SC - 900 Exam Questions Flashcards
Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?
A. Microsoft Secure Score
B. Productivity Score
C. Secure score in Azure Security Centre
D. Compliance score
D. Compliance score
The compliance score is the measure that assesses an organization’s progress in completing actions to reduce risks associated with data protection and regulatory standards. It indicates the extent to which an organization adheres to relevant compliance requirements and implements necessary measures to ensure data security and regulatory compliance.
What do you use to provide real-time integration between Azure Sentinel and another security source?
A. Azure AD Connect
B. a Log Analytics workspace
C. Azure Information Protection
D. a connector
D. a connector
To provide real-time integration between Azure Sentinel and another security source, you would typically use a connector. Connectors are used to establish a connection between Azure Sentinel and external systems or security sources. These connectors facilitate the ingestion of security logs and events from various sources into Azure Sentinel for analysis and monitoring.
Connectors are available for a wide range of security solutions, including firewalls, intrusion detection systems (IDS), antivirus systems, identity providers, and more. They enable real-time data ingestion, ensuring that security events and logs from the connected sources are continuously streamed into Azure Sentinel for correlation, threat detection, and response.
Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for
Standardization (ISO)?
A. the Microsoft Endpoint Manager admin centre
B. Azure Cost Management + Billing
C. Microsoft Service Trust Portal
D. the Azure Active Directory admin centre
C. Microsoft Service Trust Portal
The Microsoft Service Trust Portal provides information about how Microsoft cloud services comply with various regulatory standards, including the International Organization for Standardization (ISO). The portal offers a centralized location for customers to access compliance-related documentation, reports, and audit details.
It provides transparency and visibility into Microsoft’s adherence to industry standards and regulations. Customers can review compliance reports, certifications, and other relevant information to understand how Microsoft cloud services meet regulatory requirements and maintain the necessary security and privacy controls.
In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
A. the management of mobile devices
B. the permissions for the user data stored in Azure
C. the creation and management of user accounts
D. the management of the physical hardware
D. the management of the physical hardware
In the shared responsibility model for an Azure deployment, Microsoft is solely responsible for managing the physical hardware. This means that Microsoft is responsible for the maintenance, security, and management of the underlying infrastructure that supports the Azure services.
In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase? Each correct answer presents a complete solution.
A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy
A. Plan & E. Define Strategy
A. Plan: This phase involves creating a comprehensive strategy and roadmap for adopting Azure within an organization. It includes assessing current IT landscapes, defining business and technical goals, identifying migration priorities, and creating an implementation plan.
E. Define Strategy: This phase focuses specifically on defining the organization’s cloud strategy. It involves understanding the business drivers, identifying the desired outcomes, and aligning the cloud strategy with overall business objectives. It sets the foundation for planning and executing the Azure adoption journey.
Phase order:
Strategy
Plan
Ready
Migrate
Innovate
Secure
Manage
Govern
What is an example of encryption at rest?
A. encrypting communications by using a site-to-site VPN
B. encrypting a virtual machine disk
C. accessing a website by using an encrypted HTTPS connection
D. sending an encrypted email
B. encrypting a virtual machine disk
An example of encryption at rest is encrypting a virtual machine disk. Encryption at rest refers to the encryption of data when it is stored or at rest, such as on a disk or storage system. In the case of a virtual machine, the disk that contains the virtual machine’s data can be encrypted to protect the data from unauthorized access. This ensures that even if the physical storage device is compromised, the data remains secure due to encryption.
Which three statements accurately describe the guiding principles of Zero Trust? Each correct answer presents a complete solution.
A. Define the perimeter by physical locations.
B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.
E. Use the network as the primary security boundary.
B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.
B. Use identity as the primary security boundary: Zero Trust emphasizes that identity should be the primary factor in determining access to resources. Instead of relying solely on network-based perimeters, Zero Trust focuses on authenticating and authorizing users based on their identity, regardless of their location or network.
C. Always verify the permissions of a user explicitly: Zero Trust promotes the practice of explicitly verifying and validating user permissions for each access request. This ensures that users are granted access only to the specific resources and privileges they require, and their permissions are continuously evaluated and updated as needed.
D. Always assume that the user system can be breached: Zero Trust adopts the assumption that no device or user system can be fully trusted. It incorporates measures such as continuous monitoring, risk-based authentication, and adaptive access controls to mitigate the potential impact of a compromised device or user.
What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
B. Azure Multi-Factor Authentication (MFA)
C. Azure Active Directory (Azure AD) Identity Protection
D. conditional access policies
A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
To provide a user with a two-hour window to complete an administrative task in Azure, you can utilize Azure Active Directory (Azure AD) Privileged Identity Management (PIM). PIM allows you to assign time-bound, just-in-time administrative access to users, including granting elevated privileges for a specified duration.
With PIM, you can assign a user the necessary administrative role for a specific task or scenario, such as a global administrator role or a specific Azure resource role, and set the time window for that access. Once the specified time period (in this case, two hours) elapses, the elevated privileges are automatically revoked, reducing the potential attack surface and minimizing the risk associated with prolonged administrative access.
In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?
A. Active Directory Federation Services (AD FS)
B. Microsoft Sentinel
C. Azure AD Connect
D. Azure AD Privileged Identity Management (PIM)
C. Azure AD Connect
In a hybrid identity model, you can use Azure AD Connect to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD). Azure AD Connect is a tool provided by Microsoft that facilitates synchronization and integration between an on-premises AD DS environment and Azure AD.
Azure AD Connect enables the synchronization of user accounts, group memberships, and other attributes from on-premises AD DS to Azure AD. This synchronization ensures that identities and their associated attributes are kept up to date in both environments, allowing for a unified identity experience across on-premises and cloud resources.
What is the purpose of Azure Active Directory (Azure AD) Password Protection?
A. to control how often users must change their passwords
B. to identify devices to which users can sign in without using multi-factor authentication (MFA)
C. to encrypt a password by using globally recognized encryption standards
D. to prevent users from using specific words in their passwords
D. to prevent users from using specific words in their passwords
The purpose of Azure Active Directory (Azure AD) Password Protection is to prevent users from using specific words in their passwords. Azure AD Password Protection helps enforce stronger password policies by blocking the use of commonly used and easily guessable passwords. It includes a predefined global banned password list that contains thousands of commonly used passwords, and it can be customized to include additional words specific to an organization’s requirements.
By implementing Azure AD Password Protection, organizations can enhance the security of user accounts by preventing the use of weak or easily guessable passwords. This helps mitigate the risk of unauthorized access to user accounts through password-based attacks.
Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?
A. access reviews
B. managed identities
C. conditional access policies
D. Azure AD Identity Protection
A. access reviews
To evaluate group membership and automatically remove users who no longer require membership in a group, you can use the access reviews feature in Azure Active Directory (Azure AD). Access reviews allow you to periodically assess and review the membership of users in a group, verifying whether their access is still necessary and appropriate.
With access reviews, you can define the scope and duration of the review, select reviewers who will evaluate the membership, and set up notifications and reminders. Reviewers can then assess the membership and make decisions to remove or keep users based on their current requirements.
By leveraging access reviews, organizations can ensure that group memberships are regularly reviewed and adjusted, reducing the risk of granting unnecessary access privileges to users. This helps maintain proper access control and aligns with the principle of least privilege.
Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?
A. conditional access policies
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
D. authentication method policies
C. Azure AD Privileged Identity Management (PIM)
To provide just-in-time (JIT) access to manage Azure resources, you can use Azure AD Privileged Identity Management (PIM). Azure AD PIM allows organizations to assign time-bound, elevated privileges to users for specific administrative tasks or roles. JIT access ensures that users have elevated permissions only when they are needed and for a limited duration, reducing the risk associated with prolonged privileged access.
With Azure AD PIM, you can define privileged roles for managing Azure resources and configure activation policies that require users to request access when they need elevated privileges. The activation process typically involves approval from appropriate stakeholders. Once approved, users are granted temporary access for the specified duration. After the access period elapses, the elevated privileges are automatically revoked.
By implementing Azure AD PIM, organizations can enforce the principle of least privilege and minimize the attack surface for administrative accounts. It adds an additional layer of security and control by providing time-limited, just-in-time access to Azure resources.
Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution.
A. text message (SMS)
B. Microsoft Authenticator app
C. email verification
D. phone call
E. security question
A. text message (SMS)
B. Microsoft Authenticator app
D. phone call
A. text message (SMS): Users can receive a one-time verification code via SMS to their registered mobile phone number. They enter the code to complete the authentication process.
B. Microsoft Authenticator app: Users can use the Microsoft Authenticator app on their mobile devices to receive push notifications for verification. They can simply approve the notification to complete the authentication.
D. phone call: Users can receive an automated phone call to a registered phone number. They must answer the call and follow the instructions to authenticate.
Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?
A. sensitivity label policies
B. Customer Lockbox
C. information barriers
D. Privileged Access Management (PAM)
C. information barriers
To restrict communication and the sharing of information between members of two departments within your organization, you can use the Microsoft 365 feature called “information barriers.” Information barriers enable you to establish policies and controls to prevent certain users or groups from communicating or sharing information with each other.
By implementing information barriers, you can enforce segregation of duties, confidentiality requirements, or compliance regulations that mandate restrictions between specific departments or user groups. This feature helps maintain data privacy, prevent conflicts of interest, and ensure regulatory compliance within your organization.
Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution.
A. fingerprint
B. facial recognition
C. PIN
D. email verification
E. security question
A. fingerprint
B. facial recognition
C. PIN
Windows Hello for Business supports the following three authentication methods:
A. fingerprint: Users can authenticate using their registered fingerprints. This method relies on a fingerprint reader or biometric sensor to verify the user’s identity.
B. facial recognition: Users can authenticate by having their face scanned and matched against a registered facial template. This method utilizes a compatible camera or webcam to capture and analyze the user’s facial features.
C. PIN: Users can authenticate using a personal identification number (PIN). The PIN serves as an alternative to traditional passwords and provides a quick and convenient method for authentication.
You have an Azure subscription. You need to implement approval-based, time-bound role activation.
What should you use?
A. Windows Hello for Business
B. Azure Active Directory (Azure AD) Identity Protection
C. access reviews in Azure Active Directory (Azure AD)
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
To implement approval-based, time-bound role activation in Azure, you should use Azure Active Directory (Azure AD) Privileged Identity Management (PIM). Azure AD PIM provides features and capabilities for managing and controlling privileged access within Azure.
With Azure AD PIM, you can assign time-bound, elevated privileges to users for specific administrative tasks or roles. This implementation involves an approval-based workflow where users request access to privileged roles and designated approvers review and approve those requests. Once approved, users are granted temporary access for the specified duration. After the access period expires, the elevated privileges are automatically revoked.
By utilizing Azure AD PIM, organizations can enforce just-in-time access, reducing the risk associated with prolonged privileged access and ensuring that elevated privileges are granted only when necessary. This helps maintain a strong security posture and follows the principle of least privilege.
When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced? Each correct answer presents a complete solution.
A. All users must authenticate from a registered device.
B. Administrators must always use Azure Multi-Factor Authentication (MFA).
C. Azure Multi-Factor Authentication (MFA) registration is required for all users.
D. All users must authenticate by using passwordless sign-in.
E. All users must authenticate by using Windows Hello.
B. Administrators must always use Azure Multi-Factor Authentication (MFA).
C. Azure Multi-Factor Authentication (MFA) registration is required for all users.
When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, two requirements are enforced:
B. Administrators must always use Azure Multi-Factor Authentication (MFA): This means that administrators, including global administrators and privileged role administrators, are required to use Azure Multi-Factor Authentication (MFA) when authenticating and accessing Azure AD resources. MFA adds an extra layer of security by requiring multiple forms of verification for authentication.
C. Azure Multi-Factor Authentication (MFA) registration is required for all users: This means that all users within the Azure AD tenant are required to complete the registration process for Azure Multi-Factor Authentication (MFA). Users will be prompted to set up MFA and configure additional verification methods during the registration process.
Which type of identity is created when you register an application with Active Directory (Azure AD)?
A. a user account
B. a user-assigned managed identity
C. a system-assigned managed identity
D. a service principal
D. a service principal
When you register an application with Azure Active Directory (Azure AD), it creates a service principal. A service principal represents the application’s identity in Azure AD and allows the application to authenticate and access resources on behalf of itself or other users or services.
Service principals are used for granting permissions and defining access control for the registered application. They can be assigned roles and permissions within Azure resources to perform specific actions. By using the service principal, the application can obtain access tokens and authenticate with Azure AD to access protected resources.
Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection? Each correct answer presents a complete solution.
A. Configure external access for partner organizations.
B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
E. Create and automatically assign sensitivity labels to data.
B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
B. Export risk detection to third-party utilities: Azure AD Identity Protection can export risk detection data to third-party utilities or SIEM systems for further analysis and correlation with other security events.
C. Automate the detection and remediation of identity-based risks: Azure AD Identity Protection uses machine learning algorithms to automatically detect and remediate identity-based risks, such as suspicious sign-in activities or compromised identities.
D. Investigate risks that relate to user authentication: Azure AD Identity Protection provides a dashboard for administrators to investigate and analyse risks related to user authentication, including risky sign-ins and user behaviour.
(Debates the answer is C,D,E)
What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.
A. automated investigation and remediation
B. transport encryption
C. shadow IT detection
D. attack surface reduction
A. automated investigation and remediation
D. attack surface reduction
Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection and endpoint security capabilities. The two capabilities of Microsoft Defender for Endpoint are:
A. Automated investigation and remediation: Microsoft Defender for Endpoint uses artificial intelligence and machine learning algorithms to automatically investigate and respond to security incidents. It can detect and analyse suspicious activities, perform threat hunting, and provide automated remediation actions to contain and mitigate threats. This capability helps reduce the response time and workload for security teams, allowing them to efficiently manage and address security incidents.
D. Attack surface reduction: Microsoft Defender for Endpoint offers attack surface reduction features to minimize the potential vulnerabilities and attack vectors in an organization’s environment. It includes various security controls and configurations that help protect endpoints from known attack techniques. This can include features like application control, exploit protection, network protection, and web content filtering. By reducing the attack surface, organizations can enhance their overall security posture and mitigate the risk of successful attacks.
What feature in Microsoft Defender for Endpoint provides the first line of defence against cyberthreats by reducing the attack surface?
A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection
D. network protection
The feature in Microsoft Defender for Endpoint that provides the first line of defense against cyber threats by reducing the attack surface is network protection.
Network protection is a capability within Microsoft Defender for Endpoint that helps safeguard endpoints by blocking communication with known malicious IP addresses and domains. It uses threat intelligence and reputation-based filtering to identify and block network connections to potentially dangerous or malicious entities. By blocking these connections, network protection helps prevent initial access, command-and-control communication, and data exfiltration attempts by cyberthreats.
Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution.
A. Azure virtual machines
B. Azure Active Directory (Azure AD) users
C. Microsoft Exchange Online inboxes
D. Azure virtual networks
E. Microsoft SharePoint Online sites
A. Azure virtual machines
D. Azure virtual networks
Azure Firewall is a network security service provided by Microsoft Azure. It acts as a fully stateful network-based firewall that allows organizations to control and secure network traffic for resources within Azure. The two types of resources that can be protected using Azure Firewall are:
A. Azure virtual machines: Azure Firewall can be used to protect Azure virtual machines (VMs) by filtering and inspecting network traffic to and from the VMs. It provides network-level security for the virtual machines, controlling access and enforcing security policies.
D. Azure virtual networks: Azure Firewall can also be deployed at the perimeter of an Azure virtual network (VNet) to protect the entire virtual network. It acts as a centralized firewall for the VNet, allowing organizations to define and enforce network security rules for inbound and outbound traffic.
You plan to implement a security strategy and place multiple layers of defence throughout a network infrastructure. Which security methodology does this represent?
A. threat modelling
B. identity as the security perimeter
C. defence in depth
D. the shared responsibility model
C. defence in depth
Défense in depth is a security strategy that involves deploying multiple layers of security controls to protect against various types of threats. By implementing multiple layers, even if one layer is breached, the other layers can provide additional protection and mitigate the risk. This approach aims to provide a more robust and comprehensive security posture.
What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?
A. Microsoft Defender for Office 365
B. Microsoft Defender Antivirus
C. Microsoft Defender for Identity
D. Microsoft Defender for Endpoint
A: Microsoft Defender for Office 365.
Microsoft Defender for Office 365 is a cloud-based email filtering service that provides advanced protection against various email threats, including malware. It includes features such as attachment scanning, link scanning, and real-time protection to detect and block malicious content within email attachments.
By using Microsoft Defender for Office 365, you can configure the attachment scanning feature to automatically scan incoming email attachments for malware. If an attachment is detected as malicious, it can be quarantined or blocked from reaching the intended recipients. On the other hand, if an attachment is deemed safe, it can be forwarded to the recipients without any issues.
Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
A. integration with the Microsoft 365 compliance centre
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks
C. integration with Microsoft 365 Defender
Azure Sentinel is a cloud-native security information and event management (SIEM) solution offered by Microsoft. It provides intelligent security analytics and threat intelligence across an organization’s hybrid cloud and on-premises infrastructure.
Integration with Microsoft 365 Defender allows Azure Sentinel to leverage the threat detection and response capabilities of Microsoft 365 Defender. Microsoft 365 Defender is a comprehensive security solution that provides protection for Microsoft 365 services, including Exchange Online, SharePoint Online, Teams, and more.
By integrating with Microsoft 365 Defender, Azure Sentinel gains access to a wide range of security telemetry and threat intelligence from Microsoft 365 services. This integration enhances the XDR capabilities of Azure Sentinel by enabling correlation of security events and alerts from both on-premises and cloud environments, providing a more holistic view of the organization’s security posture.
What can you use to provide threat detection for Azure SQL Managed Instance?
A. Microsoft Secure Score
B. application security groups
C. Microsoft Defender for Cloud
D. Azure Bastion
C. Microsoft Defender for Cloud
Microsoft Defender for Cloud (formerly known as Azure Security Centre) is a cloud-native security solution that provides threat detection, prevention, and response capabilities for various Azure services, including Azure SQL Managed Instance. It helps protect cloud workloads by providing visibility into security risks and offering recommendations to enhance security posture.
When enabled for Azure SQL Managed Instance, Microsoft Defender for Cloud continuously monitors and analyses network traffic, user activities, and other telemetry data to identify potential threats and security vulnerabilities. It uses advanced analytics and machine learning algorithms to detect anomalies, suspicious behaviour, and known attack patterns.
By leveraging Microsoft Defender for Cloud, you can gain insights into potential threats targeting your Azure SQL Managed Instance, receive alerts for suspicious activities, and take necessary actions to mitigate risks. It helps in protecting your database environment and enhances your overall security posture.
Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
A. network security groups (NSGs)
B. Azure AD Privileged Identity Management (PIM)
C. conditional access policies
D. resource locks
C. conditional access policies
Conditional access policies in Azure AD allow you to define and enforce access controls based on various conditions, such as user roles, device compliance status, network location, and more. With conditional access policies, you can create rules that determine whether a device managed by Microsoft Intune is allowed or denied access to specific corporate resources.
By configuring a conditional access policy, you can require that only compliant devices managed by Microsoft Intune are allowed access to corporate resources such as applications, data, or services. If a device is not enrolled in Intune or does not meet the specified compliance requirements, access can be denied, helping to maintain a secure environment.
What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?
A. Attack simulator
B. Reports
C. Hunting
D. Incidents
B. Reports
The Reports section in the Microsoft 365 Defender portal provides a comprehensive view of security-related data, trends, and insights across various Microsoft 365 services. It offers a range of reports that allow you to analyze and track the protection status of identities, devices, applications, and data within your organization.
Within the Reports section, you can find reports specifically focused on identity-related security information, such as user sign-ins, risky sign-ins, and compromised identities. These reports provide visibility into the activities and security events associated with identities and help you monitor and assess the overall protection status of your organization’s identities.
You have a Microsoft 365 E3 subscription.
You plan to audit user activity by using the unified audit log and Basic Audit
For how long will the audit records be retained?
A. 15 days
B. 30 days
C. 90 days
D. 180 days
C. 90 days
The unified audit log in Microsoft 365 captures a comprehensive set of user and administrator activity across various Microsoft services such as Exchange Online, SharePoint Online, OneDrive for Business, and more. It helps in tracking and investigating security incidents, compliance violations, and user behavior.
By default, the audit records in the unified audit log are retained for 90 days. This means you can access and review the activity logs for a period of up to 90 days. However, it’s important to note that you can extend the retention period by configuring audit log retention policies in Microsoft 365 Security & Compliance Centre. With appropriate configurations, you can retain the audit records for a longer duration, such as 1 year or more.
To which type of resource can Azure Bastion provide secure access?
A. Azure Files
B. Azure SQL Managed Instances
C. Azure virtual machines
D. Azure App Service
C. Azure virtual machines
Azure Bastion is a fully managed platform-as-a-service (PaaS) offering by Azure that allows secure and seamless remote access to Azure virtual machines (VMs) over the internet. It provides a secure web-based console within the Azure portal for accessing VMs without the need for exposing them directly to the public internet or managing public IP addresses.
By using Azure Bastion, you can establish Remote Desktop Protocol (RDP) connections to Windows-based VMs or Secure Shell (SSH) connections to Linux-based VMs through a secure and encrypted channel. This helps protect against common attack vectors, such as port scanning, brute-force attacks, and other vulnerabilities associated with direct internet access to VMs.
What are three uses of Microsoft Cloud App Security? Each correct answer presents a complete solution.
A. to discover and control the use of shadow IT
B. to provide secure connections to Azure virtual machines
C. to protect sensitive information hosted anywhere in the cloud
D. to provide pass-through authentication to on-premises applications
E. to prevent data leaks to noncompliant apps and limit access to regulated data
A,C & E.
A. to discover and control the use of shadow IT.
Cloud App Security helps organizations discover and gain visibility into the cloud services being used within their environment, including unauthorized or unmanaged cloud applications. It enables IT administrators to gain control over the use of these services and implement policies to ensure compliance and security.
C. to protect sensitive information hosted anywhere in the cloud.
Cloud App Security provides data protection capabilities to safeguard sensitive information hosted in various cloud environments. It offers features such as data loss prevention (DLP), which helps prevent the accidental or intentional exposure of sensitive data, and encryption for data-at-rest and data-in-transit.
E. to prevent data leaks to noncompliant apps and limit access to regulated data.
Cloud App Security helps organizations prevent data leaks by identifying and restricting access to noncompliant applications. It provides granular controls to enforce policies that limit access to regulated data, ensuring that sensitive information is accessed and used only by authorized users and within compliant applications.
You need to connect to an Azure virtual machine by using Azure Bastion.
What should you use?
A. PowerShell remoting
B. the Azure portal
C. the Remote Desktop Connection client
D. an SSH client
B: the Azure portal.
Azure Bastion is a fully managed service by Azure that provides secure and seamless RDP (Remote Desktop Protocol) and SSH (Secure Shell) access to Azure virtual machines over the internet. It eliminates the need for exposing virtual machines to the public internet or managing public IP addresses for each virtual machine.
By using Azure Bastion through the Azure portal, you can securely access your virtual machine without exposing it directly to the internet or relying on other remote access methods.
Which service includes the Attack simulation training feature?
A. Microsoft Defender for Cloud Apps
B. Microsoft Defender for Identity
C. Microsoft Defender for SQL
D. Microsoft Defender for Office 365
D. Microsoft Defender for Office 365
Attack simulation training in Microsoft Defender for Office 365 Plan 2 or Microsoft 365 E5 lets you run benign cyberattack simulations in your organization. These simulations test your security policies and practices, as well as train your employees to increase their awareness and decrease their susceptibility to attacks.
Which type of alert can you manage from the Microsoft 365 Defender portal?
A. Microsoft Defender for Storage
B. Microsoft Defender for SQL
C. Microsoft Defender for Endpoint
D. Microsoft Defender for IoT
C. Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides protection, detection, investigation, and response capabilities for endpoints such as Windows, macOS, Linux, and mobile devices. It helps organizations defend against advanced threats, detect suspicious activities, and respond effectively to security incidents.
From the Microsoft 365 Defender portal, you can manage and monitor alerts generated by Microsoft Defender for Endpoint. These alerts can include indicators of compromise, security vulnerabilities, suspicious behaviour, or known attack patterns detected on the endpoints within your organization. The portal allows you to view, investigate, and respond to these alerts to mitigate potential security risks.
In the Microsoft 365 Defender portal, an incident is a collection of correlated:
A. alerts
B. events
C. vulnerabilities
D. Microsoft Secure Score improvement actions
A: alerts.
An incident is created when multiple alerts are correlated and grouped together based on common attributes and contextual information. Alerts within the Microsoft 365 Defender portal represent individual security events or observations that indicate potential threats or suspicious activities. These alerts are generated by various security solutions and services across the Microsoft 365 ecosystem, such as Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Defender for Identity.
By correlating and grouping related alerts, the Microsoft 365 Defender portal creates an incident to provide a holistic view of a potential security event or breach. Incidents help security analysts to better understand the scope and impact of an incident, investigate related alerts collectively, and coordinate their response to mitigate the threat.
You have implemented Microsoft Purview data loss prevention (DLP) in your organization. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
DLP is a way to protect sensitive information and prevent its inadvertent disclosure. [Yes or No]
DLP policies protect content through the enforcement of rules that consist of conditions, actions and locations.
[Yes or No]
DLP capabilities can be implemented in Microsoft Teams messages in private channels. [Yes or No]
YES TO ALL
Microsoft Purview data loss prevention (DLP) is a way to protect sensitive information and prevent its inadvertent disclosure. DLP allows you to set policies to identify, monitor, and protect sensitive items across a multitude of resources including Microsoft 365 services such as Microsoft Teams, SharePoint, and OneDrive; Microsoft Office applications such as Word, Excel, and PowerPoint; Windows 10, Windows 11 and macOS endpoints; non-Microsoft cloud apps and on-premises file shares; and on-premises SharePoint.
DLP policies protect content through the enforcement of rules that consist of:
- Conditions that the content must match before the rule can be enforced.
- Actions that the admin wants the rule to take automatically when content that matches the conditions has been matched.
- Locations where the policy will be applied, such as Exchange, SharePoint, OneDrive, and more.
DLP capabilities can be implemented in Microsoft Teams messages in private channels. DLP capabilities have been extended to Microsoft Teams chat and channel messages, including messages in private channels. With DLP, administrators can define policies that prevent users from sharing sensitive information in a Teams chat session or channel, whether it is in a message or a file.
Which two Microsoft Defender for Office 365 tools require Microsoft Defender for Office 365 Plan 2? Each correct answer presents part of the solution.
Threat Trackers
Attack Simulator
Safe Attachments
Anti-phishing protection
Safe Links
Threat Trackers & Attack Simulator
Threat Trackers and Attack Simulator require Microsoft Defender for Office 365 Plan 2. Threat Trackers provide the most recent information on cybersecurity issues, and Attack Simulator lets you identify vulnerabilities by running realistic attack scenarios. Office 365 Plan 2 also provides support for Threat Explorer and Automated investigation and response (AIR). Office 365 Plan 2 is included with an Office 365 E5 subscription.
Support for Safe Attachments, Anti-phishing protection, and Safe Links is included with Microsoft Defender for Office 365 Plan 1. Office 365 Plan 1 also supports real-time detections and protection for SharePoint, OneDrive, and Microsoft Teams by identifying and blocking malicious files. Office 365 Plan 1 is included with Office 365 E3 subscriptions or it can be purchased separately as an add-on to other Office 365 subscriptions.
All features supported by Defender for Office 365 Plan 1 are also supported by Defender for Office 365 Plan 2.
Your company is researching information about Microsoft Cloud services features that can be used to address specific requirements relating to the General Data Protection Regulation (GDPR). Which Microsoft Service Trust Portal feature should you use to retrieve this information?
Industries & Regions
Certifications, Regulations and Standards
Microsoft Purview Compliance Manager
My Library
Certifications, Regulations and Standards
The Certifications, Regulations and Standards feature in the Microsoft Service Trust Portal provides information about how Microsoft Cloud services align with various compliance frameworks, regulations, and standards, including the General Data Protection Regulation (GDPR). It offers detailed documentation and resources that can help organizations understand how Microsoft’s services meet the requirements of GDPR and other relevant regulations.
By accessing this feature, your company can retrieve specific information about how Microsoft Cloud services address GDPR requirements and ensure compliance with data protection regulations.
Which Azure solution can enforce geo-compliance requirements for the Azure resources you deploy?
Azure Front Door
Azure role-based access control (RBAC)
Azure Bastion
Azure Policy
Azure Policy
Azure Policy is the Azure solution that can enforce geo-compliance requirements for the Azure resources you deploy. Azure Policy is a service that allows you to create, assign, and enforce policies across your Azure environment. These policies help ensure compliance with specific rules and regulations, including geo-compliance requirements.
With Azure Policy, you can define policies that specify the allowed geolocation or data residency requirements for your Azure resources. These policies can be applied at the subscription, resource group, or individual resource level. When a policy is enforced, Azure will automatically evaluate the deployed resources against the defined policy and take action to ensure compliance.
By using Azure Policy, you can enforce geo-compliance requirements and have greater control over the geographical location where your Azure resources are deployed, helping you meet your specific data residency and compliance needs.
Select the answer that correctly completes the sentence.
_________________ provides a common user identity for authentication and authorization to all resources, irrespective of their location.
Hashing
Hybrid Identity
Multi-factor authentication
Hybrid Identity.
Hybrid Identity provides a common user identity for authentication and authorization to all resources, irrespective of their location. Hybrid Identity is a concept and set of technologies that allow organizations to integrate on-premises Active Directory environments with cloud-based identity and access management solutions, such as Azure Active Directory (Azure AD).
By implementing Hybrid Identity, organizations can establish a unified identity infrastructure that enables users to authenticate and access resources across both on-premises and cloud environments using a single set of credentials. This helps provide a seamless and consistent authentication and authorization experience, regardless of where the resources are located.
You have implemented an Azure AD Multi-Factor Authentication (MFA) verification for one of your applications. Which three forms of verification can be used with Azure AD MFA?
Voice call
OATH tokens
PIN number
MMS
SMS
Voice call, OATH tokens & SMS
Voice call: Users can receive a phone call where they will be prompted to approve or deny the authentication request.
OATH tokens: This refers to the use of hardware or software tokens that follow the OATH (Initiative for Open Authentication) standards. These tokens generate one-time passcodes that users can enter to complete the authentication process.
SMS: Users can receive a text message containing a verification code that they need to enter to complete the authentication.
The following additional forms of verification can be used with Azure AD MFA:
Microsoft Authenticator app
Windows Hello for Business
FIDO2 security key
OATH tokens
SMS
Voice call
You are implementing security for your cloud solution.
Which service should you use for each requirement? To answer, drag the appropriate service to each requirement. A service may be used once, more than once, or not at all.
To sanction and unsanction apps in your cloud
To detect threats in Windows 10 computers
To identify malicious insider actions directed at your
organization
[Defender for endpoint]
[Defender for cloud apps]
[Defender for Identity]
To sanction and unsanction apps in your cloud - [Defender for cloud apps]
To detect threats in Windows 10 computers - [Defender for endpoint]
To identify malicious insider actions directed at your
organization - [Defender for Identity]
You should use Microsoft Defender for Cloud Apps to sanction or unsanction apps in your organization by using the Cloud apps catalog. Defender for Cloud Apps is a cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
You should use Microsoft Defender for Endpoint, formerly Microsoft Defender Advanced Threat Protection, to protect devices including Windows 10 computers on your network. Microsoft Defender for Endpoint prevents, detects, investigates, and responds to advanced threats using technology built into Windows 10 and Azure cloud services.
You should use Microsoft Defender for Identity, formerly Azure Advanced Threat Protection (Azure ATP) to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
A company plans to use Azure AD business-to-business (B2B) collaboration to give users from a partner organization access to Azure resources. What type of identity should you create to configure and manage access?
A device identity for each external user’s device
A guest account in the partner organization
A device identity in the partner organization
A guest user identity for each external user
A guest user identity for each external user
When using Azure AD business-to-business (B2B) collaboration, you should create a guest user identity for each external user. This allows you to provide access to Azure resources for users from a partner organization while maintaining control over their access and permissions. Guest user identities are created in your own Azure AD tenant and provide a secure and manageable way to grant access to external users without requiring them to have a separate account in their own organization.
Your organization wants to use a combination of domains, organizational units and groups to delegate administrative rights to on-premises network resources. Which identity provider should you use to achieve this goal?
Azure AD
Google federation
Active Directory (AD)
Facebook federation
Active Directory (AD)
To achieve the goal of delegating administrative rights to on-premises network resources using a combination of domains, organizational units, and groups, you should use Active Directory (AD) as the identity provider. Active Directory is a directory service provided by Microsoft for Windows-based networks and allows for centralized management of users, groups, and resources in an on-premises environment. With Active Directory, you can create and manage domains, organizational units (OUs), and groups to define administrative roles and permissions, granting specific access rights to different resources based on your organizational needs. Azure AD, on the other hand, is a cloud-based identity and access management service provided by Microsoft, primarily designed for managing access to cloud-based resources and applications. While Azure AD can integrate with Active Directory, for the specific requirement of delegating administrative rights to on-premises network resources, Active Directory would be the appropriate choice.
Select the most appropriate option to complete each of the three statements.
_______________ is designed to deliver enhanced security detection and response capabilities across an organization’s domain.
_______________ receives input from an organization’s security monitoring systems to define and drive specific response activities.
_______________ consolidates data from an organization’s IT environment, conducts real-time monitoring, establishes correlation between events, and generates security alerts and notifications.
[Extender detection and response (XDR)]
[Security orchestration automated response (SOAR)]
[Security incident and event management (SIEM)]
- [Extender detection and response (XDR)]
- [Security orchestration automated response (SOAR)]
- [Security incident and event management (SIEM)]
Extender detection and response (XDR) is designed to deliver enhanced security detection and response capabilities across an organization’s domain.
Security orchestration automated response (SOAR) receives input from an organization’s security monitoring systems to define and drive specific response activities.
Security incident and event management (SIEM) consolidates data from an organization’s IT environment, conducts real-time monitoring, establishes correlation between events, and generates security alerts and notifications.
Select the answer that correctly completes the sentence.
_____________ is a feature of Azure AD that provides an extra layer of security before allowing authenticated users to access data by analysing signals.
[Multi-factor authentication]
[Conditional Access]
[Azure AD RBAC]
[Conditional Access]
Conditional Access is a feature of Azure AD that provides an extra layer of security before allowing authenticated users to access data by analysing signals.
Conditional Access is a feature in Azure Active Directory (Azure AD) that allows organizations to apply additional security measures and control access to their resources based on specific conditions. It enables administrators to define policies that evaluate signals such as user location, device health, and risk levels before granting access to sensitive data or applications.
By implementing Conditional Access policies, organizations can enforce multi-factor authentication, require device compliance checks, restrict access based on network location, and apply other security controls. This helps ensure that only authorized and trusted users can access valuable resources, reducing the risk of unauthorized access and data breaches.
Overall, Conditional Access enhances the security posture of an organization by adding an extra layer of protection and allowing fine-grained control over access to critical assets.
Your organization is implementing the Azure AD Free edition. Which FIVE of the following subscriptions include Azure AD Free edition? Each correct answer presents part of the solution.
Power Platform
Intune
Office 365
Dynamics 365
Azure
Xbox Game Pass Ultimate
Microsoft Teams
Power Platform
Intune
Office 365
Dynamics 365
Azure
Azure AD is available in four editions: Free, Office 365 Apps, Premium P1 and Premium P2. The Free edition is included with subscriptions to Office 365, Azure, Dynamics 365, Intune, and Power Platform.
Microsoft Teams and Microsoft Xbox Game Pass Ultimate subscriptions do not include Azure AD Free edition.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
A newly created network security group denies all inbound traffic from the internet. [Yes or No]
A network security group can filter inbound traffic based on its IP address and port number. [Yes or No]
Network security groups can only filter inbound traffic.
[Yes or No]
A newly created network security group denies all inbound traffic from the internet. [Yes]
A network security group can filter inbound traffic based on its IP address and port number. [Yes]
Network security groups can only filter inbound traffic.
[No]
A newly created network security group (NSG) in Azure, by default, denies all inbound traffic from the internet. This means that no incoming traffic from the internet will be allowed unless specific rules are configured to permit it.
A network security group can indeed filter inbound traffic based on its IP address and port number. NSGs allow you to define inbound security rules that specify the source IP addresses, source ports, destination IP addresses, destination ports, and protocols for incoming traffic. These rules determine which traffic is allowed or denied based on these criteria.
However, network security groups are not limited to filtering inbound traffic only. They can also be used to control outbound traffic from virtual machines or subnets within Azure. By defining outbound security rules, you can control which traffic is allowed to leave the virtual network based on similar criteria such as source IP addresses, source ports, destination IP addresses, destination ports, and protocols.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Microsoft Defender for Identity protects on-premises Active Directory (AD) users. [Yes or No]
Microsoft Defender for Identity protects cloud-only Azure AD users. [Yes or No]
Microsoft Defender for Identity can detect on-premises attacks on AD Federation Services (AD FS). [Yes or No]
Microsoft Defender for Identity protects on-premises Active Directory (AD) users. [Yes]
Microsoft Defender for Identity protects cloud-only Azure AD users. [No]
Microsoft Defender for Identity can detect on-premises attacks on AD Federation Services (AD FS). [Yes]
Microsoft Defender for Identity (formerly Azure ATP) protects on-premises Active Directory (AD) users, so the statement “Microsoft Defender for Identity protects on-premises Active Directory (AD) users” is true (Yes).
Microsoft Defender for Identity does not directly protect cloud-only Azure AD users. It focuses on detecting and responding to attacks targeting on-premises AD infrastructure. Therefore, the statement “Microsoft Defender for Identity protects cloud-only Azure AD users” is false (No).
Microsoft Defender for Identity can indeed detect attacks on AD Federation Services (AD FS), which is commonly used for single sign-on (SSO) in hybrid environments. It monitors and analyses AD FS traffic to detect suspicious activities and potential attacks. Therefore, the statement “Microsoft Defender for Identity can detect on-premises attacks on AD Federation Services (AD FS)” is true (Yes).
You have implemented Azure AD Password Protection in your organization. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Custom banned password lists in Password Protection are a feature of Azure AD Premium 1 or 2. [Yes or No]
Brand names are excluded from the custom banned password list. [Yes or No]
Admins can integrate Azure AD Password Protection within an on-premises Active Directory environment. [Yes or No]
Custom banned password lists in Password Protection are a feature of Azure AD Premium 1 or 2. [Yes]
Brand names are excluded from the custom banned password list. [No]
Admins can integrate Azure AD Password Protection within an on-premises Active Directory environment. [Yes]
Custom banned password lists in Azure AD Password Protection are indeed a feature of Azure AD Premium 1 or 2, so the statement “Custom banned password lists in Password Protection are a feature of Azure AD Premium 1 or 2” is true (Yes).
Brand names are not automatically excluded from the custom banned password list. The customization of the banned password list is up to the organization’s administrators. Therefore, the statement “Brand names are excluded from the custom banned password list” is false (No).
Admins can integrate Azure AD Password Protection within an on-premises Active Directory environment. By installing a component in the on-premises environment, the global banned password list and custom password protection policies can be received and utilized. Hence, the statement “Admins can integrate Azure AD Password Protection within an on-premises Active Directory environment” is true (Yes).
Your company wants to research security baselines for the Azure platform based on best practices developed by Microsoft’s cybersecurity group and the Centre for Internet Security (CIS). Where can this information be found?
Cloud security posture management (CSPM)
Microsoft Defender for Cloud
Microsoft cloud security benchmark (MCSB)
Microsoft Purview compliance portal
Microsoft cloud security benchmark (MCSB)
The MCSB provides comprehensive guidance and recommendations for securing Azure resources and aligning with industry best practices. It covers various aspects of Azure security and can be a valuable resource for organizations looking to enhance their security posture on the Azure platform.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Sensitivity labels can be applied to content in third-party apps and services. [Yes or No]
The Files and emails scope for sensitivity labels is disabled by default. [Yes or No]
You can apply multiple sensitivity labels to an item.
[Yes or No]
Sensitivity labels can be applied to content in third-party apps and services. [Yes]
The Files and emails scope for sensitivity labels is disabled by default. [No]
You can apply multiple sensitivity labels to an item.
[No]
Sensitivity labels can be applied to content in third-party apps and services. By using Microsoft Defender for Cloud Apps, you can label content in third-party apps and services, even if they do not read or support sensitivity labels by design.
The Files and emails scope for sensitivity labels is not disabled by default. The Files & emails scope is enabled by default. Two other scope options, Groups & sites and Microsoft Purview assets (preview), are enabled by default only if you configure their settings explicitly on the tenant level.
You cannot apply multiple sensitivity labels to an item. An item, such as an Office document, email, or SharePoint site can have only one sensitivity label applied to it.
For each signal, identify whether it is used by Azure Identity Protection to calculate sign-in risk or user risk. To answer, choose sign-in risk or user risk.
Sign-in from a malware-linked IP address
Atypical travel
Sign-in from anonymous IP address
Leaked credentials
Password spray
Sign-in from a malware-linked IP address = [sign-in risk]
Atypical travel = [sign-in risk]
Sign-in from anonymous IP address = [sign-in risk]
Leaked credentials = [user risk]
Password spray = [sign-in risk]
Identity Protection calculates and categorizes risks as sign-in risk, and user identity risk.
Sign-in risk is the probability that the sign-in was not performed by the user. It can be calculated both in real time or calculated offline using Microsoft’s threat intelligence sources. Identity Protection in Azure AD is able to identify following types of sign-in risks:
Signing in from a malware-linked IP address indicates signing in from a potentially hazardous location and usually indicates a stolen identity
Atypical travel is when a user signs in from an atypical location based on the user’s recent activity
Anonymous IP addresses indicate a sign-in from an anonymous IP address. This could be signing in from a Tor browser or anonymized VPNs
A password spray attack is an attack against multiple user identities using common passwords and indicates that multiple user identities have been compromised
A user risk represents the probability that a given identity or account is compromised. It is usually calculated offline using Microsoft’s threat intelligence sources. Identity Protection in Azure AD is able to identify following types of user identity risks:
Leaked credentials is based on an indication that the user credentials have been compromised
Other signals used to calculate user risk are unfamiliar sign-in properties of Azure AD threat intelligence. Azure AD threat intelligence identifies known treat patterns based on Microsoft’s internal and external threat intelligence sources. Identity Protection provides reports on risky users, risky sign-ins, and risk detections. Events should be investigated to identify any weak points in your security strategy and then take actions to remediate any risks.
What is the primary security perimeter in a modern hybrid network environment?
Identity
VPN gateway
Application gateway
On-premises network security
Identity
In a modern hybrid network environment, the primary security perimeter is focused on securing identities. With the increasing adoption of cloud services and the integration of on-premises and cloud resources, identity becomes a critical factor in establishing secure access and protecting resources. By implementing strong identity and access management practices, organizations can ensure that only authorized users have access to their network and resources, regardless of the location or type of infrastructure being used.
Your company is using Microsoft Defender for Cloud to help to protect Azure resources across multiple subscriptions. You want to extend Microsoft Defender protections to servers operating in public clouds other than Azure (for example Amazon Web Services EC2 instances) and to provide unified security management across hybrid cloud workloads. What should you do first?
Enable the Defender for Servers plan in Microsoft Defender for Cloud.
Configure the appropriate open ports on Azure Firewall.
Create a Log Analytics workspace.
Deploy and configure Microsoft 365 Defender.
Enable the Defender for Servers plan in Microsoft Defender for Cloud.
By enabling the Defender for Servers plan in Microsoft Defender for Cloud, you can extend the protection to servers operating in public clouds other than Azure, such as Amazon Web Services (AWS) EC2 instances. This plan allows you to centrally manage and monitor the security of your hybrid cloud workloads, providing unified security management across different cloud environments. It enables you to apply security policies, monitor security events, and respond to threats effectively.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure Bastion can provide Remote Desktop protocol (RDP) connectivity to an Azure virtual machine (VM). [Yes or No]
Azure Bastion requires a public IP on an Azure VM.
[Yes or No]
You connect to Azure Bastion via an SSH connection to your Linux VMs directly through the Azure portal. [Yes or No]
Azure Bastion can provide Remote Desktop protocol (RDP) connectivity to an Azure virtual machine (VM). [Yes]
Azure Bastion requires a public IP on an Azure VM.
[No]
You connect to Azure Bastion via an SSH connection to your Linux VMs directly through the Azure portal. [Yes]
Azure Bastion can provide RDP connectivity to an Azure VM directly in the Azure portal. It can also provide Secure Shell (SSH) connectivity.
Azure Bastion does not require a public IP on an Azure VM. Azure Bastion establishes RDP/SSH connection using the private IP of your Azure VMs. Therefore, you do not need to expose the VMs publicly to the internet.
You connect to Azure Bastion via an SSH connection to your Linux VMs directly through the Azure portal. When you use Azure Bastion, your VMs do not require a client, agent, or additional software. When connecting to a Linux virtual machine using SSH, you can use both username/password and SSH keys for authentication.
What is the minimum Azure AD edition needed to support multi-factor authentication (MFA), conditional access, and privileged identity management (PIM)?
Azure AD Premium P2
Azure AD Free
Azure AD Premium P1
Office 365 Apps
Azure AD Premium P2
Azure AD Premium P2 is the minimum edition required to support multi-factor authentication (MFA), conditional access, and privileged identity management (PIM). MFA adds an extra layer of security, conditional access provides granular control over resource access, and PIM helps manage privileged access. Subscribing to Azure AD Premium P2 enables organizations to enhance security and control in their Azure AD environment.
What statement best describes the concept of data residency?
Trust no one, verify everything.
Data, particularly personal data, is subject to the laws and regulations of the country/region in which it is physically collected, held, or processed.
The collection, processing, usage, and sharing of personal data should be a transparent process and are fundamental principles of privacy laws and regulations.
Regulations that govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally.
Regulations that govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally.
Data residency refers to the regulations that govern the physical locations where data can be stored and how and when it can be transferred, processed, or accessed internationally.
Trust no one, verify everything describes the Zero Trust model. Zero Trust is a security strategy.
Data sovereignty is the concept that data, particularly personal data, is subject to the laws and regulations of the country/region in which it is physically collected, held, or processed.
Data privacy refers to the fact that the collection, processing, usage and sharing of personal data should be a transparent process and are fundamental principles of privacy laws and regulations.
Your organization synchronizes on-premises Active Directory (AD) accounts to Azure using Azure AD Connect. You want to implement a hybrid identity solution.
Which authentication method should you use for each requirement? To answer, drag the appropriate authentication method to each requirement. An authentication method may be used once, more than once, or not at all.
Authenticate on-premises accounts in the cloud even when on- premises AD is not available.
Validate users with AD by redirecting cloud authentication requests to on- premises software agent(s).
Delegate authentication from Azure AD to on-premises Active Directory Federation Services (ADFS).
[Federated authentication]
[Pass-through authentication]
[Password hash synchronization]
Authenticate on-premises accounts in the cloud even when on-premises AD is not available. = [Password hash synchronization]
Validate users with AD by redirecting cloud authentication requests to on-premises software agent(s). = [Pass-through authentication]
Delegate authentication from Azure AD to on-premises Active Directory Federation Services (ADFS). = [Federated authentication]
You should use password hash synchronization to authenticate on-premises accounts in the cloud even when on-premises AD is not available.
With password hash synchronization, the password hash is synchronized between AD and Azure AD allowing on-premises users to authenticate directly with Azure AD to access cloud applications even when on-premises AD infrastructure itself is not available.
You should use pass-through authentication to validate users with AD by redirecting cloud authentication requests to on-premises software agent(s). With pass-through authentication, end user’s password validation always happens on-premises. This authentication method requires the deployment of additional software agents on the selected on-premises servers.
You should use federated authentication to delegate authentication from Azure AD to on-premises Active Directory Federation Services (ADFS). With federated authentication, Azure AD redirects authentication requests to ADFS or similar trusted authentication systems. Federated authentication requires additional efforts and overhead with setup and management of ADFS farm. At the same time, it enables advanced features not supported by Azure AD, like the sign-in with smart cards.
Which service provides action-driven automated responses to security threats across your organization?
Microsoft Sentinel
Azure Blueprints
Azure Bastion
Azure Policy
Microsoft Sentinel
Microsoft Sentinel provides action-driven automated responses to security threats across your organization. A security orchestration automated response (SOAR) system takes alerts from many sources, such as a security incident and event management (SIEM) system. The SOAR system then triggers action-driven automated workflows and processes to run security tasks that mitigate the issue. Microsoft Sentinel combines both SIEM and SOAR capabilities.
Azure Bastion is a service that provides secure connection to Azure Virtual Machines (VMs) without requiring a public IP address.
Azure Blueprints enable you to define a standardized set of Azure resources for a workload. Blueprints can then be used to deploy resources to meet your organization’s requirements.
Azure Policy helps enforce standards and assess compliance of Azure resources across your organization. Azure Policy is not used for responding to security threats.
You have implemented Azure AD role-based access control (RBAC) in your organization.
Which two of the following are built-in Azure AD RBAC roles? Each correct answer presents a complete solution.
Billing administrator
User Access administrator
Contributor
Global administrator
Billing administrator & Global administrator
Azure AD roles allow you to control permissions to manage Azure AD resources. Azure AD supports two types of roles: built-in and custom. Role-based access control (RBAC) refers to the process of managing access using roles in Azure. Azure AD built-in and custom roles are a form of RBAC as Azure AD roles control access to Azure AD resources.
Within Azure AD RBAC, built-in roles come with a fixed set of permissions, which include:
- Global administrator - users with this role have access to all administrative features in Azure AD.
- User administrator - users with this role can create and manage all aspects of users and groups.
- Billing administrator - users with this role can make purchases, manage subscriptions and support tickets, and monitor service health, etc.
You can see the list of Azure AD roles on the Roles and administrators blade in the Azure portal.
Contributor and User Access administrator are examples of Azure roles. There are four fundamental Azure roles, which include:
Owner, Contributor, Reader, and User Access administrator.
These are not Azure AD RBAC roles. It is important to note the difference between Azure roles and Azure AD RBAC. Azure roles are mainly targeted towards managing access to Azure resources; whereas, Azure AD RBAC is mainly targeted towards managing access to Azure AD resources. It is important to note that Azure roles are also sometimes referred to as Azure RBAC, which is different to Azure AD RBAC, as explained above.
Which tool provides a secure score by continually assessing your organization’s Azure, hybrid, and multi-cloud resources?
Cloud security posture management (CSPM)
Microsoft Defender for Cloud
Microsoft cloud security benchmark
Microsoft Sentinel
Microsoft Defender for Cloud
Microsoft Defender for Cloud provides a secure score by continually assessing your organization’s Azure, hybrid, and multi-cloud resources. Microsoft Defender for Cloud is a tool which provides security posture management and threat protection for organizations. It provides threat protection for all organizational resources hosted in Azure, hybrid, and other cloud platforms. The central feature in Microsoft Defender for Cloud that enables you to achieve your organizational security goals is secure score. Microsoft Defender for Cloud includes a range of advanced intelligent protections for your workloads, which come in the form of plans, e.g., Microsoft Defender for servers, Microsoft Defender for App Service, Microsoft Defender for Storage, Microsoft Defender for SQL, Microsoft Defender for Kubernetes, Microsoft Defender for container registries, Microsoft Defender for Key Vault, etc.
Microsoft cloud security benchmark (MCSB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure. This benchmark is part of a set of holistic security guidance that also includes Cloud Adoption Framework, Azure Well-Architected Framework, Microsoft Security Best Practices, and Microsoft Cybersecurity Reference Architectures (MCRA).
Microsoft Sentinel provides security information event management (SIEM) and security orchestration automated response (SOAR) security insights and security automation that can enhance an organization’s threat visibility and response. Microsoft Sentinel is a scalable, cloud native SIEM/SOAR solution that delivers intelligent security analytics and threat intelligence across the enterprise.
Cloud security posture management (CSPM) is a set of tools that are focused on improving your organization’s cloud security posture and improving its return on investment (ROI). CSPM uses a combination of tools and services, including Zero Trust-based access control, Real-time risk scoring, Threat and vulnerability management (TVM), and Threat modelling systems and architectures.
Select the answers that correctly complete the sentences.
______________ is the process through which you prove who you say you are.
______________ is the process of granting an identity the permission to do something.
[Authentication]
[Authorisation]
Authentication is the process through which you prove who you say you are.
Authorisation is the process of granting an identity the permission to do something.
Authentication is the process through which you prove who you say you are. Traditionally, the primary method for authentication was verification of a username and password. Other authentication methods have come into use, including requiring multiple authentication methods through multi-factor authentication (MFA) and the use of passwordless authentication methods such as the Microsoft Authenticator app and Windows Hello.
Authorization is the process of granting an identity the permission to do something. An identity such as a user account is first authenticated to gain access and then authorized to set the level of access to identify which resources are accessible. Features such as Conditional Access and role-based access control (RBAC) let you manage and apply authorization.
An Azure AD user named User22 must be able to create and manage users and groups, including guest users; manage support tickets; monitor service health; and change passwords for users and Helpdesk administrators.
Following the principle of least privilege, which Azure AD role-based access control (RBAC) role should you add User22 to?
Security administrator
User administrator
Global administrator
Password administrator
User administrator
You should add User22 to the User Administrator role. This role grants the permissions required by the scenario. The only additional ability that is granted but not listed in the scenario is the ability to change passwords for other User Administrators. With the exception of Helpdesk Administrator and User Administrator passwords, User Administrators cannot change administrator passwords.
The Global Administrator role would grant the user more rights than required by the scenario. Members of this role can access all Azure AD management features, including user management features. Members of this role can also assign RBAC roles to other users and reset passwords for any users, including administrative users.
The Password Administrator role are limited to changing passwords for users and Password Administrators. Members cannot change passwords for other administrators.
The Security Administrator role are able to read security information and reports. They can also manage configurations in Azure AD and Office 365. The role does not meet the rights requirements in the scenario.
Which security process verifies that you are who you say you are?
Authentication
Encryption
Hashing
Authorization
Authentication
Authentication is a security process that verifies that you are who you say you are. The most common type of authentication is the use of a username and password combinations. Multi-factor authentication (MFA) may require the use of different authentication methods: something that you know (for example, by asking you for a password), something that you have (for example, by calling or sending a text message to your mobile phone) and something that you are (for example, by checking your biometrics).
Authorization is a security process of granting somebody or something access to specific resources. Authorization permission may define the level of access, duration, etc. Security systems typically authenticate users or devices first before authorizing their access to resources.
Encryption is a security process that encodes data to protect its confidentiality. Encryption may use the same symmetric key for both encryption and decryption operations or use a pair of a private and public keys to perform encryption/decryption operations asymmetrically.
Hashing is a security operation that can use mathematical functions or algorithms to map source data to a fixed-size value. You can use it, for example, to generate a hash for your file. Recipients of that file can then use the same hashing algorithm to compare it with the original hash value as a proof that the file was not tampered with while in transit.
Azure AD roles control access to Azure AD resources such as users, groups, and applications using ______________
[Azure CLI]
[Azure Graph API]
[Azure Resource Management]
Azure Graph API
Azure AD roles control access to Azure AD resources such as users, groups, and applications using Azure Graph API.
Azure AD roles control access to Azure AD resources such as users, groups, and applications using the Graph API. When determining access, the user first acquires a token to the Microsoft Graph or Azure AD Graph endpoint. Using the token, the user makes an API call to Azure AD via Microsoft Graph or Azure AD Graph. Azure AD uses this to evaluate the user’s role membership or retrieve their applicable role assignments.
Azure roles control access to Azure resources such as virtual machines (VMs) or storage using Azure Resource Management and the Representational State Transfer (REST) API. Requests are managed through HTTP request message header fields.
The Azure command line interface (Azure CLI) is not used by Azure AD roles to control access. Azure CLI is the Azure environment’s command line interface through which you can run management commands.
______________ actions have the greatest impact on your Compliance Manager compliance score.
[Corrective discretionary]
[Corrective mandatory]
[Preventative discretionary]
[Preventative mandatory]
Preventative mandatory actions have the greatest impact on your Compliance Manager compliance score.
Preventative mandatory actions have the greatest impact on your Compliance Manager compliance score. The values assigned to actions in Compliance Manager are:
Preventative mandatory - 27 points
Preventative discretionary - 9 points
Detective mandatory - 3 points
Detective discretionary - 1 points
Corrective mandatory - 3 points
Corrective discretionary - 1 points
Mandatory actions are actions that cannot be bypassed. Actions, such as setting a centrally managed password policy or requiring multi-factor authentication (MFA), are examples of mandatory actions.
Discretionary actions depend on users understanding and choosing to adhere to a policy. Requiring users to place their computers in Sleep mode any time they leave their desk is an example of a discretionary action.
Preventative actions are actions that directly address a specific risk. They can be actions implemented through technical controls, such as data encryption, or through policy, such as implementing separation of duties.
Detective actions are actions that actively monitor systems to detect irregular conditions or risky behaviour, such as system access auditing.
Corrective actions are designed to minimize the risk from a security incident. You would take a corrective action to minimize the immediate effect of an incident and attempt to reverse any damage or adverse conditions.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Insider risk management provides a triage capability.
[Yes or No]
With insider risk management, you can enable forensic evidence capturing for offline devices. [Yes or No]
Insider risk management automatically generates cases for the medium and high severity alerts. [Yes or No]
Insider risk management provides a triage capability.
[Yes]
With insider risk management, you can enable forensic evidence capturing for offline devices. [Yes]
Insider risk management automatically generates cases for the medium and high severity alerts. [No]
Insider risk management provides a triage capability. When new alerts with a Need review status are generated, reviewers are able to review them to dismiss, resolve by opening a new case or assign to one of the existing cases.
With insider risk management, you can enable forensic evidence capturing for offline devices. As a prerequisite, target devices should be onboarded into the Microsoft Purview compliance portal and they must also have the Microsoft Purview client application installed. The organization can then enable forensic evidence capturing for both online and offline devices.
Insider risk management does not automatically generate cases for the medium and high severity alerts. Reviewers create cases manually when they decide that the raised alerts require further action; for example, assignment for a deeper investigation. Each case is focused on a single user, although a case may have several alerts assigned.
_____________ provides a current snapshot of the items that have a sensitivity label, that have a retention label, or that have been classified as a sensitive information type.
[Activity Explorer]
[Azure Data Explorer]
[Content Explorer]
Content Explorer provides a current snapshot of the items that have a sensitivity label, that have a retention label, or that have been classified as a sensitive information type.
Content explorer provides a current snapshot of the items that have a sensitivity label, that have a retention label, or that have been classified as a sensitive information type. The content explorer is available as a tab in the Microsoft Purview compliance portal. You can use it for content that was tagged in your organization with a specific sensitivity or retention label, or that is considered to be sensitive because it contains credit card or bank account numbers.
Activity explorer helps you to monitor and understand what is being done with your labelled sensitive content. Activity explorer can gather information from various audit logs to monitor sensitivity label activities, retention label activities, Azure Information Protection (AIP) scanner, AIP clients and data loss prevention (DLP) policy matches events.
Azure Data Explorer is a managed data analytics service that can collect, store and process large volumes of data in near real time. You can use Azure Data Explorer to get insights, identify patterns and forecast trends on data streamed from applications, web sites, IoT (Internet of Things) devices and other sources.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Conditional Access policies can be applied to external users.
[Yes or No]
Conditional Access policies can be applied to user groups.
[Yes or No]
Conditional Access policies are enforced before first-factor authentication is completed. [Yes or No]
Conditional Access policies can be applied to external users.
[Yes]
Conditional Access policies can be applied to user groups.
[Yes]
Conditional Access policies are enforced before first-factor authentication is completed. [No]
Conditional Access policies can be applied to external users. In the Conditional Access policy settings, you can choose the All guests and external users option, which will enforce it to any B2B guest account or user with the value guest in their user type attribute.
Conditional Access policies can be applied to user groups. In the Conditional Access policy settings, you can choose the Users and groups option and assign the policy to the relevant Azure AD dynamic, distribution, or security groups.
Conditional Access policies are not enforced before first-factor authentication is completed. Conditional Access policies can help you to enforce multi-factor authentication (MFA); for example, when users try to access specific applications or sign in from certain locations. However, Conditional Access policies are enforced after first-factor authentication is completed, when the user identity is verified.
Select the most appropriate option to complete the statement.
________________ is used to collect data from multiple sources and perform analysis to look for correlations or anomalies and to generate alerts and incidents.
[A SIEM]
[A SOAR]
[A XDR]
A security information and event management (SIEM) system is used to collect data from multiple sources and perform analysis to look for correlations or anomalies and to generate alerts and incidents. SIEM security solutions are designed to proactively recognize potential security threats and vulnerabilities.
A security orchestration automated response (SOAR) system receives alerts from various sources, including SIEM systems and it uses the alerts to trigger automated processes and workflows to run security tasks designed to mitigate the security issue resulting in the alert.
Microsoft Sentinel is Microsoft’s cloud-native SIEM/SOAR security solution.
An extended detection and response (XDR) system is designed to deliver integrated automated security across an organization’s domain. XDR security systems help prevent, detect, and respond to threats. Microsoft Defender for Cloud and Microsoft 365 Defender both support XDR capabilities.
You implement Azure AD Entitlement Management and access reviews features in your organization. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Entitlement management is a feature of identity governance. [Yes or No]
Entitlement management is a part of Azure AD Premium 1 and Premium 2 editions. [Yes or No]
Azure AD access reviews can be used to review and manage access for both users and guests. [Yes or No]
Entitlement management is a feature of identity governance. [Yes]
Entitlement management is a part of Azure AD Premium 1 and Premium 2 editions. [No]
Azure AD access reviews can be used to review and manage access for both users and guests. [Yes]
Azure AD Entitlement management is an identity governance feature that enables organizations to manage the identity and access lifecycle to a set of resources. This set of resources could be group memberships, SharePoint online sites, or organizational and technical roles for users, both within and outside of your organization. With this specific feature, you can choose to automate approval workflows, access requests, and also manage the entire lifecycle for a specific user.
Entitlement management is a feature of Azure AD Premium P2 only.
Azure AD access reviews enable organizations to efficiently manage group memberships and access enterprise applications and role assignment. Access reviews can be used to review and manage access for both internal and guest user accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Active Directory (AD) is a set of directory services that connect users with the on-premises network resources.
[Yes or No]
AD provides a special class of identity to manage external identities. [Yes or No]
AD supports Software-as-a-Service (SaaS) apps natively.
[Yes or No]
Active Directory (AD) is a set of directory services that connect users with the on-premises network resources.
[Yes]
AD provides a special class of identity to manage external identities. [No]
AD supports Software-as-a-Service (SaaS) apps natively.
[No]
Active Directory (AD) is a set of directory services that connect users with the on-premises network resources. AD consists of different directory services such as Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), Active Directory Certificate Services (AD CS) and others. It was designed for on-premises domain-based networks and it contains information about users and devices, their credentials and defined access to the relevant network resources.
AD does not provide a special class of identity to manage external identities. AD administrators create external users in AD as regular users, typically in a dedicated AD forest. To simplify the management of external identities, a special class of identity was enabled in Azure AD.
AD does not support Software-as-a-Service (SaaS) apps natively. The integration of SaaS apps with AD requires the use of additional federation systems such as Active Directory Federation Services (ADFS). Azure AD, in contrast, provides better integration with SaaS apps supporting OAuth2, SAML and WS-Security authentication.
In the shared responsibility model, for which three areas does the customer organization always retain responsibility? Each correct answer presents part of the solution.
Mobile and PC devices
Physical network
Operating system
Information and data
Accounts and identities
Applications
Mobile and PC devices
Information and data
Accounts and identities
Under the shared responsibility model, the customer organization is always responsible for:
*Accounts and identities
*Information and data
*Mobile and PC devices.
The shared responsibility model defines responsibilities based on where the workload is hosted and includes:
*Software as a Service (SaaS)
*Platform as a Service (PaaS)
*Infrastructure as a Service (IaaS)
*On-premises.
With SaaS, the service is hosted and managed by the cloud provider. The customer takes sole responsibility for accounts and identities, information and data, and mobile and PC devices. The customer and cloud provider share responsibility for identity and directory infrastructure.
PaaS is designed to provide the customer organization with an environment for building, testing, and deploying software applications. Customer responsibilities include all those for SaaS plus shared responsibility for applications and network controls.
In IaaS, the cloud provider maintains and manages the physical infrastructure, with all other responsibilities falling on the customer organization. In addition to the customer responsibilities under SaaS, the customer also takes full responsibility for identity and directory infrastructure, applications, network controls, and operating system. Cloud provider responsibilities include physical hosts, physical datacentres, and the physical network.
Under the on-premises model, the customer is responsible for all hosting, management, and maintenance activities.
You are implementing identity for your organization and need to build an identity infrastructure.
What should you use to manage identities and control how they access resources? To answer, drag the appropriate capability to each requirement. A capability may be used once, more than once, or not at all.
Specify what data you are allowed to access.
Prove that you are who you say you are.
Track who does what, where and how.
[Authentication]
[Authorisation]
[Auditing]
[Federation]
Specify what data you are allowed to access. [Authorisation]
Prove that you are who you say you are. [Authentication]
Track who does what, where and how. [Auditing]
You should use authorization to specify what data an identity can access. Authorization determines the level of access to data and the functionality an authenticated identity has within the application or service. Authorization is sometimes shortened to AuthZ.
You should use authentication for an identity to prove that they are who they say they are. Authentication is the process of proving that you are who you say you are by providing information to validate you and match you to a user account in the system. Authentication is sometimes shortened to AuthN.
You should use auditing to track who does what, when, where, and how. Auditing captures access about users who perform actions and when they perform those actions. Auditing includes in-depth reporting, alerts, and governance of identities.
You should not use federation. Federation enables the access of services across organizational boundaries by establishing trust relationships between the identify providers of the two organizations. Federation uses the authentication of the trusted party to access the resources of the other party.
Most items in an Exchange Online shared mailbox should be kept for one year for legal reasons and they should then be automatically deleted. A few items should be kept for five years and then deleted. What should you use?
Retention labels
Sensitivity label policy
Sensitivity labels
Retention policy
Retention labels
You should use retention labels to configure the retention period and delete status for items in a container such as an Exchange Online mailbox. Retention labels are applied to individual items and you should use them when you need to specify different retention periods for items in the same container. There are restrictions when using retention labels with Exchange Online. The mailbox must contain at least 10 MB of data before you can publish a label to the mailbox. It can take up to seven days before labels appear as available to use after they have been published.
You should not use a retention policy. A retention policy is used to apply the same retention settings at the site or mailbox level. Items in the site or mailbox inherit the retention settings and the same settings are applied to all items. This does not meet the requirements.
You should not use sensitivity labels or a sensitivity policy. Sensitivity labels are not used to set retention settings. You can use sensitivity labels to:
Encrypt email only or email and documents
Mark content with headers, footers, and (for documents only) watermarks
Apply a label automatically or prompt users to apply a recommended label
Mark the content by controlling access to the container
Extend sensitivity labels to third-party apps and services
Classify content without adding protection settings
Sensitivity label policies are used to publish labels to make them available to users and group. You can also use label policy to automatically apply a default label or require users to apply a label.
A company with a hybrid network is implementing security changes to improve the company’s security profile based on a layered approach with:
*Physical security
*Identity and access
*Perimeter controls
*Network segmentation and controls
*Application security
*Data security
What is this an example of?
A. Defense in depth
B. Role-based access control
C. Shared responsibility
D. Principle of least privilege
A. Défense in depth
This security model is a classic example of defense in depth. Defense in depth is based on a layered security model that discourages attacks and slows the advance of an attack. Security is modeled around overlapping security perimeters, each providing a specific implementation of security and controls. Each layer is designed to provide additional protections if the layer above is breached.
This is not an example of role-based access control (RBAC), though RBAC would likely be used to meet some of the configuration requirements. RBAC is designed to help you manage who has access to resources and what level of access they are allowed.
This is not an example of shared responsibility. Shared responsibility is a model describing the customer organization and cloud provider responsibilities based on where a workload is hosted. It defines responsibilities for:
*Software as a Service (SaaS)
*Platform as a Service (PaaS)
*Infrastructure as a Service (IaaS)
*On-premises.
This is not an example of the principle of least privilege (POLP). The principle of least privilege defines granting only the level of access necessary to complete a task or for a user to do their job. You would probably want to follow the principle of least privilege when implementing your defence in depth changes.
You are trying to implement a real-time encryption and decryption of your organizational Azure SQL Database.
Which Azure Encryption strategy should you choose?
Azure Disk Encryption
Azure Storage Service Encryption
Azure Key Vault
Transparent Data Encryption
Transparent Data Encryption
You should use Transparent data encryption (TDE). TDE helps to protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity. TDE allows real-time encryption and decryption of the database, associated backups, and transaction log files at rest. TDE does not require any development changes to the application. TDE performs real-time I/O encryption and decryption of the data at the page level, where each page is decrypted when it is read into memory and then encrypted before being written to disk.
Azure Storage Service Encryption helps to protect data at rest by automatically encrypting before persisting it to Azure-managed disks, Azure Blob Storage, Azure Files, or Azure Queue Storage, and it decrypts the data before retrieval. It does not cater to encryption of Azure SQL Database.
Azure Disk Encryption helps you encrypt Windows and Linux IaaS virtual machine disks. It does not cater to encryption of Azure SQL Database.
Azure Key Vault is not an Azure Encryption / Decryption strategy. Rather, Azure Key Vault is a centralized cloud service for storing your application secrets. But Azure Key Vault is useful for storing tokens, passwords, certificates, Application Programming Interface (API) keys, and other secrets.
Select the most appropriate option to complete the statement.
_________________ provides recommendations to reduce risks around data protection and regulatory standards.
[Microsoft 365 admin centre]
[Microsoft defender for endpoint]
[Microsoft Purview compliance portal]
Microsoft Purview compliance portal provides recommendations to reduce risks around data protection and regulatory standards.
Microsoft Purview compliance portal provides recommendations to reduce risks around data protection and regulatory standards. This portal allows you to assess your organization’s compliance posture using a risk-based score, get recommendations, and measure progress in achieving data protection and regulatory compliance. It also provides various solutions and tools (policies, alerts, reports) to meet your potential compliance needs.
Microsoft 365 admin center does not provide recommendations to reduce risks around data protection and regulatory standards. It is a portal that allows you to manage your Microsoft 365 subscriptions. You can use it to set up and manage users and groups, keep track of the health and upcoming changes to Microsoft 365 services, set up billing, and raise support service requests.
Microsoft Defender for Endpoint does not provide recommendations to reduce risks around data protection and regulatory standards. It is a portal that provides you with access to the Microsoft Defender for Endpoint functionality. You can use it to review alerts generated for your corporate devices and users, assess your organization’s security posture, and get recommendations on how to address software vulnerabilities and protect exposed devices.
Your organization provides services to competing customers. To meet regulatory requirements, you need to restrict communication between specific groups of your users in Microsoft Teams and SharePoint Online. What should you do?
Deploy Web Application Firewall (WAF).
Configure information barriers.
Enforce organizational standards via Azure Policy.
Integrate Microsoft Teams with Microsoft Sentinel.
Configure information barriers.
You should configure information barriers. Microsoft Purview information barriers can help to restrict communication and collaboration among specific groups of users in order to safeguard customer information and avoid conflicts of interests. Information barrier policies can be applied to Microsoft Teams, SharePoint Online and OneDrive for Business communications.
You should not deploy WAF. WAF can be deployed with Azure Front Door, Azure Application Gateway and Azure Content Delivery Network (CDN) services to protect your web applications from common exploits and vulnerabilities.
You should not enforce organizational standards via Azure Policy. Azure policies can enforce defined rules for your Azure resources; for example, to use only specific tiers of selected resources and only in allowed geographical regions, or to ensure that organizational Azure resources have consistently applied taxonomic tags.
You should not integrate Microsoft Teams with Microsoft Sentinel. Integration with Microsoft Sentinel enables threat hunting in Teams logs or real-time monitoring and detection of suspicious behavior. However, Microsoft Sentinel cannot restrict communication between certain groups of Teams users to meet regulatory requirements.
Select the answer that correctly completes the sentence.
_____________ enables authorized users to access data and makes data unusable to unauthorized users.
[Encryption]
[Hashing]
[Signing]
[Zero-Trust]
Encryption enables authorized users to access data and makes data unusable to unauthorized users.
Encryption enables authorized users to access data and makes data unusable to unauthorized users. To use or read encrypted data, it must be decrypted, which requires the use of a secret key. Data can be encrypted both at rest and in transit.
Hashing converts text to a unique value. Hashing means that the data cannot be decrypted and read. Hashing is commonly used to store and compare passwords. Hashing does not allow an authorized user to read data.
Signing creates a digital signature to verify that a message has not been tampered with and the content altered. Signing does not allow an authorized user to read the message.
Zero Trust assumes everything is on an open and untrusted network and that unauthorized users will not have access to data. The Zero Trust model operates on the principle of “trust no one, verify everything”. Zero Trust alone does not allow an authorized user to read data.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
With B2B direct connect, external users can log in with their social media accounts. [Yes or No]
The B2C sign-in page can be customized with the company branding. [Yes or No]
B2B collaboration users are typically created as guest users.
[Yes or No]
With B2B direct connect, external users can log in with their social media accounts. [No]
The B2C sign-in page can be customized with the company branding. [Yes]
B2B collaboration users are typically created as guest users.
[Yes]
(B2B - Business to business)
(B2C - Business to customer)
With B2B direct connect, external users cannot log in with their social media accounts. B2B direct connect requires the setup of a mutual trust relationship between two organizations’ Azure AD tenants. External users then log in and collaborate using their Azure AD work or school accounts.
The B2C sign-in page can be customized with the company branding. Azure AD B2C supports the branding and customization of the user interface, which allows you to change the banner logo, the background image and background color on Sign In and Sign Up pages.
B2B collaboration users are typically created as guest users. After accepting host organization’s invitation, B2B collaboration users are typically represented in Azure AD as guest users. They can then be added to the same groups as internal users to access Microsoft or organization’s custom applications.
Which two action types can be tracked by the Microsoft Purview Compliance Manager?
Your improvement actions
ApiConnection
Microsoft actions
Execute JavaScript Code
Your improvement actions
Microsoft actions
Microsoft actions and your improvement actions are the action types that can be tracked by the Microsoft Purview Compliance Manager. Microsoft actions are managed by Microsoft as a cloud service provider, while your improvement actions are managed by your organization. Completion of those actions is counted and reflected in your organization’s overall compliance score.
Microsoft Purview Compliance Manager cannot track ApiConnection or Execute JavaScript Code action types. These action types are specific to Azure Logic Apps. The ExecuteJavaScript Code action can be used to run JavaScript code snippets, and the ApiConnection action can call different Microsoft-managed connectors and APIs.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Microsoft Defender can be used to protect on-premises solutions. [Yes or No]
Microsoft Defender can be used to protect solutions in Amazon Web Services (AWS) and Google Cloud Platform (GCP) clouds. [Yes or No]
You need a Qualys license to enable vulnerability scanning in Microsoft Defender. [Yes or No]
Microsoft Defender can be used to protect on-premises solutions. [Yes]
Microsoft Defender can be used to protect solutions in Amazon Web Services (AWS) and Google Cloud Platform (GCP) clouds. [Yes]
You need a Qualys license to enable vulnerability scanning in Microsoft Defender. [No]
Microsoft Defender can be used to protect on-premises solutions. Microsoft Defender can also be used to protect solutions in Amazon Web Services (AWS) and Google Cloud Platform (GCP) clouds. To extend the capabilities of Microsoft Defender to the hybrid environment, you need to deploy Azure Arc first. Azure Arc enabled servers become Azure resources and they can therefore be monitored and protected by the Microsoft Defender service.
You do not need a Qualys license to enable vulnerability scanning in Microsoft Defender. Microsoft Defender for Servers includes a free vulnerability assessment solution powered by Qualys and you do not need to buy any additional licenses or set up a Qualys account to use it.
What should you use to provide just-in-time (JIT) access to your resources in Azure?
Access reviews
Multi-factor authentication (MFA)
Privileged Identity Management (PIM)
Identity Protection
Privileged Identity Management (PIM)
You should use Privileged Identity Management (PIM). Azure AD PIM can be used to provide JIT access to your resources.
Identity Protection is used for securing identities in Azure AD. It does not provide access to resources.
MFA is used to add an extra level of authentication during the entire authentication process in Azure AD. It does not provide access to resources.
Azure AD access reviews check that the right users have the right access to resources.
Select the most appropriate option to complete the statement.
__________________ is the fundamental building block for your organization’s private network in Azure which enables organizations to segment their networks.
[Azure Network Security Groups]
[Azure Virtual Network (VNet)]
[Azure Bastion]
Azure Virtual Network (VNet) is the fundamental building block for your organization’s private network in Azure which enables organizations to segment their networks.
Azure Virtual Network (VNet) is the fundamental building block for your organization’s private network in Azure. VNet is similar to a traditional network that you would operate in your own data center but it brings with it additional benefits of Azure’s infrastructure. Azure VNet is important since it allows organizations to leverage network segmentation in Azure. Network segmentation supports the Zero Trust model and implements a layered approach to security that is part of a defense-in-depth strategy. VNet allows further layers of network segmentation by permitting users to create multiple VNets per region per Azure subscription, and smaller layers called subnets could be created within each VNet.
Azure Network Security groups (NSGs) let you filter network traffic to and from Azure resources in an Azure virtual network (VNet). An NSG consists of rules that define how the traffic should be filtered. You can associate only one NSG to each VNet subnet and network interface in a virtual machine (VM). The same network security group, however, can be associated to as many different subnets and network interfaces as you choose.
Azure Bastion is a service that allows you to connect to a virtual machine (VM) using your browser and the Azure portal. The Azure Bastion service is a platform as a service (PaaS) that you provision inside your VNet. Azure Bastion provides secure and seamless RDP and SSH connectivity to your virtual machines directly from the Azure portal using Transport Layer Security (TLS).
Which action or activity represents a guiding principle of Zero Trust?
Being transparent about data collection
Using hashes to store passwords
Limiting user access with just in time (JIT) access
Using the shared responsibility model
Limiting user access with just in time (JIT) access
Limiting user access with just-in-time (JIT) access represents a guiding principle of Zero Trust. Using least privileged access is one of the guiding principles of Zero Trust. Limiting user access with just-in-time (JIT) and just-enough-access (JEA) is part of implementing a Zero Trust policy.
Using hashes to store passwords does not represent a guiding principle of Zero Trust. Hash is a unique fixed-lengths value generated from a source data, for example password, by the relevant hashing algorithm. Algorithm always generates the same hash for the same input text. This mechanism allows password verification without storing them in plain text.
Being transparent about data collection does not represent a guiding principle of Zero Trust. Transparency is one of Microsoft’s privacy principles and it is not part of the Zero Trust model.
Using the shared responsibility model does not represent a guiding principle of Zero Trust. The shared responsibility model deals with which security tasks are handled by the cloud provider and which tasks are handled by you. It is not part of the Zero Trust model.
To answer, drag the appropriate Microsoft privacy principle to its description. A privacy principle may be used once, more than once, or not at all.
We will be transparent about data collection and use so you can make informed decisions.
We protect your data with strong security and encryption.
We will not use your email, chat, files, or other personal content to target ads at you.
[No content-based targeting]
[Security]
[Transparency]
We will be transparent about data collection and use so you can make informed decisions. [Transparency]
We protect your data with strong security and encryption.
[Security]
We will not use your email, chat, files, or other personal content to target ads at you. [No content-based targeting]
According to the Transparency privacy principle, Microsoft will be transparent about data collection and use so that the customer can make informed decisions. Microsoft will clearly indicate what data will be collected and at what stage, so that customers have visibility and understanding of the process. Customers can also explicitly deny or allow data collection operations.
According to the Security privacy principle, Microsoft protects its customers’ data with strong security and encryption. Many Microsoft cloud resources, for example storage and databases, already have encryption enabled by default. Customers may use strong encryption keys generated by Microsoft or provide their own.
According to the No content-based targeting privacy principle, Microsoft will not use customer email, chat, files, or other personal content to target ads at customers. The privacy of customers’ personal data will be respected and the content itself will not be mined or monetized to push targeted ads.
Which two types of attacks can be mitigated by Azure Distributed Denial of Service (DDoS) Protection?
Cross-site scripting (XSS)
Protocol attacks
Phishing
SQL injection attacks
Volumetric attacks
Protocol attacks
Volumetric attacks
The Azure DDoS Protection service can help to defend your resources in Azure virtual networks (VNets) against DDoS attacks. It can mitigate three types of attacks: protocol attacks, volumetric attacks and resource (application) layer attacks.
A Protocol attacks is when hackers attempt to disrupt services by exploiting weaknesses in the layer 3 (network) and layer 4 (transport) protocols. Azure DDoS Protection mitigates this attack by analysing and differentiating traffic in order to let legitimate traffic through and block malicious traffic.
A Volumetric attack is the most common type of DDoS attack and this is when a target solution is overwhelmed by seemingly legitimate traffic; for example, with a high volume of DNS response traffic from compromised DNS servers. Azure DDoS mitigates volumetric attacks using auto-scalability to absorb and scrub multi-gigabyte traffic.
The Azure DDoS Protection service cannot defend against XSS, phishing or SQL injection attacks.
With XSS, hackers inject malicious scripts into legitimate web sites. Compromised web sites are then manipulated to send those scripts to visiting web site users.
With phishing, hackers send fraudulent texts or emails to trick a victim into revealing their personal information, passwords or financial details relating to credit cards or bank accounts. To spot a phishing attack, it is recommended to check the sender details, look for vague or misspelled wording, and avoid opening any links and disclosing personal details.
During a SQL injection attack, hackers insert malicious SQL commands into an input field of a target solution. To prevent SQL injection attacks, user-provided input should be pre-processed and validated, without direct processing by an internal SQL engine.
What should you use to see an historical view of what is being done with content labels, such as labels being applied or changed?
Content explorer
Compliance score
Azure secure score
Activity explorer
Activity explorer
You should use activity explorer to see a historical view of what is being done with content labels. Activity explorer provides detailed information about sensitivity label activities, retention label activities, Azure Information Protection (AIP) protection activity, and data loss prevention (DLP) policy matches events, including endpoint data loss prevention. There is a limitation for Exchange Online: sensitivity label activity is included, but retention label activity is not.
You should not use content explorer. Content explorer provides a snapshot view of items that have a sensitivity label, retention label, or those that are classified as sensitive information. Content explorer also lets you read the contents of scanned files.
You should not use the compliance score. The compliance score is provided as a tool to help measure your progress as you complete improvement actions within controls. Compliance score does not provide detailed information about label usage.
You should not use Azure secure score. Azure secure score helps you identify your security profile and track your progress in securing your environment. The total secure score is based on the current score for all controls divided by the total maximum score for all controls, expressed as a percentage.
Select the most appropriate option to complete the statement.
_________________ is a unified endpoint for preventative protection, post breach detection, automated investigation, and response.
[Microsoft Defender for Cloud Apps]
[Microsoft Defender for Office 365]
[Microsoft Defender for Endpoint]
Microsoft Defender for Endpoint is a unified endpoint for preventative protection, post breach detection, automated investigation, and response.
Microsoft Defender for Office 365 is designed to protect against malicious threats posed by e-mail messages, URLs, and collaboration tools, including Microsoft Teams, SharePoint Online, OneDrive for Business, and other Office clients.
Microsoft Defender for Cloud Apps is a cloud access security broker (CASB). This is a comprehensive cross-software as a service (SaaS) solution that operates as an intermediary between a cloud user and the cloud provider.
Select the answer that correctly completes the sentence.
____________________ can be configured to require approval to activate just-in-time, time-bound access to Azure AD, Azure, and Microsoft online resources.
[Conditional access]
[Identity Protection]
[Privileged Identity Management]
Privileged Identity Management can be configured to require approval to activate just-in-time, time-bound access to Azure AD, Azure, and Microsoft online resources.
Privileged Identity Management (PIM) can be configured to require approval to activate just-in-time, time-bound access to Azure AD, Azure, and other Microsoft online resources. It gives you a way to monitor, manage, and control access to resources. You can configure access to resources by assigning Azure AD roles. User must request approval for roles that require activation. You can set start and end times for access.
Conditional Access does not meet these requirements. Conditional Access is a feature of Azure AD that applies an extra layer of security before allowing authenticated users to access Azure AD assets such as data and applications. Conditional Access analyses signals such as user, device, and location to make policy decisions.
Identity Protection does not meet these requirements. Identity Protection is designed to automate the detection and remediation of identity-based risks. It can also export risk detection data to third-party tools for additional analysis. Identity Protection can identify sign-in risk, the risk that the sign-in was not performed by the user, user risk, and the risk that a user’s identity has been compromised.
What should you enable in order to allow external guest access for users in your partner organizations so that they can use their own identities and are not required to sign in again?
B2C access management
B2B collaboration
Conditional Access
Hybrid identities
B2B collaboration
You should use B2B collaboration. Business-to-Business (B2B) collaboration allows you to share your apps and resources with external users. B2B collaboration allows external users to access your resources using their own credentials.
You should not use B2C access management. Business-to-Customer (B2C) is an identity management solution for consumer and customer-facing apps. B2C allows external users to sign in with their preferred social, enterprise, or local account identities to get single sign-on to your applications.
Conditional Access uses signals from the user and their device to control access to your organization’s resources. Conditional Access is for all identities, not just external identities.
Hybrid identities are identities managed on-premises in Active Directory that are synchronized to the cloud with Azure AD. Hybrid identities allow access to on-premises and cloud resources. Hybrid identities are not used for external identities. B2B collaboration can be added to a hybrid environment.
You want to continuously analyse the security status of your Azure resources for network security best practices. What should you use?
Microsoft Defender for Cloud
Azure Monitor
Microsoft cloud security benchmark
Microsoft Defender for Cloud
You should use Microsoft Defender for Cloud. A network map is provided with Microsoft Defender for Cloud as a way to continuously monitor your network security status, including network topology, node connections, and node configuration.
You should not use Microsoft cloud security benchmark (MCSB). MCSB provides recommendations for best practices and recommendations to help improve the security of data, services, and workloads. It provides security baselines based on best practices developed by Microsoft’s cybersecurity group and the Center for Internet Security (CIS). MCSB provides recommendations and instructions but it does not include the tools to apply the controls.
You should not use Azure Monitor. Azure Monitor is designed to collect, analyze, and act on telemetry from your cloud and on-premises environments. The information collected is used to help you determine how well your applications are performing and proactively identify potential issues.
Select the most appropriate option to complete the statement.
________________ can restrict communication and collaboration among specific groups of users to avoid a conflict of interest.
[Insider risk Management]
[Information Barriers]
[Privileged access Management
Information Barriers can restrict communication and collaboration among specific groups of users to avoid a conflict of interest.
You can define and apply information barrier policies to prevent unauthorized communication and collaboration between certain user groups via Microsoft Teams, SharePoint Online, and OneDrive for Business.
Insider risk management cannot restrict communication and collaboration among specific groups of users to avoid a conflict of interest. It can be used to minimize internal risks through the detection, investigation, and mitigation of intentional and unintentional breaches of your organization’s insider policies. It can help you to minimize or avoid risks of sensitive data leaks, intellectual property theft, insider trading, and fraud.
Privileged access management cannot restrict communication and collaboration among specific groups of users to avoid a conflict of interest. It enables granular access control over privileged administrative tasks in Office 365. It helps you to replace constant admin access privileges with just-in-time elevated access permissions.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
There are two basic-level types of encryption: symmetric and asymmetric. [Yes or No]
Symmetric encryption uses two different keys to encrypt and decrypt the data. [Yes or No]
Asymmetric encryption uses a public key and private key pair. [Yes or No]
There are two basic-level types of encryption: symmetric and asymmetric. [Yes]
Symmetric encryption uses two different keys to encrypt and decrypt the data. [No]
Asymmetric encryption uses a public key and private key
pair. [Yes]
There are two basic types of techniques for encrypting information: symmetric and asymmetric encryption. Symmetric encryption is also referred to as secret key encryption. Asymmetric encryption is also referred to as public key encryption.
Symmetric encryption uses the same key to encrypt and decrypt data. As long as both the sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key for symmetric encryption.
Asymmetric encryption uses a public key and private key pair. Either key can encrypt data, but a single key cannot be used to decrypt encrypted data. To decrypt data, you need a paired key.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Conditional Access policies configured to apply to all users will apply to Azure AD B2B collaboration guest users.
[Yes or No]
Conditional Access lets you apply time-sensitive access permissions that can be configured to automatically expire.
[Yes or No]
Evaluating sign-in risk and user risk as part of a Conditional Access policy requires access to Azure Identity Protection.
[Yes or No]
Conditional Access policies configured to apply to all users will apply to Azure AD B2B collaboration guest users.
[Yes]
Conditional Access lets you apply time-sensitive access permissions that can be configured to automatically expire.
[No]
Evaluating sign-in risk and user risk as part of a Conditional Access policy requires access to Azure Identity Protection.
[Yes]
You can configure Conditional Access policies to apply to no users, to all users, or to a select subset of users, such as a user or group list, or you can limit them to guests and external users only. Conditional Access policies that are configured to apply to all users will automatically apply to Azure AD B2B collaboration guest users.
Conditional Access does not let you apply time-sensitive access permissions that can be configured to automatically expire. This is a feature of Azure Privileged Identity Management (PIM). Conditional Access is a feature of Azure AD and it applies an extra layer of security before allowing authenticated users access to Azure AD assets such as data and applications. Conditional Access analyzes signals such as the user, device, and location to make policy decisions.
Sign-in risk and user risk are supported as signals for evaluating a Conditional Access policy. However, evaluating sign-in risk and user risk requires access to Azure Identity Protection. Identity Protection is designed to automate the detection and remediation of identity-based risks.
What kind of Azure AD identity acts as a service principal, is linked to an Azure resource, and is automatically deleted when the resource is deleted?
Guest user
System-assigned managed identity
Device
User-assigned managed identity
System-assigned managed identity
A system-assigned managed identity meets these requirements. A system-assigned managed identity acts as the service principal for the linked resource. When you enable a system-assigned managed identity, it is linked to a single resource and tied to the resource lifecycle. Azure automatically deletes the managed identity when the resource identity is deleted.
A user-assigned managed identity does not meet these requirements. A user-assigned managed identity is a managed identity that you can create and then assign to one or more resources. You create the managed identity as a stand-alone Azure resource. As the managed identity is a stand-alone resource, it is not linked to any other resource lifecycle and is not automatically deleted.
A guest user does not meet these requirements. A guest user gives you a way to enable anyone to collaborate with your organization. After creating the guest user, you can send an invitation with a redemption link or send a direct link to an app that the user should have access to.
A device identity does not meet these requirements. A device identity is used to identify hardware devices such as mobile devices, laptops, servers, or printer. It lets you use tools like Microsoft Intune to secure and manage the devices.
Which solution can use the Microsoft Threat Intelligence (MTI) feed to alert and deny traffic from known malicious IP addresses?
eDiscovery
Azure Bastion
Azure Firewall
Azure Network Security Group (NSG)
Azure Firewall
Azure Firewall can utilize the MTI feed to alert and deny traffic from known malicious IP addresses. It is a managed service that protects resources that are deployed in your Azure Virtual Network (VNet). Integration with MTI enables filtering to alert and deny traffic that originates from or is addressed to known malicious IP addresses and web domains.
Azure Bastion cannot utilize the MTI feed to alert and deny traffic from known malicious IP addresses. It is a service that provides secure Remote Desktop Control (RDP) or Secure Shell (SSH) access to your Azure virtual machines (VM). It enables these types of access in a browser via the Azure portal, eliminating the need to expose your VMs to the internet via public IPs.
Azure NSG cannot utilize the MTI feed to alert and deny traffic from known malicious IP addresses. It can be used to filter traffic to or from Azure resources in your VNet, but it does not support integration with MTI. Therefore, it does not provide intelligence-based filtering of network traffic from known malicious IP addresses.
eDiscovery cannot utilize the MTI feed to alert and deny traffic from known malicious IP addresses. It is the process of identifying, holding and exporting electronic content to support your organization’s internal or external investigations. It is one of the features of Microsoft 365 and it is intended for content search in Exchange Online mailboxes, SharePoint sites, Microsoft Teams, and other Microsoft productivity solutions. eDiscovery does not support integration with MTI for the analysis and denial of network traffic.
Select the most appropriate option to complete the statement.
________________ is the secure encoding of data used to protect the confidentiality of data.
[Logging]
[Encryption]
[Hashing]
Encryption
Encryption is the secure encoding of data used to protect the confidentiality of data. You may encrypt the data with symmetric keys and asymmetric keys. In the case of symmetric keys, you use the same key for both encoding and decoding operations; while with asymmetric keys there is a pair of the private and public keys, where one key is used for encoding and another for decoding processes.
Logging is not the secure encoding of data used to protect the confidentiality of data. You use logging to generate, collect, and analyze logs to get insights into the health of your services and solutions, troubleshoot potential issues, and automate responses to specific events in order to improve the security and support of your applications.
Hashing is a security operation that can use mathematical functions or algorithms to map source data to fixed size value. You can use it, for example, to generate a hash for your file. Recipients of that file can then use the same hashing algorithm to compare it with the original hash value as proof that the file was not tampered with while in transit.
Select the most appropriate option to complete the statement.
_____________ provides unified security management and advanced threat protection across hybrid and on-premises workloads.
[Microsoft Defender for cloud]
[Data Loss Prevention (DLP)]
[Microsoft Pureview eDiscovery]
Microsoft Defender for cloud provides unified security management and advanced threat protection across hybrid and on-premises workloads.
Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud and on-premises workloads. It provides you with the necessary tools that you can leverage to harden your resources, assess and track your resource security posture and streamline existing security management. Three key security requirements are met with Microsoft Defender for Cloud: firstly, Continuous Assessment, wherein you receive a secure score informing you of the current security situation; secondly, Secure, wherein you harden all connected resources and services; thirdly, Defend, wherein you detect and resolve threats pro-actively for your resources. Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud.
Data Loss Prevention (DLP) protects sensitive data and minimizes the risk of inappropriate sharing with others. DLP is just one of the Microsoft Purview tools that you could use to help protect your sensitive items wherever they live or travel. You implement DLP through the definition and application of DLP policies. DLP policies allow you to identify, monitor, and protect sensitive data across your cloud and on-premises solutions.
eDiscovery s the process of identifying, holding, and exporting electronic content to support your organization’s internal or external investigations. It is part of the Microsoft Purview offering and intended for content search in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer teams. eDiscovery is not intended to provide unified security management and advanced threat protection.
Select the most appropriate option to complete the statement.
_______________ analyses signals to make decisions and enforce organizational policies.
[Azure Bastion]
[Conditional Access]
[Retention Policy]
Conditional Access analyses signals to make decisions and enforce organizational policies.
Conditional Access analyses signals to make decisions and enforce organizational policies. A list of the common signals include user or group membership, IP location information, device, application, real-time and calculated risk detection, and Microsoft Defender for Cloud Apps. As an example, a conditional access policy can analyse IP addresses to identify named location and enforce multi-factor authentication before granting access to a requested app.
Azure Bastion does not analyse signals to make decisions and enforce organizational policies. Azure Bastion enables SSH or RDP connectivity to Azure virtual machines (VMs) via browser and Azure portal. Azure Bastion protects Azure VMs from direct exposure to the internet, as VMs do not need a public IP address.
Retention Policy does not analyse signals to make decisions and enforce organizational policies. You use retention policies to apply retention configuration to your Microsoft 365 content. Retention labels assign retention settings at an item level, for example, a specific document or email; however, a retention policy would help to apply those settings on a more aggregated level, for example, to all documents in a SharePoint site or all emails in an Exchange mailbox.
What should you use to prevent unauthorized communication with a user, including searching for them, starting a chat session, or sending a meeting invitation in Microsoft Teams?
Data loss prevention (DLP)
Privileged access management (PAM)
Privileged identity management (PIM)
Information barriers
Information barriers
You should use information barriers. Information barriers are used to establish two-way restrictions to prevent individuals or groups from communicating. Information barriers support Microsoft Teams, OneDrive for Business, SharePoint Online, as well as other Microsoft products. Information barriers for Microsoft Teams let you restrict several types of activity related to meetings, chats, screen sharing, and file sharing.
You should not use privileged access management (PAM). PAM is used to manage access control over privileged administrative tasks in Microsoft 365. It lets you configure requirements for users to request the just-in-time (JIT) access needed to complete privileged tasks.
You should not use privileged identity management (PIM). PIM is also used to manage JIT access but it controls protections at the role level and it gives the user the ability to perform multiple tasks. PIM is typically used in combination with PAM to provide a more complete security profile.
You should not use data loss prevention (DLP). You can use DLP policies to prevent inadvertent sharing or disclosure of sensitive information. DLP policies give you a way to identify, monitor, and protect data in OneDrive for Business, SharePoint Online, Microsoft Teams, and Exchange Online.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You can apply zero, one, or two sensitivity labels to an item.
[Yes or No]
You can specify that a default label is to be applied to all items in a container through a label policy. [Yes or No]
You can include multiple sensitivity labels in the same label policy. [Yes or No]
You can apply zero, one, or two sensitivity labels to an item.
[No]
You can specify that a default label is to be applied to all items in a container through a label policy. [Yes]
You can include multiple sensitivity labels in the same label policy. [Yes]
Sensitivity labels are part of the Microsoft Information Protection (MIP) solution and let you classify and protect your data. You can use sensitivity labels to:
*Encrypt email only or email and documents
*Mark content with headers, footers, and (for documents *only) watermarks
*Apply a label automatically or prompt users to apply a recommended label
*Mark the content by controlling access to the container
*Extend sensitivity labels to third-party apps and services
*Classify content without adding protection settings
You cannot apply multiple sensitivity labels to an item. Items, such as emails, documents or containers, can only have one sensitivity label applied.
You can specify that a default label is to be applied to all items in a container through a label policy. The default label is applied to new items and existing unlabeled items. The default label will not be used to replace the label on a item that is already labeled.
You can include multiple sensitivity labels in the same label policy. The order in which the labels are included determines their priority. The label with the lowest priority is at the top of the list, and the label with the highest priority is at the bottom.
Managing users’ identity lifecycle is at the heart of _____________ in Azure AD.
[privileged access lifecycle]
[Access Lifecycle]
[Identity Governance]
Managing users’ identity lifecycle is at the heart of Identity Governance in Azure AD.
Managing user’s identity lifecycle is at the heart of identity governance in Azure AD. Azure AD identity governance provides organizations with the ability to perform the following three tasks:
- Govern the identity lifecycle: the core in managing the lifecycle of an identity is about updating the access that users need, whether through interaction with a system, or through the user provisioning applications.
- Govern the access lifecycle: this core lies in managing access throughout the users’ organizational life.
- Secure privileged access for admin: this fundamentally focuses on providing extra controls tailored to securing access rights. Azure AD Privileged Identity Management (PIM) provides this.
As per the shared responsibility model, which two deployments require the customer to retain responsibility for the operating system management?
Software as a Service (SaaS)
On-premises datacentre
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
On-premises datacentre
Infrastructure as a Service (IaaS)
The shared responsibility model is a framework that defines responsibilities for the security tasks that are handled between the cloud provider and the customer. Those tasks include information and data, account and identity, operating system, physical datacenter and other areas of responsibilities.
As per the shared responsibility model, Infrastructure as a Service (IaaS) and On-premises datacentre deployments require the customer to retain responsibility for the operating system management. With the on-premises datacentre, the customer maintains and owns the whole stack from the physical environment up to data and identities. The on-premises datacentre also includes the management of the relevant operating systems.
With IaaS, the cloud provider is responsible for the security of the deployment’s physical components, which include the datacentre itself, the network, and hosting computers. The customer can choose which operating system to install and they retain responsibility for its management. Azure Virtual Machine (VM) is an example of an IaaS deployment.
With Platform as a Service (PaaS) deployment, the cloud provider is responsible for the physical components of the underlying infrastructure and operating system. The customer’s responsibility covers applications, identities and data handling. Azure SQL Database is an example of PaaS deployment.
With Infrastructure as a Service (SaaS) deployment, the cloud provider manages the hosting and handling of the cloud-based solution. It includes the handling of operating system management. The customer retains responsibility for accounts and identities, client devices, information and data. Dynamics CRM Online is an example of SaaS deployment.
You need to ensure that resources in Azure are governed properly so that they are secure and in line with your organization’s compliance requirements. Which service should you use for the following requirements? To answer, select the appropriate options from the drop-down menus.
To provision resources that are in line with compliance requirements
To monitor resources for compliance
[Azure Blueprints]
[Azure Policy]
[Azure Resource Manager]
[Resource Locks]
To provision resources that are in line with compliance requirements - [Azure Blueprints]
To monitor resources for compliance - [Azure Policy]
You should use Azure Blueprints to provision resources that are in line with compliance requirements. Azure Blueprints enables you to define a repeatable set of Azure resources that should be deployed.
You should use Azure Policy to monitor resources for compliance. Azure Policy is a solution that helps to ensure that resources stay compliant with business and regulatory requirements. Azure Policy cannot be used to provision resources.
Resource locks are used to prevent resources from being accidentally deleted or changed.
Azure Resource Manager (ARM) allows you to create, update, and delete Azure resources. It cannot verify whether those Azure resources stay compliant with specific business and regulatory requirements.
Match the relevant Microsoft’s privacy principle with its description. A privacy principle may be used once, more than once, or not at all.
You can access, modify, or delete your data at any time.
Authorized data collection is used to provide personalized improvements.
Your data is protected using strong encryption.
[Benefits to you]
[Control]
[Security]
[Transparency]
You can access, modify, or delete your data at any time.
[Control]
Authorized data collection is used to provide personalized improvements. [Benefits to you]
Your data is protected using strong encryption. [Security]
According to the Control privacy principle, you can access, modify, or delete your data at any time. Microsoft puts you in control of your data. Using provided intuitive tools and interfaces, you can access, change or remove your data when required.
According to the Benefits to you privacy principle, authorized data collection is used to provide personalized improvements. When you authorize Microsoft to collect your data, it will be used to benefit you and improve your customer experience. For example, findings from the troubleshooting process can be used to develop new features to prevent re-occurrences of reported issues or customize the user interface to make it more adaptable to your needs and requirements.
According to the Security privacy principle, your data is protected using strong encryption. Microsoft will utilize strong security and encryption mechanisms to protect your data against compromises at rest and while in transit.
According to the Transparency privacy principle, Microsoft is transparent about the collection and use of customer data. This privacy principle ensures that Microsoft and its subcontractors only access your data with your agreement, and its use is regulated by the contractually agreed security and privacy requirements and procedures.
What type of Azure AD built-in role is a Security Administrator?
Cross-service role
Azure AD-specific role
Service-specific role
Cross-service role
Azure AD roles can be classified into three broad categories:
Security Administrator is an example of a cross-service role. There are some roles within Azure AD that span services. For example, Azure AD has security-related roles, like Security Administrator, that grant access across multiple security services within Microsoft 365. Similarly, with the Compliance Administrator role you can manage Compliance-related settings in Microsoft 365 Compliance Centre etc.
The other two Azure AD role types are:
- Azure AD-specific roles: these roles grant permissions to manage resources within Azure AD only. For example, such roles include Application Administrator and Groups Administrator, which grant permissions to manage resources that live in Azure AD.
- Service-specific roles: for major Microsoft 365 services, Azure AD includes built-in, service-specific roles that grant permissions to manage features within the service. For example, Azure AD includes built-in roles for Intune Administrator, SharePoint Administrator, and Teams Administrator roles that can manage features with their respective services.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Administrator self -service password reset requires a strong two-gate password policy that cannot be overridden.
[Yes or No]
When you enable self-service password reset, you must also enable multi-factor authentication. [Yes or No]
If passwords are managed on-premises, you must configure self-service password reset (SSPR) writeback to enable users to reset passwords. [Yes or No]
Users’ contact information must be registered before using self-service password reset (SSPR). [Yes or No]
Administrator self -service password reset requires a strong two-gate password policy that cannot be overridden.
[Yes]
When you enable self-service password reset, you must also enable multi-factor authentication. [No]
If passwords are managed on-premises, you must configure self-service password reset (SSPR) writeback to enable users to reset passwords. [Yes]
Users’ contact information must be registered before using self-service password reset (SSPR). [Yes]
Self-service password reset (SSPR) is an Azure AD feature that can enable users to change or reset their password or unlock their user account without administrator intervention. You can configure the number of authentication methods users are required to register and the number of methods required to reset. The number of methods required can be set to one or two. With either number option, administrator SSPR requires a strong two-gate password policy. You cannot override this requirement.
You are not required to enable multi-factor authentication (MFA) when you enable SSPR. You can use SSPR without MFA, but Microsoft recommends enabling MFA to provide greater security.
If passwords are managed on-premises, you must configure SSPR writeback to enable users to reset passwords. This would be the situation in a hybrid network using password hash synchronization, pass-through, or federated authentication. If write-back is not enabled, users will not be able to reset their own passwords.
Users’ contact information must be registered before using self-service password reset (SSPR). An administrator can manually provide this contact information, or users can go to a registration portal to provide the information themselves.
Which Microsoft Defender 365 service uses on-premises Active Directory signals to reduce the attack surface by discovering identities that are used to move laterally inside an organization?
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Microsoft Defender for Identity uses on-premises Active Directory signals to reduce the attack surface by discovering identities that are used to move laterally inside an organization. Defender for Identity lets you identify and investigate advanced threats, such as lateral movement, compromised identities, and malicious insider actions.
Microsoft Defender for Endpoint does not fulfill the requirements. Defender for Endpoint helps enterprise networks protect endpoints by preventing, detecting, investigating, and responding to advanced threats.
Microsoft Defender for Office 365 does not fulfill the requirements. Defender for Office 365 is designed to protect against malicious threats such as those posed by malicious emails, unsafe links, phishing attacks, and attacks targeting collaboration tools.
Microsoft Defender for Cloud Apps does not fulfill the requirements. Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that acts as an intermediary between a cloud user and the cloud provider.
Which Azure AD feature should you use to implement time-limiting on authorized users to reduce the risk of an authorized user inadvertently affecting sensitive resources?
Multi-factor authentication (MFA)
Privileged Identity Management (PIM)
Role-based access control (RBAC)
Azure Identity Protection
Privileged Identity Management (PIM)
Privileged Identity Management (PIM) mitigates the risks of excessive, unnecessary, or misused access permissions. This is a service in Azure AD that enables a user to manage, control, and monitor access to important resources within your organization. In this use-case scenario, you were required to provide time-bound access. PIM is the most appropriate solution, as you can use it to assign start and end dates for which a user can access specific resources. Besides time-bound, PIM can also provide just-in-time, approval-based, visible and auditable types of access. PIM is a feature of Azure AD Premium P2 edition.
Azure AD Identity Protection is a tool that organizations can use to automate detection and mitigation of identity-related risks, conduct manual investigation and export risk detection data to other third-party security analysis tools. Identity Protection is a feature of the Azure AD Premium P2 edition.
Azure AD multi-factor authentication (MFA) requires more than one form of verification, such as a trusted device or a fingerprint scan, to prove that an identity is legitimate. MFA improves the security of an identity while keeping it simple for the end user. The following additional forms of verification can be used with Azure AD MFA: Microsoft Authenticator app, Windows Hello for Business, FIDO2 security key, OATH tokens, SMS, and voice call.
Azure AD roles allow you to control permissions to manage Azure AD resources. Azure AD supports two types of roles: built-in roles and custom. Role-based access control (RBAC) refers to the process of managing access using roles in Azure. Azure AD built-in and custom roles are a form of RBAC in the way that Azure AD roles control access to Azure AD resources.
Which Azure solution should you use to provide you with intelligent security analytics across your entire enterprise?
Azure Firewall
Microsoft Sentinel
Azure Bastion
Azure Network Watcher
Microsoft Sentinel
You should use Microsoft Sentinel. Microsoft Sentinel is a security information event management (SIEM) and security orchestration automated response (SOAR) solution that aggregates data from your data sources on-premises and in the cloud and it uses its built-in AI capabilities to provide security analytics and threat intelligence across your entire enterprise.
Azure Bastion is a service that provides secure Remote Desktop Control (RDP) or Secure Shell (SSH) access to your Azure virtual machines (VMs). It enables such access in a browser via the Azure portal, eliminating the need to expose your VMs to the internet via public IPs.
Azure Firewall is a managed service that can protect Azure resources deployed in your VNet. Azure Firewall enables turnkey firewall capabilities to control and log access to your apps and resources. However, it is not intended to provide intelligent security analytics across your entire enterprise.
Azure Network Watcher is a solution that monitors, diagnoses and gets insights into network performance and the health of your infrastructure-as-a-service (IaaS) resources in an Azure VNet. You can use it to capture data packets, understand network traffic patterns and diagnose common connectivity issues.
Which Microsoft 365 Defender service includes an attack simulator that lets you run realistic attack scenarios to identify vulnerabilities?
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Cloud Apps
Microsoft Defender for Identity
Microsoft Defender for Office 365
Microsoft Defender for Office 365 includes an attack simulator that lets you run realistic attack scenarios. Defender for Office 365 is designed to protect against malicious threats such as those posed by malicious emails, unsafe links, phishing attacks, and attacks targeting collaboration tools. Support for the attack simulator requires Defender for Office 365 Plan 2, which is included with Office 365 E5 licenses.
Defender for Identity lets you identify and investigate advanced threats, such as lateral movement, compromised identities, and malicious insider actions.
Defender for Endpoint helps enterprise networks protect endpoints by preventing, detecting, investigating, and responding to advanced threats.
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that acts as intermediary between a cloud user and the cloud provider.
What is the name of Microsoft’s cloud-based identity and access management service?
Azure AD
Active Directory domain service (AD DS)
Azure AD Connect
On-premises Active Directory
Azure AD
Azure AD is Microsoft’s cloud-based identity and access management service. Azure AD is available in four editions: Free, Office 365 Apps, Premium P1, and Premium P2.
On-premises Active Directory refers to Microsoft Active Directory (AD) that is hosted within an on-premises environment for an organization. It is not hosted on Microsoft’s Public Cloud or Azure. Active Directory is a group of on-premises features included in Windows Server that has the following components: Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), Active Directory Federation Services (AD FS), Active Directory Rights Management Services (AD RMS) and Active Directory Lightweight Directory Services (AD LDS).
Active Directory domain service (AD DS) is the on-premises directory service that is used to store identities, groups, computers, and other objects. AD DS stores passwords in the form of a hash value representation of the actual user password.
Azure AD Connect simplifies the integration and management of organization’s hybrid identity infrastructure. It takes care of all the operations that are related to synchronization of identity data between on-premises environment and Azure AD.
Which tool in the Microsoft 365 Defender portal is a representation of a company’s security posture?
Microsoft Secure Score
Advanced hunting
Threat analytics
Microsoft Secure Score
Microsoft 365 Defender manages, inhibits, probes, and reacts across endpoints, identities, email, and requests to provide integrated protection against advanced assaults. The portal brings this functionality together into a central place.
Microsoft Secure Score, one of the tools in the Microsoft 365 Defender portal, is a representation of a company’s security posture. The higher the score, the better your protection. From a centralized dashboard in the Microsoft 365 Defender portal, organizations can monitor and work on the security of their Microsoft 365 identities, apps, and devices.
Advanced hunting is a query-based threat hunting tool. It is a part of the Microsoft 365 Defender portal that lets security professionals explore up to 30 days of raw data. Advanced hunting queries enable security professionals to proactively search for threats, malware, and malicious activity across your endpoints, Office 365 mailboxes.
Threat analytics is a threat intelligence solution. It is a part of the Microsoft 365 Defender portal that is designed to assist security teams track and respond to emerging threats.
Select the most appropriate option to complete the statement.
__________________ provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure.
[Microsoft Defender for Cloud]
[Microsoft Cloud Security Benchmark]
[Cloud security posture management]
Microsoft Defender for Cloud provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure.
The Microsoft cloud security benchmark provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure. The recommendations are categorized by the control to which they belong. The areas covered include network security, identity management, posture and vulnerability management, and endpoint security.
Microsoft Defender for Cloud is a tool for security posture management and threat protection. It strengthens the security posture of your cloud resources and, with its integrated Microsoft Defender plans, Defender for Cloud protects workloads running in Azure, hybrid, and other cloud platforms.
Cloud security posture management (CSPM) is a class of tools to improve your cloud security management. CSPM assesses your systems and automatically alerts security staff when a vulnerability is found.
Select the most appropriate option to complete the statement.
_________________ are used to automatically prevent the inadvertent sharing or disclosure of sensitive information and to warn users when attempts are made.
[Data loss prevention policies (DLP)]
[eDiscovery Policies]
[Retention Labels]
[Sensitivity label Policies]
Data loss prevention policies (DLP) are used to automatically prevent the inadvertent sharing or disclosure of sensitive information and to warn users when attempts are made.
Data loss prevention (DLP) policies are used to automatically prevent the inadvertent sharing or disclosure of sensitive information and warn users when attempts are made. DLP policies give you a way to identify, monitor, and protect data in OneDrive for Business, SharePoint Online, Microsoft Teams, and Exchange Online. A single policy can contain multiple rules with different conditions to identify how to recognize the data, actions to be taken automatically when matching conditions are found, and locations (such as applications) where the policy is applied. You can create and manage DLP policies through the Microsoft Purview compliance centre. Endpoint data loss prevention policies extend these protections to Windows 10.
eDiscovery policies are not used to prevent the inadvertent sharing or disclosure of sensitive information. eDiscovery is used to identify and deliver data that can be used in legal proceedings. The Content Search tool lets you search multiple different data sources using the eDiscovery policy.
Retention labels are not used to prevent the inadvertent sharing or disclosure of sensitive information. Retention labels are used to assign retention settings at the item label. Retention labels are used to ensure that content is kept for a specified period of time and then deleted. When you want to apply retention settings at the site level or mailbox level you would use retention policies.
Sensitivity label policies are not used to prevent the inadvertent sharing or disclosure of sensitive information. Sensitivity label policies are used to publish sensitivity labels to users and groups. Sensitivity labels can be used to encrypt emails and documents, mark the content, protect content in containers, and classify data without adding data protections.
What should you use to enforce standards in your organization by evaluating if resource properties match business rules?
Azure role-based access control (RBAC)
Azure Policy
Azure sensitivity label policies
Azure Resource Manager locks
Azure Policy
You should use Azure Policy to enforce standards in your organization by evaluating if resource properties match business rules. Azure Policy evaluates resources for ongoing compliance assessment. Azure Policy ensures that resources remain compliant no matter who attempts to make changes to the resource.
You should not use sensitivity label policies. Sensitivity label policies are used to publish sensitivity labels to users and groups. Sensitivity labels can be used to encrypt e-mails and documents, mark the content, protect content in containers, and classify data without adding data protections.
You should not use Azure Resource Manager locks. Resource locks are used to prevent resources from being deleted or changed. Resource locks can be applied at the subscription level, to a resource group, or to a resource. The lock level can be set to CanNotDelete or ReadOnly. A CanNotDelete means the resource can be modified but cannot be deleted. A ReadOnly lock prevents the resource from being modified or deleted. You can apply more than one lock to a resource.
You should not use Azure role-based access control (RBAC). RBAC is used to manage access to resources and what a user can do to the resources. If a user is granted the necessary permission to perform an action through RBAC, but the action would make the resource non-compliant, the action would be blocked.
Select the answer that correctly completes the sentence.
________________________ orchestrates the deployment of various resources and preserves a relationship between what should be deployed and what was deployed, supporting the tracking and auditing of deployments.
[Azure Bastion]
[Azure Blueprints]
[Azure Policy]
[Azure Resource Manager templates]
Azure Blueprints orchestrates the deployment of various resources and preserves a relationship between what should be deployed and what was deployed, supporting the tracking and auditing of deployments.
Azure Blueprints lets you define a repeated set of Azure resources that can be used for multiple deployments. A blueprint can include resource templates, role assignments, policy assignments, resource groups, and Azure Resource Manager (ARM) templates.
Azure Bastion is not used for resource deployment. Azure Bastion provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) connectivity with virtual machines (VMs) through the Azure portal. It also prevents VMs from exposing RDP/SSH ports to possible attacks and unauthorized access.
Azure Policy is not used for resource deployment. Azure Policy is used to enforce standards and assess compliance. Azure Policy evaluates resource compliance at various times during the resource lifecycle, including once every 24 hours as part of the standard compliance evaluation cycle.
ARM templates are used for resource deployment but they do not support all of the functionality provided with Azure Blueprints. For example, once resources are deployed, there is no active connection or relationship to the ARM template.
What can you use to assign retention settings at an item level?
Retention label
Alert policy
Retention policy
Sensitivity label
Retention label
You can use a retention label to assign retention settings at an item level. This applies retention settings to the relevant folder, document, or email item.
You cannot use an alert policy to assign retention settings at an item level. Alert policies can be used in the Microsoft Purview compliance portal or the Microsoft 365 Defender portal to specify conditions and threshold levels to monitor who the policy should apply to and who should be notified when the alerts are triggered.
You cannot use a retention policy to assign retention settings at an item level. Retention policies are intended to apply retention settings to the content at a more aggregated level, such as a SharePoint site or an Exchange mailbox.
You cannot use a sensitivity label to assign retention settings at an item level. Sensitivity labels allow you to classify your organization’s data and enforce relevant protection settings, such as encryption or watermarking.
You want to access the results of the latest Microsoft Intune infrastructure penetration tests, which were conducted for Microsoft by certified third parties. Which section of the Service Trust Portal should you check?
Industry and Regional Resources
Resources for your Organization
Reports, Whitepapers and Artifacts
Certifications, Regulations and Standards
Reports, Whitepapers and Artifacts
You should check the Reports, Whitepapers and Artifacts section. This section provides the results of activities performed during penetration tests and security assessments of Intune, Azure, Dynamics 365, Office 365 and other Microsoft cloud solutions. You can run Pen Test and Security Assessments to get attestation of Penetration tests and security assessments conducted by third parties. Additionally, here you can find business continuity plans (BCP) and disaster recovery plans (DRP) developed and validated with representatives from Microsoft’s business units, information on how Microsoft services comply with privacy and data protection requirements, as well as white papers and answers to frequently asked questions.
You should not check the Certifications, Regulations and Standards section. This section contains security implementation and design information to meet compliance requirements with International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC), System and Organization Controls (SOC), General Data Protection Regulation (GDPR), Federal Risk and Authorization Management Program (FedRAMP), Payment Card Industry (PCI) Data Security Standards (DSS), Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR), Australia Information Security Registered Assessors Program (IRAP), Multi-Tier Cloud Security (MTCS) Singapore Standard and Spain’s Esquema Nacional de Seguridad (ENS) regulations.
You should not check the Industry and Regional Resources section. This section contains documents describing Microsoft’s online services’ compliance with the United States Government, various regional policies and regulations, as well as information relating to the regulatory compliance of industries including financial services, healthcare and life sciences, and media and entertainment.
You should not check the Resources for your Organization section. This section contains documents specific to your organization’s subscription and permissions for Microsoft online services.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
By default, Compliance Manager provides monitoring and recommended actions for Microsoft cloud services only.
[Yes or No]
Your action status on the Compliance Manager dashboard is updated immediately after implementing a control in response to an action. [Yes or No]
Compliance Manager tracks only improvement actions that your company manages and ignores actions that Microsoft manages in calculating a compliance score. [Yes or No]
By default, Compliance Manager provides monitoring and recommended actions for Microsoft cloud services only.
[Yes]
Your action status on the Compliance Manager dashboard is updated immediately after implementing a control in response to an action. [No]
Compliance Manager tracks only improvement actions that your company manages and ignores actions that Microsoft manages in calculating a compliance score. [No]
You implement records management with Microsoft Purview. You want to protect certain items from deletion and ensure that even global administrators are not able to remove your retention settings. What should you do?
Mark items as a record and lock them.
Apply a sensitivity label to content.
Mark items as a regulatory record.
Apply a standard retention label to content.
Mark items as a regulatory record.
You should mark items as a regulatory record. Applying retention labels and marking the content as a regulatory record will enforce your records management policies. Even global administrators will not be able to remove the label. For this reason, this option is disabled by default and it needs to be explicitly enabled through a PowerShell cmdlet.
You should not apply a standard retention label to content. A standard retention label helps to apply your organization’s retention settings and actions either manually or automatically. It allows for the deletion of files and the label itself can be removed by end users and administrators.
You should not apply a sensitivity label to content. Sensitivity labels allow you to label and protect your organization’s sensitive content, such as enforcing its encryption, adding watermarks and extending protection settings to third-party applications and services.
You should not mark items as a record and lock them. Content marked as a record enforces certain restrictions to block delete and other operations. However, administrators are still able to change or remove the label.
Which Microsoft security solution lets you find uses of Shadow IT and control its use?
Azure Application Gateway
Microsoft Defender for Endpoint
Microsoft Defender for Cloud Apps
Azure Web Application Firewall (WAF)
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that lets you find uses of Shadow IT and control its use. This is the process of identifying cloud apps, and IaaS and PaaS services not authorized by an organization’s IT department. This means that, without a tool like Microsoft Defender for Cloud Apps, the apps and services are not managed or controlled.
Microsoft Defender for Endpoint does not find uses of Shadow IT and control its use. It helps enterprise networks protect endpoints by preventing, detecting, investigating, and responding to advanced threats.
Azure WAF does not find uses of Shadow IT and control its use. WAF is designed to protect web applications from common exploits and vulnerabilities. It protects against attacks that exploit known vulnerabilities such as SQL injection and cross-site scripting.
Azure Application Gateway does not find uses of Shadow IT and control its use. Application Gateway is a web traffic load balancer that works at the application layer and makes routing decisions based on HTTP request attributes.
Select the most appropriate option to complete the statement.
______________ protects your organization from malicious threats presented in email messages, web links and collaboration tools.
[Microsoft Defender for identity]
[Microsoft Defender for endpoint]
[Microsoft Defender for Office 365]
Microsoft Defender for Office 365 protects your organization from malicious threats presented in email messages, web links and collaboration tools.
With the Defender for Office 365 Plan 1, you can safeguard your organization with safe attachment, safe link, and anti-phishing capabilities, while Plan 2 provides additional features such as threat tracker, attack simulator, and automated investigation and response.
Microsoft Defender for Endpoint does not protect your organization from malicious threats presented in email messages, web links and collaboration tools. It is an endpoint security solution that helps to detect, investigate, respond to, and prevent advanced threats against enterprise networks. It delivers preventative protection, detects security breaches from behavioural sensors, identifies attacker tools and techniques, and offers automatic investigation and remediation capabilities.
Microsoft Defender for Identity does not protect your organization from malicious threats presented in email messages, web links and collaboration tools. It is an identity security solution that helps to protect enterprise hybrid environments from advanced identity threats, compromised credentials and malicious insider activities. It can monitor and profile user behaviour, it identifies attempts to compromise account credentials, and it provides timeline-based insights for the fast triaging of detected advanced threats.
Select the most appropriate option to complete the statement.
____________________ helps decrease communication dangers by enabling organizations to identify, secure, and take remedy actions for unacceptable messages.
[Microsoft Purview Communication Compliance]
[[Microsoft Purview Insider risk management]
[[Microsoft Purview information barriers]
Microsoft Purview Communication Compliance helps decrease communication dangers by enabling organizations to identify, secure, and take remedy actions for unacceptable messages.
This highlight enables reviewers to examine scanned mails and messages across Microsoft Teams, Exchange Online, or third-party communications in an organization, taking appropriate remedy activities to make sure they are in compliance with the organization’s communication guidelines.
Insider risk management, a part of the Microsoft Purview compliance portal, is a resolution that helps minimize internal hazards by enabling an organization to detect, investigate, and act on risky and malevolent behaviors.
Information barriers are policies that admins can configure to prevent individuals or groups from communicating with each other. Microsoft Purview Information Barriers is supported in Microsoft Teams, SharePoint Online, and OneDrive for Business.
What is Microsoft’s security information event management (SIEM) and security orchestration automated response (SOAR) security solution?
Microsoft 365 Defender
Microsoft Defender for Cloud
Microsoft Intune
Microsoft Sentinel
Microsoft Sentinel
Microsoft Sentinel is Microsoft’s SIEM/SOAR security solution. Microsoft Sentinel:
*Collects data from on-premises and multiple clouds for all users, devices, applications, and infrastructure
*Detects previously uncovered threats and minimizes false positives
*Investigates threats and hunts suspicious activities at scale
*Responds to incidents with built-in orchestration and security task automation
Microsoft Defender for Cloud is not an SIEM/SOAR security solution. Microsoft Defender for Cloud helps you identify and implement hardening tasks across your machines, data services, and applications through the continuous evaluation of security controls and resources.
Microsoft 365 Defender is not an SIEM/SOAR security solution. Microsoft 365 Defender is a comprehensive extended detection and response (XDR) security solution. It represents a defense suite that coordinates detection, prevention, investigation, and response to determine the full scope and impact of threats.
Microsoft Intune is not an SIEM/SOAR security solution. Microsoft Intune is a cloud-based service for mobile device management (MDM) and mobile application management (MAM). Microsoft Intune can be used to manage both corporate-owned and personal devices.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Network security groups (NSGs) filter traffic to and from Azure resources in an Azure virtual network (VNet).
[Yes or No]
You can associate zero, one, or more network security groups (NSGs) to each virtual subnet or virtual machine network interface. [Yes or No]
You can associate one network security group (NSG) with multiple virtual subnets and virtual machine network interfaces. [Yes or No]
Network security groups (NSGs) apply to intra-subnet traffic in a virtual network. [Yes or No]
Network security groups (NSGs) filter traffic to and from Azure resources in an Azure virtual network (VNet).
[Yes]
You can associate zero, one, or more network security groups (NSGs) to each virtual subnet or virtual machine network interface. [No]
You can associate one network security group (NSG) with multiple virtual subnets and virtual machine network interfaces. [Yes]
Network security groups (NSGs) apply to intra-subnet traffic in a virtual network. [Yes]
NSGs filter traffic to and from Azure resources in an Azure virtual network. Filtering is based on security rules contained in the NSG. Security rules are defined by source, destination, port, protocol, and direction. Each rule is also given a priority number between 100 and 4096, and the rules are processed in priority order within the NSG.
You can associate zero or one NSGs to each virtual subnet or virtual machine network interface. However, you cannot associate more than one NSG with the same subnet or network interface. If you need to process multiple filtering rules, you would have to create the NSG with multiple security rules.
You can associate one NSG with multiple virtual subnets and virtual machine network interfaces. The same NSG can be associated with any number of virtual subnets or virtual machine interfaces, including multiple interfaces on the same virtual machine.
NSGs apply to intra-subnet traffic in a VNet. An NSG can block communication between subnets in the same VNet.
You are looking to implement a unified data governance service in your organization, which will help you to manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data by creating a holistic map of the data landscape within the organization, including data discovery, sensitive data classification, and end-to-end data lineage.
Which of the following resource governance capabilities in Azure should you implement?
Microsoft Purview governance portal
Azure Policy
Azure Blueprints
Microsoft Purview governance portal
Microsoft Purview governance portal is designed to address the challenges associated with the rapid growth of data and help enterprises obtain the most value from their information assets. It provides a unified data governance service in your organization that will help you to manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. It does so by creating a holistic map of the data landscape within the organization, including data discovery, sensitive data classification, and end-to-end data lineage. The Microsoft Purview governance portal includes the following five components: 1) Data Map, 2) Data Catalog, 3) Data Estate Insights, 4) Data Sharing and 5) Data Policy. At the time of writing, Data Sharing and Data Policy features are currently in Preview.
Azure Policy is designed to help enforce standards and assess compliance across your organization. Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management.
Azure Blueprints provide a way to define a repeatable set of Azure resources. Azure Blueprints enable development teams to rapidly provision and run new environments with the knowledge that they are in line with the organization’s compliance requirements.
Which feature of Azure AD should you use to remove users and groups from Azure AD roles that they no longer need?
Conditional Access
Password Protection
Identity Protection
Access review
Access review
Access review is implemented as part of the Azure Identity Governance feature. Access review can help to manage resource access lifecycle, i.e., schedule reviews of who has access to specific resources, monitor for compliance, determine if users still should have access and automate its removal. Access review requires Azure AD Premium P2.
You should not use Conditional Access. Conditional Access is a feature of Azure AD that applies an extra layer of security before allowing authenticated users to access Azure AD assets such as data and applications. Conditional Access analyses signals such as user, device and location to make policy decisions.
You should not use Password Protection. Azure AD Password Protection is used to detect and block known weak passwords and their variants based on a default global banned password list and an optional custom list of banned passwords. These are stored in Azure AD but can also be applied to an on-premises Active Directory Domain Services (AD DS) domain.
You should not use Identity Protection. Identity Protection automates the detection and remediation of identity-based risks. It can also export risk detection data to third party tools for additional analysis. Identity Protection can identify sign-in risk (the risk that the sign-in was not performed by the user), and user risk (the risk that a user’s identity has been compromised).
Your company has deployed multiple Azure virtual networks (VNets). The company uses Azure Firewall and network security groups (NSGs) to protect virtual machines (VMs) from external threats. Developers require remote access to protected VMs. The company wants to configure Remote Desktop Protocol (RDP) and Secure Shell (SSH) to provide secure access to all VMs through the Azure portal without direct exposure of RDP and SSH ports.
What should you use?
Azure Application Gateway
Azure AD Connect
ExpressRoute
Azure Bastion
Azure Bastion
Azure Bastion provides secure RDP/SSH connectivity without exposing RDP/SSH ports to the internet. Azure Bastion lets users establish an RDP/SSH session through the Azure portal. The connection is secured over the internet using Transport Layer Security (TLS). It is not necessary to configure public IP addresses for the VMs. Remote VMs are also protected against port scanning attempts. Microsoft is responsible for keeping Azure Bastion hardened and up to date to prevent attacks such as the use of zero-day exploits against Azure Bastion.
You should not use Azure Application Gateway. Azure Application Gateway is a web traffic load balancer for web applications. You can also implement Azure Web Application Firewall when you deploy Azure Application Gateway. Azure Application Gateway supports web application access only and it does not provide direct access to VMs.
You should not use ExpressRoute. ExpressRoute provides a way to create and maintain secure connections between Microsoft datacenters and your on-premises infrastructure. ExpressRoute connections do not go over the public internet.
You should not use Azure AD Connect. Azure AD Connect use is not related to resource access and connections. Azure AD Connect provides identity synchronization between on-premises Active Directory and Azure AD in a hybrid network environment.
Your company plans to use Azure AD Identity Governance to help automate identity and access lifecycle management. The company wants to automate access assignments based on user attributes. Access assignments should change automatically when a user’s job in the company changes.
What should the company use to automate access management?
Access reviews
Dynamic groups
Azure Identity Protection
Azure AD Connect
Dynamic groups
The company should use dynamic groups to automatically manage access assignments. Identity Governance lets you manage access throughout a user’s digital identity lifecycle. You can assign role-based access control (RBAC) roles to dynamic groups. Group membership is automatically controlled through changes to user attributes specified in attribute-based rules. When a rule no longer applies, the user is removed from the group.
The company should not use Azure AD Connect. Azure AD Connect is used in a hybrid network environment to provide synchronization between on-premises Active Directory and Azure AD. This ensures that on-premises users and group digital identities are synchronized to the cloud.
The company should not use Azure Identity Protection. Identity Protection automates the detection and remediation of identity-based risks. It can also export risk detection data to third party tools for additional analysis. Identity Protection can identify sign-in risk (the risk that the sign-in was not performed by the user), and user risk (the risk that a user’s identity has been compromised).
The company should not use Azure access reviews. Access reviews are used to determine if users should continue to have access to resources. Access reviews can help manage risk by lowering the risk of data leakage and data spill. Access reviews make recommendations for user and group access to specific resources.
Which two functionalities are provided by Azure AD self-service password reset (SSPR)?
A. Regulatory compliance dashboard
B. Secure score
C. Password change
D. Account unlock
C. Password change
D. Account unlock
Account unlock and password change are two functionalities that are provided by self-service password reset (SSPR). SSPR reduces the involvement of the system administrators and help desk teams by allowing end users to reset or change their passwords, or unlock their accounts as a self-service. If users forget their passwords they can trigger a reset, or if they know it, they can change it themselves. Additionally, they can also unlock their accounts.
Regulatory compliance dashboard and secure score are part of Cloud Security Posture Management (CSPM) delivered by the Microsoft Defender for Cloud. Regulatory compliance dashboard assesses whether your Azure, on-premises and multi-cloud resources are compliant with the relevant jurisdiction’s laws, rules and regulations, what are the potential risk factors and what are best practices to apply. Secure score provides you with an overall Azure secure score along with per-subscription breakdown. Secure score provides recommendations for unhealthy resources and indicates how their implementation can contribute to potential score increase.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Microsoft’s privacy principle of Strong legal protections mandates respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right.
[Yes or No]
Microsoft’s privacy principle of Benefits to you mandates that when Microsoft collects data, it is used to benefit the customer, and to make their experiences better.
[Yes or No]
Microsoft’s privacy principle of Transparency mandates putting the customer in control of their data and privacy with easy-to-use tools and clear choices. [Yes or No]
Microsoft’s privacy principle of Strong legal protections mandates respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right.
[Yes]
Microsoft’s privacy principle of Benefits to you mandates that when Microsoft collects data, it is used to benefit the customer, and to make their experiences better.
[Yes]
Microsoft’s privacy principle of Transparency mandates putting the customer in control of their data and privacy with easy-to-use tools and clear choices. [No]
Microsoft’s products and services are based on trust.
Microsoft’s privacy principle of Strong legal protections mandates respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right.
Microsoft’s privacy principle of Benefits to you mandates that when Microsoft collects data, it is used to benefit the customer, and to make their experiences better.
Microsoft’s privacy principle of Control mandates putting the client in control of their data and privacy with easy-to-use tools and clear choices. The principle of Transparency, in contrast, is about being transparent about data collection and use so that everyone can make informed decisions.
A company has decided to implement hashing for storing passwords. To protect against malicious hackers, the company has decided to implement an additional layer that adds a fixed-length random value to the input of hash functions to create unique hashes for the same input.
What is this an example of?
Symmetric Encryption
Asymmetric Encryption
Role-based access control (RBAC)
Salting
Salting
Implementing an additional layer that adds a fixed-length random value to the input of hash functions to create unique hashes for the same input is an example of salting. When you use hashing to store passwords, a user enters their password, and a hashing algorithm then creates a hash of the entered password. Although hashing provides a secure way of storing passwords, hashing algorithms are also known to malicious hackers. The issue lies in the fact that, as hash functions are deterministic (the same input produces the same output), hackers often use brute-force dictionary attacks to recover the encrypted password. To prevent this brute-force breaking in, an additional layer of security is added using so-called salting. The way salting works is by adding a fixed-length random value to the input of hash functions to create unique hashes for the same input. In other words, a salt adds complexity to a single password and, for every password in a database, it is unique.
Symmetric encryption and asymmetric encryption are not an example of this scenario. Symmetric encryption is also referred to as secret key encryption. Asymmetric encryption is also referred to as public key encryption. Symmetric encryption uses the same key to encrypt and decrypt the data. As long as both the sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key for symmetric encryption. Asymmetric encryption uses a public and private key pair. Either key can encrypt data, but a single key cannot be used to decrypt encrypted data. To decrypt data, you need a paired key.
Role-based access control (RBAC) gives you the ability to implement fine-grained access control to your resources hosted on Azure. The way you control access to resources using Azure RBAC is by assigning Azure roles. A role assignment consists of three elements: security principal, role definition, and scope. You should use RBAC in situations when you wish to allow access to a user to manage virtual machines in a subscription and another user to manage virtual networks or, alternatively, allow a DBA group to manage SQL databases in a subscription.
Which authentication method is handled in the cloud completely?
Pass-through Authentication (PTA)
On-premises Active Directory Domain Services (AD DS)
Password hash synchronization (PHS)
Federation
Password hash synchronization (PHS)
Password hash synchronization (PHS) handles user authentication in the cloud completely. With this hybrid identity sign-in method, you synchronize a hash of the end user’s password to Azure AD. Users can then be authenticated directly in the cloud.
The federation sign-in method does not handle user authentication in the cloud completely. It ensures that users are authenticated on-premises. Because of the trust established between on-premises AD and Azure AD, authenticated users can then be re-directed to the cloud to access relevant applications.
On-premises Active Directory Domain Services (AD DS) does not handle user authentication in the cloud completely. It authenticates end users and authorizes their access to the internal networks. To enable cloud-based authentication, you can either utilize PHS to sync hashes to the cloud or set up user identities directly in Azure AD.
Pass-through Authentication (PTA) does not handle user authentication in the cloud completely. It is another sign-in method that enables hybrid identity. However, it still requires the installation of a lightweight on-premises agent that reacts to the sign-in requests in the cloud and validates the username and password against on-premises AD.
Your company has a secure score in Microsoft Defender for Cloud of 46%. The Remediate vulnerabilities control shows 43 unhealthy resources out of a total of 50 and a current score of 0.84 points. You determine that you can quickly remediate 10 of these. How would this change your security rating?
The action would add 10 percent to the total security score.
The action would add 1.2 percent to the total security score.
The action would add 10 raw points to the Remediate vulnerabilities control points.
The action would add 1.2 raw points to the Remediate vulnerabilities control points.
The action would add 1.2 raw points to the Remediate vulnerabilities control points.
he Remediate vulnerabilities control has a maximum of 6 points. Divide the maximum points by the total number of resources for that control to determine the increase per resource:
6 points/50 resources = 0.12 points/per resource
To determine the change to the security store report, multiply the number of resources corrected by the points per resource:
0.12 points/per resource x 10 resources = 1.2 points
This is added to the raw points for the control. The control originally had seven healthy resources for 0.84 points, plus the 1.2 points for the new healthy control for a total of 2.04 points for the control.
The total security score is based on the current score for all controls divided by the total maximum score for all controls, expressed as a percentage. You are not given these values and you would have no way to calculate the percentage change, but it would be different than the raw points value.
Select the most appropriate option to complete the statement.
As a communication compliance feature, _________________ allow you to apply machine learning classifiers to detect communication violations in your organization.
[actionable insights]
[Flexible remediation workflow]
[intelligent customizable templates]
As a communication compliance feature, intelligent customizable templates allow you to apply machine learning classifiers to detect communication violations in your organization.
Intelligent customizable templates can utilize pre-built Microsoft Purview’s machine learning classifiers to recognize potentially inappropriate or sensitive content in images and text. The use of such templates helps reviewers to perform investigation and remediation processes more effectively.
Actionable insights are the interactive dashboards that allow you to verify the status and actions assigned to pending and resolved alerts. Actionable insights can be used to analyse trends by users and policies, and export policy and review activity logs to meet audit requirements.
Flexible remediation workflows allow you to identify and take quick actions on your organization’s policy matches. As a response to the policy match, the workflow may escalate messages to other reviewers, send pre-configured notifications to users with policy matches, and even translate messages in other languages to a reviewer’s display language.
Select the answer that correctly completes the sentence.
________________ is an Azure AD service that enables the management, control and monitoring of access to important organizational resources in the cloud.
[Azure Bastion]
[Privileged access management]
[Privileged Identity Management (PIM)]
Privileged Identity Management (PIM) is an Azure AD service that enables the management, control and monitoring of access to important organizational resources in the cloud.
PIM provides time-based privileged access to resources in Azure AD, Azure, Microsoft Intune, Microsoft 365, and other Microsoft cloud services.
Azure Bastion is not an Azure AD service. It is an Azure platform as a service solution that you deploy inside a virtual network (VNet) to enable secure RDP or SSH connectivity to your virtual machines (VMs) using the Azure portal.
Privileged Access Management (PAM) is similar to PIM and helps to restrict privileged access. However, the scope of PAM is limited to an isolated on-premises AD environment and does not cover cloud resources.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Microsoft cloud security benchmark provides guidance on how to implement security controls in Azure. [Yes or No]
A security baseline is not specific to a technology or implementation. [Yes or No]
A control is a benchmark recommendation for the individual Azure service. [Yes or No]
Microsoft cloud security benchmark provides guidance on how to implement security controls in Azure. [Yes]
A security baseline is not specific to a technology or implementation. [No]
A control is a benchmark recommendation for the individual Azure service. [No]
Microsoft cloud security benchmark (MCSB) provides guidance on how to implement security controls in Azure. Some of the controls used in MCSB include network security, identity and access control, data protection, data recovery, incident response, and more.
Security baselines for Azure apply guidance from the MCSB to the specific service for which it is defined. Each organization decides which benchmark recommendation and corresponding configurations are needed in the Azure implementation scope. An example of a baseline would be Azure SQL security baseline, which helps us to ensure Azure SQL Database is protected.
A control is not a benchmark recommendation for the individual Azure service. A control is a high-level description of a feature or activity that needs to be addressed and is not specific to a technology or implementation. An example of a control would be Data Protection, which helps us to ensure critical data is protected.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Identity Protection categorizes risks into two tiers.
[Yes or No]
With Identity Protection, you can automate the remediation of identity-based risks. [Yes or No]
You can query Identity Protection data through Microsoft Graph APIs. [Yes or No]
Identity Protection categorizes risks into two tiers.
[No]
With Identity Protection, you can automate the remediation of identity-based risks. [Yes]
You can query Identity Protection data through Microsoft Graph APIs. [Yes]
Identity Protection does not categorize risks into two tiers, it categorizes risks into three tiers. Those three tiers are low, medium and high. Higher risk tier means higher probability of the user account or sign-in being compromised.
With Identity Protection, you can automate the remediation of identity-based risks. Automated remediation can be enabled through the setup of risk-based policies. Depending on the policy configuration, user accounts may be blocked or end users may be required to pass multi-factor authentication (MFA) or change their passwords.
You can query Identity Protection data through Microsoft Graph APIs. As a unified API endpoint, the Microsoft Graph enables API access to various Microsoft solutions including Azure Active Directory (AD) Identity Protection. You should have Azure AD Premium P1 or P2 licenses to use Identity Protection’s risk detection APIs.
You use compliance manager to review the actions you should take to meet regulatory and legal compliance requirements.
You need to include internal business processes in your reviews. What should you do first?
Create an assessment.
Upload actions.
Create a template.
Create an alert policy.
Create a template.
You should first create a template. You can create assessment templates to help you create assessments and you can add your own controls and actions to the template. Templates serve as a framework containing the necessary controls and improvement actions for completing an assessment.
You should not create an assessment. Each assessment is created from an assessment template. There are pre-built templates, but you would need to create a custom template for your internal business process.
You should not upload actions. Improvement actions are uploaded after you create the assessment template. Improvement actions contain the details and guidance to help you meet the requirements of your process. Actions are assigned to users to perform when the assessment is created from the template.
You should not create alert policies. Alert polices are used to create alerts in the the Microsoft Purview compliance portal or the Microsoft 365 Defender portal. Alerts are not used in compliance manager.
Select the option that correctly completes the sentence.
When implementing an Azure AD external identity solution,
_______________ allows external users to sign in with their preferred social, business, or local account identities.
[Azure AD B2B collaboration]
[Azure AD B2B direct connect]
[Azure AD B2C access management]
When implementing an Azure AD external identity solution, Azure AD B2C access management allows external users to sign in with their preferred social, enterprise, or local account identities.
Azure AD External Identities is a set of capabilities that enables organizations to allow access to external users such as customers or partners. Your customers, partners, and other guest users can “bring their own identities” to sign in. There are three types of Azure AD External Identities: B2B collaboration, B2B direct connect and, B2C access management.
- Azure AD B2B collaboration allows you to share your apps and resources with with business partners from external organizations. For example, you can allow external B2B users to sign into your Microsoft applications or other enterprise applications, such as software as a service (SaaS) apps, custom-developed apps, etc.
- Azure AD B2B direct connect establishes a mutual, two-way trust with another Azure AD organization for seamless collaboration. For example, B2B direct connect currently supports Microsoft Teams shared channels. This enables external users to access your resources from their home instances of Teams.
- Azure AD B2C access management is an identity management solution for both consumer and customer-facing apps. This is an example of a customer identity access management (CIAM) solution. Azure AD B2C allows external users to sign in with their own social, enterprise, or local account identities. For example, you can publish modern SaaS apps, or custom-developed apps with Azure AD B2C.
What is used as the basis for your initial Compliance Manager compliance score?
The default Microsoft 365 data protection baseline assessment
Automated testing monitored improvement actions only
Your current Microsoft Secure Score
Completed Microsoft actions only
The default Microsoft 365 data protection baseline assessment
Your initial Compliance Manager compliance score is based on the Microsoft 365 data protection baseline. This is a set of controls that include regulations and standards for data protection and data governance. You can view an overall compliance score based on these data protection standards.
Your initial compliance score is not based on completed Microsoft actions only. Improvement actions include Microsoft actions (those that Microsoft manages) and your improvement actions (those that are managed by your company). Both are added to your compliance score as a part of continuous assessment.
Your initial compliance score is not based on your current Microsoft Secure Score. Improvement actions that are monitored by both Compliance Manager and Secure Score are both used in compliance score calculations, but it can take up to seven days to collect and include Secure Score data.
Your initial compliance score is not based on automated testing monitored improvement actions only. Automated testing is limited to only those improvement actions that are monitored by both Compliance Manager and Secure Score. Automated testing is enabled by default when you first start using Compliance Manager.
Select the most appropriate option to complete the statement.
__________________________ is a Cloud Access Security Broker that operates as an intermediary between a cloud user and the cloud provider.
[Microsoft Defender for identity]
[Microsoft Defender for cloud apps]
[Microsoft Defender for Endpoint]
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB). Defender for Cloud Apps is a software as a service (SaaS) solution that works across clouds and operates as an intermediary between a cloud user and a cloud provider. CASBs help organizations to protect their environment by providing a wide range of capabilities across four pillars: visibility, threat protection, data security, and compliance.
Microsoft Defender for Identity is a cloud-based security solution. Microsoft Defender uses on-premises AD signals to identify, detect, and investigate threats and identities.
Microsoft Defender for Endpoint is a solution that helps enterprise networks protect their own endpoints. Microsoft Defender for Endpoint prevents, detects, investigates, and responds to advanced threats by embedding technology built into Windows 10 and Microsoft cloud services.
Your company has a hybrid network with an on-premises Active Directory Domain Services (AD DS) domain and Azure AD. Any resource logging in through the cloud to access cloud resources should be authenticated by Azure AD only.
Which authentication type should you use?
Pass-through authentication (PTA) with single sign-on (SSO)
Federated authentication
Password hash synchronization
Pass-through authentication (PTA)
Password hash synchronization
You should use password hash synchronization. Password hash synchronization supports authentication of on-premises identities without passing the credentials of AD DS for authentication. Azure AD Connect synchronizes passwords by extracting password hashes from on-premises AD DS.
You should not use pass-through authentication (PTA), with or without SSO. PTA uses a software service running on one or more on-premises servers. The servers validate users with the on-premises AD DS domain. SSO enables users to sign in and use different applications without having to go through multiple sign-ins. Enabling SSO does not change where the users are authenticated.
You should not use federated authentication. With federated authentication, Azure AD hands off authentication to a trusted authentication system. In this scenario, you would need to configure AD Federation Services (AD FS) for your on-premises domain. Authentication does not occur with Azure AD. An advantage of federated authentication is that you can support advanced authentication methods such as smartcard-based authentication and third-party multi-factor authentication.
You recently joined an organization as a Security Administrator. You wish to implement a tool that is able to collect data from across the whole estate, including infrastructure, software, and resources. The tool should be able to analyse, look for correlations or anomalies, and be able to generate alerts and incidents. Which tool should you choose?
Microsoft cloud security benchmark
Microsoft Sentinel
Microsoft Defender for Cloud
Azure Bastion
Microsoft Sentinel
You should choose Microsoft Sentinel. Microsoft Sentinel is a scalable, cloud-native security information event management (SIEM) and security orchestration automated response (SOAR) solution from Microsoft. Sentinel provides a solution for alert detection, visibility of threats, and pro-active hunting of threats. Since you are looking for a tool that will allow you to analyze, look for correlations or anomalies, and be able to generate alerts and incidents, you should opt for Microsoft Sentinel as the solution.
You should not choose Microsoft Defender for Cloud. Microsoft Defender for Cloud continuously assesses an organization’s hybrid cloud environment to analyze the risk factors according to the controls and best practices in Azure Security Benchmark (ASB). ASB includes controls such as network security, identity and access control, data protection, data recovery and incident response. Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) tool.
You should not choose Azure Bastion. Azure Bastion is a service that allows you to connect to a virtual machine (VM) using your browser and the Azure portal. The Azure Bastion service is a platform-managed platform as a service (PaaS) service that you provision inside your virtual network (VNet). Azure Bastion provides secure and seamless RDP and SSH connectivity to your virtual machines directly from the Azure portal using Transport Layer Security (TLS).
You should not choose Microsoft cloud security benchmark. Microsoft cloud security benchmark (MCSB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure.
Select the most appropriate option to complete the statement.
________________ tracks the usage of certain documents and emails and ensures that these documents and emails are not deleted until they are no longer required.
[Data loss prevention]
[Records management]
[sensitivity labels]
Records management tracks the usage of certain documents and emails and ensures that these documents and emails are not deleted until they are no longer required.
Records management helps an organization look after their legal obligations. Records management adds restrictions that prevent documents and emails from being edited or deleted. Activities on documents and emails will be tracked. To declare documents and emails as records, you use retention labels that mark the content as a record or a regulatory record.
Data loss prevention does not track the usage of certain documents and emails and ensures that these documents and emails are not deleted until they are no longer required. Data loss prevention protects access to sensitive information across Microsoft 365 and prevents inadvertent disclosure; for example, on sharing a document externally. Data loss prevention does not prevent a document from being edited or deleted.
Sensitivity labels do not track the usage of certain documents and emails and ensure that these documents and emails are not deleted until they are no longer required. You should not use sensitivity labels. Sensitivity labels enable the labelling and protection of content without affecting productivity and collaboration. Sensitivity labels do not define how long documents should be kept.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
In a Zero Trust security model, only devices inside the corporate network are considered to be trustworthy.
[Yes or No]
The Zero Trust security model always assumes breach.
[Yes or No]
The Zero Trust security model enforces the principle of always trust everyone. [Yes or No]
In a Zero Trust security model, only devices inside the corporate network are considered to be trustworthy.
[No]
The Zero Trust security model always assumes breach.
[Yes]
The Zero Trust security model enforces the principle of always trust everyone. [No]
In a Zero Trust security model, no devices are considered to be trustworthy. This model never trusts anything and always requires explicit verification of every access request, irrespective of the device’s location. That is why each system, whether it is a user identity, device, network, or an application, always needs to be authenticated and authorized before it is granted an access.
The Zero Trust security model always assumes breach. This is one of the core principles of the Zero Trust security model. That is why access is limited only to what is needed, only for a required time period, and there is a constant search for any potential anomalies and malicious activities.
The Zero Trust security model enforces the Principle Of Least Privileged (POLP) access. POLP is based on the principle: never trust, always verify. Data and solutions are protected by limiting user access with just-in-time (JIT) and just-enough-access (JEA) security policies.
Which one of the following options provides centralized protection against common web app vulnerabilities such as SQL injection and cross-site injection?
Azure Firewall
Azure Bastion
Azure DDOS protection
Azure Web Application Firewall
Azure Web Application Firewall
Azure Web Application Firewall (WAF) provides centralized protection. You can deploy WAF with the Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) services. WAF automatically updates to include protection against new vulnerabilities. In addition, you can configure custom rules to work with WAF. WAF operates in two modes: In Detection mode, WAF monitors and logs threat alerts but it does not attempt to block incoming requests; in Prevention mode, it monitors and logs threat alerts but then it also blocks intrusions and attacks, returning a “403 unauthorized access” status code and closing the connection.
Azure Bastion does not provide the desired protection. Azure Bastion provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) connectivity with virtual machines (VMs) through the Azure portal. It also prevents VMs from exposing RDP/SSH ports to possible attack and unauthorized access.
Azure DDoS protection does not provide the desired protection. Azure DDoS protection helps to protect your network and resources from Distributed Denial of Service (DDoS) attacks. Azure DDoS protection identifies when attackers are trying to overwhelm a network and it blocks traffic from the attack.
Azure Firewall does not provide the desired protection. Azure Firewall is a cloud-based network security service that is designed to protect Azure virtual network (VNet) resources. You can deploy Azure Firewall on a centralized VNet to extend its protection across all your VNets, across multiple subscriptions, and in your on-premises network.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Insider risk management policy replaces data loss prevention policy (DLP) for detecting data leaks.
[Yes or No]
Insider risk management policies are created from pre-defined templates provided by Microsoft. [Yes or No]
Insider risk management policy can use the Microsoft 365 HR connector to import resignation and termination date information. [Yes or No]
Insider risk management policy replaces data loss prevention policy (DLP) for detecting data leaks.
[No]
Insider risk management policies are created from pre-defined templates provided by Microsoft. [Yes]
Insider risk management policy can use the Microsoft 365 HR connector to import resignation and termination date information. [Yes]
Insider risk management policy does not replace data loss prevention policy (DLP) for detecting data leaks. Data leaks templates are used to generate insider risk alerts for intentional or accidental exposure of sensitive information. A policy created from a data leak template must have a DLP policy assigned to the data leak policy.
Insider risk management policies are created from pre-defined templates provided by Microsoft. Pre-defined templates include templates for data theft by departing users and general data leaks. At any point, Microsoft may have several templates in preview.
Insider risk management policy can use the Microsoft 365 HR connector to import resignation and termination date information. This is used with policies created with the Data theft by departing users template and other templates. You can also monitor user account deletion in Azure Active Directory (Azure AD).
Federation uses a trust relationship to allow access to resources. [Yes or No]
With federation, a user needs to maintain a separate username(s) and corresponding password(s) when accessing resources in other domains. [Yes or No]
With federation, trust is always bi-directional. [Yes or No]
Federation uses a trust relationship to allow access to resources. [Yes]
With federation, a user needs to maintain a separate username(s) and corresponding password(s) when accessing resources in other domains. [No]
With federation, trust is always bi-directional. [No]
Federation uses a trust relationship to allow access to resources. The level of trust may vary, but it typically includes authentication and almost always includes authorization. Federation allows access of services across organizational or domain boundaries by virtue of establishing trust relationships between the respective domain’s identity providers.
With federation, there is absolutely no need for a user to maintain a different username and password when accessing resources in other domains.
With federation, trust is not always bi-directional. A common example of federation is when a user logs into a third-party site with their social media account (e.g., LinkedIn). LinkedIn acts as an identity provider, and the third-party site might be using a different identity provider, such as Azure AD. There is a trust relationship between Azure AD and LinkedIn.
You want to quickly enforce Multi-Factor Authentication (MFA) registration for all your Azure Active Directory (AD) users. What should you do?
Grant the Owner role to all Resource Groups.
Assign the Managed Identity Contributor role to end users.
Configure Azure Policy.
Enable security defaults.
Enable security defaults.
You should enable security defaults to quickly enforce Multi-Factor Authentication (MFA) registration for all your Azure Active Directory (AD) users. Enabling security defaults in Azure AD is a quick and easy way to enforce MFA registration. End users will be prompted and they will have 14 days to complete their MFA registration, as otherwise their sign-in will be blocked.
You should not assign the Managed Identity Contributor role to the end users. The Managed Identity Contributor role provides end users with access to create, read, update or delete user assigned identities. This role cannot enforce MFA registration.
You should not configure Azure Policy. Azure Policy can be used to enforce organizational standards in the setup and deployment of Azure resources, for example, what Azure virtual machine’s (VM) type to use and in what geographies.
You should not grant the Owner role to all Resource Groups. Owner is one of the Azure built-in roles. It grants end users with full access to manage relevant Azure resources.
Select the most appropriate option to complete each of the three statements.
_______________ is the encryption technology that protects Azure SQL Database and Azure Synapse Analytics against the threat of malicious activity through the real-time encryption and decryption of databases, associated backups, and transaction log files.
_______________ is the encryption technology that is used to protect data at rest by automatically encrypting it before persisting it to Azure managed disks, Azure Blob Storage, Azure Files, or Azure Queue Storage.
_______________ is the encryption technology that encrypts Windows and Linux IaaS virtual machine disks using the BitLocker feature of Windows or the dm-crypt feature of Linux.
[Azure Disk Encryption]
[Azure Information Protection]
[Storage Service Encryption]
[Transparent data encryption]
[Transport layer security]
Transparent Data Encryption (TDE) is the encryption technology that protects Azure SQL Database and Azure Synapse Analytics against the threat of malicious activity through the real-time encryption and decryption of databases, associated backups, and transaction log files. TDE is enabled by default for all new Azure SQL Database instances. Data is encrypted at the page level. Pages are encrypted before being written to disk and they are decrypted before they are read into memory.
Storage Service Encryption (SSE) is the encryption technology that is used to protect data at rest in Azure storage. Azure does this by automatically encrypting before writing the data to Azure-managed disks, Azure Blob Storage, Azure Files, or Azure Queue Storage. Data is decrypted before retrieval.
Azure Disk Encryption is the encryption technology that encrypts Windows and Linux IaaS virtual machine disks using the BitLocker feature of Windows or the dm-crypt feature of Linux. Azure Disk Encryption supports both operating system and data disk encryption. Azure Key Vault is used to protect the encryption keys used.
Azure Information Protection (AIP) is not an encryption technology. AIP is used to discover, classify, and protect documents and emails by applying labels to content. This includes support for multiple file types including data files, email messages, and PowerPoint content files. AIP includes an on-premises scanner that can scan for sensitive content.
Transport Layer Security (TLS) is an encryption technology but it does not match any of the encryption descriptions. All of the given encryption examples encrypt data at rest. TLS is used to encrypt data in transit between cloud services and customers.
_____________ creates, maintains, and manages identity information while providing authentication services to applications.
[Identity protection]
[An Identity provider]
[A retention policy]
An identity provider creates, maintains, and manages identity information while providing authentication services to applications.
It can be used to manage end users’ digital identities. It also provides authentication, authorization and auditing services. Microsoft Azure AD, Google federation, and Facebook federation are all examples of cloud-based identity providers.
Identity Protection does not create, maintain, and manage identity information while providing authentication services to applications. You can use Azure AD Identity Protection to detect various types of identity risks such as the use of anonymous IP addresses, unfamiliar sign-in properties, leaked credentials and others. You can automate the mitigation of detected risks, their investigation and further export into third party security information and event management (SIEM) solutions.
A retention policy does not create, maintain, and manage identity information while providing authentication services to applications. You use retention policies to apply retention configuration to your Microsoft 365 content. Retention labels assign retention settings at an item level; for example, to a specific document or email; however, a retention policy helps to apply those settings on a more aggregated level, for example, to all documents in a SharePoint site or all emails in an Exchange mailbox.
You need to control permissions to manage Azure AD resources using role-based access control (RBAC).
What is the minimum Azure AD license required to meet each of the requirements? To answer, select the appropriate options from the drop-down menus.
Monitor service health
Create custom role for specific resources
[Free]
[Premium P1]
[Premium P2]
Monitor service health - [Free]
Create custom role for specific resources - [Premium P1]
Monitoring service health can be performed by users with the built-in roles in Azure AD such as the Service Support Administrator role. Using the built-in roles only requires the Azure AD Free license.
Creating a custom role in Azure AD requires an Azure AD Premium license. The Premium P1 is lower cost that Premium P2 and can meet the requirement.
You want to allow SSH access to an Azure virtual machine (VM) from a selected range of external IP addresses and only when needed. The VM already has its public IP address enabled. What should you do?
Set up a network security group (NSG) rule to deny traffic to port 22.
Set up a network security group (NSG) rule to allow traffic to port 22.
Configure just-in-time (JIT) in Defender for Cloud.
Use Azure Bastion.
Configure just-in-time (JIT) in Defender for Cloud.
You should configure just-in-time (JIT) in Defender for Cloud. Configuring JIT in Defender for Cloud will ensure that SSH traffic is blocked most of the time and enabled only for specific external IP addresses and only for the period of time needed. Access to a VM can be requested from the Azure portal or programmatically via code or script, and JIT logged for audit purposes.
You should not setup NSG rules to allow or deny traffic to port 22 as this would keep the SSH port constantly open or closed. As per this scenario, you need to enable SSH access when needed.
You should not use Azure Bastion. Azure Bastion enables SSH or RDP connectivity to Azure virtual machines (VMs) via a browser and Azure portal. Azure Bastion does not allow direct SSH access to the target VMs from external IP addresses.
You have implemented Microsoft Purview in your organization to track and address the challenges associated with the rapid growth of data and data lineage.
Which component of Microsoft Purview governance portal allows users to quickly and easily find relevant data using searches based on glossary terms?
Data Estate Insights
Data Sharing
Data Policy
Data Catalog
Data Map
Data Catalog
With the Microsoft Purview Data Catalog, both business and technical users can instantly and effortlessly find important data using search capabilities with filters based on glossary terms, classifications, sensitivity labels and more.
Microsoft Purview Data Map provides the foundation for data discovery and data governance. Data Map does not provide you with a search capability based on the filtering of glossary terms, etc.
Microsoft Purview Data Estate Insights offers security officers a bird’s eye viewpoint and the ability to understand at a glance what data is actively examined, where complex data is, and how it moves. Data Insights does not provide you with a search capability based on the filtering of glossary terms etc.
Microsoft Purview Data Sharing allows organizations to securely share data both within your organization or across organizations with business partners and customers. At the time of writing the Data Sharing feature in the Microsoft Purview governance portal is currently in Preview.
Microsoft Purview Data Policy allows organizations to manage access to different data systems across their organizational data estate. At the time of writing the Data Policy feature in the Microsoft Purview governance portal is currently in Preview.
You have implemented Microsoft Purview in your organization to track and address the challenges associated with the rapid growth of data and data lineage.
Which component of Microsoft Purview governance portal allows users to quickly and easily find relevant data using searches based on glossary terms?
Data Estate Insights
Data Sharing
Data Policy
Data Catalog
Data Map
Data Catalog
With the Microsoft Purview Data Catalog, both business and technical users can instantly and effortlessly find important data using search capabilities with filters based on glossary terms, classifications, sensitivity labels and more.
Microsoft Purview Data Map provides the foundation for data discovery and data governance. Data Map does not provide you with a search capability based on the filtering of glossary terms, etc.
Microsoft Purview Data Estate Insights offers security officers a bird’s eye viewpoint and the ability to understand at a glance what data is actively examined, where complex data is, and how it moves. Data Insights does not provide you with a search capability based on the filtering of glossary terms etc.
Microsoft Purview Data Sharing allows organizations to securely share data both within your organization or across organizations with business partners and customers. At the time of writing the Data Sharing feature in the Microsoft Purview governance portal is currently in Preview.
Microsoft Purview Data Policy allows organizations to manage access to different data systems across their organizational data estate. At the time of writing the Data Policy feature in the Microsoft Purview governance portal is currently in Preview.
Select the answers that correctly complete the sentences.
_________________ make(s) meaningful choices for how and why data is collected and used.
_________________ measure(s) your progress in reducing risks around regulatory standards.
[Privacy principles of Microsoft]
[Compliance Manager]
[Shared responsibility model]
[Zero trust methodology]
The privacy principles of Microsoft are about making meaningful choices for how and why data is collected and used. They ensure that you have the information you need to make the right choices for your organization. Microsoft’s privacy principles include information about where your data located and how Microsoft collects and protects data.
Compliance Manager measures your progress in reducing risks around regulatory standards. The Compliance Manager tool defines the tasks you need to complete to reduce risks around data protection and other regulatory standards.
The Shared responsibility model is concerned with which security tasks are handled by the cloud provider and which tasks are handled by you. The Shared responsibility model does not explain how Microsoft protects your data or how risks are managed.
Zero Trust assumes everything is on an open and untrusted network. Zero Trust methodology operates on the principle of “trust no one, verify everything.” Zero Trust does not explain how Microsoft protects your data or how risks are managed.
Select the answer that correctly completes the sentence.
_________________ devices can include Windows 10 and mobile devices, are typically personal devices, and use a personal Microsoft account or another local account to sign in.
[Azure AD Joined]
[Azure AD Registered]
[Hybrid Azure AD joined]
Azure AD registered devices can include Windows 10 or later, and mobile devices, are typically personal devices, and use a personal Microsoft account or another local account to sign in.
Supported devices include Windows 10, iOS, Android, and macOS devices. This enables a company to use tools like Microsoft Intune to ensure standards for security and compliance on the devices.
Azure AD joined devices are managed in Azure AD. Only Windows 10 or later devices except Home editions and Azure virtual machines (VMs) running Windows Server 2019 or later can be configured as Azure AD joined devices. The devices are owned by the organization. Users sign in with Azure AD or synced AD work or school accounts only.
Hybrid Azure AD joined devices include those supported in a hybrid environment with synced Active Directory Domain Services (AD DS) and Azure AD identities. Supported devices are limited to devices owned by the organization and running Windows 10 or later, or Windows 2008 or later devices. Users sign in with an AD DS account owned by the organization.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You can use Azure Monitor Workbooks to monitor Microsoft Sentinel data using built-in workbook templates and custom workbooks. [Yes or No]
You can create security playbooks based on Azure Logic Apps in Microsoft Sentinel to automate and orchestrate responses to incidents. [Yes or No]
Microsoft Sentinel provides a continuously-updated, consolidated secure score that identifies recommended configurations for security features. [Yes or No]
You can use Azure Monitor Workbooks to monitor Microsoft Sentinel data using built-in workbook templates and custom workbooks. [Yes]
You can create security playbooks based on Azure Logic Apps in Microsoft Sentinel to automate and orchestrate responses to incidents. [Yes]
Microsoft Sentinel provides a continuously-updated, consolidated secure score that identifies recommended configurations for security features. [No]
You can use Azure Monitor Workbooks to monitor Microsoft Sentinel data using built-in workbook templates and custom workbooks. This is possible because Microsoft Sentinel is integrated with Azure Monitor Workbooks. This includes the ability to create interactive reports through Azure Monitor Workbooks. This functionality enables you to gain insights across your data as soon as you connect a data source.
You can create security playbooks based on Azure Logic Apps in Microsoft Sentinel to automate and orchestrate responses to incidents. This provides a highly-extensible development architecture that lets you scale automation as necessary to meet changing requirements. You can develop custom playbooks and choose from built-in playbooks.
Microsoft Sentinel does not provide a continuously-updated, consolidated secure score that identifies recommended configurations for security features. This is a feature of Microsoft Defender for Cloud.
