Key pillars of security

Question 1

What is a firewall?

Answer 1

Firewalls block or allow network traffic based on the traffic’s properties. You can utilize hardware-based firewalls or software firewalls that run on a device (known as host firewalls).

Question 2

What characteristics can you configure the the firewall to?

Answer 2

Traffic source and/or destination address
Traffic source and/or destination port
Traffic protocol
Specific packet contents

Question 3

What are the key pillars for computer security system?

Answer 3

Identity and access management
Information protection
Threat protection
Security management

Question 4

What is Identity and access management?

Answer 4

Identity is used to identify a user so that they can be authorized to access resources within your IT infrastructure. We identify users through the use of user accounts; these accounts are assigned an appropriate level of access or privilege on a particular system.

Question 5

What is local account?

Answer 5

A local user account resides on the local Windows 10 device only. It does not allow a
user to access resources on other computers. All Windows 10 computers have local accounts, al-
though typically they are not used interactively.

Question 6

What is domain accounts?

Answer 6

Most organizations implement AD DS forests to consolidate their users’ computers into manageable units known as domains. An AD DS database stores domain user accounts, which
the operating system can then use to authenticate users who are trying to access any domain-joined
device anywhere in the forest.

Question 7

What is Azure AD account?

Answer 7

You can use Azure AD to store user accounts that your users can utilize to access
hosted services based in the cloud, such as Microsoft Office 365. For those organizations that maintain an on-premises AD DS environment, Azure AD can integrate with on-premises AD DS deployments. This scenario allows users to access resources from on-premises devices, and from cloud-based services and resources. However, integration often requires synchronization between the two.

Question 8

What are Microsoft accounts?

Answer 8

Your users can use a Microsoft account regardless of their location or the
organization of which they are a member. A Microsoft account includes an email address and a
password that your users use to sign in to different services. Users already have a Microsoft account if they sign in to services such as Microsoft OneDrive, Xbox Live, Outlook.com (formerly Hotmail), or Windows Phone. Your users also can use their Microsoft accounts to authenticate with Azure AD. This scenario is useful when you must support temporary or contract staff as the account is external to the Azure AD directory.

Question 9

What are other accounts?

Answer 9

Most users also have access to social accounts, such as Facebook and Twitter. Many
also, use Apple and Google accounts to access platform-specific stores and other resources.
Because a user account (or accounts) is the primary means of determining who a user is, we must protect the process of verifying identity. Identity protection is the method that you use to do this.

Question 10

What is data at rest?

Answer 10

Most users also have access to social accounts, such as Facebook and Twitter. Many
also use Apple and Google accounts to access platform-specific stores and other resources.
Because a user account (or accounts) is the primary means of determining who a user is, it’s important
that we protect the process of verifying identity. Identity protection is the method that you use to do this.

Question 11

What is Malware?

Answer 11

malware, or malicious software, is software that attackers design to harm computer systems.
Malware can do many things, from causing damage to the computer, to allowing unauthorized parties
remote access to the computer, to collecting and transmitting sensitive information to unauthorized third
parties.

Question 12

What is data in transit?

Answer 12

Any time data moves between a user’s device and the server that hosts their data, it’s
at risk. Authentication and encryption are the two technologies used to help ensure safe transit of data to and from users’ devices, or between devices on your network.

Question 13

What are the common Network threats?

Answer 13

Network security threats, denial of service, Port scanning attacks, Man-in-the-middle attacks,

Question 14

What is an eavesdropping attack?

Answer 14

(also known as network sniffing), occurs when a hacker captures network
packets in transit on your network

Question 15

What is a denial of service?

Answer 15

(DoS) attack limits the function of a network app, or renders an app or network
resource unavailable.

Question 16

What is a port scanning attack?

Answer 16

which can identify specific apps running on servers.

Question 17

What is man in the middle attack?

Answer 17

(MITMs), where a hacker uses a computer to impersonate a legitimate host
on the network with which your computers are communicating.

Question 18

What are the Common data security threats?

Answer 18

Unauthorized users accessing information on a server.
Unauthorized users accessing data from a lost or stolen removable drive.
Data leakage arising from a lost or stolen laptop that contains company information.
Data leakage arising from user emails with sensitive content inadvertently being sent to unintended
recipient(s).

Question 19

How Microsoft 365 services address security threats?

Answer 19

Multi-factor authentication (MFA), Mobile device management (MDM), Advanced threat protection, Data loss prevention (DLP), Encrypted email, Azure AD Identity Protection, and Privileged identity management.

Question 20

What is Cloud identities?

Answer 20

A cloud identity is a user account that exists only in Office 365 or, to be more precise, only in Azure AD.
Azure AD provides an identity store, and authentication and authorization services for Office 365. You can
create a cloud identity with the same name as an on-premises user account, but there is no link between
them. You create cloud identities by using either Office 365 management tools, the Azure AD admin
portal, or Windows PowerShell.

Question 21

What are Synchronized identities?

Answer 21

A synchronized identity is a user that exists in both on-premises AD DS and Azure AD. The AD DS and the
Azure AD user accounts are linked together. Therefore, any changes that you make to the on-premises
user accounts are synchronized to the Azure AD user account.

Question 22

What are Federated identities?

Answer 22

A federated identity is a synced account that is authenticated by using the Active Directory Federation
Services (AD FS). AD FS is deployed on-premises and communicates with AD DS on-premises. When
Office 365 authenticates a federated identity, it directs the authentication request to AD FS. Because the
an on-premises user account is used for authentication, the same password is used for signing in to Office
365 and on-premises AD DS.

Question 23

What is the main benefit of using federated identities?

Answer 23

The main benefit of using federated identities is single sign-on (SSO). Users authenticate at a domain-joined workstation by using their credentials. SSO uses these credentials to automatically authenticate to Office 365 services. When you use synchronized identities, the users typically need to enter their credentials manually when accessing Office 365 services.

Question 24

What is a Azure AD Premium P1 Plan?

Answer 24

For enterprise environments, Azure AD Premium P1 provides

additional features that make it easier to manage users and applications.

Question 25

What are the key features for Azure A?D Premium P1 Plan

Answer 25

Self-service group and app management
Self-service password reset (writeback to on-premises)
Two-way synchronization of device objects
Azure MFA
Conditional access based on group, location, and device state
Unlimited SSO apps
Cloud app discovery
Microsoft Identity Manager client access license for complex identity synchronization
Advanced security and usage reports
Azure AD Join features such as:
Mobile device management autoenrollment
Self-service BitLocker Drive Encryption recovery
Add local administrators
Enterprise State Roaming

Question 26

Which Additional features does in Azure AD Premium 2 include?

Answer 26

Azure AD Privileged Identity Management,

Azure AD Identity Protection

Question 27

What is Azure AD Privileged Identity Management?

Answer 27

which enables you to assign administrators as an eligible
admin. When administrators need to perform administrative tasks, they activate administrative
privileges for a predetermined amount of time.

Question 28

What is Azure AD Identity Protection?

Answer 28

which monitors authentication to Azure AD and identifies risks based on
anomalies and suspicious events. Notifications are sent for risk events.

Question 29

What is identity management?

Answer 29

is the process of defining, assigning, and managing administrative roles and access permissions for
user identities

Question 30

Which stages does Identity management passes through?

Answer 30

Provisioning accounts, Managing administrative roles, Assign permissions, and Retire the account.

Question 31

What is Tenants?

Answer 31

Unlike AD DS, Azure AD is multitenant by design, and it is implemented specifically to ensure isolation
between its individual directories. The term tenant in this context refers to an organization that has subscribed to a Microsoft cloud-based service such as Office 365, Intune, or Azure, which uses Azure AD but also includes individual users.

Question 32

What is Directories?

Answer 32

The directory is assigned a default Domain
Name System (DNS) domain name that consists of a unique name of your choice followed by the on microsoft.com suffix. It’s possible and quite common to add at least one custom domain name that uses the
DNS domain namespace that the tenant owns.

Question 33

What is Azure AD Identity Protection?

Answer 33

Azure AD Identity Protection is a Microsoft implementation of identity protection technology for users of
Office 365 and other Microsoft cloud services.

Question 34

Which ability doe Azure AD Identity Protection provides?

Answer 34

Proactively recognize potential security risks and identify vulnerabilities in your organization.
Automatically apply responses and actions when suspicious activity on one or more identities is
detected.
Properly investigate incidents and take actions to resolve them.

Question 35

What does the MDM lifecycle contain?

Answer 35

Enroll, Configure, Protect and retire

Question 36

What happens in the enrollment phase?

Answer 36

In the Enroll phase, devices register with the MDM solution. With Intune, you can enroll both
mobile devices—such as phones—and Windows PCs. When you enroll devices, you can:
● Require users to accept company terms and conditions of use.
● Restrict enrollment to company-owned devices only.
● Require MFA on devices.

Question 37

What does the configure phase contains?

Answer 37

In the Configure phase you help to ensure that the enrolled devices are secure and that
they comply with any configuration or security policies. You can also automate common administra-
tive tasks such as configuring Wi-Fi. You can use policies to:

Configure endpoint security settings (such as configuring BitLocker and Windows Defender
settings).
Configure Windows Information Protection (WIP) to help guard against data loss.
Enable device-compliance policies that can require certain minimal encryption and password
settings, prevent access by rooted devices, and determine a maximum mobile threat defense level.

Question 38

What happens in the protect Phase?

Answer 38

In the Protect phase, the MDM solution provides ongoing monitoring of the settings estab-
lished in the Configure phase. During this phase, you also use the mobile device management
solution to help keep devices compliant through the monitoring and deployment of software updates.

Question 39

What happens in the retire phase?

Answer 39

When a device is no longer needed, when it’s lost, or stolen, or when an employee leaves the
organization, you should help to protect the data on the device. You can remove data by resetting the
device, performing a full wipe, or performing a selective wipe that removes only corporation-owned
data from the device.

Question 40

What is device restriction?

Answer 40

Device restrictions control security, hardware, data sharing, and other settings on
the devices.

Question 41

What does Identity protection do?

Answer 41

Identity protection controls the Windows Hello for Business experience on Windows 10 and Windows 10 Mobile devices. Configure these settings to make Windows Hello for Business available to users and devices, and to specify requirements for device PINs and gestures.
You can also perform a number of actions on enrolled devices, including:

Factory reset
Selective wipe
Delete device
Restart device
Fresh start

Question 42

Why is DLP implementated?

Answer 42

Organizations implemented DLP to overcome the limitations of systems that are based solely on authentication and authorization. A DLP system automatically detects and controls data that should be protected.

Question 43

What is IRM?

Answer 43

Organizations also need to protect data after it leaves the company. To meet this need, you can implement IRM systems that make protection an inherent part of documents.

Question 44

What is Azure Information Protection?

Answer 44

Azure Information Protection is a set of cloud-based technologies that provide classification, labeling,
and data protection. You can use Azure Information Protection to classify, label, and protect data such as
email and documents created in Microsoft Office apps or other supported apps

Question 45

How Azure Information Protection protects data?

Answer 45

When you protect content with AIP, you specify which users or groups have access to the content. You
also specify which actions users or groups can take.To simplify the process of protecting content, you can use rights policy templates or labels in AIP.

Question 46

What is Rights policy templates?

Answer 46

Rights policy templates store the desired content protection settings, including which users have access
to content, and which content restrictions are in place. Typically, rights policy templates are used only in
some specific scenarios, such as Exchange Online transport rules.

Question 47

What are Labels?

Answer 47

AIP, protection templates are associated with labels. Some default labels, such as Personal, Public, and
General, do not have protection configured because the purpose of these labels is to classify the content,
and not to protect it

Question 48

after you complete the AIP activation the following default labels are available

Answer 48

Personal
Public
General
Confidential
Highly Confidential

Question 49

What are AIP policies?

Answer 49

This policy then downloads to computers that have installed the AIP client.

Question 50

Which Compliance features in Microsoft 365?

Answer 50

Office 365 eDiscovery
Office 365 Archiving
Office 365 Auditing

Question 51

What is Office 365 eDiscovery?

Answer 51

Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that
can be used as evidence in legal cases. You can use eDiscovery in Office 365 to search for content in
Exchange Online mailboxes, Office 365 Groups, Microsoft Teams, SharePoint Online and OneDrive for
Business sites, and Skype for Business Online conversations.

Question 52

Which eDiscovery tools does Office 365 provide?

Answer 52

Content Search in the Office 365 Security & Compliance Center
eDiscovery Cases in the Office 365 Security & Compliance Center
Office 365 Advanced eDiscovery

Question 53

What is Office 365 Archiving?

Answer 53

Archiving enables you to comply with these regulations, and lets you store, archive, retain, and discover
data in Exchange Online, SharePoint Online, OneDrive for Business, and Skype for Business Online

Question 54

What is Office 365 Auditing?

Answer 54

With Office 365 Auditing, you can monitor and investigate actions taken on your data, intelligently
identify risks, contain, and respond to threats, and protect valuable intellectual property.

Question 55

What is the Service Trust Portal overview?

Answer 55

This portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices. It also includes independent third-party audit reports of Microsoft’s online services, and information about how our online services can help your organization maintain and track compliance with standards, laws, and regulations such as:

Question 56

What is Compliance Manager Overview?

Answer 56

The Compliance Manager portal helps you to stay compliant with both internal requirements and
well-known security standards. This feature works across Microsoft cloud services to help organizations
meet complex compliance obligations, including:
GDPR
ISO 27001
ISO 27018
NIST 800-53
HIPAA

Question 57

What are the key activities the compliance Manager performs?

Answer 57

Real-time risk assessment.
Actionable insights
Simplified compliance

Question 58

What is Real-time risk assessment?

Answer 58

In the Compliance Manager dashboard you can view a summary of your
compliance posture against the data protection regulatory requirements that are relevant to your
organization, in the context of using Microsoft cloud services. The dashboard provides you with your
compliance score, which helps you make appropriate compliance decisions.

Question 59

What is Actionable insights?

Answer 59

These insights help you understand the responsibility that you and Microsoft
share in meeting compliance standards. For components that Microsoft manages, you can see the
control implementation and testing details, test date, and results. For components that you manage,
you can see recommendations for appropriate actions and guidance on how to implement them.

Question 60

What is Simplified compliance?

Answer 60

Compliance Manager can help you simplify processes to achieve compliance.
It provides control management tools that you can use to assign tasks to your teams. You can also
generate reports instead of collecting information from multiple teams. This tool also enables you to
perform proactive assessments when needed.