Key pillars of security Flashcards

1
Q

What is a firewall?

A

Firewalls block or allow network traffic based on the traffic’s properties. You can utilize hardware-based firewalls or software firewalls that run on a device (known as host firewalls).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What characteristics can you configure the the firewall to?

A

Traffic source and/or destination address
Traffic source and/or destination port
Traffic protocol
Specific packet contents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the key pillars for computer security system?

A

Identity and access management
Information protection
Threat protection
Security management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Identity and access management?

A

Identity is used to identify a user so that they can be authorized to access resources within your IT infrastructure. We identify users through the use of user accounts; these accounts are assigned an appropriate level of access or privilege on a particular system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is local account?

A

A local user account resides on the local Windows 10 device only. It does not allow a
user to access resources on other computers. All Windows 10 computers have local accounts, al-
though typically they are not used interactively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is domain accounts?

A

Most organizations implement AD DS forests to consolidate their users’ computers into manageable units known as domains. An AD DS database stores domain user accounts, which
the operating system can then use to authenticate users who are trying to access any domain-joined
device anywhere in the forest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Azure AD account?

A

You can use Azure AD to store user accounts that your users can utilize to access
hosted services based in the cloud, such as Microsoft Office 365. For those organizations that maintain an on-premises AD DS environment, Azure AD can integrate with on-premises AD DS deployments. This scenario allows users to access resources from on-premises devices, and from cloud-based services and resources. However, integration often requires synchronization between the two.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are Microsoft accounts?

A

Your users can use a Microsoft account regardless of their location or the
organization of which they are a member. A Microsoft account includes an email address and a
password that your users use to sign in to different services. Users already have a Microsoft account if they sign in to services such as Microsoft OneDrive, Xbox Live, Outlook.com (formerly Hotmail), or Windows Phone. Your users also can use their Microsoft accounts to authenticate with Azure AD. This scenario is useful when you must support temporary or contract staff as the account is external to the Azure AD directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are other accounts?

A

Most users also have access to social accounts, such as Facebook and Twitter. Many
also, use Apple and Google accounts to access platform-specific stores and other resources.
Because a user account (or accounts) is the primary means of determining who a user is, we must protect the process of verifying identity. Identity protection is the method that you use to do this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is data at rest?

A

Most users also have access to social accounts, such as Facebook and Twitter. Many
also use Apple and Google accounts to access platform-specific stores and other resources.
Because a user account (or accounts) is the primary means of determining who a user is, it’s important
that we protect the process of verifying identity. Identity protection is the method that you use to do this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Malware?

A

malware, or malicious software, is software that attackers design to harm computer systems.
Malware can do many things, from causing damage to the computer, to allowing unauthorized parties
remote access to the computer, to collecting and transmitting sensitive information to unauthorized third
parties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is data in transit?

A

Any time data moves between a user’s device and the server that hosts their data, it’s
at risk. Authentication and encryption are the two technologies used to help ensure safe transit of data to and from users’ devices, or between devices on your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the common Network threats?

A

Network security threats, denial of service, Port scanning attacks, Man-in-the-middle attacks,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an eavesdropping attack?

A

(also known as network sniffing), occurs when a hacker captures network
packets in transit on your network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a denial of service?

A

(DoS) attack limits the function of a network app, or renders an app or network
resource unavailable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a port scanning attack?

A

which can identify specific apps running on servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is man in the middle attack?

A

(MITMs), where a hacker uses a computer to impersonate a legitimate host
on the network with which your computers are communicating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the Common data security threats?

A

Unauthorized users accessing information on a server.
Unauthorized users accessing data from a lost or stolen removable drive.
Data leakage arising from a lost or stolen laptop that contains company information.
Data leakage arising from user emails with sensitive content inadvertently being sent to unintended
recipient(s).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How Microsoft 365 services address security threats?

A

Multi-factor authentication (MFA), Mobile device management (MDM), Advanced threat protection, Data loss prevention (DLP), Encrypted email, Azure AD Identity Protection, and Privileged identity management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Cloud identities?

A

A cloud identity is a user account that exists only in Office 365 or, to be more precise, only in Azure AD.
Azure AD provides an identity store, and authentication and authorization services for Office 365. You can
create a cloud identity with the same name as an on-premises user account, but there is no link between
them. You create cloud identities by using either Office 365 management tools, the Azure AD admin
portal, or Windows PowerShell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are Synchronized identities?

A

A synchronized identity is a user that exists in both on-premises AD DS and Azure AD. The AD DS and the
Azure AD user accounts are linked together. Therefore, any changes that you make to the on-premises
user accounts are synchronized to the Azure AD user account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are Federated identities?

A

A federated identity is a synced account that is authenticated by using the Active Directory Federation
Services (AD FS). AD FS is deployed on-premises and communicates with AD DS on-premises. When
Office 365 authenticates a federated identity, it directs the authentication request to AD FS. Because the
an on-premises user account is used for authentication, the same password is used for signing in to Office
365 and on-premises AD DS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the main benefit of using federated identities?

A

The main benefit of using federated identities is single sign-on (SSO). Users authenticate at a domain-joined workstation by using their credentials. SSO uses these credentials to automatically authenticate to Office 365 services. When you use synchronized identities, the users typically need to enter their credentials manually when accessing Office 365 services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a Azure AD Premium P1 Plan?

A

For enterprise environments, Azure AD Premium P1 provides

additional features that make it easier to manage users and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the key features for Azure A?D Premium P1 Plan

A

Self-service group and app management
Self-service password reset (writeback to on-premises)
Two-way synchronization of device objects
Azure MFA
Conditional access based on group, location, and device state
Unlimited SSO apps
Cloud app discovery
Microsoft Identity Manager client access license for complex identity synchronization
Advanced security and usage reports
Azure AD Join features such as:
Mobile device management autoenrollment
Self-service BitLocker Drive Encryption recovery
Add local administrators
Enterprise State Roaming

26
Q

Which Additional features does in Azure AD Premium 2 include?

A

Azure AD Privileged Identity Management,

Azure AD Identity Protection

27
Q

What is Azure AD Privileged Identity Management?

A

which enables you to assign administrators as an eligible
admin. When administrators need to perform administrative tasks, they activate administrative
privileges for a predetermined amount of time.

28
Q

What is Azure AD Identity Protection?

A

which monitors authentication to Azure AD and identifies risks based on
anomalies and suspicious events. Notifications are sent for risk events.

29
Q

What is identity management?

A

is the process of defining, assigning, and managing administrative roles and access permissions for
user identities

30
Q

Which stages does Identity management passes through?

A

Provisioning accounts, Managing administrative roles, Assign permissions, and Retire the account.

31
Q

What is Tenants?

A

Unlike AD DS, Azure AD is multitenant by design, and it is implemented specifically to ensure isolation
between its individual directories. The term tenant in this context refers to an organization that has subscribed to a Microsoft cloud-based service such as Office 365, Intune, or Azure, which uses Azure AD but also includes individual users.

32
Q

What is Directories?

A
The directory is assigned a default Domain
Name System (DNS) domain name that consists of a unique name of your choice followed by the on microsoft.com suffix. It’s possible and quite common to add at least one custom domain name that uses the
DNS domain namespace that the tenant owns.
33
Q

What is Azure AD Identity Protection?

A

Azure AD Identity Protection is a Microsoft implementation of identity protection technology for users of
Office 365 and other Microsoft cloud services.

34
Q

Which ability doe Azure AD Identity Protection provides?

A

Proactively recognize potential security risks and identify vulnerabilities in your organization.
Automatically apply responses and actions when suspicious activity on one or more identities is
detected.
Properly investigate incidents and take actions to resolve them.

35
Q

What does the MDM lifecycle contain?

A

Enroll, Configure, Protect and retire

36
Q

What happens in the enrollment phase?

A

In the Enroll phase, devices register with the MDM solution. With Intune, you can enroll both
mobile devices—such as phones—and Windows PCs. When you enroll devices, you can:
● Require users to accept company terms and conditions of use.
● Restrict enrollment to company-owned devices only.
● Require MFA on devices.

37
Q

What does the configure phase contains?

A

In the Configure phase you help to ensure that the enrolled devices are secure and that
they comply with any configuration or security policies. You can also automate common administra-
tive tasks such as configuring Wi-Fi. You can use policies to:

Configure endpoint security settings (such as configuring BitLocker and Windows Defender
settings).
Configure Windows Information Protection (WIP) to help guard against data loss.
Enable device-compliance policies that can require certain minimal encryption and password
settings, prevent access by rooted devices, and determine a maximum mobile threat defense level.

38
Q

What happens in the protect Phase?

A

In the Protect phase, the MDM solution provides ongoing monitoring of the settings estab-
lished in the Configure phase. During this phase, you also use the mobile device management
solution to help keep devices compliant through the monitoring and deployment of software updates.

39
Q

What happens in the retire phase?

A

When a device is no longer needed, when it’s lost, or stolen, or when an employee leaves the
organization, you should help to protect the data on the device. You can remove data by resetting the
device, performing a full wipe, or performing a selective wipe that removes only corporation-owned
data from the device.

40
Q

What is device restriction?

A

Device restrictions control security, hardware, data sharing, and other settings on
the devices.

41
Q

What does Identity protection do?

A

Identity protection controls the Windows Hello for Business experience on Windows 10 and Windows 10 Mobile devices. Configure these settings to make Windows Hello for Business available to users and devices, and to specify requirements for device PINs and gestures.
You can also perform a number of actions on enrolled devices, including:

Factory reset
Selective wipe
Delete device
Restart device
Fresh start
42
Q

Why is DLP implementated?

A

Organizations implemented DLP to overcome the limitations of systems that are based solely on authentication and authorization. A DLP system automatically detects and controls data that should be protected.

43
Q

What is IRM?

A

Organizations also need to protect data after it leaves the company. To meet this need, you can implement IRM systems that make protection an inherent part of documents.

44
Q

What is Azure Information Protection?

A

Azure Information Protection is a set of cloud-based technologies that provide classification, labeling,
and data protection. You can use Azure Information Protection to classify, label, and protect data such as
email and documents created in Microsoft Office apps or other supported apps

45
Q

How Azure Information Protection protects data?

A

When you protect content with AIP, you specify which users or groups have access to the content. You
also specify which actions users or groups can take.To simplify the process of protecting content, you can use rights policy templates or labels in AIP.

46
Q

What is Rights policy templates?

A

Rights policy templates store the desired content protection settings, including which users have access
to content, and which content restrictions are in place. Typically, rights policy templates are used only in
some specific scenarios, such as Exchange Online transport rules.

47
Q

What are Labels?

A

AIP, protection templates are associated with labels. Some default labels, such as Personal, Public, and
General, do not have protection configured because the purpose of these labels is to classify the content,
and not to protect it

48
Q

after you complete the AIP activation the following default labels are available

A
Personal
Public
General
Confidential
Highly Confidential
49
Q

What are AIP policies?

A

This policy then downloads to computers that have installed the AIP client.

50
Q

Which Compliance features in Microsoft 365?

A

Office 365 eDiscovery
Office 365 Archiving
Office 365 Auditing

51
Q

What is Office 365 eDiscovery?

A

Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that
can be used as evidence in legal cases. You can use eDiscovery in Office 365 to search for content in
Exchange Online mailboxes, Office 365 Groups, Microsoft Teams, SharePoint Online and OneDrive for
Business sites, and Skype for Business Online conversations.

52
Q

Which eDiscovery tools does Office 365 provide?

A

Content Search in the Office 365 Security & Compliance Center
eDiscovery Cases in the Office 365 Security & Compliance Center
Office 365 Advanced eDiscovery

53
Q

What is Office 365 Archiving?

A

Archiving enables you to comply with these regulations, and lets you store, archive, retain, and discover
data in Exchange Online, SharePoint Online, OneDrive for Business, and Skype for Business Online

54
Q

What is Office 365 Auditing?

A

With Office 365 Auditing, you can monitor and investigate actions taken on your data, intelligently
identify risks, contain, and respond to threats, and protect valuable intellectual property.

55
Q

What is the Service Trust Portal overview?

A

This portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices. It also includes independent third-party audit reports of Microsoft’s online services, and information about how our online services can help your organization maintain and track compliance with standards, laws, and regulations such as:

56
Q

What is Compliance Manager Overview?

A

The Compliance Manager portal helps you to stay compliant with both internal requirements and
well-known security standards. This feature works across Microsoft cloud services to help organizations
meet complex compliance obligations, including:
GDPR
ISO 27001
ISO 27018
NIST 800-53
HIPAA

57
Q

What are the key activities the compliance Manager performs?

A

Real-time risk assessment.
Actionable insights
Simplified compliance

58
Q

What is Real-time risk assessment?

A

In the Compliance Manager dashboard you can view a summary of your
compliance posture against the data protection regulatory requirements that are relevant to your
organization, in the context of using Microsoft cloud services. The dashboard provides you with your
compliance score, which helps you make appropriate compliance decisions.

59
Q

What is Actionable insights?

A

These insights help you understand the responsibility that you and Microsoft
share in meeting compliance standards. For components that Microsoft manages, you can see the
control implementation and testing details, test date, and results. For components that you manage,
you can see recommendations for appropriate actions and guidance on how to implement them.

60
Q

What is Simplified compliance?

A

Compliance Manager can help you simplify processes to achieve compliance.
It provides control management tools that you can use to assign tasks to your teams. You can also
generate reports instead of collecting information from multiple teams. This tool also enables you to
perform proactive assessments when needed.