Describe Identity, Governance, Privacy, and Compliance Features Flashcards

1
Q

______________ is the process of establishing the identity of a person or service that wants to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control. It establishes whether the user is who they say they are.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

______________ is the process of establishing what level of access an authenticated person or service has. It specifies what data they’re allowed to access and what they can do with it.

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Compare Authentication and Authorization

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or false: Once authenticated, access rules define what kinds of applications, resources, and data that user can access.

A

False. Once authenticated, authorization defines what kinds of applications, resources, and data that user can access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

For on-premises environments, Active Directory running on Windows Server provides an identity and access management service that’s managed by your own organization. __________ is Microsoft’s cloud-based identity and access management service.

A

Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_____________ is Azure’s cloud-based identity and access management service.

A

Azure Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or false: When you secure identities on-premises with Active Directory, Microsoft doesn’t monitor sign-in attempts. In contrast when you connect Active Directory with Azure AD, Microsoft can help protect you by detecting suspicious sign-in attempts at no extra cost.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or false: With Azure AD, Microsoft controls the identity accounts and ensures that the service is available globally.

A

False. With Azure AD, you control the identity accounts, but Microsoft ensures that the service is available globally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or false: Azure Active Directory cannot be used for your on premise needs.

A

False.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What service provides identify and access management for all of the following in Azure?

  • Authentication
  • Single Sign On
  • Application management
  • Business to Business
  • Business to Customer
  • Device management
A

Azure Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IT Administrators can use ______ to control access to applications and resources based on their business requirements.

A

Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Developers can use ____________ to provide a standards-based approach for adding functionality to applications that they build, such as adding SSO functionality to an app or enabling an app to work with a user’s existing credentials.

A

Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True or false: Self-service password reset for Azure users to change or reset their password with no involvement from an IT administrator or help desk is not available through Azure AD.

A

False. self-service password reset enables users to change or reset their password with no involvement from an IT administrator or help desk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM Online subscribers are already using Azure AD using _______, which is a representation of an organization and is typically separated from other organizations and has its own identity.

A

tenant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or false: Your Microsoft 365, Office 365, Azure, and Dynamics CRM Online will need special set up and is not automatically an Azure AD tenant.

A

False. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant s automatically an Azure AD tenant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What feature in Azure Active Directory enables an IT administrator to be managed through tools like Microsoft Intune. It also allows for device-based Conditional Access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.

A

Device management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

True or false: Azure AD helps users access both external and internal resources.

A

True. External resources might include Microsoft Office 365, the Azure portal, and thousands of other software as a service (SaaS) applications.

Internal resources might include apps on your corporate network and intranet, along with any cloud applications developed within your organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

______________ enables a user to sign in one time and use that credential to access multiple resources and applications from different providers.

A

Single sign-on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

True or false. Azure implements strict controls and doesn’t support connecting Active Directory with Azure AD.

A

False. Connecting Active Directory with Azure AD enables you to provide a consistent identity experience to your users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

____________ synchronizes user identities between on-premises Active Directory and Azure AD. With this, you can synchronize changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems.

A

Azure AD Connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What would you use to prevent users from using known compromised passwords?

A

Self-service password reset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What technique can IT Administrators use to create a consistent access model across its organization? Doing so greatly simplifies its ability to sign in to different applications, manage changes to user identities and control, and monitor and block unusual access attempts.

A

integrates its existing Active Directory instance with Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What would you use if you wanted to allow your employees to use their own mobile devices to access your applications?

A

Multifactor Authentication and Conditional Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

________________ is a process where a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

A

Multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Multifactor authentication provides additional security for your identities by requiring two or more elements to fully authenticate. What are those 3 categories?

A
  • Something the user knows: This might be an email address and password.
  • Something the user has: This might be a code that’s sent to the user’s mobile phone.
  • Something the user is: This is typically some sort of biometric property, such as a fingerprint or face scan that’s used on many mobile devices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

True or false: The full feature set of Azure AD Multi-Factor Authentication is provided for free in Azure.

A

False. It’s an extra cost add on. Azure Active Directory Premium (P1 or P2 licenses) allows for comprehensive and granular configuration of Azure AD Multi-Factor Authentication through Conditional Access policies (explained shortly).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

True or false: Multifactor authentication increases identity security by limiting the impact of credential exposure (for example, stolen usernames and passwords). With multifactor authentication enabled, an attacker who has a user’s password would also need to have possession of their phone or their fingerprint to fully authenticate.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

__________________ enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.

A

Azure AD Multi-Factor Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

_______________ is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from, which ultimately are used to make decisions and enforce organizational policies.

A

Conditional Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What could be used if you wanted allow a user to not be challenged for second authentication factor if they’re at a known location? However, they might be challenged for a second authentication factor if their sign-in signals are unusual or they’re at an unexpected location thus providing a more granular multifactor authentication experience for users.

A

Conditional Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Identify 4 situations where Conditional Access is useful.

A
  • Require multifactor authentication to access an application.
  • Require access to services only through approved client applications.
  • Require users to access your application only from managed devices.
  • Block access from untrusted sources, such as access from unknown or unexpected locations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A ____________ is a device that meets your standards for security and compliance.

A

managed device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

True or false: To use Conditional Access, you need an Azure AD Premium P1 or P2 license. If you have a Microsoft 365 Business Premium license, you also have access to Conditional Access features.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

________________ establishes the user’s identity.

A
  • Authentication (AuthN)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

___________ establishes the level of access that an authenticated user has.

A
  • Authorization (AuthZ)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

_____________ enables a user to sign in one time and use that credential to access multiple resources and applications.

A
  • Single sign-on (SSO)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

______________ is a cloud-based identity and access management service enabling an organization to control access to apps and resources based on its business requirements.

A
  • Azure Active Directory (Azure AD)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

_______________ provides additional security for identities by requiring two or more elements to fully authenticate using something the user knows, something the user has, and something the user is.

A
  • Azure AD Multi-Factor Authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

___________ is a tool that Azure AD uses to allow or deny access to resources based on identity signals such as the user’s location.

A

Conditional Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

How can the IT department ensure that employees at the company’s retail stores can access company applications only from approved tablet devices?

  • SSO
  • Conditional Access
  • Multifactor authentication
A

Conditional Access

Conditional Access enables you to require users to access your applications only from approved, or managed, devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?

  • SSO
  • Conditional Access
  • Multifactor authentication
A

Multifactor authentication

Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

How can the IT department reduce the number of times users must authenticate to access multiple applications?

  • SSO
  • Conditional Access
  • Multifactor authentication
A

SSO

SSO enables a user to remember only one ID and one password to access multiple applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

The term __________ describes the general process of establishing rules and policies and ensuring that those rules and policies are enforced.

A

governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

True or false: Governance is most beneficial when you have:

  • Multiple engineering teams working in Azure.
  • Multiple subscriptions to manage.
  • Regulatory requirements that must be enforced.
  • Standards that must be followed for all cloud resources.
A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

True or false: When running in the cloud, a good governance strategy helps you maintain control over the applications and resources that you manage in the cloud. Maintaining control over your environment ensures that you stay compliant with Industry standards, like PCI DSS and Corporate or organizational standards, such as ensuring that network data is encrypted.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

With the concept of role based access control, what level of privilege is best to assign?

A

only grant lowest level of privilege required for the role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What access method provides for the following?

  • Fine grained access management
  • Segregate duties within the team and grant only the amount of access to users that they need to perform their jobs
  • Enables access to the Azure Portal and controlling access to resources
A

Role based access control (RBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

True or false: Role based access controls are a premium feature requiring additional costs for your subscription.

A

False. It’s included in all subscriptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Role-based access control is applied to a _________, which is a resource or set of resources that this access applies to.

A

scope

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

True or false: Scopes include:

  • A management group (a collection of multiple subscriptions).
  • A single subscription.
  • A resource group.
  • A single resource.
A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

True or false: When you grant access at a parent scope, those permissions are not inherited by the child scopes requiring you to assign the same permissions for the additional scopes..

A

False. When you grant access at a parent scope, those permissions are inherited by all child scopes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What access control should you use to Allow one user to manage VMs in a subscription and another user to manage virtual networks?

A

Role based access control

53
Q

True or false: RBAC is not a good option to allow a database administrator group to manage SQL databases in a subscription.

A

False

54
Q

What access control should you use when you need to allow an application to access all resources in a resource group?

A

Role based access control

55
Q

____________ is a management service that provides a way to organize and secure your cloud resources.

A

Azure Resource Manager

56
Q

Azure RBAC is enforced on any action that’s initiated against an Azure resource that passes through ____________.

A

Azure Resource Manager

57
Q

True or false: Azure RBAC doesn’t enforce access permissions at the application or data level. Application security must be handled by your application.

A

True

58
Q

True or false: RBAC uses an allow model. When you’re assigned a role, RBAC allows you to perform certain actions, such as read, write, or delete.

A

True

59
Q

True or false: If one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, the first one assigned on that resource group will always take precedence.

A

False. If one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, you have both read and write permissions on that resource group.

60
Q

True or false: You can apply Azure RBAC to an individual person or to a group. You can also apply Azure RBAC to other special identity types, such as service principals and managed identities. These identity types are used by applications and services to automate access to Azure resources.

A

True

61
Q

A ___________ prevents resources from being accidentally deleted or changed, which can be thought of as a warning system that reminds you that a resource should not be deleted or changed.

62
Q

True or false: With Azure role-based access control (Azure RBAC) policies in place, there’s no risk that people with the right level of access could delete critical cloud resources.

A

False. Even with Azure role-based access control (Azure RBAC) policies in place, there’s still a risk that people with the right level of access could delete critical cloud resources. Therefore, resource locks should be used.

63
Q

True or false: Manage resource locks at subscription, resource group, or individual resource levels.

A

True. You can manage resource locks from the Azure portal, PowerShell, the Azure CLI, or from an Azure Resource Manager template.

64
Q

What are the 2 levels of resource locks available?

A

What levels of locking are available?

You can apply locks to a subscription, a resource group, or an individual resource. You can set the lock level to CanNotDelete or ReadOnly.

  • CanNotDelete means authorized people can still read and modify a resource, but they can’t delete the resource without first removing the lock.
  • ReadOnly means authorized people can read a resource, but they can’t delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.
65
Q

True or false: Once you set a lock, it can only be undone by opening a case with Microsoft to rollback.

A

False. To modify a locked resource, you must first remove the lock. After you remove the lock, you can apply any action you have permissions to perform. This additional step allows the action to be taken, but it helps protect your administrators from doing something they might not have intended to do.

66
Q

True or false: Resource locks apply regardless of RBAC permissions. Even if you’re an owner of the resource, you must still remove the lock before you can perform the blocked activity.

A

True

67
Q

___________ enables you to define the set of standard Azure resources that your organization requires.

A

Azure Blueprints

68
Q

What would you set up to replace a resource lock should it be accidentally removed?

A

You can combine resource locks with Azure Blueprints by defining a blueprint that specifies a certain resource lock must exist where the Azure Blueprints would automatically replace the resource lock if that lock is removed.

69
Q

Describe how you could use a resource locks help prevent accidental deletion of a storage account?

A

To do so, you create a resource group from the Azure portal. Think of a resource group as a container for related Azure resources. Then you add a lock to your resource group and verify that you can’t delete the resource group. You then add a storage account to your resource group which allows the lock from the parent resource group to prevent the storage account from being deleted. A storage account is a container that groups a set of Azure Storage services together.

70
Q

If you need a way to mark test environments so that those can easily be identified and deleted when they’re no longer needed, what would be a good way through metadata to accomplish this?

A

Tags

71
Q

What resource organization technique:

  • Provides metadata for your Azure resources.
  • Logically organizes resource into a taxonomy.
  • Consist of a name-value pair.
  • Very useful for rolling up billing information.
A

tags

72
Q

True or false: Tags have a parent / child relationship.

A

False. You can apply tags to a resource group, but those tags aren’t automatically applied to the resources within that resource group. However, you can use Azure Policy to ensure that a resource inherits the same tags as its parent resource group.

73
Q

True or false: You can also use Azure Policy to enforce tagging rules and conventions. For example, you can require that certain tags be added to new resources as they’re provisioned. You can also define rules that reapply tags that have been removed.

A

True

74
Q

True or false: You need to enforce that a specific tag is present is on all of your resources. For example, you might decide that only mission-critical resources have the Impact tag. You wouldn’t know that all other resources would then not be considered as mission-critical without a specific tag for that.

A

False. Keep in mind that you don’t need to enforce that a specific tag is present on all of your resources. For example, you might decide that only mission-critical resources have the Impact tag. All non-tagged resources would then not be considered as mission-critical.

75
Q

__________ is a service in Azure that enables you to create, assign, and manage rules that control or audit your resources. This enforces different rules across all of your resource configurations so that those configurations stay compliant with corporate standards. It can help you ensure that your resources stay compliant and, can alert youif a resource’s configuration has changed.

76
Q

__________ helps to enforce organizational standards and to assess compliance at-scale. This helps provide governance and resource consistency with regulatory compliance, security, cost, and management.

A

Azure Policy

77
Q

True or false: Azure Policy comes with built-in policy and initiative definitions for Storage, Networking, Compute, Security Center, and Monitoring. For example, if you define a policy that allows only a certain SKU (stock-keeping unit) size for the virtual machines (VMs) to be used in your environment, that policy is invoked when you create a new VM and whenever you resize existing VMs.

A

True. This is a good option when you want to prevent selecting high cost VMs or ensure deployment to a certain region.

78
Q

True or false: Azure Policy also evaluates and monitors all current VMs in your environment.

A

True

79
Q

Azure Policy enables you to define both individual policies and groups of related policies, known as ___________.

A

initiatives

80
Q

___________ also integrates with Azure DevOps by applying any continuous integration and delivery pipeline policies that pertain to the pre-deployment and post-deployment phases of your applications.

A

Azure Policy

81
Q

An Azure Policy ________ is a way of grouping related policies together that contains all of the policy definitions to help track your compliance state for a larger goal.

A

Initiative

82
Q

True or false: Azure Policy also includes initiatives that support regulatory compliance standards.

A

True

83
Q

Instead of having to configure features like Azure Policy for each new subscription, with _________ you can define a repeatable set of governance tools and standard Azure resources that your organization requires.

84
Q

__________ makes it possible for development teams can rapidly build and deploy new environments with the knowledge that they’re building within organizational compliance with a set of built-in components that speed the development and deployment phases.

A

Azure Blueprints

85
Q

What would you use if you wanted to orchestrate the deployment of various resource templates and other artifacts, such as:

  • Role assignments
  • Policy assignments
  • Azure Resource Manager templates
  • Resource groups
A

Azure Blueprints

86
Q

True or false: With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.

A

True

87
Q

True or false: You must keep an offline record of the changes you make to your Azure Blueprints.

A

False. Blueprints are also versioned. Versioning enables you to track and comment on changes to your blueprint.

88
Q

Why are Azure Blueprints considered a good practice with it comes to auditing?

A

With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.

89
Q

Name 4 uses of Azure Blueprints to orchestrate the deployment of various resource templates and other artifacts,

A
  • Role assignments
  • Policy assignments
  • Azure Resource Manager templates
  • Resource groups
90
Q

Each component in the blueprint definition is known as an ___________.

A

artifact

91
Q

The _____________ provides you with proven guidance to help with your cloud adoption journey. It helps you create and implement the business and technology strategies needed to succeed in the cloud. It’s a good place to start for first time cloud deployments.

92
Q

True or false: The Cloud Adoption Framework for Azure is consider The One Microsoft approach to cloud adoption in Azure.

A

True

93
Q

The _______________ include best practices from employees, partners, and customers providing tools, guidance, and narratives for strategies and outcomes.

A

The Cloud Adoption Framework for Azure

94
Q

Define The Cloud Adoption Framework includes 5 stages.

A
  1. Define your strategy.
  2. Make a plan.
  3. Ready your organization.
  4. Adopt the cloud.
  5. Govern and manage your cloud environments.
95
Q

What are the three main aspects to consider when you create and manage subscriptions?

A

billing, access control, and subscription limits.

96
Q

Consider the attached, how can Tailwind Traders allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?

  • Create a role assignment through Azure role-based access control (Azure RBAC).
  • Create a policy in Azure Policy that audits resource usage.
  • Split the environment into separate resource groups.
A

Create a role assignment through Azure role-based access control (Azure RBAC).

Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.

97
Q

Consider the attached, Which is the best way for Tailwind Traders to ensure that the team deploys only cost-effective virtual machine SKU sizes?

  • Create a policy in Azure Policy that specifies the allowed SKU sizes.
  • Periodically inspect the deployment manually to see which SKU sizes are used.
  • Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.
A

Create a policy in Azure Policy that specifies the allowed SKU sizes.

After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.

98
Q

Consider the attached, Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to?

  • Track resource usage in a spreadsheet.
  • Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.
  • Apply a tag to each resource that includes the associated billing department.
A

Apply a tag to each resource that includes the associated billing department.

Tags provide extra information, or metadata, about your resources. The team might create a tag that’s named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

99
Q

___________ means to adhere to a law, standard, or set of guidelines.

A

compliance

100
Q

___________ means to adhere to a law, standard, or set of guidelines.

A

Regulatory compliance

101
Q

Think of ____________ as a known good standard that you can compare your solution against to ensure security that address today’s regulations and adapt as regulations evolve.

A

control

102
Q

True of false: Security is part of every Azure product and its development. With built in intelligent security, Microsoft helps protect against known and unknown cyberthreats, using automation and artificial intelligence.

A

True

103
Q

True or false: Microsoft provides the most comprehensive set of compliance offerings (including certifications and attestations) of any cloud service provider.

A

True

104
Q

Which of the following are not compliance offerings Azure provides?

  • NIST
  • DISA MIL STD
  • NIST
  • EU Model Clauses
A

DISA MIL STD

105
Q

True or false: Any US state or local agency that wants to access the FBI’s Criminal Justice Information Services (CJIS) database is required to adhere to the CJIS Security Policy. Azure is the only major cloud provider that contractually commits to conformance with the CJIS Security Policy. Microsoft adheres to the same requirements that law enforcement and public safety entities must meet.

A

True

106
Q

True or false: Azure obtained Cloud Security Alliance (CSA) STAR Certification, which involves a rigorous independent third-party assessment of a cloud provider’s security posture. STAR Certification is based on achieving International Organization of Standards/International Electrotechnical Commission (ISO/IEC) 27001 certification and meeting criteria specified in the Cloud Controls Matrix (CCM).

A

True

107
Q

True or false: Microsoft does not offer customers European Union (EU) Standard Contractual Clauses and therefore cannot that provide contractual guarantees around transfers of personal data outside of the EU.

A

False. Microsoft offers customers European Union (EU) Standard Contractual Clauses that provide contractual guarantees around transfers of personal data outside of the EU.

Microsoft is the first company to receive joint approval from the EU’s Article 29 Working Party that the contractual privacy protections Azure delivers to its enterprise cloud customers meet current EU standards for international transfers of data. Meeting this standard ensures that Azure customers can use Microsoft services to move data freely through Microsoft’s cloud, from Europe to the rest of the world.

108
Q

True or false: Microsoft-covered cloud services are audited at least annually against the Service Organization Controls (SOC) 1, 2, & 3 report framework by independent third-party auditors. The Microsoft cloud services audit covers controls for data security, availability, processing integrity, and confidentiality as applicable to in-scope trust principles for each service.

A

True

109
Q

True or false: National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a mandatory framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Azure has yet to be certified as complaint with the NIST CSF.

A

False. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Microsoft cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits. Microsoft cloud services certified according to the FedRAMP standards.

110
Q

True or false: Microsoft cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits. Microsoft cloud services certified according to the FedRAMP standards.

A

True

111
Q

True or false: The United Kingdom (UK) Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom. Azure has yet to receive received official accreditation from the UK government and therefore can’t be used by UK government entities.

A

False. The United Kingdom (UK) Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom. Azure has received official accreditation from the UK government.

112
Q

The ____________ explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes. Covering all of Microsoft’s services, websites, apps, software, servers, and devices, this list ranges from enterprise and server products to devices that you use in your home to software that students use at school.

113
Q

The ___________ is a legal agreement between Microsoft and the customer that details the obligations by both parties with respect to the processing and security of customer data and personal data.

114
Q

True or false: The Online Services Terms provides the licensing terms that define the terms and conductions for the products and Online Services you purchase through Microsoft Volume Licensing programs.

A

True

115
Q

The ___________ sets forth the obligations, with respect to the processing and security of customer data and personal data in connection with the Online Services.

A

Data Protection Addendum

116
Q

True or false: The Data Protection Addendum (DPA) further defines the data processing and security terms for online services. These terms include:

  • Compliance with laws.
  • Disclosure of processed data.
  • Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing.
  • Data transfer, retention, and deletion.
A

True

117
Q

The _________ showcases Microsoft’s principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. It is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community.

118
Q

The Microsoft privacy statement provides openness and honesty about how Microsoft handles the user data collected from its products and services. Where can you find the privacy statement?

A

Trust Center

119
Q

True or false: The Microsoft privacy statement explains:

  • What data Microsoft processes
  • How Microsoft processes it
  • What purposes the data is used for
A

True

120
Q

The __________ is a great resource for other people in your organization who might play a role in security, privacy, and compliance. These people include business managers, risk assessment and privacy officers, and legal compliance teams as they can find resources for compliance, privacy statement, recommended lists of resources, etc.

A

Trust Center

121
Q

True or false: The Trust Center provides:

  • In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products.
  • Additional resources for each topic.
  • Links to the security, privacy, and compliance blogs and upcoming events.
A

True

122
Q

The ______________ provides you with detailed documentation about legal and regulatory standards and compliance on Azure offering a set of compliance offerings to support national, regional, and industry-specific requirements that govern the collection and use of data.

123
Q

____________ is a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers offering physical isolation from non-US government deployments and provides screened US personnel.

A

Azure Government

124
Q

True or false: To provide the highest level of security and compliance, Azure Government uses physically isolated datacenters and networks located only in the US. Azure Government customers, such as the US federal, state, and local government or their partners, are subject to validation of eligibility. Azure Government provides the broadest compliance and Level 5 DoD approval. Azure Government is available in eight geographies and offers the most compliance certifications of any cloud provider.

A
125
Q

True or false: Azure China 21Vianet is operated by 21Vianet. It’s a physically separated instance of cloud services located in China. As allowed by local law, the data is replicated outside of China to ensure resiliency.

A

False. All data stays within China.

126
Q

Consider the following scenario.

At Tailwind Traders, the legal and IT departments want to better understand how Microsoft handles personal data. They also want to better understand how Azure services can help them meet their compliance goals.

Their needs go beyond just Azure. For example, applications in their retail stores use Cortana to help store employees quickly locate items.

Where can the team access details about the personal data Microsoft processes and how the company processes it, including for Cortana?

  • Microsoft Privacy Statement
  • The Azure compliance documentation
  • Microsoft compliance offerings
A

Microsoft Privacy Statement

The Microsoft Privacy Statement provides information that’s relevant to specific services, including Cortana.

127
Q

Consider the following scenario.

At Tailwind Traders, the legal and IT departments want to better understand how Microsoft handles personal data. They also want to better understand how Azure services can help them meet their compliance goals.

Their needs go beyond just Azure. For example, applications in their retail stores use Cortana to help store employees quickly locate items.

Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations?

  • Microsoft Privacy Statement
  • Trust Center
  • Online Services Terms
A

Trust Center

The Trust Center is a great resource for people in your organization who might play a role in security, privacy, and compliance..

128
Q

Consider the following scenario.

At Tailwind Traders, the legal and IT departments want to better understand how Microsoft handles personal data. They also want to better understand how Azure services can help them meet their compliance goals.

Their needs go beyond just Azure. For example, applications in their retail stores use Cortana to help store employees quickly locate items.

Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions?

  • Online Services Terms
  • Azure compliance documentation
  • Microsoft Privacy Statement
A

Azure compliance documentation

The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.