alerts created when a suspicious event is found
What is a security playbook?
a collection of procedures that help automate and orchestrate your response than can be run manually or automatically when specific alerts are triggered.
What are assessments (in relation to Compliance Manager)?
a grouping of controls from a specific regulation, standard, or policy
What is a Dictionary Attack?
a hacker attempts to steal an identity by trying a large number of known passwords. Also known as brute force attacks
What is Directory in the context of a computer network?
a hierarchical structure that stores information about objects on the network.
What kind of approach to security does defense in depth take?
a layered approach
What is Azure Firewall?
a managed, cloud-based network security service that protects your Azure VNet resources from attackers
What does the compliance score card show?
a measure of the progress in completing recommended improvement actions within controls.
What does the Secure Score of M365 Defender indicate?
a measure of the security posture of the organization across your apps, devices, and entities
What does the Secure Score of Azure Security Center indicate?
a measure of the security posture of your Azure subscriptions
What is Cloud security posture management (CSPM)?
a new class of tools designed to improve your cloud security management
What is FIDO2 (Fast Identity Online)?
a passwordless authentication method that uses an external security key, and the user never has to enter a password.
User (identity in AAD)
a representation of employees and guests.
What are controls (in relation to Compliance Manager)?
a requirement of a regulation, standard, or policy.
What is Microsoft Azure Sentinel?
a scalable, cloud-native SIEM/SOAR solution that delivers intelligent security analytics and threat intelligence across the enterprise.
Service Principal (identity in AAD)
a security identity used by applications or services to access specific Azure resources.
What are Security defaults?
a set of basic identity security mechanisms recommended by Microsoft
What is Azure AD External Identities?
a set of capabilities that enable organizations to allow access to external users or partners with their own identities.
What is a policy initiative?
a set of multiple business rules
What is Office 365 Cloud App Security?
a subet of MCAS that provides visibility and control for Office 365
What is the context explorer?
a tool that gives insight into the content that has been summarized in the overview pane
What is SIEM?
a tool used to collect data from across the whole estate that does analysis, looks for correlations or anomalies, and generates alerts and incidents
What is a Worm?
a type of malware that can copy itself and often spreads through a network by exploiting security vulnerabilities.
What are Trojans?
a type of malware that can't spread on its own.
What is Ransomware?
a type of malware that encrypts files and folders, preventing access to important files to extort money.
What is Spear Phishing?
a variant on phishing that uses databases of information on users to create highly credible emails.
What does Azure Blueprints provide?
a way to define a repeatable set of Azure resources for deployment
What is Data Loss Prevention (DLP)?
a way to protect sensitive information and prevent it inadvertent disclosure.
What is CIA?
a way to think about security trade-offs
What does Federation enable?
access of services across organizational or domain boundaries by establishing trust relationships between respective identity providers.
What do Network security groups (NSGs) let you do?
allow or deny network traffic from and to Azure resources that exist in your Azure virtual network
What does the audit functionality do?
allow organizations to view user and administrator activity through a unified audit log
What does Conditional Access provide?
an additional layer of security before allowing authenticated users to access data or other assets
What is Windows Hello?
an authentication feature built into W10, replacing passwords with strong two-factor authentication of PCs and mobile devices.
What does advanced eDiscovery provide?
an end-to-end workflow to preserve, collect, review, analyze and export content that's relevant to internal and external investigations.
What is Microsoft 365 defender?
an enterprise defense suite that protects against sophisticated cyberattacks.
User-assigned (managed identities)
an identity assigned to one or more instances of an Azure service
System-assigned (managed identities)
an identity created in AAD tied to the lifecycle of that service instance.
What is B2C (Azure AD External Identities)?
an identity management solution for consumer/customer facing apps.
Managed Identity (identity in AAD)
an identity that is automatically managed by Azure, typically used to manage the credentials for authenticating a cloud application with AAD.
What is OATH (Open Authentication)?
an open standard that generates time-based one-time passwords (TOTP codes)
What is zero standing access?
any user who needs privileged access must request permissions for access, and will receive only the level of access they need just when they need it, and with just-enough access to perform the job at hand.
What is a Brute Force Attack?
attacks where many passwords are tried against one or more accounts, sometimes using dictionaries or commonly used passwords
What is a Password Spray Attack?
attempts to match a username against a list of weak passwords
What is changed with regard to bandwidth with the release of Advanced Auditing?
bandwidth according to tenant-level
What are Sensitive information types?
built-in information types based on patterns defined by a regex or function
How does Defender for Identity monitor and analyze user activities and information?
by creating a behavioral baseline for each user.
How can you automate some of your security operations with Azure Sentinel?
by creating automated workflows, or playbooks with Logic Apps
How can you override default security rules?
by creating new rules with higher priorities
How is threat protection integrated in Azure Sentinel?
by integrating Microsoft 365 Defender and Azure Defender
How does Azure policy evaluate compliance and standards?
by matching with business rules from a JSON file
How can you improve your secure score?
by remediating security recommendations from your recommendations list
Device (identity in AAD)
can be set up in AAD to determine properties such as who owns a device, manage its protection, and enable SSO.
Customer lockbox ensures that Microsoft....
can't access the content to perform a service operation without explicit approval.
How does Azure Defender on compare to Azure Defender off?
capabilities are extended to workloads running in private and other public clouds
What does Web Application Firewall provide?
centralized protection of your web applications from common exploits and vulnerabilities.
Whose responsible with PaaS?
cloud provider for hardware and OS, the customer for applications and data
What does the Solution catalog card (in Compliance Center) present?
collections of integrated solutions used to manage end-to-end compliance scenarios across three compliance solutions areas
What does the M365 Defender portal do?
combine protection, detection, investigation, and response to email, collaboration, identity, and device threats in a central portal
What does Communication Compliance help minimize?
communication risk by enabling to detect, capture, and take remediation for inappropriate messages.
What does Advanced Auditing help with?
conduct forensic and compliance investigations by increasing audit log retention to conduct and investigation.
What does Microsoft Intune allow you to do?
control how your organization's devices are used and configure specific policies to control applications
What do dynamic groups enable admins to do?
create attribute-based rules to determine membership
What does the Identity Provider do?
create, maintain and manage identity information while providing authentication, authorization and auditing services.
How do Custom roles differ from built-in roles?
custom roles can be assigned at the resource level and allow permissions to be added to a custom role definition.
Whit Advanced Auditing admins can create....
customized audit log retention policies
What is Data in Transit?
data moving from one location to another.
What is Data at Rest?
data that's stored on a physical device.
What does XDR do?
deliver intelligent, automated, and integrated security by helping to prevent, detect, and respond to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms
What is Azure Resource Manager?
deployment and management service for Azure
What do Azure Defender alerts do?
describe details of the affected resources, suggested remediation steps, and in some cases, an option to trigger a logic app in response.
Azure AD registered devices are...
devices that are typically owned personally, signed in with a personal Microsoft accounts or another local account
What does Microsoft Information Protection do?
discover, classify, and protect sensitive and business-critical content throughout its lifecycle
What is a guideline regarding security rules?
do not create two with the same priority and direction
What do Azure Sentinel's deep investigation tools help you do?
drill down into an entity and its connections on the interactive graph to get to the root cause of the threat
What does Microsoft Secure Score for Devices help with?
dynamically assess the security state of your enterprise network, identify unprotected systems and make recommended actions to improve overall security
What does Azure Disk Encryption help you with?
encrypt Windows and Linux IaaS VM disks, using BitLocker and dm-crypt of Linux
What do retention labels and policies do?
ensure content is kept only for a required time and then permanently deleted.
What does a device compliancy policy do?
establish the condition by which devices and users are allowed to access the corporate network and company resources.
What does Zero-Trust assume?
everything is on an open and untrusted network.
What does Azure Bastion protect against?
exposure of your RDP/SSH ports to the outside world
What does XDR stand for?
extended detection and response
Azure Defender is a ... .solution
extended detection and response (XDR)
What do you call setting up single sign-on between multiple identity providers?
federation
For how long does Advanced Auditing retain audit records?
for one year
When is passwordless authentication particularly applicate?
for shared PCs and where mobile phones aren't viable options
What does Privileged Access Management allow?
granular access control over privileged admin tasks in Microsoft 365
Disadvantage of hashed passwords
hackers can use brute-force dictionary attacks by hashing passwords.
What does Record Management in M365 do?
help look after legal obligations and demonstrate compliance with regulations.
What does Azure DDoS Protection do?
help protect your applications and servers by analyzing network traffic and discarding anything that looks like a DDoS attack.
What is meant by an identity when talking about identity as the new security parameter?
how someone or something can be verified and authenticated to be who they say they are.
What is endpoint data loss prevention?
how the protection and activity monitoring capabilities of DLP for sensitive content can be extended to Windows 10 devices
What does biometric sign-in use?
human characteristics
What characterized the cloud-only model?
identities are created and wholly managed in Azure AD
What characterizes a hybrid model?
identities are created in Windows AD or another identity provider and then synchronized to Azure AD
What does Microsoft Identity Manager do?
import records from on-premises HR systems
How is Azure DDoS priced?
includes protection for 100 resources, additional resources being charged on a monthly per-resource basis
What do Azure AD terms of use allow for?
information to be presented to users before they access data or an application to ensure they read relevant disclaimers for legal or compliance requirements.
What does the Service Trust Portal provide?
information, tools, and other resources about Microsoft security, privacy, and compliance practices.
How does CSPM help you?
it assesses your systems and automatically alerts security staff when a vulnerability is found.
How does Azure AD Password Protection work?
it detects, blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization
How does Hashing differ from Encryption?
it doesn't use keys, and hashed values aren't decrypted back to the original.
What sets Windows Hello for Business apart from the regular service?
it is configured by Group Policy or MDM policy and PIN or biometric is backed by key-based or certificate-based authentication
How does Asymmetric encryption work?
it uses a public key and private key pair for encryption and decryption. A paired key is required to decrypt data.
What does Hashing do?
it uses an algorithm to convert the original text to a unique fixed-length hash value.
How does Symmetric encryption work?
it uses the same key to encrypt and decrypt data
How does Microsoft Defender for Identity work?
it uses your on-premises AD data (signals) to identity, detect, and investigate advanced threats, compromised identities and malicious insider actions
What is integrity? (in relation to CIA)
keeping your data correct, so not altered or tampered with
What is a global banned password list?
known weak passwords automatically updated and enforced by Microsoft.
What is a custom banned password list?
lists to support specific business security needs created by admins.
What does encryption o?
make data unreadable and unusable to unauthorized viewers.
What is availability? (in relation to CIA)
making data available to those who need it
What is Malware ?
malicious applications and code that can damage and disrupt normal use of devices
What does Defender for Office 365 safeguard against?
malicious threats posed by email messages, links, and collaboration tools
What does the Compliance Manager feature help with?
manage an organization's compliance requirements with greater ease and convenience
What does PIM enable you to do?
manage, control and monitor access to important resources in your organization.
What does Insider Risk Management help you with?
minimize internal risks by enabling an organization to detect, investigate, and act on risky and malicious activities
What does Azure AD Privileged Identity Management do?
minimize the number of people who have access to resources across Azure AD, Azure, and other Microsoft online services.
Which incidents can be managed in Microsoft 365 Defender?
on devices, user accounts and mailboxes
Where does Windows Hello save PIN and biometric data?
on the local device
Which two modes of Security Center are offered?
on/off
How many NSGs can be associated to a virtual network subnet and network interface in a VM?
one
Hybrid AAD joined devices are ...
owned by an organization and are signed in with an Active Directory Domain Services account... exist in the cloud and on-premises.
Azure AD joined devices are...
owned by an organization and signed in with an organization AAD account
What does Password Protection help defend you against?
password spray attacks
How does Pass-through authentication (PTA) work?
password validation is done using a software agent that runs on one or more on-premises servers
Whose responsible with IaaS?
physical components or physical security the cloud provider, software components the customer
What are information barriers?
policies that prevent individuals or groups from communicating with each other.
What does the Azure Security Benchmark (ABS) provide?
prespective best practices and recommendations to help improve the security of workloads, data, and services on Azure.
What does DLP in MS Teams do?
prevent users from sharing sensitive information in a Teams chat sessions or channel, whether it's in a message of file.
What does Microsoft Defender for Endpoint do?
prevent, detect, investigate, and respond to advanced threats.
What does Compliance score measure?
progress in completing recommended improvement actions within controls
What does Transparent data encryption (TDE) help with?
protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity, performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest.
What is Activity explorer?
provides visibility into what content has been discovered and labeled and where that content is.
What does Password Protection do?
reduce the risk of users setting weak passwords
How to allow an application to delegate its identity and access functions to Azure AD
register the application with Azure AD.
What do NSGs consist of?
rules that define how traffic is filtered
How to mitigate hacker risk with hashed passwords
salting passwords; adding a fixed-length random value to the input of hash functions to create unique hashes.
What does the Content Search eDiscovery tool enable?
search for in=-place items such as email, documents, and instant messaging conversations in your organization.
What is Hunting in Azure Sentinel?
search-and-query tools based of MITRE framework to hunt proactively for security threats across your organization's data sources before an alert is triggered.
What does Azure Bastion provide?
secure and seamless RDP/SSH connectivity to your VMs directly from the Azure Portal using TLS
What does SOAR stand for?
security orchestration automated response
What do benchmarks contain (Azure Security)?
security recommendations for a specific technology, categorized by the control to which they belong
What is passwordless authentication based on?
something you are
What are Exploits?
take advantage of vulnerabilities in software
What does SOAR do?
takes alerts from many sources and triggers action-driven automated workflows and processes to run security tasks that mitigate the issue
Whose responsible with SaaS?
the cloud provider is responsible for everything except data, devices, accounts, and identities.
What is Current score (Azure Secure Score)?
the current score for a control
Whose responsible in an on-premises datacenter?
the customer
What group membership is required to access the content search page to run searches and preview and export results?
the eDiscovery Manager role group
What do Sensitivity Labels enable?
the labeling and protection of content
What does Entitlement management enable?
the management of the identity and access lifecycle at scale by automating access request workflows, access assignments, reviews, and expiration.
What is Max score (Azure Secure Score)?
the maximum number of points you can gain by completing all recommendations within a control.
What is confidentialty? (in relation to CIA)
the need to keep sensitive data confidential
What is Azure Active Directory?
the next evolution of identity and access management by providing organizations with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises.
What is Sign-in Risk?
the probability that a given authentication request isn't authorized by the identity owner
What is User Risk?
the probability that a given identity or account is compromised
What is user risk?
the probability that the user identity has been compromised
What is the Access Lifecycle?
the process of managing access throughout the user's organizational life
What is Potential increase (Azure Secure Score)?
the remaining points available to you within the control
What is at the center of "Modern Authentication"?
the role of the identity provider
What does "Modern Authentication" mean?
the umbrella term of authentication and authorization between a client and a server.
How are Sensitivity Labels provided to users?
they are published through label policies
How do Trainable classifiers work ?
they enable AI and machine-learning driven data classification
How can Access reviews be created?
through 1) Azure AD access reviews, 2) Azure AD PIM.
How does Intune enforce conditional access?
through integration with Azure AD
How can Intune be used for a Mobile Threat Defense solution?
through integration with Microsoft Defender for Endpoint
How is Conditional Access implemented?
through policies
How does Defender for Identity reduce organizational attack surface?
through security reports and user profile analytics
How can organizations automate the access lifecycle?
through technologies such as dynamic groups
What do Azure AD access reviews enable?
to efficiently manage group memberships, access to enterprise applications, and role assignment.
What is MCAS used for?
to gain visibility into Shadow IT by discovering the cloud apps being used, and controlling and protecting data in the apps after you sanction them to the service.
What can eDiscovery be used for?
to identify, hold, and export content found in mailboxes and sites.
What is the aim of a DDoS attack?
to overwhelm the resources on your applications and servers, making them unresponsive or slow for genuine users.
What can Resource Locks be used for?
to prevent resources from being accidentally deleted or changed.
What is MAM used for?
to protect corporate data at the application level on personal devices.
What does Azure Storage Service Encryption help with?
to protect data at rest by automatically encrypting before persisting it to Azure-managed disks
What does B2B collaboration allow?
to share your apps and resources with external users
What are Identity Attacks designed for?
to steal the credentials used to validate and authenticate that someone or something is who they claim to be; identity theft.
What is Hashing used for?
to store passwords.
What is the best approach for deploying Azure Firewall?
to use it on a centralized VNet
How does Password hash synchronization work?
users can use the same username and password they use on-premises without any additional infrastructure being needed
What is SSO?
users log in once and that credential is used to access multiple applications or resources.
Who can access the Endpoint security node of MEM?
users with permissions equal to Endpoint Security Manager
How can guest users be included in Azure AD?
using Azure AD B2B collaboration, a feature in External Identities
What is a Phishing Attack?
when a hacker sends an email that instructs a user to sign in and change their password on an illegitimate website to capture their identity and password.
When can we talk of managed authentication?
when authentication is done by Azure AD
When can we talk about federated authentication?
when authentication is redirected by Azure AD to another identity provider
What is a Data breach ?
when data is stolen through, e.g., phishing, spear phishing, tech support scams, SQL injection, and malware.
What does the shared responsibility model identify?
which security tasks are handled by the cloud provider, and which by the customer.
How is synchronization managed in a hybrid model?
with Azure AD Connect
How can Azure AD be integrated with cloud-based HR systems?
with Azure AD Premium
How can Web Application Firewall be deployed?
with Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network
How are you notified when anything suspicious occurs in Azure Sentinel?
with analytics alerts
How do you have your data ingested into Azure Sentinel?
with data connectors
When can changes to access not be automatically applied (Access reviews) ?
with dynamic groups or a group that originates on-premises