Exam (elaborations)
SC-900 Microsoft Security, Compliance, and Identity Fundamentals Exam
- Course
- Institution
SC-900 Microsoft Security, Compliance, and Identity Fundamentals Exam...
[Show more]
Content preview
SC-900 Microsoft Security, Compliance, and IdentityFundamentals Exam
Zero Trust-ANSWER A security model that assumes everything is on an open and
untrusted network, even resources behind firewalls
"Trust no one, verify everything"
Zero trust guiding principles-ANSWER 1. Verify explicitly-authenticate/authorize based
on all data points, including but not limited to identity, location, device, service, data
classification, anomalies, etc.
2. Least privileged access-limit using JIT/JEA, risk-based adaptive policies, and data
protection
3. Assume breach: Segment networks, users, devices, apps. Encrypt data. Use
analytics to improve security.
Zero trust foundational pillars: ANSWER 1. Identities - can be users, services, or devices
2. Devices - monitor for health/compliance
3. Apps - manage permissions/access
4. Data - should be classified, labeled, and encrypted where appropriate
5. Infrastructure - understand baseline to detect anomalies and flag risky behavior to
take action
6. Networks - should be segmented and include real-time threat monitoring and
protection
Shared responsibility model - ANSWER Identifies which security tasks are handled by
the cloud provider vs the customer
Types:
,SaaS (Software as a Service)
PaaS (Platform as a Service)
IaaS (Infrastructure as a Service)
On-premises data center (On-prem)
What security tasks ALWAYS responsibility of the customer? - ANSWER 1. Data
2. Devices
3. Accounts/Identities
Software as a Service (SaaS) - ANSWER Software hosted and managed by the cloud
provider for the customer. Cloud provider manages everything aside from data,
devices, accounts, and identities
Examples include: Microsoft 365, Skype, and Dynamics CRM
On-prem datacenter - ANSWER Customer responsible for EVERYTHING from physical
security to encrypting sensitive data
IaaS - Utilizing the cloud provider's cloud infrastructure includes computers, network,
and physical security of the datacenter. Customer still manages software components.
Platform as a Service (PaaS) - Provides an environment to build, test, and deploy
software applications by providing underlying infrastructure including the hardware and
OS
Dictionary attack - Attempts to steal identity by trying a large number of known
passwords
AKA Brute force attacks
Rootkits - ANSWER Intercept and change the standard OS process. Can then report the
device is healthy and not infected so can't be trusted
,Symmetric encription - ANSWER Uses the same secret key to encrypt and decrypt
Asymmetric encryption - ANSWER Uses a public key and private key pair
Examples: TLS (Transport Layer Security) for the HTTPS protocol, and data signing
Hashing - ANSWER Uses and algorithm to convert original text into a unique fixed-length
hash value
Used to store passwords
Best practice: salt passwords
Microsoft Cloud Adoption Framework for Azure - ANSWER Includes documentation,
implementation guidance, best practices, and tools to help the business adopt the cloud
Cloud Adoption Framework for Azure Lifecycle - ANSWER 1. Strategy: define the
business justification and expected outcomes of the adoption.
2. Plan: align actionable adoption plans with business outcomes.
3. Ready: Prepare the cloud environment for the intended changes.
4. Adopt
* Migrate: Move and modernize existing apps
* AND/OR
* Innovate: Create new cloud-native or hybrid apps
5. Govern: Govern the environment and workloads.
6. Manage: Operations management for cloud and hybrid solutions.
, Password spray attack- ANSWER Attempts to match a username against a list of weak
passwords
User risk vs sign-in risk - ANSWER User risk - probability that a given identity or account
is compromised i.e. leaked credentials on the web
Sign-in risk - probability that a given authentication request isnt authorized by the
identity owner i.e. likelihood sign-in not performed by the user based on location
What is the new security perimeter? - ANSWER Identity - how a user, app, device, etc.
can be verified and authenticated to be who they say they are such
Pillars of Identity - ANSWER 1. Administration - creation and management (LCM) of
identities
2. Authentication (AuthN)- proving identity, how much evidence needed
3. Authorization (AuthZ) - determine level of access an authenticated identity has
4. Auditing - tracking via logs who does what, when, where, & how via reporting alerts
and governance
Modern authentication - ANSWER All services and information are are managed by a
central identity provider
Client authenticates with IdP. Once authenticated, the IdP sends the client a security
token. The token is used as proof of identity that is sent to the server
It has a trust relationship with the IdP, so the server verifies with the IdP and trusts the
security token.
Security Token - ANSWER Cryptographically signed document issued to identity after
authenticating with IdP
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Chrisyuis. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75632 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now