Free Microsoft SC-100 Exam Questions (page: 5)

Explanation:

Reference:

Box 1: Specialized security
Securing devices as part of the privileged access story



Box 2: Enterprise security

Box 3: Privileged security


https://learn.microsoft.com/en-us/security/compass/privileged-access-devices

Explanation:

RaMP initiatives for Zero Trust
To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives.
Critical security modernization initiatives:
(C) User access and productivity
1. Explicitly validate trust for all access requests
Identities
Endpoints (devices)
Apps
Network
(A) Data, compliance, and governance
2. Ransomware recovery readiness
3. Data
(E) Modernize security operations
4. Streamline response
5. Unify visibility
6. reduce manual effort

Incorrect:
As needed
Additional initiatives based on Operational Technology (OT) or IoT usage, on-premises and cloud adoption, and security for in-house app development:
* (not D) OT and Industrial IoT
Discover
Protect
Monitor
* Datacenter & DevOps Security
Security Hygiene
Reduce Legacy Risk
DevOps Integration
Microsegmentation

Reference:

https://learn.microsoft.com/en-us/security/zero-trust/zero-trust-ramp-overview

Explanation:

Box 1: Microsoft Defender for Identity
An attacker attempts to exfiltrate data to external websites.

Exfiltration alerts
Typically, cyberattacks are launched against any accessible entity, such as a low-privileged user, and then quickly move laterally until the attacker gains access to valuable assets. Valuable assets can be sensitive accounts, domain administrators, or highly sensitive data. Microsoft Defender for Identity identifies these advanced threats at the source throughout the entire attack kill chain and classifies them into the following phases:

Reconnaissance
Compromised credentials
Lateral Movements
Domain dominance
Exfiltration

Box 2: Microsoft Defender for Identity
An attacker attempts lateral movement across domain-joined computers.

Microsoft Defender for Identity Lateral Movement Paths (LMPs) Lateral movement is when an attacker uses non-sensitive accounts to gain access to sensitive accounts throughout your network. Lateral movement is used by attackers to identify and gain access to the sensitive accounts and machines in your network that share stored sign-in credentials in accounts, groups and machines. Once an attacker makes successful lateral moves towards your key targets, the attacker can also take advantage and gain access to your domain controllers. Lateral movement attacks are carried out using many of the methods described in Microsoft Defender for Identity Security Alerts.

A key component of Microsoft Defender for Identity's security insights are Lateral Movement Paths or LMPs. Defender for Identity LMPs are visual guides that help you quickly understand and identify exactly how attackers can move laterally inside your network.

Reference:

https://learn.microsoft.com/en-us/defender-for-identity/exfiltration-alerts

Explanation:

IM-3: Manage application identities securely and automatically Features
Managed Identities
Description: Data plane actions support authentication using managed identities.
Configuration Guidance: Use a Managed Service Identity generated by Microsoft Entra ID to allow your API Management instance to easily and securely access other Microsoft Entra ID-protected resources, such as Azure Key Vault instead of using service principals. Managed identity credentials are fully managed, rotated, and protected by the platform, avoiding hard-coded credentials in source code or configuration files.

Reference:

https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/api-management-security- baseline

Explanation:

Microsoft's "Local Administrator Password Solution" (LAPS) provides management of local administrator account passwords for domain-joined computers. Passwords are randomized and stored in Microsoft Entra ID, protected by ACLs, so only eligible users can read it or request its reset.
Microsoft LAPS is short for Microsoft Local Administrator Password Solution.
When installed and enabled on domain-joined computers it takes over the management of passwords of local accounts. Passwords are automatically changed to random characters that meet the domain's password policy requirements at a frequency that you define through Group Policy.
The passwords are stored in a protected "confidential" attribute on the Computer object in AD. Unlike most other attributes which can be read by all domain users by default, the confidential attributes require extra privileges to be granted in order to read them, thus securing the managed passwords.

Incorrect:
Not B: Integrate on-premises Microsoft Entra domains with Microsoft Entra ID Validate security configuration and policy, Actively monitor Microsoft Entra ID for signs of suspicious activity Consider using Microsoft Entra ID P2 edition, which includes Microsoft Entra ID Protection. Identity Protection uses adaptive machine learning algorithms and heuristics to detect anomalies and risk events that may indicate that an identity has been compromised. For example, it can detect potentially unusual activity such as irregular sign-in activities, sign-ins from unknown sources or from IP addresses with suspicious activity, or sign-ins from devices that may be infected. Identity Protection uses this data to generate reports and alerts that enable you to investigate these risk events and take appropriate action.
Not C: Microsoft Entra PIM is a service in Microsoft Entra ID that enables you to manage, control, and monitor access to resources in Microsoft Entra ID, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.
Not D: Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Pass-the- Hash, and Pass-The-Ticket.

Reference:

https://craighays.com/microsoft-laps/
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad

Explanation:

Box 1: Segment access
Assume breach
Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

Box 2: Data classification
Verify explicitly
Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

Box 3: Just-in-time (JIT) access
Use least-privilege access
Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.

Reference:

https://www.microsoft.com/en-us/security/business/zero-trust

Explanation:

Microsoft Cybersecurity Reference Architectures
Apply zero trust principles to securing OT and industrial IoT environments Operational Technology (OT) Environments
Safety/Integrity/Availability
· Hardware Age: 50-100 years (mechanical + electronic overlay) · Warranty length: up to 30-50 years
· Protocols: Industry Specific (often bridged to IP networks) · Security Hygiene: Isolation, threat monitoring, managing vendor access risk, (patching rarely) Information Technology (IT) Environments
Confidentiality/Integrity/Availability
· Hardware Age: 5-10 years
· Warranty length 3-5 years
· Protocols: Native IP, HTTP(S), Others
· Security Hygiene: Multi-factor authentication (MFA), patching, threat monitoring, antimalware

Reference:

https://learn.microsoft.com/en-us/security/cybersecurity-reference-architecture/mcra

Explanation:

Securing identity with Zero Trust
User, device, location, and behavior is analyzed in real time to determine risk and deliver ongoing protection.
As users appear on new devices and from new locations, being able to respond to an MFA challenge is one of the most direct ways that your users can teach us that these are familiar devices/locations as they move around the world (without having administrators parse individual signals).

Incorrect:
Not B: Use passwordless authentication to reduce the risk of phishing and password attacks With Azure AD supporting FIDO 2.0 and passwordless phone sign-in, you can move the needle on the credentials that your users (especially sensitive/privileged users) are employing day-to-day. These credentials are strong authentication factors that can mitigate risk as well.
Cloud identity federates with on-premises identity systems

Reference:

https://learn.microsoft.com/en-us/security/zero-trust/deploy/identity#v-user-device-location-and-behavior-is- analyzed-in-real-time-to-determine-risk-and-deliver-ongoing-protection