Bash, the Crucial Exams Chat Bot
AI Bot
Security, Compliance & Data Governance (AB-900) Flashcards
Microsoft 365 Certified: Copilot and Agent Administration Fundamentals AB-900 Flashcards
Study our Security, Compliance & Data Governance (AB-900) flashcards for the Microsoft 365 Certified: Copilot and Agent Administration Fundamentals AB-900 exam with 40+ flashcards. Review key concepts as flashcards, a searchable table, or an interactive matching game to reinforce exam concepts.
| Front | Back |
| Access reviews | Regularly review and certify user access rights |
| Access telemetry retention periods | Define how long access logs and agent interactions are kept |
| Agent data handling in Copilot | Understand what telemetry training and retention are used |
| Audit logging and monitoring | Collect access and activity logs for investigation and compliance |
| Breach notification requirements | Notify authorities and impacted users within legal timeframes |
| Change control and configuration management | Track approve and test changes to production systems |
| Compliance certifications | Know relevant certifications like ISO27001 SOC2 and GDPR readiness |
| Compliance Manager and Score | Use tools to assess risks track improvements and generate evidence |
| Conditional access policies | Enforce access rules based on signals like location device risk |
| Consent management | Obtain and record user consent when required by law |
| Customer managed keys | Allow customers to control encryption keys for added control |
| Data localization vs data residency | Localization requires local processing residency may only require storage |
| Data Loss Prevention DLP | Prevent sensitive data exfiltration via policy actions |
| Data minimization | Collect and retain only the data necessary for purpose |
| Data processing agreements | DPA define roles obligations and processing details with processors |
| Data residency requirements | Store data in specific geographic regions as required |
| Data subject requests | Support access correction deletion and portability requests |
| Encryption at rest | Ensure stored data is encrypted using managed keys |
| Encryption in transit | Protect data during transmission with TLS or equivalent |
| Incident response planning | Prepare detection containment notification and remediation steps |
| Information classification | Label data by sensitivity to drive protection policies |
| Just in time access | JIT grant temporary elevated privileges |
| Key management and rotation | Rotate keys periodically and audit key usage |
| Legal hold | Preserve data to meet litigation and investigation requirements |
| Model governance for Copilot | Document model versions data provenance and deployment controls |
| Multi factor authentication MFA | Require an additional verification factor for high risk access |
| Principle of least privilege | Assign only minimal permissions needed |
| Privacy by design | Incorporate privacy principles early in system design |
| Privileged Identity Management PIM | Enable just in time elevation and approval workflows |
| Provenance of training data | Track origin consent and restrictions for data used in model training |
| Pseudonymization and anonymization | Remove or mask identifiers to reduce privacy risk |
| Retention labels | Mark content lifecycle stages for automated retention actions |
| Retention policies | Define how long data is retained and when it is disposed |
| Role based access control (RBAC) | Group users by role and assign role permissions |
| Secure default settings | Enable secure defaults to reduce misconfiguration risk |
| Secure development lifecycle | Integrate security testing and reviews into the development process |
| Sensitivity labels | Apply labels to files messages and contexts to enforce protection |
| Session controls for Copilot | Limit session features and enforce timeouts for agent sessions |
| Telemetry and diagnostic logging | Control what telemetry is collected and for how long |
| Third party processors | Assess security and compliance of external vendors |