Compliance and Regulatory Standards Flashcards
Microsoft Security, Compliance, and Identity Fundamentals SC-900 Flashcards
| Front | Back |
| Benefits of Microsoft Purview | Helps organizations classify, protect, and govern sensitive data. |
| Difference between Encryption and Tokenization | Encryption obfuscates data using keys, while tokenization replaces it with non-sensitive equivalents. |
| Elements of a risk management framework | Identification, assessment, mitigation, and monitoring. |
| How does Microsoft Azure enable compliance | Offers built-in compliance certifications and tools for data security and governance. |
| How is sensitive data classified | Using tools like Microsoft Purview to automatically detect and label sensitive information. |
| Importance of cybersecurity in compliance | Protects sensitive data and supports regulatory requirements for secure systems. |
| Importance of regulatory compliance | Ensures organizations meet legal and ethical standards, avoiding fines and reputational damage. |
| Key focus areas of SOC 2 | Privacy, security, availability, processing integrity, and confidentiality. |
| Key principles of GDPR | Lawfulness, fairness, transparency, data minimization, accuracy, storage limitation, integrity and confidentiality. |
| Microsoft solution for GDPR compliance | Microsoft Compliance Manager with built-in tools for assessments and audits. |
| Name a tool for monitoring compliance | Microsoft Compliance Manager for tracking and improving compliance posture. |
| Purpose of audit logs in compliance | Tracks user activity and system changes to support investigations and monitoring. |
| Purpose of HIPAA | To safeguard medical information and set standards for handling health data. |
| Purpose of PCI DSS | Ensures secure handling of payment card information. |
| Role of ISO 27001 in compliance | Provides an international standard for Information Security Management Systems (ISMS). |
| Role of Microsoft Defender in compliance | Provides advanced threat protection and security for user data. |
| What does HIPAA stand for | Health Insurance Portability and Accountability Act. |
| What does SOC stand for in SOC 2 | System and Organization Controls for safeguarding data. |
| What is a compliance framework | A structured set of guidelines and best practices for managing and mitigating risks. |
| What is a Data Loss Prevention (DLP) policy | A system to identify and protect sensitive data from unauthorized access or sharing. |
| What is CCPA | California Consumer Privacy Act focused on data privacy for California residents. |
| What is GDPR | General Data Protection Regulation focused on protecting personal data of EU citizens. |
| What is meant by regulatory standards | Legal requirements that organizations need to meet within specific industries or regions. |
| What is the right to be forgotten in GDPR | Allows individuals to request deletion of their personal data. |
| Who enforces GDPR compliance | Enforced by Data Protection Authorities (DPAs) in each EU member state. |
About the Flashcards
Flashcards for the Microsoft Security, Compliance, and Identity Fundamentals exam review essential data privacy regulations such as GDPR, HIPAA, CCPA and PCI DSS, outlining their purposes, key principles and enforcement mechanisms. Learners can quickly recall terms like data minimization, right to be forgotten and system-and-organization controls while exploring how compliance frameworks guide lawful, fair and transparent information handling.
The deck also reinforces concepts in risk management, audit logging, data loss prevention, encryption versus tokenization and governance solutions that classify and protect sensitive information across modern cloud environments. By testing yourself on these concise cards, you strengthen understanding of regulatory standards, security controls and best practices likely to appear on exam day.
Topics covered in this flashcard deck:
- GDPR, HIPAA, CCPA
- PCI DSS security
- Compliance frameworks
- Risk management
- Data loss prevention
- Audit logs & governance