Describe Identity, Governance, Privacy, and Compliance Features

Question 1

______________ is the process of establishing the identity of a person or service that wants to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control. It establishes whether the user is who they say they are.

Answer 1

Authentication

Question 2

______________ is the process of establishing what level of access an authenticated person or service has. It specifies what data they’re allowed to access and what they can do with it.

Answer 2

authorization

Question 3

Compare Authentication and Authorization

Answer 3

Question 4

True or false: Once authenticated, access rules define what kinds of applications, resources, and data that user can access.

Answer 4

False. Once authenticated, authorization defines what kinds of applications, resources, and data that user can access.

Question 5

For on-premises environments, Active Directory running on Windows Server provides an identity and access management service that’s managed by your own organization. __________ is Microsoft’s cloud-based identity and access management service.

Answer 5

Azure AD

Question 6

_____________ is Azure’s cloud-based identity and access management service.

Answer 6

Azure Active Directory

Question 7

True or false: When you secure identities on-premises with Active Directory, Microsoft doesn’t monitor sign-in attempts. In contrast when you connect Active Directory with Azure AD, Microsoft can help protect you by detecting suspicious sign-in attempts at no extra cost.

Answer 7

True

Question 8

True or false: With Azure AD, Microsoft controls the identity accounts and ensures that the service is available globally.

Answer 8

False. With Azure AD, you control the identity accounts, but Microsoft ensures that the service is available globally.

Question 9

True or false: Azure Active Directory cannot be used for your on premise needs.

Answer 9

False.

Question 10

What service provides identify and access management for all of the following in Azure?

• Authentication
• Single Sign On
• Application management
• Business to Business
• Business to Customer
• Device management

Answer 10

Azure Active Directory

Question 11

IT Administrators can use ______ to control access to applications and resources based on their business requirements.

Answer 11

Azure AD

Question 12

Developers can use ____________ to provide a standards-based approach for adding functionality to applications that they build, such as adding SSO functionality to an app or enabling an app to work with a user’s existing credentials.

Answer 12

Azure AD

Question 13

True or false: Self-service password reset for Azure users to change or reset their password with no involvement from an IT administrator or help desk is not available through Azure AD.

Answer 13

False. self-service password reset enables users to change or reset their password with no involvement from an IT administrator or help desk.

Question 14

Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM Online subscribers are already using Azure AD using _______, which is a representation of an organization and is typically separated from other organizations and has its own identity.

Answer 14

tenant

Question 15

True or false: Your Microsoft 365, Office 365, Azure, and Dynamics CRM Online will need special set up and is not automatically an Azure AD tenant.

Answer 15

False. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant s automatically an Azure AD tenant.

Question 16

What feature in Azure Active Directory enables an IT administrator to be managed through tools like Microsoft Intune. It also allows for device-based Conditional Access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.

Answer 16

Device management

Question 17

True or false: Azure AD helps users access both external and internal resources.

Answer 17

True. External resources might include Microsoft Office 365, the Azure portal, and thousands of other software as a service (SaaS) applications.

Internal resources might include apps on your corporate network and intranet, along with any cloud applications developed within your organization.

Question 18

______________ enables a user to sign in one time and use that credential to access multiple resources and applications from different providers.

Answer 18

Single sign-on

Question 19

True or false. Azure implements strict controls and doesn’t support connecting Active Directory with Azure AD.

Answer 19

False. Connecting Active Directory with Azure AD enables you to provide a consistent identity experience to your users.

Question 20

____________ synchronizes user identities between on-premises Active Directory and Azure AD. With this, you can synchronize changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems.

Answer 20

Azure AD Connect

Question 21

What would you use to prevent users from using known compromised passwords?

Answer 21

Self-service password reset

Question 22

What technique can IT Administrators use to create a consistent access model across its organization? Doing so greatly simplifies its ability to sign in to different applications, manage changes to user identities and control, and monitor and block unusual access attempts.

Answer 22

integrates its existing Active Directory instance with Azure AD

Question 23

What would you use if you wanted to allow your employees to use their own mobile devices to access your applications?

Answer 23

Multifactor Authentication and Conditional Access

Question 24

________________ is a process where a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

Answer 24

Multifactor authentication

Question 25

Multifactor authentication provides additional security for your identities by requiring two or more elements to fully authenticate. What are those 3 categories?

Answer 25

• Something the user knows: This might be an email address and password.
• Something the user has: This might be a code that’s sent to the user’s mobile phone.
• Something the user is: This is typically some sort of biometric property, such as a fingerprint or face scan that’s used on many mobile devices.

Question 26

True or false: The full feature set of Azure AD Multi-Factor Authentication is provided for free in Azure.

Answer 26

False. It’s an extra cost add on. Azure Active Directory Premium (P1 or P2 licenses) allows for comprehensive and granular configuration of Azure AD Multi-Factor Authentication through Conditional Access policies (explained shortly).

Question 27

True or false: Multifactor authentication increases identity security by limiting the impact of credential exposure (for example, stolen usernames and passwords). With multifactor authentication enabled, an attacker who has a user’s password would also need to have possession of their phone or their fingerprint to fully authenticate.

Answer 27

True

Question 28

__________________ enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.

Answer 28

Azure AD Multi-Factor Authentication

Question 29

_______________ is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from, which ultimately are used to make decisions and enforce organizational policies.

Answer 29

Conditional Access

Question 30

What could be used if you wanted allow a user to not be challenged for second authentication factor if they’re at a known location? However, they might be challenged for a second authentication factor if their sign-in signals are unusual or they’re at an unexpected location thus providing a more granular multifactor authentication experience for users.

Answer 30

Conditional Access

Question 31

Identify 4 situations where Conditional Access is useful.

Answer 31

• Require multifactor authentication to access an application.
• Require access to services only through approved client applications.
• Require users to access your application only from managed devices.
• Block access from untrusted sources, such as access from unknown or unexpected locations.

Question 32

A ____________ is a device that meets your standards for security and compliance.

Answer 32

managed device

Question 33

True or false: To use Conditional Access, you need an Azure AD Premium P1 or P2 license. If you have a Microsoft 365 Business Premium license, you also have access to Conditional Access features.

Answer 33

True

Question 34

________________ establishes the user’s identity.

Answer 34

• Authentication (AuthN)

Question 35

___________ establishes the level of access that an authenticated user has.

Answer 35

• Authorization (AuthZ)

Question 36

_____________ enables a user to sign in one time and use that credential to access multiple resources and applications.

Answer 36

• Single sign-on (SSO)

Question 37

______________ is a cloud-based identity and access management service enabling an organization to control access to apps and resources based on its business requirements.

Answer 37

• Azure Active Directory (Azure AD)

Question 38

_______________ provides additional security for identities by requiring two or more elements to fully authenticate using something the user knows, something the user has, and something the user is.

Answer 38

• Azure AD Multi-Factor Authentication

Question 39

___________ is a tool that Azure AD uses to allow or deny access to resources based on identity signals such as the user’s location.

Answer 39

Conditional Access

Question 40

How can the IT department ensure that employees at the company’s retail stores can access company applications only from approved tablet devices?

• SSO
• Conditional Access
• Multifactor authentication

Answer 40

Conditional Access

Conditional Access enables you to require users to access your applications only from approved, or managed, devices.

Question 41

How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?

• SSO
• Conditional Access
• Multifactor authentication

Answer 41

Multifactor authentication

Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is.

Question 42

How can the IT department reduce the number of times users must authenticate to access multiple applications?

• SSO
• Conditional Access
• Multifactor authentication

Answer 42

SSO

SSO enables a user to remember only one ID and one password to access multiple applications.

Question 43

The term __________ describes the general process of establishing rules and policies and ensuring that those rules and policies are enforced.

Answer 43

governance

Question 44

True or false: Governance is most beneficial when you have:

• Multiple engineering teams working in Azure.
• Multiple subscriptions to manage.
• Regulatory requirements that must be enforced.
• Standards that must be followed for all cloud resources.

Answer 44

True

Question 45

True or false: When running in the cloud, a good governance strategy helps you maintain control over the applications and resources that you manage in the cloud. Maintaining control over your environment ensures that you stay compliant with Industry standards, like PCI DSS and Corporate or organizational standards, such as ensuring that network data is encrypted.

Answer 45

True

Question 46

With the concept of role based access control, what level of privilege is best to assign?

Answer 46

only grant lowest level of privilege required for the role

Question 47

What access method provides for the following?

• Fine grained access management
• Segregate duties within the team and grant only the amount of access to users that they need to perform their jobs
• Enables access to the Azure Portal and controlling access to resources

Answer 47

Role based access control (RBAC)

Question 48

True or false: Role based access controls are a premium feature requiring additional costs for your subscription.

Answer 48

False. It’s included in all subscriptions.

Question 49

Role-based access control is applied to a _________, which is a resource or set of resources that this access applies to.

Answer 49

scope

Question 50

True or false: Scopes include:

• A management group (a collection of multiple subscriptions).
• A single subscription.
• A resource group.
• A single resource.

Answer 50

True

Question 51

True or false: When you grant access at a parent scope, those permissions are not inherited by the child scopes requiring you to assign the same permissions for the additional scopes..

Answer 51

False. When you grant access at a parent scope, those permissions are inherited by all child scopes.

Question 52

What access control should you use to Allow one user to manage VMs in a subscription and another user to manage virtual networks?

Answer 52

Role based access control

Question 53

True or false: RBAC is not a good option to allow a database administrator group to manage SQL databases in a subscription.

Answer 53

False

Question 54

What access control should you use when you need to allow an application to access all resources in a resource group?

Answer 54

Role based access control

Question 55

____________ is a management service that provides a way to organize and secure your cloud resources.

Answer 55

Azure Resource Manager

Question 56

Azure RBAC is enforced on any action that’s initiated against an Azure resource that passes through ____________.

Answer 56

Azure Resource Manager

Question 57

True or false: Azure RBAC doesn’t enforce access permissions at the application or data level. Application security must be handled by your application.

Answer 57

True

Question 58

True or false: RBAC uses an allow model. When you’re assigned a role, RBAC allows you to perform certain actions, such as read, write, or delete.

Answer 58

True

Question 59

True or false: If one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, the first one assigned on that resource group will always take precedence.

Answer 59

False. If one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, you have both read and write permissions on that resource group.

Question 60

True or false: You can apply Azure RBAC to an individual person or to a group. You can also apply Azure RBAC to other special identity types, such as service principals and managed identities. These identity types are used by applications and services to automate access to Azure resources.

Answer 60

True

Question 61

A ___________ prevents resources from being accidentally deleted or changed, which can be thought of as a warning system that reminds you that a resource should not be deleted or changed.

Answer 61

resource lock

Question 62

True or false: With Azure role-based access control (Azure RBAC) policies in place, there’s no risk that people with the right level of access could delete critical cloud resources.

Answer 62

False. Even with Azure role-based access control (Azure RBAC) policies in place, there’s still a risk that people with the right level of access could delete critical cloud resources. Therefore, resource locks should be used.

Question 63

True or false: Manage resource locks at subscription, resource group, or individual resource levels.

Answer 63

True. You can manage resource locks from the Azure portal, PowerShell, the Azure CLI, or from an Azure Resource Manager template.

Question 64

What are the 2 levels of resource locks available?

Answer 64

What levels of locking are available?

You can apply locks to a subscription, a resource group, or an individual resource. You can set the lock level to CanNotDelete or ReadOnly.

• CanNotDelete means authorized people can still read and modify a resource, but they can’t delete the resource without first removing the lock.
• ReadOnly means authorized people can read a resource, but they can’t delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.

Question 65

True or false: Once you set a lock, it can only be undone by opening a case with Microsoft to rollback.

Answer 65

False. To modify a locked resource, you must first remove the lock. After you remove the lock, you can apply any action you have permissions to perform. This additional step allows the action to be taken, but it helps protect your administrators from doing something they might not have intended to do.

Question 66

True or false: Resource locks apply regardless of RBAC permissions. Even if you’re an owner of the resource, you must still remove the lock before you can perform the blocked activity.

Answer 66

True

Question 67

___________ enables you to define the set of standard Azure resources that your organization requires.

Answer 67

Azure Blueprints

Question 68

What would you set up to replace a resource lock should it be accidentally removed?

Answer 68

You can combine resource locks with Azure Blueprints by defining a blueprint that specifies a certain resource lock must exist where the Azure Blueprints would automatically replace the resource lock if that lock is removed.

Question 69

Describe how you could use a resource locks help prevent accidental deletion of a storage account?

Answer 69

To do so, you create a resource group from the Azure portal. Think of a resource group as a container for related Azure resources. Then you add a lock to your resource group and verify that you can’t delete the resource group. You then add a storage account to your resource group which allows the lock from the parent resource group to prevent the storage account from being deleted. A storage account is a container that groups a set of Azure Storage services together.

Question 70

If you need a way to mark test environments so that those can easily be identified and deleted when they’re no longer needed, what would be a good way through metadata to accomplish this?

Answer 70

Tags

Question 71

What resource organization technique:

• Provides metadata for your Azure resources.
• Logically organizes resource into a taxonomy.
• Consist of a name-value pair.
• Very useful for rolling up billing information.

Answer 71

tags

Question 72

True or false: Tags have a parent / child relationship.

Answer 72

False. You can apply tags to a resource group, but those tags aren’t automatically applied to the resources within that resource group. However, you can use Azure Policy to ensure that a resource inherits the same tags as its parent resource group.

Question 73

True or false: You can also use Azure Policy to enforce tagging rules and conventions. For example, you can require that certain tags be added to new resources as they’re provisioned. You can also define rules that reapply tags that have been removed.

Answer 73

True

Question 74

True or false: You need to enforce that a specific tag is present is on all of your resources. For example, you might decide that only mission-critical resources have the Impact tag. You wouldn’t know that all other resources would then not be considered as mission-critical without a specific tag for that.

Answer 74

False. Keep in mind that you don’t need to enforce that a specific tag is present on all of your resources. For example, you might decide that only mission-critical resources have the Impact tag. All non-tagged resources would then not be considered as mission-critical.

Question 75

__________ is a service in Azure that enables you to create, assign, and manage rules that control or audit your resources. This enforces different rules across all of your resource configurations so that those configurations stay compliant with corporate standards. It can help you ensure that your resources stay compliant and, can alert youif a resource’s configuration has changed.

Answer 75

Azure Policy

Question 76

__________ helps to enforce organizational standards and to assess compliance at-scale. This helps provide governance and resource consistency with regulatory compliance, security, cost, and management.

Answer 76

Azure Policy

Question 77

True or false: Azure Policy comes with built-in policy and initiative definitions for Storage, Networking, Compute, Security Center, and Monitoring. For example, if you define a policy that allows only a certain SKU (stock-keeping unit) size for the virtual machines (VMs) to be used in your environment, that policy is invoked when you create a new VM and whenever you resize existing VMs.

Answer 77

True. This is a good option when you want to prevent selecting high cost VMs or ensure deployment to a certain region.

Question 78

True or false: Azure Policy also evaluates and monitors all current VMs in your environment.

Answer 78

True

Question 79

Azure Policy enables you to define both individual policies and groups of related policies, known as ___________.

Answer 79

initiatives

Question 80

___________ also integrates with Azure DevOps by applying any continuous integration and delivery pipeline policies that pertain to the pre-deployment and post-deployment phases of your applications.

Answer 80

Azure Policy

Question 81

An Azure Policy ________ is a way of grouping related policies together that contains all of the policy definitions to help track your compliance state for a larger goal.

Answer 81

Initiative

Question 82

True or false: Azure Policy also includes initiatives that support regulatory compliance standards.

Answer 82

True

Question 83

Instead of having to configure features like Azure Policy for each new subscription, with _________ you can define a repeatable set of governance tools and standard Azure resources that your organization requires.

Answer 83

Azure Blueprints

Question 84

__________ makes it possible for development teams can rapidly build and deploy new environments with the knowledge that they’re building within organizational compliance with a set of built-in components that speed the development and deployment phases.

Answer 84

Azure Blueprints

Question 85

What would you use if you wanted to orchestrate the deployment of various resource templates and other artifacts, such as:

• Role assignments
• Policy assignments
• Azure Resource Manager templates
• Resource groups

Answer 85

Azure Blueprints

Question 86

True or false: With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.

Answer 86

True

Question 87

True or false: You must keep an offline record of the changes you make to your Azure Blueprints.

Answer 87

False. Blueprints are also versioned. Versioning enables you to track and comment on changes to your blueprint.

Question 88

Why are Azure Blueprints considered a good practice with it comes to auditing?

Answer 88

With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.

Question 89

Name 4 uses of Azure Blueprints to orchestrate the deployment of various resource templates and other artifacts,

Answer 89

• Role assignments
• Policy assignments
• Azure Resource Manager templates
• Resource groups

Question 90

Each component in the blueprint definition is known as an ___________.

Answer 90

artifact

Question 91

The _____________ provides you with proven guidance to help with your cloud adoption journey. It helps you create and implement the business and technology strategies needed to succeed in the cloud. It’s a good place to start for first time cloud deployments.

Answer 91

Cloud Adoption Framework for Azure

Question 92

True or false: The Cloud Adoption Framework for Azure is consider The One Microsoft approach to cloud adoption in Azure.

Answer 92

True

Question 93

The _______________ include best practices from employees, partners, and customers providing tools, guidance, and narratives for strategies and outcomes.

Answer 93

The Cloud Adoption Framework for Azure

Question 94

Define The Cloud Adoption Framework includes 5 stages.

Answer 94

1. Define your strategy.
2. Make a plan.
3. Ready your organization.
4. Adopt the cloud.
5. Govern and manage your cloud environments.

Question 95

What are the three main aspects to consider when you create and manage subscriptions?

Answer 95

billing, access control, and subscription limits.

Question 96

Consider the attached, how can Tailwind Traders allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?

• Create a role assignment through Azure role-based access control (Azure RBAC).
• Create a policy in Azure Policy that audits resource usage.
• Split the environment into separate resource groups.

Answer 96

Create a role assignment through Azure role-based access control (Azure RBAC).

Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.

Question 97

Consider the attached, Which is the best way for Tailwind Traders to ensure that the team deploys only cost-effective virtual machine SKU sizes?

• Create a policy in Azure Policy that specifies the allowed SKU sizes.
• Periodically inspect the deployment manually to see which SKU sizes are used.
• Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.

Answer 97

Create a policy in Azure Policy that specifies the allowed SKU sizes.

After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.

Question 98

Consider the attached, Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to?

• Track resource usage in a spreadsheet.
• Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.
• Apply a tag to each resource that includes the associated billing department.

Answer 98

Apply a tag to each resource that includes the associated billing department.

Tags provide extra information, or metadata, about your resources. The team might create a tag that’s named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

Question 99

___________ means to adhere to a law, standard, or set of guidelines.

Answer 99

compliance

Question 100

___________ means to adhere to a law, standard, or set of guidelines.

Answer 100

Regulatory compliance

Question 101

Think of ____________ as a known good standard that you can compare your solution against to ensure security that address today’s regulations and adapt as regulations evolve.

Answer 101

control

Question 102

True of false: Security is part of every Azure product and its development. With built in intelligent security, Microsoft helps protect against known and unknown cyberthreats, using automation and artificial intelligence.

Answer 102

True

Question 103

True or false: Microsoft provides the most comprehensive set of compliance offerings (including certifications and attestations) of any cloud service provider.

Answer 103

True

Question 104

Which of the following are not compliance offerings Azure provides?

• NIST
• DISA MIL STD
• NIST
• EU Model Clauses

Answer 104

DISA MIL STD

Question 105

True or false: Any US state or local agency that wants to access the FBI’s Criminal Justice Information Services (CJIS) database is required to adhere to the CJIS Security Policy. Azure is the only major cloud provider that contractually commits to conformance with the CJIS Security Policy. Microsoft adheres to the same requirements that law enforcement and public safety entities must meet.

Answer 105

True

Question 106

True or false: Azure obtained Cloud Security Alliance (CSA) STAR Certification, which involves a rigorous independent third-party assessment of a cloud provider’s security posture. STAR Certification is based on achieving International Organization of Standards/International Electrotechnical Commission (ISO/IEC) 27001 certification and meeting criteria specified in the Cloud Controls Matrix (CCM).

Answer 106

True

Question 107

True or false: Microsoft does not offer customers European Union (EU) Standard Contractual Clauses and therefore cannot that provide contractual guarantees around transfers of personal data outside of the EU.

Answer 107

False. Microsoft offers customers European Union (EU) Standard Contractual Clauses that provide contractual guarantees around transfers of personal data outside of the EU.

Microsoft is the first company to receive joint approval from the EU’s Article 29 Working Party that the contractual privacy protections Azure delivers to its enterprise cloud customers meet current EU standards for international transfers of data. Meeting this standard ensures that Azure customers can use Microsoft services to move data freely through Microsoft’s cloud, from Europe to the rest of the world.

Question 108

True or false: Microsoft-covered cloud services are audited at least annually against the Service Organization Controls (SOC) 1, 2, & 3 report framework by independent third-party auditors. The Microsoft cloud services audit covers controls for data security, availability, processing integrity, and confidentiality as applicable to in-scope trust principles for each service.

Answer 108

True

Question 109

True or false: National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a mandatory framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Azure has yet to be certified as complaint with the NIST CSF.

Answer 109

False. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Microsoft cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits. Microsoft cloud services certified according to the FedRAMP standards.

Question 110

True or false: Microsoft cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits. Microsoft cloud services certified according to the FedRAMP standards.

Answer 110

True

Question 111

True or false: The United Kingdom (UK) Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom. Azure has yet to receive received official accreditation from the UK government and therefore can’t be used by UK government entities.

Answer 111

False. The United Kingdom (UK) Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom. Azure has received official accreditation from the UK government.

Question 112

The ____________ explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes. Covering all of Microsoft’s services, websites, apps, software, servers, and devices, this list ranges from enterprise and server products to devices that you use in your home to software that students use at school.

Answer 112

Microsoft Privacy Statement

Question 113

The ___________ is a legal agreement between Microsoft and the customer that details the obligations by both parties with respect to the processing and security of customer data and personal data.

Answer 113

Online Services Terms (OST)

Question 114

True or false: The Online Services Terms provides the licensing terms that define the terms and conductions for the products and Online Services you purchase through Microsoft Volume Licensing programs.

Answer 114

True

Question 115

The ___________ sets forth the obligations, with respect to the processing and security of customer data and personal data in connection with the Online Services.

Answer 115

Data Protection Addendum

Question 116

True or false: The Data Protection Addendum (DPA) further defines the data processing and security terms for online services. These terms include:

• Compliance with laws.
• Disclosure of processed data.
• Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing.
• Data transfer, retention, and deletion.

Answer 116

True

Question 117

The _________ showcases Microsoft’s principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. It is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community.

Answer 117

Trust Center

Question 118

The Microsoft privacy statement provides openness and honesty about how Microsoft handles the user data collected from its products and services. Where can you find the privacy statement?

Answer 118

Trust Center

Question 119

True or false: The Microsoft privacy statement explains:

• What data Microsoft processes
• How Microsoft processes it
• What purposes the data is used for

Answer 119

True

Question 120

The __________ is a great resource for other people in your organization who might play a role in security, privacy, and compliance. These people include business managers, risk assessment and privacy officers, and legal compliance teams as they can find resources for compliance, privacy statement, recommended lists of resources, etc.

Answer 120

Trust Center

Question 121

True or false: The Trust Center provides:

• In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products.
• Additional resources for each topic.
• Links to the security, privacy, and compliance blogs and upcoming events.

Answer 121

True

Question 122

The ______________ provides you with detailed documentation about legal and regulatory standards and compliance on Azure offering a set of compliance offerings to support national, regional, and industry-specific requirements that govern the collection and use of data.

Answer 122

Azure compliance documentation

Question 123

____________ is a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers offering physical isolation from non-US government deployments and provides screened US personnel.

Answer 123

Azure Government

Question 124

True or false: To provide the highest level of security and compliance, Azure Government uses physically isolated datacenters and networks located only in the US. Azure Government customers, such as the US federal, state, and local government or their partners, are subject to validation of eligibility. Azure Government provides the broadest compliance and Level 5 DoD approval. Azure Government is available in eight geographies and offers the most compliance certifications of any cloud provider.

Answer 124

True

Question 125

True or false: Azure China 21Vianet is operated by 21Vianet. It’s a physically separated instance of cloud services located in China. As allowed by local law, the data is replicated outside of China to ensure resiliency.

Answer 125

False. All data stays within China.

Question 126

Consider the following scenario.

At Tailwind Traders, the legal and IT departments want to better understand how Microsoft handles personal data. They also want to better understand how Azure services can help them meet their compliance goals.

Their needs go beyond just Azure. For example, applications in their retail stores use Cortana to help store employees quickly locate items.

Where can the team access details about the personal data Microsoft processes and how the company processes it, including for Cortana?

• Microsoft Privacy Statement
• The Azure compliance documentation
• Microsoft compliance offerings

Answer 126

Microsoft Privacy Statement

The Microsoft Privacy Statement provides information that’s relevant to specific services, including Cortana.

Question 127

Consider the following scenario.

At Tailwind Traders, the legal and IT departments want to better understand how Microsoft handles personal data. They also want to better understand how Azure services can help them meet their compliance goals.

Their needs go beyond just Azure. For example, applications in their retail stores use Cortana to help store employees quickly locate items.

Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations?

• Microsoft Privacy Statement
• Trust Center
• Online Services Terms

Answer 127

Trust Center

The Trust Center is a great resource for people in your organization who might play a role in security, privacy, and compliance..

Question 128

Consider the following scenario.

At Tailwind Traders, the legal and IT departments want to better understand how Microsoft handles personal data. They also want to better understand how Azure services can help them meet their compliance goals.

Their needs go beyond just Azure. For example, applications in their retail stores use Cortana to help store employees quickly locate items.

Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions?

• Online Services Terms
• Azure compliance documentation
• Microsoft Privacy Statement

Answer 128

Azure compliance documentation

The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.