Notes

Four pillars of an identity infrastructure

Administration. Administration is about the creation and management/governance of identities for users, devices, and services. As an administrator, you manage how and under what circumstances the characteristics of identities can change (be created, updated, deleted).

Authentication. The authentication pillar tells the story of how much an IT system needs to know about an identity to have sufficient proof that they really are who they say they are. It involves the act of challenging a party for legitimate credentials.

Authorization. The authorization pillar is about processing the incoming identity data to determine the level of access an authenticated person or service has within the application or service that it wants to access.

Auditing. The auditing pillar is about tracking who does what, when, where, and how. Auditing includes having in-depth reporting, alerts, and governance of identities.
--

What provides advaned and intelligent protection of Azure and hybrid resources and workloads?
Microsoft Defender for Cloud through Azure Arc
---

What are the Six Foundational Pillars of Zero Trust?
identities, devices, apps (shadow IT), data, infrastructure, networks

---
What are the four pillars of a Cloud Access Security Broker (CASB)?
visibility, compliance, data security, and threat protection

--
What are the three Principles of Zero Trust?
Verify explicitly. Always authenticate and authorize based on the available data points, including user identity, location, device, service or workload, data classification, and anomalies.

Least privileged access. Limit user access with just-in-time and just-enough access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity.

Assume breach. Segment access by network, user, devices, and application. Use encryption to protect data, and use analytics to get visibility, detect threats, and improve your security.
-
What tool would you use to enforce Mutli-Factor AuthN based on Risk?
Azure AD Identity Protection

You want to be sure no one can delete a resource what tool do you use? You need to be sure someone can read-only an Azure resource what tool do you use?
Azure Resource Group

What authentication Methods are available for Windows Hello for Business?
Pin, Facial Recognition, Fingerprint Recognition.

What tool do you use to view your Azure Secure Score?
Microsoft Defender for Cloud

Can Sensitivity labels be used to encypt documents?
Yes

What does the Azure Bastion service do?
The Bation service is used to RDP/SSH into an Azure virtual machine via the Azure portal and browser.

Can you use Azure AD to manage devices?
Yes you can enable, disable, and delete Azure Registered and AD Joined devices.

Your Company is planning on using Azure Compute, What protects your VM from being read only by Authorized Users?
Encryption. The encryption can be provided by org or Microsoft can create and store the Key.

What tool in Azure is used to correlate and orchestrate automated responses to security incidents?
Microsoft Sentinel.

What is a Azure App Gateway Service used for?
Azure Application Gateway is a web traffic load balancer

What would you use to protect your Azure Application Gateway?
Azure Application Web Firewall.

What does PIM stand for and what does it do?
Privileged Identity Manged Service. Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.

What is Microsoft Defender for Cloud?
Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources

What is Zero Trust?
Zero Trust assumes everything is on an open and untrusted network, even resources behind the firewalls of the corporate network. The Zero Trust model operates on the principle of “trust no one, verify everything.”

he goal of PaaS is to help you create an application quickly without managing the underlying infrastructure. With PaaS, the cloud provider manages the hardware and operating systems, and the customer is responsible for applications and data.

Identity Governance gives organizations the ability to do the following tasks across employees, business partners and vendors, and across services and applications both on-premises and in clouds:
Govern the identity lifecycle
Govern access lifecycle
Secure privileged access for administration

In the Shared Responsability model, the responsibilities always retained by the customer organization include:
Information and data
Devices
Accounts and identities

With PaaS, the cloud provider manages the hardware and operating systems, and the customer is responsible for applications and data.


Defense in depth uses a layered approach to security, rather than relying on a single perimeter.

Example layers of security might include:
Physical
Identity and access
Perimeter
Network
Compute
Application
Data


Trojans are a common type of malware which can’t spread on their own.
This means they either have to be downloaded manually or another malware needs to download and install them.

A worm is a type of malware that can copy itself and often spreads through a network by exploiting security vulnerabilities.

Exploits take advantage of vulnerabilities in software.
A vulnerability is a weakness in your software that malware uses to get onto your device.


Hash functions are deterministic (the same input produces the same output).

Each of the following steps is part of the cloud adoption lifecycle:
Strategy
Plan
Ready
Adopt
Migrate
Innovate
Govern
Manage

In credential stuffing, the attacker takes advantage of the fact that many people use the same username and password across many sites and will use known, stolen credentials, usually obtained after a data breach on one site, to attempt to access other accounts.

Common security threats that can result in a breach of personal data include phishing, spear phishing, tech support scams, SQL injection, and malware designed to steal passwords or bank details.


Azure AD simplifies the way organizations manage authorization and access by providing a single identity system for their cloud and on-premises applications.

Azure AD is available in four editions: Free, Office 365 Apps, Premium P1, and Premium P2.

Azure AD manages different types of identities: users, service principals, managed identities, and devices.

A service principal is a security identity used by applications or services to access specific Azure resources. You can think of it as an identity for an application.

There are two different Azure AD External Identities: B2B and B2C.
Azure AD B2C allows external users to sign in with their preferred social, enterprise, or local account identities to get single sign-on to your applications.
Azure AD B2B collaboration allows you to share your organization’s applications and services with guest users from other organizations, while maintaining control over your own data.



Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?
Compliance score


What do you use to provide real-time integration between Azure Sentinel and another security source?
D. a connector

Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)?
C. Microsoft Service Trust Portal


In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
D. the management of the physical hardware


Azure Secure Score - where to find:
Azure Security Center and Azure Defender are now called -Microsoft Defender for Cloud


Preventive - Encrypt Data at rest
Detective - perform a system access audit
Corrective - make config changes in response to incident

Compliance manager = MS365 Compliance center / Compliance Centre is now known as Microsoft Purview

MS Secure score measures progress in completing actions based on key regulations/data protection (NO) its that's the compliance score, not Secure Score


Azure AD is deployed to an on premises envir = NO
Azure AD is provided as part of M365 sub = YES
Azure AD is an identity and access management = YES

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?
access reviews (entitlement management)

Conditional access policies can use device state as signal (YES)
Conditional access policies apply before first factory auth is complete (NO)
Conditional access policiies can trigger MFA if user attempts to access spec app (YES)

Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- MS Defender for ID is a cloud based solution that leverages on-premises AD signals to ID, detect and investigate Advanced threats.
- MS defender for ID can ID advanced threats from: On-premises AD domain services (AD DS)


Azure AD Identity Protection is a tool that allows organizations to utilize security signals to identify potential threats.
PIM provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources.
RBAC in Azure AD roles control access to Azure AD resources.


Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?
information barriers


Conditional Access Policies can be applied to global admins (YES)
Conditional access policies are NOT evaluated before a user is authenticated. (They are NOT BEFORE)
Conditional AP can use a device platform like android ios as a signal (YES)

A service principal is like a user identity (login and password or certificate) for an application.
Apps registered in AAD are automatically associated to service Principal.

ADD enabled security defaults = MFA is enabled for all users.


"time" linked to an access or an authentification, assume that there is high chance that it's PIM.
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is designed specifically for implementing approval-based, time-bound role activation in an Azure subscription.




access these applications agrees to the legal disclaimers. Which Azure AD feature should you implement?
- Entitlement management automates access request workflows, access assignments, reviews, and expiration

An organization has recently conducted a security audit and found that four people who have left were still active and assigned global admin roles.
- Privileged Identity Management mitigates the risks of excessive, unnecessary, or misused access permissions.

recently discovered that several user accounts in the finance department have been compromised. The CTO has asked for a solution to reduce the impact of compromised user accounts.
- Identity Protection is a tool that allows organizations to utilize security signals to identify potential threats.


Cloud security posture management (CSPM) is a relatively new class of tools designed to improve your cloud security management. It assesses your systems and automatically alerts security staff in your IT department when a vulnerability is found.

Azure Identity Protection
Enables organizations to accomplish three key tasks:
• Automate the detection and remediation of identity based risks.
• Investigate risks using data in the portal.
• Export risk detection data to third party utilities for further analysis.

1. Microsoft Defender for Cloud covers two broad pillars of cloud security. Which pillar provides visibility to help you understand your current security situation and provides hardening recommendations?
Correct. The CSPM pillar of Microsoft Defender for Cloud provides visibility and to help you understand your current security situation and provides hardening recommendations.

An organization wants to add vulnerability scanning for its Azure resources to view, investigate, and remediate the findings directly within Microsoft Defender for Cloud. What functionality of Microsoft Defender for Cloud would they need to consider?
The enhanced functionality that is provided through the Microsoft Defender plans and is part of the CWP pillar of Microsoft Defender for Cloud.
Microsoft Defender plans provide enhanced security features for your workloads, including vulnerability scanning.

Your organization wants to improve their security best practices, which option best describes the benefit of using security baselines in Azure?
Security baselines for Azure apply guidance from the Microsoft cloud security benchmark (or previous benchmarks) to the specific service for which it's defined and provide organizations a consistent experience when securing their environment.
Security baselines in Azure don't provide a single score


Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal. Azure Bastion doesn't provide DDoS protection.

What are two capabilities of Microsoft Defender for Endpoint? Each correct selection presents a complete solution.
automated investigation and remediation
attack surface reduction


Microsoft Defender for Cloud can detect vuln and threats for azure storage
CSPM cloud security posture management is avail for all azure subscriptions
Microsoft defender can eval the security workload deployed to azure or onpremise

Microsoft Priva helps you understand the data your organization stores by automating discovery of personal data assets and providing visualizations of essential information.


Microsoft provides built-in sensitive information types that you can use to identify data such as credit card numbers.

Sensitivity labels help ensure that emails can only be decrypted only by users authorized by the label's encryption settings.​​​

The compliance admin wants to prevent users from accidentally sharing sensitive information in a Microsoft Teams chat session. What capability can address this requirement?
Use data loss prevention policies
With data loss prevention policies, administrators can now define policies that can prevent users from sharing sensitive information in a Microsoft Teams chat session or Teams channel, whether this information is in a message, or in a file.


identify and scan for offensive language across the organization.
Microsoft Purview Communication Compliance helps minimize communication risks by enabling you to detect, capture, and take remediation actions for inappropriate messages in the organization.

IT organization needs to make sure that users from one particular department are limited in their access and interactions with other departments. What solution can address this need?
With Microsoft Purview Information Barriers, you're able to restrict communications among specific groups of users when necessary.

Audit (Premium) helps organizations to conduct forensic and compliance investigations by providing access to these crucial events.

The eDiscovery (Premium) solution allows you to collect and copy data into review sets, where you can filter, search, and tag content so you can identify and focus on content that's most relevant.

You use Azure Policy to ensure that the resource state is compliant to your organization’s business rules,
Azure role-based access control (RBAC) focuses instead on managing user actions at different scopes. Azure RBAC manages who has access to Azure resources, what they can do with those resources, and what areas they can access.

Azure Blueprints provide a way to define a repeatable set of Azure resources.
Role Assignments
Policy Assignments
Azure Resource Manager templates (ARM templates)
Resource Groups

3. Which application in the Microsoft Purview governance portal is used to capture metadata about enterprise data, to identify and classify sensitive data?
DATA MAP


Azure AD roles control access to resources such as users, groups, and applications.
Azure roles control access to resources, such as virtual machines.

What is the minimum edition of Azure AD that allows you to create access packages for users?
Azure AD Premium P2

What are two characteristics of an identity as the primary security perimeter model? Each correct answer presents a complete solution.
- Software as a service (SaaS) applications for business-critical workloads can be hosted outside of a corporate network.
- Bring your own device (BYOD) can be used to complete corporate tasks.


Which Azure service provides centralized protection of web apps from common exploits and vulnerabilities?
Azure Web Application Firewall (WAF)




Azure AD Premium P2 allows the use of entitlement management, which enables access packages.

Leaked credentials is a user risk. Atypical travel, anonymous IP address, and password spray are sign-in risks.

Which service can help mitigate the impact of compromised user accounts?
Azure AD Identity Protection

Which two characteristics are part of a security orchestration automated response (SOAR) solution? Each correct answer presents a complete solution.
-action-driven workflows
-issue mitigation



What does the compliance score in Compliance Manager measure?
an organization’s progress toward implementing controls

Which type of policy can you use to prevent user from sharing files with users in other departments?
information barrier policy (NOT DLP) DLP only based on sensitivity labels


Federation is for enabling the access of services across organizational or domain boundaries by establishing trust relationships between the respective domain’s identity provider. Using Federated Services, there’s no need for a user to maintain a different username and password when accessing resources in other domains.
an example of the federation in practice is when a user logs in to a third-party site with social media account. The social media platform can be Twitter. In this scenario, Twitter is an identity provider. And, the third-party site might be using a different identity provider, such as Azure AD. So, there’s a trust relationship between Azure AD and Twitter.

Workbooks in Azure Sentinel are interactive dashboards that allow users to explore and analyze security data.
Playbooks in Azure Sentinel are automated response capabilities that allow users to take action on security incidents.

Which feature in Microsoft Defender for Cloud Apps is used to retrieve data from activity logs?
App connectors


What are the three types of controls used in Microsoft Purview Compliance Manager? Each correct answer presents part of the solution.
Microsoft-managed controls, shared controls, and customer-managed controls


In Microsoft Purview, what can be used to investigate possible security or compliance breaches and identify their scope based on records?
Audit (Premium)



Microsoft Defender for Cloud Apps:can use conditional access policies to control sessions in real time.






































======


https://www.cyberstudents.org/about/ > im a memmber >
Renewal due on25 May 2024