Conditional Access is a tool that Microsoft Entra ID uses to allow (or deny) access to resources based on identity signals. Conditional Access might challenge you for a second authentication factor if your sign-in signals are unusual or from an unexpected location.

Zero Trust is a security model that assumes the worst case scenario and protects resources with that expectation.

Role-based access control, using an allow model, grants all of the permissions assigned in all of the assigned roles.

Authorisation (Correct Answer): This determines what actions a user can perform within the system. Even after successful authentication, only authorized users with the appropriate permissions should be able to access specific customer data or perform actions like editing or deleting records.

Authentication verifies a user's identity through credentials like username and password. It ensures only valid users can log in to the CRM system.

This is the core benefit of SSO. Users authenticate once with Entra, and then access all authorized applications without further login prompts.

RBAC groups users into roles with predefined permissions. Users inherit the access controls associated with their assigned roles. This simplifies administration and ensures access aligns with job duties.

This concept advocates for layered security controls. If one layer is breached, others can help mitigate the attack. Firewalls, intrusion detection, data encryption, and access controls are all examples of defense in depth strategies.

Microsoft Defender for Cloud is a security solution for cloud resources.

Which of the following functionalities is NOT a core capability of Microsoft Defender for Cloud?

Vulnerability scanning: Defender for Cloud identifies potential security weaknesses in your cloud resources, allowing for mitigation.

Patch management: The solution can automate security update deployment for your cloud resources.

Cost optimization recommendations (Incorrect): While not a core functionality, Defender for Cloud can offer recommendations for optimizing security costs based on your resource usage.

Sandboxing: Defender for Cloud provides sandboxing capabilities to test suspicious files in a safe environment before they reach production systems.