SC-900

Question 1

What is the shared responsibility model for Infrastructure as a Service (IaaS)

Answer 1

Provider is responsible for physical security & physical datacenter equipment

Customer is responsible for software components running on the cloud infrastructure. Such as: OS, Network Controls, Applications and protecting data.

Question 2

What is the shared responsibility model for Platform as a Service (PaaS)

Answer 2

Provider is responsible for physical security, datacenter equipment & OS management

Customer is responsible for Applications and Data

Question 3

What is the shared responsibility model for Software as a Service (SaaS)

Answer 3

Provider is responsible for Physical Security, Datacenter Equipment, OS Management, Network Controls & Applications

Customer is responsible for Data, Devices, Accounts and Identities

Question 4

What are the defence in depth layers

Answer 4

Physical - limiting physical access to datacenter

Identity and access - conditional access, such as MFA

Perimeter - Security of corporate network

Network- Network segmentation, network access controls, limit communication between resources.

Compute- secure access to VM’s by closing certain ports

Application- Ensure apps are free of vulnerabilities

Data- Controls to manage access to data and encrypt data

Question 5

What are Zero Trust guiding principles?

Answer 5

Verify Explicitly - Always authenticate and authorize all data requests. Just because the request is coming from a trusted network or device

Least Privileged Access- limit user access with just in time and just enough access to allow user to perform tasks

Assume Breach- segment access by network, user, devices and applications. Use encryption to protect data

Question 6

What are the 6 Pillars of Zero Trust?

Answer 6

Identities may be users or devices. When an Identity tries to access a resource, it must be verified with strong authentication.

Devices- One of the biggest vulnerabilities is through devices. Continual monitoring of devices for health and compliance is critical.

Applications- How data is consumed. All apps need to be tracked.

Data- Needs to be classified, labeled and encrypted

Infrastructure- comprehensive inventory of everything accessing data

Networks- Segmented at all times

Question 7

What are the two types of Encryption and how are they different?

Answer 7

Symmetric- uses the same key to encrypt and decrypt data

Asymmetric uses a public key and private key pair to encrypt and decrypt data

Question 8

What are the 4 pillars of identity infrastructure

Answer 8

Administration- Creation and management of identities for users, devices and services

Authentication- Determine that who someone says they are is who they actually are

Authorization- Determine if a user is allowed to access what they are attempting to access.

Auditing- Tracking who does what, when, where and how and being able to provide reports and alerts.

Question 9

What is an Azure AD Service Principle

Answer 9

Provide an identity for an application. Requires more manual actions.

Question 10

What is an Azure AD Managed Identity

Answer 10

Provide an identity for an application. Manages the creation and automatic renewal of a service principle on your behalf.