SC-900 Study Guide

Ace your homework & exams now with Quizwiz!

Advanced Auditing

1-year retention for Exchange, SharePoint and Azure AD audit records by default. Supports export to CSV file. Provides access to audit records for high-value, crucial events, used in forensic and compliance investigations.

Default Audit retention period for M365 E3 subscription

90 days, via Basic Audit as the default.

Microsoft Intune

A cloud-based management solution that allows you to manage devices using Mobile device Management (MDM) and Mobile Application management (MAM).

Azure Application Gateway

A web traffic load balancer that enables you to manage traffic to your web applications

Azure Graph API

Azure AD roles control access to Azure AD resources such as users, groups, and applications using this API.

Security Administrator, Exchange Administrator, Global Administrator, SharePoint Administrator

Azure AD roles that give you read and write access to Microsoft Secure Score.

Access Review

Azure Identity Governance feature that makes recommendations as to the need for continued access.

Security incident and event management (SIEM)

Consolidates data from an orgs IT environment, conducts real-time monitoring, establishes correlation between events, and generates security alerts and notifications.

Microsoft Privacy Principles on customer data

Control Transparency Security Strong Legal Protections No Content-based targeting benefits to the customer

Extended Detection and Response (XDR)

Designed to deliver enhanced security detection and response capabilities across an orgs domain.

Hybrid Azure AD joined devices

Devices in a hybrid environment with synced Active Directory Domain Services (AD DS) and Azure AD identities. Limited to devices owned by the org and running Win 7 or later,

Privileged Access Management

Enables granular access control over privileged admin tasks in O365. Helps replace constant admin access privileges with just-in-time elevated access permissions.

Azure AD Password Protection

Helps prevent the use of weak and easily guessed passwords. Enables custom banned passwords.

Privileged Access Management (PAM)

Helps restrict privileged access in on-premises AD environment.

Identity

How someone or something can be authenticated to prove that they are who they say they are. This is considered the primary security perimeter in modern hybrid network environment.

Report categories of M365 Security Center

Identities Data Devices Apps

Defense in Depth

Layered approach to providing security including: Physical security Identity and access Perimeter controls Network Segmentation and controls Application security Data security

Azure Firewall

Managed service that protects resources deployed in your Azure VNet. Integration with MTI enables filtering to alert and deny traffic that is organized from or destined to know malicious IP addresses and web domains.

Azure Blueprints

Orchestrate deployment of various resources and preserve a relationship between what should be deployed & what is deployed, supporting tracking and auditing of deployments.

Azure Bastion

Paas Service provides secure RDP/SSH connectivity through the Azure Portal, without exposing RDP/SSH ports to the internet. Secured over the internet using Transport Layer Security (TLS).

Microsoft Cloud App Security (MCAS)

Process of identifying cloud apps, IaaS and PaaS services not authorized by organizations IT department (Shadow IT).

eDiscovery

Process of identifying, holding, and exporting electronic content to support your organization's internal or external investigations. Part of M365.

Microsoft Defender for Identity

Protects on-premises AD users as well as AD users synced to Azure AD. Able to detect advanced threats and protect user identities and credentials. can detect on-prem attacks on AD federation services

Data Loss Prevention (DLP)

Protects sensitive data and minimizes the risk of inappropriate sharing with others. Part of M365, implement through DLP policies.

Federated Services

Provide access across orgs or domain boundaries. Identity provider provides authentication services and passes authentication credentials to other organizations or domains. requires one-way trust. Can use 3rd party sites as identity providers.

Privileged Identity Management (PIM)

Provides time-based privileges access to resources in Azure AD, Microsoft Intune, M365, and other Microsoft cloud services.

Azure Security Center (ASC)

Provides unified security management and advanced threat protection across hybrid cloud and on-premises workloads.

Security orchestration automated response (SOAR)

Receives input from an orgs security monitoring systems to define and drive specific response activities.

Azure Sentinel

SOAR system that takes alerts from many SIEM sources then triggers action-driven automated workflows and processes to run security tasks that mitigate the issue.

Microsoft Defender for Office 365 tools that require Office 365 Plan 2

Threat Trackers, Attack Simulator, Threat Explorer, Automated investigation & response (AIR)

Records Management

Tracks the usage of certain documents and emails and ensures that these documents and emails are not deleted until they are no longer required.

Information Barriers

Used to define and apply information barrier policies to prevent unauthorized communication & collaboration between certain user groups via Teams, SharePoint Online, and OneDrive to avoid conflict of interest.

Insider Risk Management

Used to minimize internal risk through detection, investigation, & mitigation of intentional and unintentional breaches of your orgs. insider policies. Helps minimize/avoid risks of sensitive data leaks, intellectual property theft, insider trading, & fraud.

Azure AD joined devices

Win 10 and virtual machines running Windows Server 19 that users can sign in to with Azure AD or synced AD work or school accounts only.

DLP Policies

allow you to identify, monitor, and protect sensitive data across your cloud and on-premises solutions.

eDiscovery Export Tool

allows you to download the search results of an eDiscovery content search. limited to 100,000 mailboxes per download.

Protocol DDoS Attack

attack designed to overwhelm a target server and make it inaccessible by flooding it with SYN packets.

Volumetric DDoS Attack

attack floods the network with high levels of seemingly legitimate traffic, such as UDP packets, that target random ports.

Resource (application) layer DDoS Attack

attack uses HTTP protocol violations to target web app packet and disrupt data transmissions between hosts.

Basic Auditing

audit records retained for 90 days. Supports export to CSV file.

Azure Arc

deployed to extend Azure Defender capabilities to hybrid environment, including 3rd party cloud environments like AWS. enabled servers become Azure resources and can therefore be monitored and protected by the Azure Defender service.

Privileged access management (PAM)

designed to provide just-in-time and just-enough access defined and scoped at the task level.

eDiscovery hold

feature of Core eDiscovery placing M365 resources/containers on hold indefinitely until removed or deleted.

Azure Policies

help enforce standards and assess compliance of Azure resources across your organization.

Password Hash Synchronization (PHS)

hybrid identity sing-in method that syncs a hash of the end user's password to Azure AD. enables user authentication directly in Azure AD without the involvement of on-premises components.

System assigned managed identity

identity that acts as a service principal, is linked to an azure resource, and is automatically deleted when the resource is deleted.

Microsoft Secure Score

in M365 security center, centralized dashboard that gives you a view of your company's security posture.

Azure AD registered devices

include win 10 and mobile devices, typically personal devices, use a personal Microsoft account or other account to sign in. Enables a company to use tools like Microsoft Intune to ensure standards for security and compliance on the devices.

Attack Simulator

lets you identify vulnerabilities by running realistic attack scenarios.

Sensitivity Labels

part of Microsoft Information Protection (MIP) solution that lets you classify and protect your data. Each item can only have one of these, and they can be configured in a label policy. Can include multiple of these in a single label policy.

Microsoft Endpoint Manager admin center

portal to define and deploy policies for Android, iOS, and Windows devices.

Zero Trust Methodology

principle of verify explicitly, least privileged access, and assume breach.

Threat Trackers

provide most recent info on cybersecurity issues.

Network Map

provided with Azure Security Center as a way to continuously monitor your network security status including network topology, node connections, and node configuration.

Microsoft 365 Defender

provides XDR capabilities for identities, endpoints, cloud apps, email, and documents. Includes self-healing technology that automates remediation activities more than 70% of the time.

Hybrid Identity

provides a common user identity for authentication and authorization to all resources, irrespective of their location (on-prem or cloud-based).

ExpressRoute

provides a way to create and maintain secure connections between Microsoft datacenters and your on-premises infrastructure. Connections do not go over public internet.

Activity Explorer

provides detailed historical view of what is being done with sensitivity label activities, retention label activities, Azure Information Protection activity, and Data Loss Prevention policy matches events.

Azure AD Connect

provides identity synchronization between on-premises AD and Azure AD in a hybrid network environment.

Azure Security Benchmark (ASB)

provides recommendations for best practices and recommendations developed by Microsoft's cybersecurity group and Center for Internet Security (CIS) to help improve the security of data, services, and workloads.

Multifactor Authentication (MFA)

requires more than one for of verification, improving security of an identity.

eDiscovery Content Search

search for or delete content in unlimited number of Exchange mailboxes and SharePoint sites.

Azure Monitor

security tool designed to collect, analyze, and act on telemetry from your cloud and on-premises environments. Info collected used to help you determine how well your apps are performing and proactively identify potential issues.

Azure Defender

security tool that supports security alerts and advanced threat protection for cloud-based and on-premises networks, data, servers, and other resources.

Pass-through Authentication (PTA)

sign-in method that enables hybrid identity, requires installation of a lightweight on-premises agent that reacts to sign-in requests in the cloud and validates username/password against on-premises AD.

Authorization

the process of granting an identity the permission to do something.

Authentication

the process through which you prove who you say you are.

Encryption

the secure encoding of data used to protect data confidentiality.

Microsoft Defender for Endpoint & Microsoft Defender for Office 365

two services who's information is consolidated in Microsoft 365 security center

Windows Hello for Business

use a PIN or biometric data that is tied to a device to authenticate users and does not transmit data to an external server.

Azure Network Security Group (NSG)

used to filter traffic to or from Azure resources in your VNet.

Customer Lockbox

used to provide access to customer data when Microsoft engineers are needed to help troubleshoot and fix reported issues. Prevents access to user data without explicit approval.

Azure Disk Encryption for Windows VMs

uses Windows Bitlocker feature for volume encryption of Azure VMs. Requires Azure key vault for key storage.

Conditional Access

uses signals from the user and their device to control access to your org's resources.


Related study sets

Post-class Multiple Choice Chp. 4

View Set

IP Subnetting, Troubleshooting IP- Chapter 8

View Set

TeXes Social Studies 4-8 (118) Prep

View Set

Dosage Calculation, Nutrition, Medication Administration

View Set