微软SC-900(Azure安全基础)备考笔记

sc-900

写在前面

因为sc-900是英文考试(或是有中文版本但我不知道),我复习和刷题也是看的英文材料,因此该笔记会以英文为基础,遇到比较少见的单词时我会标注翻译。

该笔记单纯旨在通过考试,对实践的帮助不大。sc-900,依我拙见,也不是一个能学到很多知识的考试。想要了解网络安全基础概念的朋友,可以了解一下ISC^2最近发布的CC(certified in cybersecurity)考试。之后我也会发布cc的学习笔记。

SC-900

  • 60分钟
  • 40-60道题
  • 满分1000分,700分以上合格

笔记

评分相关

secure score: 网络安全系数

compliance score: 员工是否遵从规定,按程序行事

功能相关

Azure Active Directory(Azure AD):

  • cloud-based identity and access management service

Azure AD identity protection

  • automate the detection and remediation of identity-based risk
  • investigate risks using data in the portal

MS defender:

  • MS Defender for Identity:
    • cloud-based solution that leverage(借助) on-premises Active Directory Domain Service(AD DS) to identify, detect, ... risks
  • MS Defender for Endpoint:
    • 一般跟装备(device)有关的就选这个
    • secure score就存在这
    • automatic investigation and regulation
    • attack surface reduction
  • MS Defender for Office 365:
    • protect from malicious threats posted by email messages, links, ...
    • real-time report
  • MS Defender for Cloud:
    • manage security for a multi-cloud environment(微软,谷歌,亚马逊结合到一起管理)
    • assess security posture, identify threats, harden resource
  • MS Defender for Cloud App:
    • Cloud Access Security Broker(CASB) that supports various deployment modes
      • CASB四大要素: visibility, compliance, data security, threat protection
    • 达到GDPR和PCI的要求

Azure Firewall:

  • network-level and application-level
  • protect machine and network

Azure Web Application Firewall(WAF):

  • application-level filtering
  • SSL termination
  • centralized protection from common exploits&vulnerabilities

Azure Baston:

  • secure RDP&SSH connectivity to the virtual machine

Network Security Group(NSG):

  • filter network traffic to and from Azure Resource

Azure Sentinel(哨兵):

  • security information and event management(SIEM)
    • SIEM: collect info from diverse source, and analyzes it for signs of a security incident
  • security orchestration automated response(SOAR)
  • workbook: interactive dashboards that allow users to explore and analyze
  • playbook: automated response

MS purview compliance portal:

  • manage compliance requirement
  • 3 controls:
    • MS-managed control
    • customer-managed control
    • shared control
  • insider risk management: sensitive data leak, confidentiality violation
  • 一般没见过的题就选它

privileged identity management(PIM):

  • time-based and approval-based role activation
  • e.g. just-in-time access
  • premium P2 subscription

virtual network:

  • network segmentation

customer lockbox:

  • used by MS engineers when they need to access some user's data

eDiscovery:

  • digital investigation that attempts to find evidence in email, ... for a criminal proceeding

规定相关

MS service Trust Portal:

  • detail how MS complies with the regulatory standard and implements controls to protect the organization
  • 一般来说,如果题目中提到document,就选trust portal

Azure Policy:

  • enforce(实行) standard, and assess compliance

Zero Trust:

  • assume breach
  • verify explicitly
  • least privilege

Privacy Principle:

  • Control
  • Security
  • Legal
  • Transparency
  • No content-based targeting
  • Benefit

Microsoft Cloud Adoption Framework for Azure:

  • collection of documentation providing guidance

密码学相关

Symmetric encryption

  • use the same key to encrypt and decrypt files

Asymmetric encryption

  • private key to sign a document(digital signature)
  • public key to verify authentication

Azure MFA(multi-factor authentication)

  • text message
  • authentication app
  • phone call

Self-service password reset(SSPR):

  • 忘记密码自己解决
  • 启动条件:
    • Assign an Azure AD license
    • Enable SSPR for user
    • Register an authentication method

Federation:

  • enable access to service across the organization

Single-Sign on:

  • 登录一次,其他相关程序免登录

Password Hash Synchronization:

  • enables password sync with active directory

有用链接

刷题:
https://www.examtopics.com/exams/microsoft/sc-900/view/

https://learn.microsoft.com/zh-cn/certifications/exams/sc-900/practice/assessment?assessment-type=practice&assessmentId=11

免费考试:
https://msftstudentcert.cloudreadyskills.com/course/sc900

写在后面

以上为本人复习时整理,如有遗漏知识点(肯定有很多),欢迎大家评论补充。提前祝大家考试通过

posted @ 2023-04-13 11:12  杏仁。君  阅读(376)  评论(0编辑  收藏  举报