Bash, the Crucial Exams Chat Bot
AI Bot
Security, Compliance & Data Governance (AB-900) Flashcards
Microsoft 365 Certified: Copilot and Agent Administration Fundamentals AB-900 Flashcards
Study our Security, Compliance & Data Governance (AB-900) flashcards for the Microsoft 365 Certified: Copilot and Agent Administration Fundamentals AB-900 exam with 40+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Access reviews | Regularly review and certify user access rights |
| Access telemetry retention periods | Define how long access logs and agent interactions are kept |
| Agent data handling in Copilot | Understand what telemetry training and retention are used |
| Audit logging and monitoring | Collect access and activity logs for investigation and compliance |
| Breach notification requirements | Notify authorities and impacted users within legal timeframes |
| Change control and configuration management | Track approve and test changes to production systems |
| Compliance certifications | Know relevant certifications like ISO27001 SOC2 and GDPR readiness |
| Compliance Manager and Score | Use tools to assess risks track improvements and generate evidence |
| Conditional access policies | Enforce access rules based on signals like location device risk |
| Consent management | Obtain and record user consent when required by law |
| Customer managed keys | Allow customers to control encryption keys for added control |
| Data localization vs data residency | Localization requires local processing residency may only require storage |
| Data Loss Prevention DLP | Prevent sensitive data exfiltration via policy actions |
| Data minimization | Collect and retain only the data necessary for purpose |
| Data processing agreements | DPA define roles obligations and processing details with processors |
| Data residency requirements | Store data in specific geographic regions as required |
| Data subject requests | Support access correction deletion and portability requests |
| Encryption at rest | Ensure stored data is encrypted using managed keys |
| Encryption in transit | Protect data during transmission with TLS or equivalent |
| Incident response planning | Prepare detection containment notification and remediation steps |
| Information classification | Label data by sensitivity to drive protection policies |
| Just in time access | JIT grant temporary elevated privileges |
| Key management and rotation | Rotate keys periodically and audit key usage |
| Legal hold | Preserve data to meet litigation and investigation requirements |
| Model governance for Copilot | Document model versions data provenance and deployment controls |
| Multi factor authentication MFA | Require an additional verification factor for high risk access |
| Principle of least privilege | Assign only minimal permissions needed |
| Privacy by design | Incorporate privacy principles early in system design |
| Privileged Identity Management PIM | Enable just in time elevation and approval workflows |
| Provenance of training data | Track origin consent and restrictions for data used in model training |
| Pseudonymization and anonymization | Remove or mask identifiers to reduce privacy risk |
| Retention labels | Mark content lifecycle stages for automated retention actions |
| Retention policies | Define how long data is retained and when it is disposed |
| Role based access control (RBAC) | Group users by role and assign role permissions |
| Secure default settings | Enable secure defaults to reduce misconfiguration risk |
| Secure development lifecycle | Integrate security testing and reviews into the development process |
| Sensitivity labels | Apply labels to files messages and contexts to enforce protection |
| Session controls for Copilot | Limit session features and enforce timeouts for agent sessions |
| Telemetry and diagnostic logging | Control what telemetry is collected and for how long |
| Third party processors | Assess security and compliance of external vendors |
About the Flashcards
Flashcards for the Microsoft 365 Certified: Copilot and Agent Administration Fundamentals exam give concise, review-ready prompts to master identity and access controls, data protection, and governance terminology. Use these cards to reinforce concepts such as principle of least privilege, RBAC, conditional access, MFA, PIM, access reviews, and session or just-in-time access.
Deck cards also cover data handling and privacy fundamentals-classification, sensitivity labels, DLP, encryption and key management-plus lifecycle and compliance topics like retention, legal hold, data residency, consent, DSARs, and third-party processing. Audit logging, telemetry retention, incident response, compliance certifications, and Copilot model governance complete the set for targeted exam preparation.
Topics covered in this flashcard deck:
- Identity and access management
- Data protection and encryption
- Data lifecycle and retention
- Privacy and compliance
- Security operations and incident response
- Copilot model governance