What is Zero Trust?

Trust no one, verify everything

What are the principles behind a Zero Trust model?

Verify Explicitly, Least privileged access, and Assume breach

What are the six foundational pillars of Zero Trust?

Identities, Devices/Endpoints, Data, Apps, Infrastructure, and Network

What is the Shared Responsibility Model?

Describes which security tasks are handled by cloud provider vs which tasks are handled by you and the customer

In the Shared Responsibility Model, which solution puts ALL responsibility on the customer?


In the Shared Responsibility Model, which solution puts the physical hosts, network, and data center responsibility on the customer?

Infrastructure as a Service (IaaS)

In the Shared Responsibility Model, which solution is used to help customers create an application without managing the underlying infrastructure? Cloud provider manages the hardware and OS and customer is responsible for applications and the data.

Platform as a Service (PaaS)

In the Shared Responsibility Model, which solution puts all responsibility on the cloud provider besides data, devices, accounts, and identities?

Software as a Service (SaaS)

What is another name for a layered approach to security?

Defense in Depth

What does the CIA triangle stand for?

Confidentiality, Integrity, Availability

What is a Data Breach?

When an unauthorized user gains access to a private database which contains non-public information.Phishing, spear phishing, SQL injection, Keyloggers/Malware are some types of attacks that may be used to gain access to these servers

What is a Dictionary Attack?

A type of brute force attack on an identity where an intruder attempts to crack a password-protected security system with a "dictionary list" of common words and phrases used by businesses and individual

Type of malware that encrypts files and folders and holds the data until a payment is made and then a decryption key is provided


An attack which attempts to exhaust an application or network's resources from multiple starting points

Distributed Denial of Service (DDoS)

What is a rootkit?

Type of software that intercepts network and system services to gain kernel level access to the computer's resources. Virtually undetectable and hard to remove

What is a Trojan

A type of malicious software which masks itself as a legitimate program, but is actually malicious. They cannot spread on their own and need to be downloaded manually or pushed out through other Malware.

What is a Worm?

A type of malware which can self-replicate and intends to infect other computers on the same network while remaining active on infected systems to consume resources and perform malicious tasks.

What is Encryption?

the process of transforming clear text into coded, unintelligible text for secure storage or communication

What is Symmetric Encryption?

An encryption method in which the same key is used to encrypt and decrypt a message. Fast and Efficient for large amounts of data but key must be kept secret.

What is Asymmetric Encryption?

An encryption method in which two keys (one private, one public) are used to encrypt and decrypt a message. Higher level of security and no need for exchanging keys, but inefficient due to computational power required.

What is Encryption at Rest

When data stored on a physical device is encrypted and ensures the data is unreadable without the keys/secrets to decrypt it.

What is Encryption in Transit

Encrypting data moving from one location to another. Can be handled at different layers such as Application layer.

What is Hashing?

Uses an algorithm to convert text to a unique, fixed length hash value. The same input always produces the same output which makes this used for integrity of data. Salted to prevent brute-force dictionary attacks.

What is Signing?

The concept of hashing a document and encrypting the hash with a private key to create a digital signature.

Which Microsoft portal provides a variety of content, tools, and resources about Microsoft security and compliance principles?

Microsoft Service Trust Portal (STP)

What are the 6 Microsoft Privacy Principles?

Control, Transparency, Security, Strong Legal Protections, No Content-based Targeting, Benefits to you

Explain the Control Privacy Principle

Puts the customer in control of how their data can be used. Opt-in, Opt-out toggles

Explain the Transparent Privacy Principle

Data collection should be transparent so customer can make the right decision on how it should be used and what is being used

Explain the Security Privacy Principle

Ensures Microsoft is using the proper security for your data and are good custodians of said data

Explain the Strong Legal Protection Privacy Principle

Microsoft respects the laws of the country and fights for the privacy of their user's data

Explain the No Content-Based Target Privacy Principle

Microsoft ensures data such as email, chat, and other personal content to target advertising

Explain the Benefits to You Privacy Principle

Whenever data is collected, it is only used to benefit the customer and make their experience better

What is an identity attack and provide some examples

An attack designed to steal the credentials used to validate or authenticate that someone or something is who they claim to be. Password-based attacksPhishing/Spear Phishing

What is a Password Brute Force attack?

Using a large list of known passwords against a single account in the attempt to gain access

What is a Password Spray Attack?

Attempting to use a few common passwords against multiple accounts to circumvent account lockout controls

What is Phishing?

A social engineering attack that is geared toward tricking a user to provide information about themselves or their credentials for a specific website by email. Text phishing (Smishing) Phone phishing (Vishing)

What is Spear Phishing?

A customized phishing attack that targets a specific person.

What is the difference between User Risk and Sign-In risk in Azure?

User Risk - represents the probability that a given identity or account is compromisedSign-in Risk - probability that the identity owner didn't authorize a given authentication request

What is Identity and what may it be associated with in Azure?

Identity is how someone or something can be verified and authenticated. Identity is the new security perimeter with BYOD/WFHAssociated with a user, application, and/or device

What are the four pillars or identity?

Administration, Authentication, Authorization, Auditing

Define the Administration identity pillar

The creation and management of identities for users, devices, and services. How and under what circumstances identities can be changed, be created, and be deleted.

Define the Authentication identity pillar

Control over how much you need to know about an identity to prove they are who they say they are.

Define the Authorization identity pillar

Processing the incoming identity data to determine what level of access and resources they have within the application or service.

Define the Auditing identity pillar

Tracking who does what, when, where, and how in the environment.

What is Modern Authentication?

an umbrella term for a multi-functional authorization and authentication method that ensures proper user identity and access controls in the cloud using

What is an Identity Provider (IdP)?

The center of modern auth. Offers authentication, authorization, and auditing services. AAD, Google, Amazon, etc are a cloud based IdP

What is single sign on (SSO)?

Centralized access control technique that allows a subject to be authenticated only once on a system and to access multiple resources without repeated authentication prompts

Describe the concept of a Federated Service

Uses the concept of single-sign on where one set of credentials is used to access multiple services. In the case of a federated services, these services span across multiple external resources not necessarily relating to one another. (GoDaddy/M365 Integrations, Log In with google, facebook, etc)

What is Azure Active Directory (AAD)?

Microsoft's cloud based identity and access management service

What are the 4 editions of Azure AD?

AAD Free, Office 365 Applications, AAD P1, and AAD P2

What is included in AAD Free?

Allows for creation of users, groups, sync with on-prem AD, create basic reports, Self-service password reset (SSPR), and enable SSO. 5,000 objects in AAD. Included with Azure, Office 365, dynamics 365, InTune, and Microsoft Power platform subscription

What is included in Azure with the Office 365 Subscription?

SSPR for cloud users and Includes device write-back (two way sync between M365 and on-prem AD) - included in E1, E3, E5, F1, and F3

What is included in Azure Active Directory Plan 1?

Includes all features of the Free and O365 editions and advanced administration: Normal Conditional Access policies, dynamic groups, self-service group management, Microsoft Identity Manager, and Cloud write-back (SSPR for On-prem users)Included with M365 E3 or Business Premium

What is included in Azure Active Directory Plan 2?

Includes all of AAD P1 features alongside AAD Identity Protection: Risk based Conditional Access policies and Privileged Identity Management (PIM)Included with M365 E5

What are the four identity types you can manage in Azure AD?

User (employees/guests)Service Principal (identity for an application)Managed Identity (identity automatically managed by Azure. Can be used to authenticate a cloud app with an azure service) System Assigned vs User AssignedDevice (piece of hardware such as cell phone, laptop, printer) AAD Registered vs AAD Joined

What types of devices can be Azure AD Registered?

Windows 10, IOS, Android, MacOS - Usually BYOD devices with a personal account

What types of devices can be Azure AD Joined?

Windows 10 Pro, IOS, Android, MacOS - Usually corporate owned and a business account and exist in cloud

What types of devices can be Hybrid Azure AD joined?

Windows 7, 8.1, 10, 11, or Server 2008+ - Owned by organization and signed in with AAD account. These devices exist in the cloud and on-prem

What is the B2B AAD External Identity?

Business to Business - allows you to share apps/resources with external users

What is the B2C AAD External Identity?

Business to Customer - allows external users to use SSO to connect to your resources/applications

What is used to sync ADDS with AAD?

Azure AD Connect

What are the two ways Authentication is handled in a Hybrid AAD environment?

Managed Authentication - Authentication is handled by AADClient-based AAD Redirect - Authentication is handled by a third-party domain, also known as federated authentication

What are the three types of Authentication methods used in a Hybrid AAD environment?

Password Hash Sync - users can use the same username and password from on-prem with AAD - Managed AuthenticationPass-through Authentication (PTA) - uses a software agent on the on-prem server which validates the users directly with AADS - Managed AuthenticationFederated Authentication - AAD hands the authentication process to a third-party service, also known as ADFS.

What is Multi-factor Authentication?

Using two or more types/factors of authentication. e.g. Smart Card and Pin. Or Biometrics and Token key fob.Something you know, something you have, and/or something you are

What is Open Authentication (OAUTH)?

an open-standard framework that details how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential

What is Self Service Password Reset and what are the benefits of implementation?

SSPR allows users to reset their own password without administrative intervention.Increases security Saves organization moneyIncrease productivity

What scenarios would you use SSPR for?

Password changesPassword ResetsAccount Unlocks

What Authentication methods can be used with SSPR?

Mobile App notificationMobile App CodeEmailMobile PhoneOffice PhoneSecurity Questions

What is Azure Password Protection?

Detects and blocks known weak passwords and their variants. They also can block additional weak terms that are specific to your organization. Can be applied to on-premise in a hybrid environment

What parameters can Conditional Access policies analyze to apply the policy?

user, location, device, application, and risk

What can be used to control permissions to Azure AD Resources?

Azure AD built-in and custom Roles

What is it called when you manage access for users based on their Role?

Role Based Access Control (RBAC)

What is the purpose of Identity Governance (control) in Azure AD?

Govern the identity lifecycleGovern access lifecycleSecure privileged access for administration

What are the 3 parts of an Identity Lifecycle?

Join - a new digital identity is createdMove - update access authorizationLeave - access may need to be removed

What can be used to automate the process of managing identity and access lifecycles at Scale?

Azure AD Entitlement Management and Azure AD Access Reviews

What is Privileged Identity Management (PIM)?

A service that enables you to manage, control, and monitor access to administrative resources in your organization

Describe the features of Privileged Identity Management (PIM)

Just In time authorization - privileged access only when need, and not beforeTime-bound - assigns start and end dates that indicate when a user can access resourcesApproval-based - requires specific approval to activate privileges. Visible - sends notifications when privileged roles are activatedAuditable - allows a full access history to be downloaded

What is Azure Identity Protection (AIP)?

A tool that allows an organization to:Automate the detection and remediation of identity based riskInvestigate a risk using data in the portalExport risk detection data to third party utilities

What three categories does AIP categorized risk into?

Low, medium, and high

In AIP, what is sign-in risk?

The probability that the sign-in was not performed by the user

In AIP what is user risk?

The probability that the user identity has been compromised

What are the three reports available in AIP?

Risk UsersRisk Sign-insRisky Detections

What do Azure Network Security Groups (NSG) do?

Let you allow/deny network traffic to/from Azure resources that exist in your Azure network such as a virtual machine.They can be associated with multiple subnets or network interfaces in a virtual network

What properties do NSGs analyze to allow/deny traffic?

Name, Priority, Source/Destination, source port/destination port, destination, protocol, Action (allow/deny)

What are three common DDoS Attacks?

Volumetric attacks - Flood the network with seemingly legitimate network traffic which restricts available bandwidth.Protocol attacks - render a target inaccessible by exhausting server resources with false protocol requests that exploit weakness in layer 3 and layer 4 protocols. Resource (application) layer attacks - Target web application packets to disrupt transmission of data between the hosts.

What is Azure DDoS protection?

A service designed to analyze network traffic and discard anything that looks like DDoS activity.

Explain the two plans for Azure DDoS protection?

DDoS Protection Basic - Free. Analyze Traffic monitoring with always on protection, automatic attack mitigations.DDoS Protection Standard - Fixed monthly cost per resource basis. Availability guarantee, cost mitigation policies to customer applications, metrics and alerts, reports, logs, Rapid response support.

What is the basic difference between a NSG and Azure Firewall?

While an Azure Firewall monitors traffic at more of a global level, an NSG is more defined and is applied to specific subnets and/or network interfaces.

Where should an Azure Firewall be deployed on your network?

The central Virtual Network

What are some features of Azure Firewall?

Built-in High Availability & Availability ZonesOutbound SNAT & inbound DNATThreat IntelligenceNetwork & application-level filteringMultiple public IP addressesIntegration with Azure Monitor

What does a Web Application Firewall (WAF) do?

Provides centralized protection of your web applications from common exploits and vulnerabilities

What are some features of Azure's Web Application FIrewall?

Simpler Security managementImproves the response time to a security threatPatching a known vulnerability in one placeProtection against threats and intrusions

What are some features of Azure Firewall Premium (NGFW)?

TLS InjectionIDPSURL FilteringWeb Categories

What is Azure Bastion?

A Microsoft service that provides secure connectivity using SSH or RDP to your VMs directly from the Azure portal using TLS.

What are some features of Azure Bastion?

RDP and SSH directly in Azure PortalRemote Session over TLS and Firewall traversal for RDP/SSHUses private IP address from Azure Bastion portal, preventing the need for a hosted public IPNSGs managed by Microsoft for initial ingress movement into the network.Protection against port scanningProtection against internal zero-day exploits due to sitting at perimeter

What is Azure Key Vault?

Centralized cloud service for storing your application secrets Secure accessLogging

What is Azure Key Vault used for?

Secrets management (tokens, passwords, certificates, api keys)Key management (control encryption keys)Certificate Management (public/private ssl/tls certs)Store HW/SW tokens

What is Azure Storage Service Encryption (SSE)?

Allows for automatic encryption of data at rest in azure blob storage and file shares on server side and client side scenarios.

What is Azure VM Disk Encryption?

Uses BitLocker technology to protect OS/data disk with full-volume encryption and keys are stored in Key Vault

What is Transparent Data Encryption (TDE)?

Used to encrypt SQL servers, Azure SQL database, and Azure synapse analytics data file in real timeEnabled by default

What is Cloud Security Posture Management (CSPM)?

Tools designed to improve your cloud security management by assessing your security and alerts security staff when a vulnerability is found. Uses a combination of tools and services:Zero Trust-based access controlReal-time risk scoringThreat and vulnerability management (TVM)Discover sharing risks (data exposure)Technical PolicyThreat modeling systems and architectures

What threats does Azure Security Center help mitigate?

Rapidly changing workloads - ensure changing services people use/create meet security standardsIncreasingly sophisticated attacksSecurity skills

What are some features of Azure Security Center?

Manage and enforce security policiesContinues assessment of security posture with recommendations Network topology view of yoru workloadsIntegration with other Microsoft security solutions across AzureProtects non-azure servers in cloud/on-prem for windows and linux by installing log analytics software

What is Azure Secure Score

A percentage value in security center that recommends controls and configuration changes to make to increase security posture.

What are the different Azure Defender Plans?

Azure Defender for Servers - adds threat detection for yoru windows and linux machinesAzure Defender for App Services - uses cloud scale to identify attacks targeting applications over app serviceAzure Defender for Storage - detects harmful activity on Azure Storage accountsAzure Defender for SQL - extends azure security center data security package to secure SQL databasesAzure Defender for Kubernetes - provides the best cloud natives Kubernetes security environment hiding, workload protection, and runtime protectionAzure Defender for Container Registries - helps protect all azure resource manager based registriesAzure Defender for Key Vault - provides extra layer to key vault

What does it mean by Azure Defender Hybrid cloud protection?

Protects non-Azure servers and VMs in other clouds such as AWS and GCP

What are Azure Defender alerts?

Alerts generated by Azure Defender when a threat is detected. These alerts suggest remediation steps and the ability to trigger a logic app in response and can be imported into Azure Sentinel

What is Advanced Protection in Azure Defender?

Uses advanced analytics for tailored recommendations related to your resources

What is Vulnerability Assessment in Azure Defender?

Includes vulnerability scanning for VMs and container registries

What is Azure Sentinel?

A Security Information and Event Management (SIEM), Security Orchestration and Automated Response (SOAR), and Extended Detection and Response (XDR) solution for alert detection, threat visibility, proactive hunting, and threat response.

What is a SIEM?

Security Information and Event ManagementA tool that is used to collect data from infrastructure, software, and resources. Analyzes/correlates data to look for threats and generates an alert

What is a SOAR?

Security Orchestration and Automated ResponseTakes alert from SIEM or other sources and triggers automated workflows/processes to mitigate the issue

What is XDR?

Extended Detection and Responsea tool designed to detect, protect, and respond to threats across identities, endpoints, applications, etc.

How does billing work with Azure Sentinel and what are the two ways to pay?

Billing is based on the volume of data ingested for analysis and stored in Azure Monitor Log Analytics workspaceCapacity Reservations - billed a fixed fee based on tierPay-as-you-go - billed per gigabyte

What is Microsoft 365 Defender?

Service/tool that coordinates the detection, prevention, investigation, and response to threats against email, identity, and applications and assists with determining the attack scope and impact by giving insights on how the threat occurred and which systems are affected.It can take automated action to prevent or stop attacks

What does Microsoft 365 Defender protect and what individual solution is tied to these assets?

Identity - Microsoft Defender for IdentityEndpoints - Microsoft Defender for EndpointApplications - Microsoft Cloud App SecurityEmail/Collaboration - Microsoft Defender for Office 365

What are the capabilities of Microsoft Defender for Identity?

Monitor and profile user behavior and activitiesProtect user identities and reduce the attack surfaceIdentify suspicious activities and advanced attacks across the cyberattack kill-chainInvestigate alerts and user activities

What are the capabilities of Microsoft Defender for Office 365?

Threat Protection PoliciesReportsThreat Investigation and response capabilitiesAutomated investigation and response capabilities

What is included with Microsoft Defender for Office 365 Plan 1?

Safe AttachmentsSafe LinksATP for SharePoint, OneDrive, and TeamsATP Anti-phishing ProtectionReal-time Detections

What is included with Microsoft Defender for Office 365 Plan 2?

Threat TrackersThreat ExplorerAutomated investigation and Response (AIR)Attack Simulator

What Licenses include Microsoft Defender for Office 365?

M365 E5O365 E5O365 A5M365 Business Premium

What are the capabilities of Microsoft Defender for Endpoint?

Threat and Vulnerability managementAttack Surface ReductionNext Generation ProtectionEndpoint Detection and Response (EDR)Automated Investigation and remediationMicrosoft Threat Expert

What is Microsoft Cloud App Security (MCAS)?

A cross-SaaS solution working in-between a cloud user and cloud provider to provide visibility into cloud services, control over data traversal, and analytics to identify threats. Ability to analyze cloud apps your org is usingAllows you to sanction/un-sanction applicationsStandalone version for O365 applications

What is the Microsoft 365 Security Center used for?

Monitoring and managing security across your Microsoft identities, data, devices, applications, and infrastructure.

What are some of the default cards in the Microsoft 365 Security Center?

Secure ScoreDevices at RiskThreat AnalyticsUsers with Threat DetectionsDependent on user role due to RBAC

What are the default cards under Reports in Microsoft 365 Security Center?


What is Microsoft Intune?

cloud based service which focuses on mobile device management (MDM) and mobile application management (MAM)

What operation systems does Intune work with?

IOS, iPad OS, Android, Windows, and MacOS

When is MDM used?

Corporate owned devices and full-control of device configurations and security settings

When is MAM used?

BYOD/Personal devices. Control over corporate data at the application layer without the need to interfere with personal data

What is Microsoft Endpoint Manager (MEM)?

Combination of Configuration manager and Intune for managing fully deployed cloud devices in Intune or co managing local devices

What are some features of Intune?

Manage devicesManage security baselinesSecurity policies Compliance policiesAAD CA Policy integrationMicrosoft Defender for Endpoint integrationRBAC

What is Microsoft Compliance Center used for?

Shows how the organization is meeting is compliance requirements with solutions that can help assist with compliance and information about active alerts

What feature can be used to aid an organization in compliance?

Microsoft Compliance Manager

What does Microsoft Information Governance allow organizations to do?

Know your Data - trainable classifiers, activity explorer, content explorerProtect your Data - encryption, access restrictions, visual markingsPrevent Data Loss - Risk behavior, DLP policies, Endpoint DLPGovern your Data - retention policies, retention labels, record management

What are some Data classification capabilities?

Sensitive Information TypesTrainable classifiers Understand and Explore data

What are Sensitivity labels and policies used for?

Allows the labeling of content based on the type of data to allow DLP policies to apply

What are Retention policies and labels used for?

Help organizations manage and govern information by ensuring content is kept only for required time and then permanently deleted.

What is records management?

Management solution for regulatory, legal, and business critical records across their corporate data.

What is Insider Risk Management?

A solution to identify, investigate, and address internal risk using policy templates, activity signaling, and flexible workflow for insights.

What is Communication Compliance?

A compliance center solution that allows an organization to detect, capture, and take action against inappropriate messages.

What are Information Barriers?

Policies that admins configure to prevent individuals or groups from communicating with each other.Supported by OneDrive, Teams, SharePoint, and other solutions Information Barrier examples for Teams:Searching for a userStarting a group chatSharing a screenPlacing a callSharing a file with another user

What is Privileged Access Management?

Allows granular access control over administrative tasks in M365 to prevent breaches from administrative accounts with high level accessZero-standing access policy which requires access requests and only the level of access needed for the task is provided

What is the Customer Lockbox?

Option for customers in O365 that extends the internal Microsoft approval process for granting our engineers access to customer data. With Lockbox the customer becomes the last approver in the chain.

An organization has deployed M365 applications to all employees. Who is responsible for the security of the personal data relating to these employees?

The Organization - The org always has responsibility for their data in a shared responsibility model

Which of the following measures might an organization implement as part of the defense in-depth security methodology? 1. Locating servers at different locations in your organization2.Multi-factor authentication for all users3. Ensuring there's no segmentation of your corporate network

2. MFA for all users

The HR organization wants to ensure that stored employee data is encrypted. Which mechanism would they use?1. Hashing2. Digital Signing3. Encryption at Rest

3. Encryption at Rest

When browsing Microsoft compliance documentation, you have found several documents that are specific to your industry. What is the best way of ensuring you keep up to date with the information they contain?1. Save the documents to your My Library2. Print each document so you can easily refer to them3. Download each document

1. My Library

A colleague has asked for your help in locating compliance and regulatory information relevant to yoru industry. You want to provide one link that will provide all the information they might need. Which Microsoft link should you send?1. Microsoft Privacy Principles2. Service Trust Portal3. Microsoft Compliance Manager

2. Service Trust Portal

What type of security risk does a phishing scam pose?1. Ethical Risk2. Physical Risk3. Identity Risk

3. Identity Risk

What is a benefit of single sign-on?1. A central identity provider can be used2. The user signs in once and then can access many applications or resources3. Passwords always expire after 72 days

2. The user signs in once and then can access many applications or resources

Which relationship allows federated services to gain access to resources?1. Claim relationship2. Shared access relationship3. Trust relationship

3. Trust relationship

Authentication is the process of doing what?1. Verifying that a user or device is who they say they are2. The process of profiling user behavior3. Enabling federated services

1. Verifying that a user or device is who they say they are

Your organization is launching a new app for customers. You want your customers to use a sign-in screen that is customized with your brand identity. Which type of Azure External identity authentication solution should you use?1. Azure AD B2B2. Azure AD B2C3. Azure AD Hybrid Identities

2. Azure AD B2C

Within your organization, all of your users have M365 cloud identities. Which identity model should you use?1. Hybrid2. Cloud-only3. On-premises only


You have developed an app and want users to be able to sign in with their Facebook, Google, or Twitter credentials. What type of authentication will you use?1. Service principal Authentication2. Azure AD B2C3. Use assigned identities

2. Azure AD B2C - allows external users to log into your applications with social media accounts

After hearing of a security breach at a competitor, you want to improve identity security within your organization. What should you implement immediately to provide the greatest protection to user identities? 1. Multi-factor Authentication2. Require biometrics for all sign-in3. Require strong passwords for all identities

1. Multi-factor authentication

To improve identity security within yoru organization, you want to implement Windows Hello for Business. When explaining the benefits of WHFB to yoru colleagues, which of the following is true?1. Windows Hello is an authentication feature built into Windows Server 2012 R262. Windows Hello is an alternative to multi-factor authentication3. Windows Hello is more secure because it uses PINs and Biometric data to authenticate users.

3. More secure because of PINs and Biometrics

You've been asked to find ways to reduce IT costs, without compromising security. Which feature should you consider implementing?1. Self-service password reset2. Biometric sign-in on all devices3. FIDO2


You've been asked to consider the feasibility of implementing conditional access for your organization. What must you do to implement conditional access?1. Create policies that enforce organizational rules2. Check that all users have multi-factor authentication enabled.3. Amend your apps to allow conditional access

1. Create policies that enforce organizational rules

Sign in risk is a signal used by conditional access policies to decide whether to grant or deny access. What is sign-in risk?1. The probability that the device is owned by the identity owner2. The probability that the authentication request is authorized by the identity owner3. The probability that the user is authorized to view data from a particular application.

2. The probability that the authentication request is authorized by the identity owner

You've been asked to review Azure AD roles assigned to users to improve organizational security. Which of the following should you implement?1. Remove all Global Admin roles assigned to users2. Create custom roles3. Replace global Admin roles with specific Azure AD roles

3. Replace global Admin roles with specific Azure AD Roles

Your organization recently merged with a competitor, nearly doubling the number of employees. You urgently need to implement an access lifecycle system that won't add a significant amount of work for your IT admins. Which Azure ASD feature should you implement?1. Dynamic groups2. Conditional access policies3. Azure AD Terms ofUser

1. Dynamic Groups

Your organization is project-oriented with employees often working on more than one project at a time. Which solution is best suited for managing user access to yoru organization's resources?1. Azure Terms of Use2. Dynamic Groups3. Entitlement Management

3. Entitlement Management - automates access requests, access assignments, reviews, and expiration of resources

Your organization recently conducted a security audit and found that four people who have left the org were still active and assigned Global Admin roles. the users have now been deleted and you've been asked to recommend a solution to prevent a similar security lapse from happening in the future. Which solution should you recommend?1. Entitlement Management2. Privileged Identity Management3. Identity Protection

2. Privileged Identity Management - mitigates risk of excessive, unnecessary, or unused access permissions

You have recently discovered that several user accounts in the Finance Department have been compromised. Your CTO has asked for yoru help in finding a solution to reduce the impact of compromised user accounts. They've asked you to look at three Azure AD features, which one should you recommend?1. Identity Protection2. Conditional Access3. Entitlement management

1. Identity Protection

The security admin wants to increase the priority of a network security group, what five sources of information will the admin need to provide?1. Source, source port, destination, destination port, and network layer2. Source, source port, destination, destination port, and protocol3. Source, source port, destination, destination port, and target resource

2. Source, source port, destination, destination port, and protocol

The security admin wants to protect Azure resources from DDoS attacks. Which Azure DDoS protection tier will the admin use to target Azure Virtual Network resources?1. Basic2. Standard3. Advanced

2. Standard

Your organization has several virtual machines in Azure. The security admin wants to deploy Azure Bastion to get secure access to the virtual machines in Azure. What should the admin keep in mind?1. Azure Bastion is deployed per virtual network2. Azure Bastion is deployed per subscription3. Azure Bastion is deployed per virtual machine

1. Azure Bastion is deployed per virtual network

Much of your organization's application data is in Azure. The security admin wants to take advantage of the encryption capabilities in Azure, which service would the admin use to store the application's secrets?1. Transparent data encryption2. Secrets management3. Azure Key Vault

3. Azure key vault

An organization is using Azure and wants to improve their security best practices. Which Azure specific benchmark would the IT security team need to consider?1. Azure Security Benchmark2. Center for internet Security3. Microsoft cybersecurity group

1. Azure Security Benchmark - provides best practices and recommendations to help improve security

Your organization is using Security Center to assess your resources, subscriptions, and organization for security issues. Your organizations overall secure score is low and needs to improve. How would a security admin go about improving the score?1. Close old security recommendations2. Remediate security recommendations3. Move security recommendations to resolved

2. Remediate security recommendations

An organization needs to continuously monitor the security status of its network. What Security Center tool would they use?1. Continuous assessment2. Network map3. Network Assessment

2. Network map

As the lead admin, it is important to convince your team to start using Azure Sentinel. You've put together a presentation. What are the four security operation areas of Azure Sentinel that cover this area?1. Collect, Detect, Investigate, and Redirect2. Collect, Detect, Investigate, and Respond3. Collect, Detect, Investigate, and Repair

2. Collect, Detect, Investigate, and Respond

Your estate has many different data sources where data is stored. Which tool should be used with Azure Sentinel to quickly gain insights across your data as soon as a data source is connected?1. Azure Monitor Workbooks2. Playbooks3. Microsoft 365 Defender

1. Azure Monitor Workbooks

A lead admin for an organization is looking to protect against malicious threats posed by email messages, links, and collaboration tools. Which solution from the M365 Defender suite is best suited for this purpose?1. Microsoft Defender for O3652. Microsoft Defender for Endpoint3. Microsoft Defender for Identity

1. Microsoft Defender for O365

As the admin for your team, you're required to provide a short presentation on the use and benefit of Microsoft Cloud App Security to your team. Which of the four MCAS pillars is responsible for identifying and controlling sensitive information?1. Threat Protection2. Compliance3. Data Security

3. Data Security

Admins in the organization are using the M365 Security Center on a daily basis. They want to quickly get an understanding of your organization's current security posture. Which section in the M365 Security Center will they use?1. Reports2. Secure Score3. Policies

2. Secure Score

Which of the following describes what an admin would need to select to view security cards grouped by risk, detection trends, configuration health, and more?1. Group by topic2. Group by risk3. Group by category

1. Group by topic

An admin wants to get a comprehensive view of an attack, including where the attack started, what tactics were used, and how far the attack has gone in the network. What can the admin use to view this type of information?1. Alerts2. Reports.3. Incidents

3. Incidents

Employees are allowed to bring and use their cell phones at work. The employees don't want their phone to be under full corporate control, but admins want to allow users to read emails and use Teams while protecting corporate data. Which of the following will allow admins to accomplish these goals?1. Mobile Application Management (MAM)2. Mobile Device Management (MDM)3. Role-based access control (RBAC)

1. Mobile Application Management (MAM)

An organization uses different types of devices, including Windows, iOS, and Android devices. Admins for that organization have created a security baseline profile in Intune that they want to apply across the devices. To which devices can the security baseline profile be applied?1. Android Devices2. iOS Devices3. Windows Devices

3. Windows devices

A new admin has joined the team and needs to be able to access the M365 Compliance Center. Which of the following roles could the admin use to access the Compliance Center?1. Compliance Administrator role2. Helpdesk Administrator role3. User Administrator role

1. Compliance Administrator Role

Your new colleagues on the admin team are unfamiliar with the concept of shared controls in Compliance Manager. How would the concept of shared controls be explained?1. Controls that both external regulators and Microsoft share responsibility for implementing.2. Controls that both yoru organization and external regulators share responsibility for implementing. 3. Controls that both your organization and Microsoft share responsibility for implementing.

3. Controls that both your organization and Microsoft share responsibility for implementing

Which part of the concept of know your data, protect yoru data, and prevent data loss addresses the need for organization to automatically retain, delete, store data and records in a compliant manner?1. Know Your Data2. Prevent data loss,3. Govern Data

3. Govern data

As part of a new data loss prevention policy, the compliance admin needs to be able to identity important information such as credit card numbers, across the organization's data. How can the admin address this requirement?1. Use activity explorer2. Use sensitivity labels3. Use sensitive information types

3. Use sensitive information types

Within the organization, some emails are confidential and should be encrypted so that only authorized users can read them. How can this requirement be implemented?1. Use the content explorer2. Use sensitivity labels3. Use Records Management

2. Use Sensitivity labels

Your organization uses Microsoft Teams to collaborate on all projects. The compliance admin wants to prevent users from accidentally sharing sensitive information in a Microsoft teams chat session. What capability can address this requirement?1. Use data loss prevention policies2. Use Records Management capabilities3. Use retention policies

1. Use DLP Policies

Due to a certain regulation, your organization must keep hold of all documents in a specific SharePoint site that contains customer information for five years. How can this requirement be implemented?1. Use sensitivity labels2. Use the content explorer3. Use retention policies

3. Use retention policies

To comply with corporate policies, the compliance admin needs to be able to identify and scan for offensive language across the organization. What solution can the admin implement to address this need?1. Use Policy Compliance in M3652. Use Communication Compliance3. Use information barriers

2. Use Communication Compliance

An organization has many departments that collaborate through Teams. To comply with business policies, the IT organization needs to make sure that users from one particular department are limited in their access and interactions with other departments. What solution can address this need?1. Use Communication Compliance2. Use Customer Lockbox3. Use Information Barriers

3. Use Information Barriers

The compliance team wants to control the use of privileged admin accounts with standing access to sensitive data, so that admins receive only the level of access they need, when they need it. How can this be implemented?1. Use Communication Compliance2. Use Privileged Access Management3. Use the Audit Log

2. Use Privileged Access Management

The customer has identified an issue that requires a Microsoft engineer to access the org's content. To protect the org, the engineer shouldn't be able to access content and perform service operations without explicit approval. What capability can address this requirement?1. Use privileged access management2. Use information barriers3. Use Customer lockbox

3. User customer lockbox

A new admin has joined the compliance team and needs access to Core eDiscovery to be able to add and remove members, create and edit searches, and export content from a case. To Which role should the admin be assigned?1. Add them as a member of the eDiscovery Manager role group2. Add them as a member of the eDiscovery review role3. Add them as a member of the eDiscovery custodian role

1. Add them as a member of the eDiscovery Manager role group