微软SC-900(Azure安全基础)备考笔记
写在前面
因为sc-900是英文考试(或是有中文版本但我不知道),我复习和刷题也是看的英文材料,因此该笔记会以英文为基础,遇到比较少见的单词时我会标注翻译。
该笔记单纯旨在通过考试,对实践的帮助不大。sc-900,依我拙见,也不是一个能学到很多知识的考试。想要了解网络安全基础概念的朋友,可以了解一下ISC^2最近发布的CC(certified in cybersecurity)考试。之后我也会发布cc的学习笔记。
SC-900
- 60分钟
- 40-60道题
- 满分1000分,700分以上合格
笔记
评分相关
secure score: 网络安全系数
compliance score: 员工是否遵从规定,按程序行事
功能相关
Azure Active Directory(Azure AD):
- cloud-based identity and access management service
Azure AD identity protection
- automate the detection and remediation of identity-based risk
- investigate risks using data in the portal
MS defender:
- MS Defender for Identity:
- cloud-based solution that leverage(借助) on-premises Active Directory Domain Service(AD DS) to identify, detect, ... risks
- MS Defender for Endpoint:
- 一般跟装备(device)有关的就选这个
- secure score就存在这
- automatic investigation and regulation
- attack surface reduction
- MS Defender for Office 365:
- protect from malicious threats posted by email messages, links, ...
- real-time report
- MS Defender for Cloud:
- manage security for a multi-cloud environment(微软,谷歌,亚马逊结合到一起管理)
- assess security posture, identify threats, harden resource
- MS Defender for Cloud App:
- Cloud Access Security Broker(CASB) that supports various deployment modes
- CASB四大要素: visibility, compliance, data security, threat protection
- 达到GDPR和PCI的要求
- Cloud Access Security Broker(CASB) that supports various deployment modes
Azure Firewall:
- network-level and application-level
- protect machine and network
Azure Web Application Firewall(WAF):
- application-level filtering
- SSL termination
- centralized protection from common exploits&vulnerabilities
Azure Baston:
- secure RDP&SSH connectivity to the virtual machine
Network Security Group(NSG):
- filter network traffic to and from Azure Resource
Azure Sentinel(哨兵):
- security information and event management(SIEM)
- SIEM: collect info from diverse source, and analyzes it for signs of a security incident
- security orchestration automated response(SOAR)
- workbook: interactive dashboards that allow users to explore and analyze
- playbook: automated response
MS purview compliance portal:
- manage compliance requirement
- 3 controls:
- MS-managed control
- customer-managed control
- shared control
- insider risk management: sensitive data leak, confidentiality violation
- 一般没见过的题就选它
privileged identity management(PIM):
- time-based and approval-based role activation
- e.g. just-in-time access
- premium P2 subscription
virtual network:
- network segmentation
customer lockbox:
- used by MS engineers when they need to access some user's data
eDiscovery:
- digital investigation that attempts to find evidence in email, ... for a criminal proceeding
规定相关
MS service Trust Portal:
- detail how MS complies with the regulatory standard and implements controls to protect the organization
- 一般来说,如果题目中提到document,就选trust portal
Azure Policy:
- enforce(实行) standard, and assess compliance
Zero Trust:
- assume breach
- verify explicitly
- least privilege
Privacy Principle:
- Control
- Security
- Legal
- Transparency
- No content-based targeting
- Benefit
Microsoft Cloud Adoption Framework for Azure:
- collection of documentation providing guidance
密码学相关
Symmetric encryption
- use the same key to encrypt and decrypt files
Asymmetric encryption
- private key to sign a document(digital signature)
- public key to verify authentication
Azure MFA(multi-factor authentication)
- text message
- authentication app
- phone call
Self-service password reset(SSPR):
- 忘记密码自己解决
- 启动条件:
- Assign an Azure AD license
- Enable SSPR for user
- Register an authentication method
Federation:
- enable access to service across the organization
Single-Sign on:
- 登录一次,其他相关程序免登录
Password Hash Synchronization:
- enables password sync with active directory
有用链接
刷题:
https://www.examtopics.com/exams/microsoft/sc-900/view/
免费考试:
https://msftstudentcert.cloudreadyskills.com/course/sc900
写在后面
以上为本人复习时整理,如有遗漏知识点(肯定有很多),欢迎大家评论补充。提前祝大家考试通过