100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SC-900_ Microsoft Security, Compliance, and Identity Fundamentals CA$14.33   Add to cart

Exam (elaborations)

SC-900_ Microsoft Security, Compliance, and Identity Fundamentals

 4 views  0 purchase

SC-900_ Microsoft Security, Compliance, and Identity Fundamentals

Preview 4 out of 33  pages

  • July 2, 2024
  • 33
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
All documents for this subject (74)
avatar-seller
EXAMQA
SC-900: Microsoft Security, Compliance,
and Identity Fundamentals

Zero Trust - ANS-A security model that assumes everything is on an open and
untrusted network, even resources behind firewalls

"Trust no one, verify everything"

Zero trust guiding principles - ANS-1. Verify explicitly - authenticate/authorize based on
all data points (e.g. identity, location, device, service, data classification, anomalies,
etc.)
2. Least privileged access - limit with JIT/JEA, risk-based adaptive policies, and data
protection
3. Assume breach - Segment networks, users, devices, apps. Encrypt data. Use
analytics to improve security.

Zero trust foundational pillars - ANS-1. Identities - can be users, services, or devices
2. Devices - monitor for health/compliance
3. Apps - manage permissions/access
4. Data - should be classified, labeled, and encrypted where appropriate
5. Infrastructure - understand baseline to detect anomalies and flag risky behavior to
take action
6. Networks - should be segmented and include real-time threat monitoring and
protection

Shared responsibility model - ANS-Identifies which security tasks are handled by the
cloud provider vs the customer

Types:
SaaS (Software as a Service)
PaaS (Platform as a Service)
IaaS (Infrastructure as a Service)
On-premises data center (On-prem)

What security tasks ALWAYS responsibility of the customer? - ANS-1. Data
2. Devices
3. Accounts/Identities

,Software as a Service (SaaS) - ANS-Software hosted and managed by the cloud
provider for the customer. Cloud provider manages everything aside from data, devices,
accounts, and identities

Examples include: Microsoft 365, Skype, and Dynamics CRM

On-prem datacenter - ANS-Customer responsible for EVERYTHING from physical
security to encrypting sensitive data

Infrastructure as a Service (IaaS) - ANS-leveraging the cloud provider's cloud
infrastructure (physical) including computers, network, and physical security of the
datacenter. Customer still manages software components.

Platform as a Service (PaaS) - ANS-Provides an environment to build, test, and deploy
software applications by providing underlying infrastructure including the hardware and
OS

Dictionary attack - ANS-Attempts to steal identity by trying a large number of known
passwords

AKA Brute force attacks

Rootkits - ANS-Intercept and change the standard OS process. Can then report the
device is healthy and not infected so can't be trusted

Symmetric encription - ANS-Uses the same secret key to encrypt and decrypt

Asymmetric encryption - ANS-Uses a public key and private key pair

Examples: TLS (Transport Layer Security) for the HTTPS protocol, and data signing

Hashing - ANS-Uses and algorithm to convert original text into a unique fixed-length
hash value

Used to store passwords

Best practice: salt passwords

,Microsoft Cloud Adoption Framework for Azure - ANS-Consists of documentation,
implementation guidance, best practices, and tools designed to help businesses adopt
cloud

Cloud Adoption Framework for Azure Lifecycle - ANS-1. Strategy: define business
justification and expected outcomes of adoption.
2. Plan: align actionable adoption plans to business outcomes.
3. Ready: Prepare the cloud environment for the planned changes.
4. Adopt
-Migrate: Migrate and modernize existing apps
AND/OR
-Innovate: Develop new cloud-native or hybrid apps
5. Govern: Govern the environment and workloads.
6. Manage: Operations management for cloud and hybrid solutions.

Password spray attack - ANS-Attempts to match a username against a list of weak
passwords

User risk vs sign-in risk - ANS-User risk - probability that a given identity or account is
compromised (i.e. leaked credentials on the web)

Sign-in risk - probability that a given authentication request isnt authorized by the
identity owner (i.e. likelihood sign-in not performed by the user based on location)

What is the new security perimeter? - ANS-Identity - how a user, app, device, etc. can
be verified and authenticated to be who they say they are such

Pillars of Identity - ANS-1. Administration - creation and management (LCM) of identities
2. Authentication (AuthN)- proving identity, how much evidence needed
3. Authorization (AuthZ) - determine level of access an authenticated identity has
4. Auditing - tracking via logs who does what, when, where, & how via reporting alerts
and governance

Modern authentication - ANS-All services and information are are managed by a central
identity provider

Client authenticates with IdP. Once authenticated, the IdP sends the client a security
token. The token is used as proof of identity that is sent to the server

, The server has a trust relationship with the IdP so it verifies with the IdP and trusts the
security token

Security token - ANS-Cryptographically signed document issued to identity after
authenticating with IdP

Used as proof of identity with servers

Contains 'claims' associated with the identity

Trust relationship - ANS-relationship between the server and the IdP to that is used to
validate the security token granted to the client

Common claims of security tokens - ANS-subject - unique, unchanging identifier of the
client
issued at - when security token was issued
expiration - when the security token should expire
audience - describes the recipient of the token so the token cannot be forwarding to
others. If audience does not list recipient it is dropped

Federation - ANS-Single Sign-On between multiple identity providers

Enables access of services across organizational boundaries by establishing trust
relationships between the domain/entities' identity provider

Trust is not always bidirectional

SSO - ANS-Single Sign-On - user logs in once and that credential is used across
multiple apps/resources

Directory Services - ANS-Stores directory data (hierarchical structure of info on the
network) and makes available to users, admins, services, apps, etc.

AD - ANS-Active Directory - set of directory services developed by Microsoft as part of
Windows 2000 for on-premises domain-based networks

AD DS - ANS-Active Directory Domain Services - stores information about members of
the domain, including devices and users, verifies their credentials, an defines their
access rights. A server running AD DS is a domain controller (DC)

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EXAMQA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$14.33. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79650 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$14.33
  • (0)
  Add to cart