Bash, the Crucial Exams Chat Bot
AI Bot
Microsoft Security Solutions Flashcards
Microsoft Security, Compliance, and Identity Fundamentals SC-900 Flashcards
| Front | Back |
| Azure Security Center primary function | To centralize security management and threat protection for Azure resources. |
| Azure Security Center two-tier subscription options | Free tier and Standard tier. |
| Azure Security Center's Adaptive Application Controls | Helps define and enforce allowlists for application execution on virtual machines. |
| Azure Security Center's compliance assessment tool | Built-in regulatory compliance dashboard. |
| Azure Security Center's Just-In-Time VM Access feature | Controls Azure VM ports, reducing exposure to attacks. |
| Benefits of Microsoft Sentinel over traditional SIEM solutions | Scalability, cloud-native architecture, and simplified management. |
| Difference between Microsoft Defender and Sentinel | Defender focuses on endpoint and threat protection, while Sentinel is SIEM/SOAR for broader security monitoring. |
| How does Learning Mode in Adaptive Application Controls work? | It observes your app usage to recommend rules for allowed applications. |
| How does Microsoft Sentinel support data connectors? | By providing seamless integration with third-party security tools and Microsoft 365 services. |
| How does the Fusion feature in Microsoft Sentinel work? | By correlating alerts from different sources to detect complex, multi-stage attacks. |
| How Microsoft Defender integrates across devices | By using Endpoint Detection and Response (EDR) and device management tools. |
| Key feature of Microsoft Defender for Cloud Apps | Cloud App Discovery for identifying and assessing shadow IT. |
| Microsoft 365 Defender offering inside the suite | Unified protection for identities, endpoints, email, and applications. |
| Microsoft Cloud App Security purpose | To improve visibility and control over user activity in cloud apps and mitigate risks. |
| Microsoft Defender | Microsoft's comprehensive enterprise-level security suite. |
| Microsoft Defender Antivirus primary function | To provide built-in malware and threat protection for Windows environments. |
| Microsoft Defender ATP | Microsoft Defender Advanced Threat Protection integrates threat detection across endpoints. |
| Microsoft Defender for Endpoint network protection capability | Blocks traffic to malicious IP addresses and domains. |
| Microsoft Defender for Identity focus | Protection against identity-based threats like compromised credentials or lateral movement. |
| Microsoft Defender for IoT focus | Securing Internet of Things (IoT) and Operational Technology (OT) devices against cyber threats. |
| Microsoft Defender for Office 365 | A tool to protect users from phishing, malware, and other email threats. |
| Microsoft Secure Score purpose in Microsoft 365 | A score that measures and recommends improvements for overall security in the Microsoft 365 environment. |
| Microsoft Sentinel focus area | Cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR). |
| Purpose of Azure Key Vault in security | To securely store and manage sensitive information like encryption keys, secrets, and certificates. |
| Purpose of Azure Security Benchmark in Azure Security Center | To provide best practices and security controls aligned with frameworks like CIS. |
| Purpose of Azure Sentinel Hunting Queries | To proactively look for suspicious activities and patterns in your data using KQL queries. |
| Purpose of Built-in Roles in Microsoft Sentinel | To assign and manage user access permissions to security data and operations. |
| Purpose of Role-Based Access Control (RBAC) in Azure Security Center | To restrict access to security data and tools based on user roles. |
| Purpose of Security Playbooks in Microsoft Sentinel | To automate incident response and threat mitigation steps. |
| Role of Threat Intelligence in Microsoft Defender | It provides actionable insights to understand and mitigate threats. |
| Secure Score in Azure Security Center | A measurement tool to assess your organization's security posture. |
| Use of Azure Policy in Azure Security Center | To enforce security configuration across resources. |
| What Azure Monitor is used for in security | To collect and analyze telemetry data for proactive threat detection and system performance monitoring. |
| What is an Analytics Rule in Microsoft Sentinel? | A rule that defines conditions for raising alerts based on incoming data. |
| What is Azure DDoS Protection? | A service to mitigate Distributed Denial of Service attacks against Azure-hosted applications. |
| What is Conditional Access in Microsoft Defender? | A tool to enforce security policies based on user behavior, location, and device health. |
| What is the role of Automation Rules in Microsoft Sentinel? | To automate the routing and handling of incidents and alerts. |
| What is the Threat Explorer in Microsoft Defender for Office 365? | A tool to investigate and respond to email threats like phishing and malware. |
| What Log Analytics Workspace is used for in Microsoft Sentinel | To store and analyze security logs and data. |
| What Microsoft Sentinel uses to detect threats in real time | Advanced AI and machine learning algorithms. |
This deck explores Microsoft Defender suite, Azure Security Center, Microsoft Sentinel, and solutions to monitor and respond to security threats.