Microsoft SC-900 Microsoft Security Compliance and Identity Fundamentals Exam Practice Test

The recommended way to enable and use Azure AD Multi-Factor Authentication is with Conditional Access policies. Conditional Access lets you create and define policies that react to sign-in events and that request additional actions before a user is granted access to an application or service.

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Graphical user interface, application Description automatically generated

Box 1: Azure Firewall

Azure Firewall provide Source Network Address Translation and Destination Network Address Translation.

Box 2: Azure Bastion

Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS.

Box 3: Network security group (NSG)

You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.

Graphical user interface, text, application, email Description automatically generated

Box 1: Yes

Box 2: No

Conditional Access policies are enforced after first-factor authentication is completed. Box 3: Yes

When you register an application through the Azure portal, an application object and service principal are automatically created in your home directory or tenant.

Firewall is really not directly protecting the Virtual Networks though DDOS would have been ideal for VNETS

Graphical user interface, text, application Description automatically generated

Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service. Reference:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide

Microsoft Purview Compliance Manager is a feature in the Microsoft Purview compliance portal that helps you manage your organization’s compliance requirements with greater ease and convenience. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.

Watch the video below to learn how Compliance Manager can help simplify how your organization manages compliance:

Compliance Manager helps simplify compliance and reduce risk by providing:

• Pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet your unique compliance needs (available assessments depend on your licensing agreement; learn more).
• Workflow capabilities to help you efficiently complete your risk assessments through a single tool.
• Detailed step-by-step guidance on suggested improvement actions to help you comply with the standards and regulations that are most relevant for your organization. For actions that are managed by Microsoft, you’ll see implementation details and audit results.
• A risk-based compliance score to help you understand your compliance posture by measuring your progress in completing improvement actions.

Graphical user interface, text, application, email Description automatically generated

Box 1: Yes

System updates reduces security vulnerabilities, and provide a more stable environment for end users. Not applying updates leaves unpatched vulnerabilities and results in environments that are susceptible to attacks.

Box 2: Yes

Box 3: Yes

If you only use a password to authenticate a user, it leaves an attack vector open. With MFA enabled, your accounts are more secure.

The Microsoft Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein.

Explanation

Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization.

With Azure AD Password Protection, default global banned password lists are automatically applied to all users in an Azure AD tenant. To support your own business and security needs, you can define entries in a custom banned password list.

Graphical user interface, text, application, email Description automatically generated

Security defaults make it easy to protect your organization with the following preconfigured security settings:

• Requiring all users to register for Azure AD Multi-Factor Authentication.
• Requiring administrators to do multi-factor authentication.
• Blocking legacy authentication protocols.
• Requiring users to do multi-factor authentication when necessary.
• Protecting privileged activities like access to the Azure portal.

To on-board Azure Sentinel, you first need to connect to your security sources. Azure Sentinel comes with a number of connectors for Microsoft solutions, including Microsoft 365 Defender solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for Identity, and Microsoft Cloud App Security, etc.

Compliance score

Graphical user interface, text, application Description automatically generated

Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.

playbooks

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Box 1: No

Phishing scams are external threats.

Box 2: Yes

Insider risk management is a compliance solution in Microsoft 365.

Box 3: Yes

Insider risk management helps minimize internal risks from users. These include:

• Leaks of sensitive data and data spillage
• Confidentiality violations
• Intellectual property (IP) theft
• Fraud
• Insider trading
• Regulatory compliance violations

Graphical user interface, application Description automatically generated

Yes

NO

NO

YES - As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.

NO - The most restrictive lock in the inheritance takes precedence.

NO - If you delete a resource group with a locked resource, the portal UI will give you an error and no resources are deleted.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multi-factor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit Prevents removal of the last active Global Administrator role assignment