Microsoft - SC-900: Microsoft Security, Compliance, and Identity Fundamentals

Sample Questions

Explanation:

Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

Customers can access the Permissions Management interface from the Microsoft Entra admin center but not from the Microsoft Purview compliance portal.

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more recommended actions taken. It can be found at Microsoft Secure Score in the Microsoft Defender portal.

References:

What's Microsoft Entra Permissions Management

Frequently asked questions (FAQs)

Microsoft Secure Score

Explanation:

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) that is made up of security measures and practices that are designed to protect cloud-based applications from various cyber threats and vulnerabilities. Defender for Cloud combines the capabilities of:

• A development security operations (DevSecOps) solution that unifies security management at the code level across multicloud and multiple-pipeline environments
• A cloud security posture management (CSPM) solution that surfaces actions that you can take to prevent breaches
• A cloud workload protection platform (CWPP) with specific protections for servers, containers, storage, databases, and other workloads

Reference: What is Microsoft Defender for Cloud?

Explanation:

The Service Trust Portal is Microsoft's public site for publishing audit reports and other compliance-related information associated with Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored whitepapers that provide details on how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.

Reference: Get started with Microsoft Service Trust Portal

Explanation:

After you onboard Microsoft Sentinel into your workspace, use data connectors to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many out of the box connectors for Microsoft services, which integrate in real time. For example, the Microsoft Defender XDR connector is a service-to-service connector that integrates data from Office 365, Microsoft Entra ID, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.

Built-in connectors enable connection to the broader security ecosystem for non-Microsoft products. For example, use Syslog, Common Event Format (CEF), or REST APIs to connect your data sources with Microsoft Sentinel.

References:

Microsoft Sentinel data connectors

Quickstart: Onboard Microsoft Sentinel

Explanation:

Azure Key Vault is one of several key management solutions in Azure, and helps solve the following problems:

• Secrets Management - Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets
• Key Management - Azure Key Vault can be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.
• Certificate Management - Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.

Azure Key Vault has two service tiers: Standard, which encrypts with a software key, and a Premium tier, which includes hardware security module(HSM)-protected keys. 

Reference: About Azure Key Vault