SC-900

On what principle does Zero-Trust operate?

"trust no one, verify everything"

What is a DDOS attack?

- attack attempts to exhaust an application's resources, making the application unavailable for legitimate users

What criteria can be configured for audit log?

1) Activities, 2) Start and end date, 3) Users, 4) File, folder, or site

What does the advanced eDiscovery workflow look like?

1) Add custodian to case, 2) Search custodial data sources for relevant data, 3) Add data to a review set, 4) Review and analyze data in a review set, 5) Export and download case data

4 fundamental pillars of identity when creating an identity infrastructure

1) Administration, 2) Authentication, 3) Authorization, 4) Auditing

With which devices does Microsoft Defender for Endpoint work with?

1) Android, 2)ios/ipados, 3) Windows 10 or later

Benefits of using managed identities

1) App developers can authenticate to services that support managed identities for Azure resources, 2) to authenticate other Azure services, 3) can be used without any additional costs.

Sign-in risk signals

1) Atypical travel, 2) Anonymous IP address

Options for getting devices in AAD

1) Azure AD registered devices, 2) Azure AD joined devices, 3) Hybrid Azure AD joined devices

What is included in each Azure security baseline?

1) Azure ID, 2) Recommendation, 3) Guidance, 4) Responsibility, 4) Azure Security center monitoring

Types of data encryption in Microsoft Azure

1) Azure Storage Service Encryption, 2) Azure Disk Encryption, 3) Transparent data encryption (TDE)

Two types of Azure AD External identities

1) B2B, 2) B2C

Which two tiers of Azure DDoS Protection exist?

1) Basic, 2) Standard

What do Label Policies allow admins to do?

1) Choose users/groups that can see labels, 2) Apply a default label, 3) Require justification for label changes, 4) Require users to apply a label, 5) Link users to custom help pages

How does MCAS integrate visibility into your cloud?

1) Cloud Discovery, 2) (un)sanctioning apps, 3) straightforward app connectors, 4) Conditional Access App Control, 5) setting and continually fine-tuning policies

What is the end-to-end functionality of Azure Sentinel?

1) Collect, 2) Detect, 3) Investigate, 4) Respond

What can be accessed from the Service Trust Portal main menu?

1) Compliance manager, 2) Trust Documents, 3) Industries & Regions, 4) Trust Center, 5) Resources, 6) My Library

What does the Privileged Access Management workflow look like?

1) Configure a privileged access policy, 2) Access request, 3) Access approval, 4) Access processing

What does the Communication Compliance workflow look like?

1) Configure, 2) Investigate, 3) Remediate, 4) Monitor

Which two roles have access to context explorer?

1) Content explorer list viewer, 2) Content explorer content viewer

What foes eDiscovery in M365 entail?

1) Content search, 2) Core eDiscovery, 3) Advanced eDiscovery

What are important compliance areas where communication compliance policies can assist?

1) Corporate policies, 2) Risk management, 3) Regulatory compliance

What does the Core eDiscovery workflow look like?

1) Create eDiscovery holds, 2) Search for content, 3) Export and download search results

What characterizes Sensitivity Labels? They are ...

1) Customizable, 2) Clear text, 3) Persistent

What are common Disruptive Attacks?

1) DDOS, 2) Coin miners, 3) Root kits, 4) Trojans, 5) Worms, 6) Exploits, 7) Exploit Kits.

What are the two common methods of using conditional access with Intune?

1) Device-based, 2) App-based

What can Sensitivity Labels be used for?

1) Encryption, 2) Marking content, 3) Automatic application, 4) Protection of content in containers, 5) Extend labels to third-party apps an services, 6) Classify content without using any protection setting

What do the Security defaults enable?

1) Enforcing Azure AD MFA registration for all users, 2) Forcing admins to use MFA, 3) Requiring all user to perform MFA when needed

Which users can access the Compliance Center?

1) Global admins, 2) Compliance admins, 3) Compliance data administrators

Reulgations that organizations and institutions commonly work with include....

1) HIPAA, 2) FERPA, 3) ISO 27701

Six foundational pillars of Zero-Trust

1) Identities, 2) Devices, 3) Applications, 4) Data, 5) Infrastructure, 6) Networks

What is protected by the Microsoft 365 Defender suite?

1) Identities, 2) Endpoints, 3) Applications, 4) Email and collaboration

Which components are defined in assessments?

1) In-scope services, 2) Microsoft-managed controls, 3) Your controls, 4) Shared controls, 5) Assessment score

What is always the responsibility of the customer in a cloud model?

1) Information and data, 2) Devices, and 3) Accounts and identities

Which compliance solutions areas are considered in the Solution Catalog Card?

1) Information protection & governance, 2) Insider risk management, 3) Discovery & respond section

What features are included with Azure Security Center's threat protection?

1) Integration with Microsoft Defender, 2) Protect PaaS, 3) Block brute force attacks, 4) Protect data services

What characterizes PIM?

1) Just in time, 2) time-bound, 3) approval-based, 4) visible, 5) auditable

Which crucial events are provided with Advanced Auditing?

1) MailItemsAccessed, 2) Send, 3) SearchQueryInitiatedExchange, 4) SearchQueryInitiatedSharePoint

To which two (main) categories are actions assigned?

1) Mandatory, 2) Discretionary

Services that Windows Hello can let users authenticate to

1) Microsoft Account, 2) AD account, 3) Azure AD account, 4) Identity Provider Services or Relying Party Services that support FIDO authentication

Additional forms of verification that can be used with Azure AD multi-factor authentication are

1) Microsoft Authenticator app, 2) SMS, 3) Voice call, 4) OATH Hardware token

Which types of controls are tracked in Compliance Manager?

1) Microsoft-managed controls, 2) Your controls, 3) Shared controls

Authentication methods available for SSPR

1) Mobile app notification, 2) Mobile app code, 3) Email, 4) Mobile phone, 5) Office phone, 6) Security questions

Which key areas are covered by Microsoft Defender for Identity?

1) Monitor and profile user behavior and activities, 2) Protect user identities and reduce the attack service, 3) Identify suspicious activities and advanced attacks across the cyberattack kill-chain

Three authentication methods (for hybrid identities)

1) Password hash synchronization, 2) Pass-through authentication (PTA), 3) Federated Authentication

What does the Insider Risk Management workflow look like?

1) Policies, 2) Alerts, 3) Triage, 4) Investigate, 5) Action

Which 3 (sub)categories are defined for actions?

1) Preventive, 2) Detective, 3) Corrective

Key features of Azure Bastion are

1) RDP and SSH directly in Azure portal, 2) Remote session over TLS and firewall traversal for RDP/SSH, 3) No public IP required on the Azure VM, 4) No hassle of managing NSGs, 5) Protection against port scanning, 6) Protect against zero-day exploits

What three security challenges does Azure Security Center address?

1) Rapidly changing workloads, 2) Increasingly sophisticated attacks, 3) Security skills are in short supply

What are known vulnerabilities to web applications?

1) SQL injection, 2) cross-site scripting

What is covered in MS Defender for Office 365 Plan 1?

1) Safe attachments, 2) Safe links, 3) Safe attachments for Sharepoint, OneDrive, and Teams, 4) Anti-phishing protection, 5) Real-time detections

For which scenarios is Key Vault helpful?

1) Secrets management, 2) Key management, 3) Certificate management, 4) Store secrets backed by hardware security modules (HSMs).

With which workloads do Retention settings work?

1) Sharepoint & OneDrive, 2) Teams, 3) Yammer, 4) Exchange

Types of Password Based Attacks

1) Spray attacks, 2) Brute Force Attacks

The steps of the cloud adoption lifecycle

1) Strategy, 2) Plan, 3) Ready, 4) Adopt, 5) Govern, 6) Manage

What does Azure Security Center provide tools to?

1) Strengthen security posture, 2) Protect against threats, 3) Get secure faster

Two top-level types of encryption

1) Symmetric, 2) Asymmetric

What is (supplementary) covered in MS Defender for Office 365 Plan 2?

1) Threat Trackers, 2) Threat Explorer, 3) Automated investigation and response (AIR), 4) Attack Simulator

What is included in Microsoft Defender for Endpoint?

1) Threat and vulnerability management, 2) Attack surface reduction, 3) Next generation protection, 4) Endpoint detection and response, 5) Automated investigation and remediation, 6) Microsoft Threat Experts, 7) Management and APIs

Which are the principles that Insider Risk Management is centered around?

1) Transparency, 2) Configurable, 3) Integrated, 4) Actionable

Signals that Conditional Access can use to control a policy

1) User or group membership, 2) Named location information, 3) Device, 4) Application, 5) Real-time sign in risk detection, 6) Cloud apps or actions, 7) User risk

The 3 guiding principles of Zero-Trust

1) Verify explicitly, 2) Least privileged access, 3) Assume breach

What are the 3 most popular types of DDoS attacks?

1) Volumetric attacks, 2) Protocol attacks, 3) Resource (application) layer attacks

Two configurations of Windows Hello

1) Windows Hello, 2) Windows Hello for Business

Which two types of actions are defined under compliance score?

1) Your improved actions, 2) Microsoft actions

What tasks does Identity Protection help with?

1) automate the detection and remediation of identity-based risks, 2) investigate risks using data in the portal, 3) export risk detection data to third-party utilities for further analysis

What are the key features of Azure Firewall?

1) built-in high availability and availability zones, 2) network and application level filtering, 3) outbound SNAT and inbound DNAT to communicate with internet resources, 4) Multiple public IP addresses, 5) Threat intelligence, 6) Integration with Azure Monitor

How can you manage incidents in Azure Sentinel?

1) changing status, 2) assigning for investigation, 3) investigation functionality

Advantages of applying retention labels?

1) comply proactively with regulations or internal policies, 2) reduce risk when there's litigation or a security breach, 3) ensure users work only with content that's current and relevant to them.

How do DLP policies protect content?

1) conditions, 2) actions, 3) locations

What are the 6 Microsoft privacy principles?

1) control, 2) transparency, 3) security, 4) strong legal protections, 5) no content-based targeting, 6) benefits for you

How does entitlement management address challenges regarding access to resources?

1) delegate the creation of access packages to non-administrators, 2) managing external users.

What Azure Defender plans are available?

1) for servers, 2) app service, 3) storage, 4) SQL, 5) Kubernetes, 6) container registries, 7) Key Vault

Four editions of Azure AD

1) free, 2) Office 365 Apps, 3) Premium P1, 4) Premium P2

Azure AD built-in roles include

1) global administrator, 2) user administrator, 3) billing administrator

What does Azure AD identity governance enable organizations to do?

1) govern the identity lifecycle, 2) govern access lifecycle, 3) secure privileged access for administration

What is required to use self-service password reset?

1) have an Azure AD license, 2) SSPR is enabled by an admin, 3) the user is registered with the authentication methods they want to use

What do DLP policies help admins do?

1) identify, monitor, and automatic protection of sensitive information, 2) help users learn how compliance works, 3) view DLP reports

Which categories are cards grouped by in security report

1) identities, 2) data, 3) Devices, 4) apps

What are the benefits of Self-service password reset (SSPR)?

1) increase security, 2) saves money by reducing calls/requests to help desk staff, 3) increases productivity

Which options do you have regarding eDiscovery holds?

1) infinite, 2) date range

Three tiers of risk in Identity Protection

1) low, 2) medium, 3) high

Which properties are specified by a security rules?

1) name, 2) priority, 3) source or destination, 4) protocol, 5) direction, 6) port range, 7) action

What two types of classifiers are available?

1) pre-trained, 2) custom trainable

What can Azure Defender be used for in a hybrid cloud environment?

1) protect non-Azure servers, 2) protect VMs in other clouds

What happens when content is labeled as records?

1) restrictions are put in place to block certain activities, 2) activities are logged, 3) proof of disposition is kept at the end of the retention period

What are the topics you can arrange cards by in security report?

1) risk, 2) detection trends, 3) configuration and health, 4) other

Three reports that Identity Protection provides organizations with

1) risky user, 2) risky sign-ins, 3) risk detection

Which five information points are evaluated by NSG security rules?

1) source, 2) source port, 3) destination, 4) destination port, 5) protocol

The 2 types of managed identities

1) system-assigned, 3) user-assigned

What reports are included in endpoint reports?

1) threat protection report, 2) device health, 3) compliance report, 4) vulnerable devices report

Which signals are used to calculate user risk?

1) unfamiliar sign-in properties, 2) Malware linked IP address, 3) Leaked credentials, 4) Password spray, 5) Azure AD threat intelligence

Two types of risk

1) user risk, 2) sign-in risk

Azure AD manages 4 different types of identities

1) users, 2) service principals, 3) managed identities, 4) devices

Through which capabilities is protection provided in MCAS?

1) visibility, 2) data security, 3) threat protection, 4) compliance.

When are Access reviews helpful?

1) you have too many users in privileged roles, 2) automation isn't possible, 3) you want to control business critical data access, 4) your governance policies require periodic review of access permissions

What settings can a Resource Lock be given?

1)CanNotDelete, 2) ReadOnly

What tools and services does CSPM use?

1)Zero trust-based access control, 2) Real-time risk scoring, 3) Threat and vulnerability management (TVM), 4) Discover sharing risks, 5) Technical policy, 6) Threat modeling systems and architectures

Azure AD enables access to....

1)internal resources, 2) external services

When does Self-service password reset work?

10 password change, 2) password reset, 3) account unlock

How long is an audit record kept?

90 days for core capability

Which roles can access the M365 Defender portal?

Admins, security operator or security readers

Which subscription is required for Access reviews?

Azure AD Premium 2

In which subscription is Identity Protection a feature?

Azure AD Premium P2

Which subscription is needed to use Entitlement Management?

Azure AD Premium P2

Which subscription is required for PIM?

Azure AD Premium P2

How does Federated authentication work?

Azure AD hands off the authentication process to a separate trusted authentication system, such as AD FS

What is required to use custom roles?

Azure AD premium P1 or P2

How can you monitor the data in Azure Sentinel?

Azure Monitor Workbooks

What is enable by the MDM Security Baseline?

BitLocker for removable drives, password to unlock a device, automatically disables basic authentication.

CIA (abbrev)

Confidentiality, Integrity, Availability

What is required for Advanced Auditing?

E5, or E3 with add-ons

What is Azure AD?

Microsoft's cloud-based identity and access management service

What does MAM stand for?

Mobile Application Management

TRUE/FALSE: Federation is always bi-directional

NO, only if that trust relationship is configured

Which subscriptions have Advanced eDiscovery?

Office 365 and Microsoft 365 E5

Which Azure subscription includes banned password lists?

Premium 1 or 2

What does SIEM stand for?

Security incident and event management

SSO (abbrev)

Single sign-on

What does Azure AD Multi-Factor Authentication require?

Something you 1) Know, 2) Have, 3) Are.

TRUE/FALSE: An NSG is made up of inbound and outbound security rules

TRUE

TRUE/FALSE: Azure Bastion is deployed per virtual network

TRUE

TRUE/FALSE: Azure Security Center protects non-Azure servers and virtual machines in the cloud or on premises by installing the Log Analytics agent

TRUE

TRUE/FALSE: You cannot remove default security rules

TRUE

TRUE/FALSE: the higher the score in Security Center, the lower the identified risk level

TRUE

What is Microsoft Cloud App Security (MCAS)?

a Cloud Access Security Broker (CASB)

Why is Windows Hello safer than a password?

a PIN is not transmitted nor stored on a server

What is Core eDiscovery ?

a basic tool that can be used to search and export content in M365

What is Azure Defender?

a built-in tool that provides threat protection for workloads running in Azure, on-premises, and other clouds.

What is Azure Key vault?

a centralized cloud service for storing your application secrets

What is Microsoft Intune?

a cloud-based service that focuses on MDM and MAM management

What are incidents

a collection of correlated alerts created when a suspicious event is found

What is a security playbook?

a collection of procedures that help automate and orchestrate your response than can be run manually or automatically when specific alerts are triggered.

What are assessments (in relation to Compliance Manager)?

a grouping of controls from a specific regulation, standard, or policy

What is a Dictionary Attack?

a hacker attempts to steal an identity by trying a large number of known passwords. Also known as brute force attacks

What is Directory in the context of a computer network?

a hierarchical structure that stores information about objects on the network.

What kind of approach to security does defense in depth take?

a layered approach

What is Azure Firewall?

a managed, cloud-based network security service that protects your Azure VNet resources from attackers

What does the compliance score card show?

a measure of the progress in completing recommended improvement actions within controls.

What does the Secure Score of M365 Defender indicate?

a measure of the security posture of the organization across your apps, devices, and entities

What does the Secure Score of Azure Security Center indicate?

a measure of the security posture of your Azure subscriptions

What is Cloud security posture management (CSPM)?

a new class of tools designed to improve your cloud security management

What is FIDO2 (Fast Identity Online)?

a passwordless authentication method that uses an external security key, and the user never has to enter a password.

User (identity in AAD)

a representation of employees and guests.

What are controls (in relation to Compliance Manager)?

a requirement of a regulation, standard, or policy.

What is Microsoft Azure Sentinel?

a scalable, cloud-native SIEM/SOAR solution that delivers intelligent security analytics and threat intelligence across the enterprise.

Service Principal (identity in AAD)

a security identity used by applications or services to access specific Azure resources.

What are Security defaults?

a set of basic identity security mechanisms recommended by Microsoft

What is Azure AD External Identities?

a set of capabilities that enable organizations to allow access to external users or partners with their own identities.

What is a policy initiative?

a set of multiple business rules

What is Office 365 Cloud App Security?

a subet of MCAS that provides visibility and control for Office 365

What is the context explorer?

a tool that gives insight into the content that has been summarized in the overview pane

What is SIEM?

a tool used to collect data from across the whole estate that does analysis, looks for correlations or anomalies, and generates alerts and incidents

What is a Worm?

a type of malware that can copy itself and often spreads through a network by exploiting security vulnerabilities.

What are Trojans?

a type of malware that can't spread on its own.

What is Ransomware?

a type of malware that encrypts files and folders, preventing access to important files to extort money.

What is Spear Phishing?

a variant on phishing that uses databases of information on users to create highly credible emails.

What does Azure Blueprints provide?

a way to define a repeatable set of Azure resources for deployment

What is Data Loss Prevention (DLP)?

a way to protect sensitive information and prevent it inadvertent disclosure.

What is CIA?

a way to think about security trade-offs

What does Federation enable?

access of services across organizational or domain boundaries by establishing trust relationships between respective identity providers.

What do Network security groups (NSGs) let you do?

allow or deny network traffic from and to Azure resources that exist in your Azure virtual network

What does the audit functionality do?

allow organizations to view user and administrator activity through a unified audit log

What does Conditional Access provide?

an additional layer of security before allowing authenticated users to access data or other assets

What is Windows Hello?

an authentication feature built into W10, replacing passwords with strong two-factor authentication of PCs and mobile devices.

What does advanced eDiscovery provide?

an end-to-end workflow to preserve, collect, review, analyze and export content that's relevant to internal and external investigations.

What is Microsoft 365 defender?

an enterprise defense suite that protects against sophisticated cyberattacks.

User-assigned (managed identities)

an identity assigned to one or more instances of an Azure service

System-assigned (managed identities)

an identity created in AAD tied to the lifecycle of that service instance.

What is B2C (Azure AD External Identities)?

an identity management solution for consumer/customer facing apps.

Managed Identity (identity in AAD)

an identity that is automatically managed by Azure, typically used to manage the credentials for authenticating a cloud application with AAD.

What is OATH (Open Authentication)?

an open standard that generates time-based one-time passwords (TOTP codes)

What is zero standing access?

any user who needs privileged access must request permissions for access, and will receive only the level of access they need just when they need it, and with just-enough access to perform the job at hand.

What is a Brute Force Attack?

attacks where many passwords are tried against one or more accounts, sometimes using dictionaries or commonly used passwords

What is a Password Spray Attack?

attempts to match a username against a list of weak passwords

What is changed with regard to bandwidth with the release of Advanced Auditing?

bandwidth according to tenant-level

What are Sensitive information types?

built-in information types based on patterns defined by a regex or function

How does Defender for Identity monitor and analyze user activities and information?

by creating a behavioral baseline for each user.

How can you automate some of your security operations with Azure Sentinel?

by creating automated workflows, or playbooks with Logic Apps

How can you override default security rules?

by creating new rules with higher priorities

How is threat protection integrated in Azure Sentinel?

by integrating Microsoft 365 Defender and Azure Defender

How does Azure policy evaluate compliance and standards?

by matching with business rules from a JSON file

How can you improve your secure score?

by remediating security recommendations from your recommendations list

Device (identity in AAD)

can be set up in AAD to determine properties such as who owns a device, manage its protection, and enable SSO.

Customer lockbox ensures that Microsoft....

can't access the content to perform a service operation without explicit approval.

How does Azure Defender on compare to Azure Defender off?

capabilities are extended to workloads running in private and other public clouds

What does Web Application Firewall provide?

centralized protection of your web applications from common exploits and vulnerabilities.

Whose responsible with PaaS?

cloud provider for hardware and OS, the customer for applications and data

What does the Solution catalog card (in Compliance Center) present?

collections of integrated solutions used to manage end-to-end compliance scenarios across three compliance solutions areas

What does the M365 Defender portal do?

combine protection, detection, investigation, and response to email, collaboration, identity, and device threats in a central portal

What does Communication Compliance help minimize?

communication risk by enabling to detect, capture, and take remediation for inappropriate messages.

What does Advanced Auditing help with?

conduct forensic and compliance investigations by increasing audit log retention to conduct and investigation.

What does Microsoft Intune allow you to do?

control how your organization's devices are used and configure specific policies to control applications

What do dynamic groups enable admins to do?

create attribute-based rules to determine membership

What does the Identity Provider do?

create, maintain and manage identity information while providing authentication, authorization and auditing services.

How do Custom roles differ from built-in roles?

custom roles can be assigned at the resource level and allow permissions to be added to a custom role definition.

Whit Advanced Auditing admins can create....

customized audit log retention policies

What is Data in Transit?

data moving from one location to another.

What is Data at Rest?

data that's stored on a physical device.

What does XDR do?

deliver intelligent, automated, and integrated security by helping to prevent, detect, and respond to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms

What is Azure Resource Manager?

deployment and management service for Azure

What do Azure Defender alerts do?

describe details of the affected resources, suggested remediation steps, and in some cases, an option to trigger a logic app in response.

Azure AD registered devices are...

devices that are typically owned personally, signed in with a personal Microsoft accounts or another local account

What does Microsoft Information Protection do?

discover, classify, and protect sensitive and business-critical content throughout its lifecycle

What is a guideline regarding security rules?

do not create two with the same priority and direction

What do Azure Sentinel's deep investigation tools help you do?

drill down into an entity and its connections on the interactive graph to get to the root cause of the threat

What does Microsoft Secure Score for Devices help with?

dynamically assess the security state of your enterprise network, identify unprotected systems and make recommended actions to improve overall security

What does Azure Disk Encryption help you with?

encrypt Windows and Linux IaaS VM disks, using BitLocker and dm-crypt of Linux

What do retention labels and policies do?

ensure content is kept only for a required time and then permanently deleted.

What does a device compliancy policy do?

establish the condition by which devices and users are allowed to access the corporate network and company resources.

What does Zero-Trust assume?

everything is on an open and untrusted network.

What does Azure Bastion protect against?

exposure of your RDP/SSH ports to the outside world

What does XDR stand for?

extended detection and response

Azure Defender is a ... .solution

extended detection and response (XDR)

What do you call setting up single sign-on between multiple identity providers?

federation

For how long does Advanced Auditing retain audit records?

for one year

When is passwordless authentication particularly applicate?

for shared PCs and where mobile phones aren't viable options

What does Privileged Access Management allow?

granular access control over privileged admin tasks in Microsoft 365

Disadvantage of hashed passwords

hackers can use brute-force dictionary attacks by hashing passwords.

What does Record Management in M365 do?

help look after legal obligations and demonstrate compliance with regulations.

What does Azure DDoS Protection do?

help protect your applications and servers by analyzing network traffic and discarding anything that looks like a DDoS attack.

What is meant by an identity when talking about identity as the new security parameter?

how someone or something can be verified and authenticated to be who they say they are.

What is endpoint data loss prevention?

how the protection and activity monitoring capabilities of DLP for sensitive content can be extended to Windows 10 devices

What does biometric sign-in use?

human characteristics

What characterized the cloud-only model?

identities are created and wholly managed in Azure AD

What characterizes a hybrid model?

identities are created in Windows AD or another identity provider and then synchronized to Azure AD

What does Microsoft Identity Manager do?

import records from on-premises HR systems

How is Azure DDoS priced?

includes protection for 100 resources, additional resources being charged on a monthly per-resource basis

What do Azure AD terms of use allow for?

information to be presented to users before they access data or an application to ensure they read relevant disclaimers for legal or compliance requirements.

What does the Service Trust Portal provide?

information, tools, and other resources about Microsoft security, privacy, and compliance practices.

How does CSPM help you?

it assesses your systems and automatically alerts security staff when a vulnerability is found.

How does Azure AD Password Protection work?

it detects, blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization

How does Hashing differ from Encryption?

it doesn't use keys, and hashed values aren't decrypted back to the original.

What sets Windows Hello for Business apart from the regular service?

it is configured by Group Policy or MDM policy and PIN or biometric is backed by key-based or certificate-based authentication

How does Asymmetric encryption work?

it uses a public key and private key pair for encryption and decryption. A paired key is required to decrypt data.

What does Hashing do?

it uses an algorithm to convert the original text to a unique fixed-length hash value.

How does Symmetric encryption work?

it uses the same key to encrypt and decrypt data

How does Microsoft Defender for Identity work?

it uses your on-premises AD data (signals) to identity, detect, and investigate advanced threats, compromised identities and malicious insider actions

What is integrity? (in relation to CIA)

keeping your data correct, so not altered or tampered with

What is a global banned password list?

known weak passwords automatically updated and enforced by Microsoft.

What is a custom banned password list?

lists to support specific business security needs created by admins.

What does encryption o?

make data unreadable and unusable to unauthorized viewers.

What is availability? (in relation to CIA)

making data available to those who need it

What is Malware ?

malicious applications and code that can damage and disrupt normal use of devices

What does Defender for Office 365 safeguard against?

malicious threats posed by email messages, links, and collaboration tools

What does the Compliance Manager feature help with?

manage an organization's compliance requirements with greater ease and convenience

What does PIM enable you to do?

manage, control and monitor access to important resources in your organization.

What does Insider Risk Management help you with?

minimize internal risks by enabling an organization to detect, investigate, and act on risky and malicious activities

What does Azure AD Privileged Identity Management do?

minimize the number of people who have access to resources across Azure AD, Azure, and other Microsoft online services.

Which incidents can be managed in Microsoft 365 Defender?

on devices, user accounts and mailboxes

Where does Windows Hello save PIN and biometric data?

on the local device

Which two modes of Security Center are offered?

on/off

How many NSGs can be associated to a virtual network subnet and network interface in a VM?

one

Hybrid AAD joined devices are ...

owned by an organization and are signed in with an Active Directory Domain Services account... exist in the cloud and on-premises.

Azure AD joined devices are...

owned by an organization and signed in with an organization AAD account

What does Password Protection help defend you against?

password spray attacks

How does Pass-through authentication (PTA) work?

password validation is done using a software agent that runs on one or more on-premises servers

Whose responsible with IaaS?

physical components or physical security the cloud provider, software components the customer

What are information barriers?

policies that prevent individuals or groups from communicating with each other.

What does the Azure Security Benchmark (ABS) provide?

prespective best practices and recommendations to help improve the security of workloads, data, and services on Azure.

What does DLP in MS Teams do?

prevent users from sharing sensitive information in a Teams chat sessions or channel, whether it's in a message of file.

What does Microsoft Defender for Endpoint do?

prevent, detect, investigate, and respond to advanced threats.

What does Compliance score measure?

progress in completing recommended improvement actions within controls

What does Transparent data encryption (TDE) help with?

protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity, performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest.

What is Activity explorer?

provides visibility into what content has been discovered and labeled and where that content is.

What does Password Protection do?

reduce the risk of users setting weak passwords

How to allow an application to delegate its identity and access functions to Azure AD

register the application with Azure AD.

What do NSGs consist of?

rules that define how traffic is filtered

How to mitigate hacker risk with hashed passwords

salting passwords; adding a fixed-length random value to the input of hash functions to create unique hashes.

What does the Content Search eDiscovery tool enable?

search for in=-place items such as email, documents, and instant messaging conversations in your organization.

What is Hunting in Azure Sentinel?

search-and-query tools based of MITRE framework to hunt proactively for security threats across your organization's data sources before an alert is triggered.

What does Azure Bastion provide?

secure and seamless RDP/SSH connectivity to your VMs directly from the Azure Portal using TLS

What does SOAR stand for?

security orchestration automated response

What do benchmarks contain (Azure Security)?

security recommendations for a specific technology, categorized by the control to which they belong

What is passwordless authentication based on?

something you are

What are Exploits?

take advantage of vulnerabilities in software

What does SOAR do?

takes alerts from many sources and triggers action-driven automated workflows and processes to run security tasks that mitigate the issue

Whose responsible with SaaS?

the cloud provider is responsible for everything except data, devices, accounts, and identities.

What is Current score (Azure Secure Score)?

the current score for a control

Whose responsible in an on-premises datacenter?

the customer

What group membership is required to access the content search page to run searches and preview and export results?

the eDiscovery Manager role group

What do Sensitivity Labels enable?

the labeling and protection of content

What does Entitlement management enable?

the management of the identity and access lifecycle at scale by automating access request workflows, access assignments, reviews, and expiration.

What is Max score (Azure Secure Score)?

the maximum number of points you can gain by completing all recommendations within a control.

What is confidentialty? (in relation to CIA)

the need to keep sensitive data confidential

What is Azure Active Directory?

the next evolution of identity and access management by providing organizations with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises.

What is Sign-in Risk?

the probability that a given authentication request isn't authorized by the identity owner

What is User Risk?

the probability that a given identity or account is compromised

What is user risk?

the probability that the user identity has been compromised

What is the Access Lifecycle?

the process of managing access throughout the user's organizational life

What is Potential increase (Azure Secure Score)?

the remaining points available to you within the control

What is at the center of "Modern Authentication"?

the role of the identity provider

What does "Modern Authentication" mean?

the umbrella term of authentication and authorization between a client and a server.

How are Sensitivity Labels provided to users?

they are published through label policies

How do Trainable classifiers work ?

they enable AI and machine-learning driven data classification

How can Access reviews be created?

through 1) Azure AD access reviews, 2) Azure AD PIM.

How does Intune enforce conditional access?

through integration with Azure AD

How can Intune be used for a Mobile Threat Defense solution?

through integration with Microsoft Defender for Endpoint

How is Conditional Access implemented?

through policies

How does Defender for Identity reduce organizational attack surface?

through security reports and user profile analytics

How can organizations automate the access lifecycle?

through technologies such as dynamic groups

What do Azure AD access reviews enable?

to efficiently manage group memberships, access to enterprise applications, and role assignment.

What is MCAS used for?

to gain visibility into Shadow IT by discovering the cloud apps being used, and controlling and protecting data in the apps after you sanction them to the service.

What can eDiscovery be used for?

to identify, hold, and export content found in mailboxes and sites.

What is the aim of a DDoS attack?

to overwhelm the resources on your applications and servers, making them unresponsive or slow for genuine users.

What can Resource Locks be used for?

to prevent resources from being accidentally deleted or changed.

What is MAM used for?

to protect corporate data at the application level on personal devices.

What does Azure Storage Service Encryption help with?

to protect data at rest by automatically encrypting before persisting it to Azure-managed disks

What does B2B collaboration allow?

to share your apps and resources with external users

What are Identity Attacks designed for?

to steal the credentials used to validate and authenticate that someone or something is who they claim to be; identity theft.

What is Hashing used for?

to store passwords.

What is the best approach for deploying Azure Firewall?

to use it on a centralized VNet

How does Password hash synchronization work?

users can use the same username and password they use on-premises without any additional infrastructure being needed

What is SSO?

users log in once and that credential is used to access multiple applications or resources.

Who can access the Endpoint security node of MEM?

users with permissions equal to Endpoint Security Manager

How can guest users be included in Azure AD?

using Azure AD B2B collaboration, a feature in External Identities

What is a Phishing Attack?

when a hacker sends an email that instructs a user to sign in and change their password on an illegitimate website to capture their identity and password.

When can we talk of managed authentication?

when authentication is done by Azure AD

When can we talk about federated authentication?

when authentication is redirected by Azure AD to another identity provider

What is a Data breach ?

when data is stolen through, e.g., phishing, spear phishing, tech support scams, SQL injection, and malware.

What does the shared responsibility model identify?

which security tasks are handled by the cloud provider, and which by the customer.

How is synchronization managed in a hybrid model?

with Azure AD Connect

How can Azure AD be integrated with cloud-based HR systems?

with Azure AD Premium

How can Web Application Firewall be deployed?

with Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network

How are you notified when anything suspicious occurs in Azure Sentinel?

with analytics alerts

How do you have your data ingested into Azure Sentinel?

with data connectors

When can changes to access not be automatically applied (Access reviews) ?

with dynamic groups or a group that originates on-premises