Part 1 - Security concepts and methodologies

Question 1

Describe the zero-trust methodology

Answer 1

Zero Trust assumes everything is on an open and untrusted network, even resources behind the firewalls of the corporate network. The Zero Trust model operates on the principle of “trust no one, verify everything.”

Question 2

Describe the three Zero Trust principles

Answer 2

The Zero Trust model has three principles which guide and underpin how security is implemented. These are: verify explicitly, least privilege access, and assume breach.

1. Verify explicitly. Always authenticate and authorize based on the available data points, including user identity, location, device, service or workload, data classification, and anomalies.
2. Least privileged access. Limit user access with just-in-time and just-enough access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity.
3. Assume breach. Segment access by network, user, devices, and application. Use encryption to protect data, and use analytics to get visibility, detect threats, and improve your security.

Question 3

Describe the six Zero Trust pillars

Answer 3

In the Zero Trust model, all elements work together to provide end-to-end security. These six elements are the foundational pillars of the Zero Trust model:

1. Identities may be users, services, or devices. When an identity attempts to access a resource, it must be verified with strong authentication, and follow least privilege access principles.
2. Devices create a large attack surface as data flows from devices to on-premises workloads and the cloud. Monitoring devices for health and compliance is an important aspect of security.
3. Applications are the way that data is consumed. This includes discovering all applications being used, sometimes called Shadow IT because not all applications are managed centrally. This pillar also includes managing permissions and access.
4. Data should be classified, labeled, and encrypted based on its attributes. Security efforts are ultimately about protecting data, and ensuring it remains safe when it leaves devices, applications, infrastructure, and networks that the organization controls.
5. Infrastructure, whether on-premises or cloud based, represents a threat vector. To improve security, you assess for version, configuration, and JIT access, and use telemetry to detect attacks and anomalies. This allows you to automatically block or flag risky behavior and take protective actions.
6. Networks should be segmented, including deeper in-network micro segmentation. Also, real-time threat protection, end-to-end encryption, monitoring, and analytics should be employed.

These six foundational pillars work together with the Zero Trust model to enforce organization security policies.

Question 4

Describe the seven defense in depth layers

Answer 4

1. Physical Security
2. Identity and access
3. Perimeter
4. Network
5. Compute
6. Application
7. Data

Question 5

What is a Dictionary Attack?

Answer 5

A dictionary attack is a type of identity attack where a hacker attempts to steal an identity by trying a large number of known passwords. Each password is automatically tested against a known username. Dictionary attacks are also known as brute force attacks.

Question 6

What is a Ransomware Attack?

Answer 6

Ransomware is a type of malware that encrypts files and folders, preventing access to important files. Ransomware attempts to extort money from victims, usually in the form of cryptocurrencies, in exchange for the decryption key.

Question 7

What is a Disruptive Attack?

Answer 7

A Distributed Denial of Service (DDoS) attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.

Question 8

What is a Trojan?

Answer 8

Trojans are a common type of malware which can’t spread on their own. This means they either have to be downloaded manually or another malware needs to download and install them. Trojans often use the same file names as real and legitimate apps so it’s easy to accidentally download a trojan thinking that it is legitimate.

Question 9

What is a computer worm?

Answer 9

A worm is a type of malware that can copy itself and often spreads through a network by exploiting security vulnerabilities. It can spread through email attachments, text messages, file-sharing programs, social networking sites, network shares, removable drives, and software vulnerabilities.

Question 10

What is the difference between symmetric and asymmetric encryption?

Answer 10

There are two top-level types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt the data. Asymmetric encryption uses a public key and private key pair. Either key can encrypt data, but a single key can’t be used to decrypt encrypted data. To decrypt, you need a paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS), such as the HTTPS protocol, and data signing. Encryption may protect data at rest, or in transit.

Question 11

Describe hashing.

Answer 11

Hashing uses an algorithm to convert the original text to a unique fixed-length hash value. Each time the same text is hashed using the same algorithm, the same hash value is produced. That hash can then be used as a unique identifier of its associated data.

Hashing is different to encryption in that it doesn’t use keys, and the hashed value isn’t subsequently decrypted back to the original.

Hashing is used to store passwords. When a user enters their password, the same algorithm that created the stored hash creates a hash of the entered password. This is compared to the stored hashed version of the password. If they match, the user has entered their password correctly. This is more secure than storing plain text passwords, but hashing algorithms are also known to hackers. Because hash functions are deterministic (the same input produces the same output), hackers can use brute-force dictionary attacks by hashing the passwords. For every matched hash, they know the actual password. To mitigate this risk, passwords are often “salted”. This refers to adding a fixed-length random value to the input of hash functions to create unique hashes for every input. As hackers can’t know the salt value, the hashed passwords are more secure.

Question 12

Describe signing

Answer 12

Signing, using a digital signature, verifies that a message has been sent by the sender, and that the contents haven’t been tampered with. Signing a message doesn’t encrypt or alter the message.

Signing works by creating a digital signature string that can either be sent with the message or transmitted separately. The digital signature is generated by the private key owner and attached to the message. The receiver can then verify that it was created by the key owner, by using the public key. There are two steps involved in creating a digital signature from a message. First, a hash value is created from the message. In the second step, the hash value is signed, using the signer’s private key. At the receiving end, the message is hashed again, and verified against the digital signature, which is decrypted using the public key. If they match, you can be confident that the message is the same one that the signer originally signed, and that it hasn’t been tampered with.

Question 13

Describe the offerings of the Service Trust Portal

Answer 13

The Service Trust Portal provides information, tools, and other resources about Microsoft security, privacy, and compliance practices. Sign in with your Microsoft cloud services account to access all the available documentation.

From the main menu, you access:

Service Trust Portal – home page.

Compliance Manager – measures your progress in completing actions that help reduce risks around data protection and regulatory standards.

Trust Documents – links to a security implementation and design information.

Industries & Regions – contains compliance information about Microsoft Cloud services organized by industry and region.

Trust Center – links to the Microsoft Trust Center, which provides more information about security, compliance, and privacy in the Microsoft Cloud.

Resources – links to resources including information about the features and tools available for data governance and protection in Office 365, the Microsoft Global Datacenters, and Frequently Asked Questions.

My Library – allows you to add documents and resources that are relevant to your organization. Everything is in one place. You can also opt to have email notifications sent when a document is updated, and set the frequency you receive notifications.

Question 14

Describe the six Microsoft privacy principles

Answer 14

The six privacy principles are:

1. Control: Putting you, the customer, in control of your privacy with easy-to-use tools and clear choices.
2. Transparency: Being transparent about data collection and use so that everyone can make informed decisions.
3. Security: Protecting the data that’s entrusted to Microsoft by using strong security and encryption.
4. Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right.
5. No content-based targeting: Not using email, chat, files, or other personal content to target advertising.
6. Benefits to you: When Microsoft does collect data, it’s used to benefit you, the customer, and to make your experiences better.