You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: "SC-100 preparatory content on topic: Introduction to the Microsoft Cybersecurity Reference Architecture and the Microsoft Cloud Security Benchmark."
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/design-solutions-microsoft-cybersecurity-cloud-security-benchmark/1-introduction-reference-architecture-benchmark.yml
title: Introduction to Microsoft Cybersecurity Reference Architecture and cloud security benchmark
3
+
title: Describe the Microsoft Cybersecurity Reference Architecture
4
4
metadata:
5
-
title: Introduction to Microsoft Cybersecurity Reference Architecture and cloud security benchmark
6
-
description: "SC-100 preparatory content on topic: Introduction to Microsoft Cybersecurity Reference Architecture and cloud security benchmark."
5
+
title: Describe the Microsoft Cybersecurity Reference Architecture
6
+
description: "SC-100 preparatory content on topic: Describe the Microsoft Cybersecurity Reference Architecture and the Microsoft Cloud Security Benchmark."
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/design-solutions-microsoft-cybersecurity-cloud-security-benchmark/2-design-solutions-best-practices-capabilities-controls.yml
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/design-solutions-microsoft-cybersecurity-cloud-security-benchmark/4-knowledge-check.yml
+38-35Lines changed: 38 additions & 35 deletions
Original file line number
Diff line number
Diff line change
@@ -27,56 +27,59 @@ durationInMinutes: 10
27
27
content: |
28
28
quiz:
29
29
questions:
30
-
- content: "Which of the following best defines the objective of a cloud reference architecture like Microsoft Cybersecurity Reference Architecture (MCRA) from Microsoft?"
30
+
- content: "What is the relationship between the Microsoft Security Adoption Framework (SAF) and the Microsoft Cybersecurity Reference Architecture (MCRA)?"
31
31
choices:
32
-
- content: "To handle all cloud migration projects with the same approach"
32
+
- content: "SAF and MCRA are independent frameworks that address different security concerns"
33
33
isCorrect: false
34
-
explanation: "MCRA does provide guidance on cloud migration, but it takes a wider view to provide an end-to-end, interdependent approach to cybersecurity across multiple scenarios, including migration."
35
-
- content: "To prescribe a set of tools and vendors for building secure clouds"
34
+
explanation: "SAF and MCRA are designed to work together, not independently. MCRA is a key component of SAF."
35
+
- content: "MCRA provides the strategic roadmap while SAF provides the technical architecture"
36
36
isCorrect: false
37
-
explanation: "Although MCRA provides specific tools and vendor selection guidance, its primary role is to provide an interoperable architecture that facilitates effective cybersecurity across different scenarios and technology stacks."
38
-
- content: "To define a secure cloud architecture that can be implemented anywhere with any technology stack"
37
+
explanation: "This reverses their relationship. SAF provides the strategic roadmap and operational guidance, while MCRA provides the technical blueprint."
38
+
- content: "SAF provides the strategic roadmap for security modernization while MCRA serves as the technical blueprint within SAF"
39
39
isCorrect: true
40
-
explanation: "MCRA is designed to provide security-focused reference architecture guidance that can apply almost anywhere no matter what underlying technologies, workloads, or data types are involved."
41
-
- content: "To focus only on technical security tips for cloud architects"
40
+
explanation: "SAF provides the 'why and how' of security modernization (the strategic roadmap), while MCRA provides the 'what' (the detailed architecture of security capabilities) as a component within SAF."
41
+
- content: "SAF replaces MCRA as the primary security guidance framework"
42
42
isCorrect: false
43
-
explanation: "MCRA includes technical guidance, but it has much more expansive goals for providing comprehensive security guidance at different levels of abstraction."
44
-
- content: "What is a key benefit of using best practices, such as those found in the MCRA reference architecture when addressing cloud security concerns?"
43
+
explanation: "SAF doesn't replace MCRA. Instead, MCRA serves as a key component within SAF, providing the technical architecture that aligns with SAF's strategic guidance."
44
+
- content: "Which MCSB v2 security domain specifically addresses risks like prompt injection and model theft?"
45
45
choices:
46
-
- content: "Patterns eliminate the need for detailed security assessment for each individual project"
46
+
- content: "Data Protection (DP)"
47
47
isCorrect: false
48
-
explanation: "The use of best practices does cut down the time required for security evaluation, but security assessments should still be carried out to ensure the right pattern is chosen and customized for each project's distinct requirements."
49
-
- content: "Patterns reduce costs by limiting the number of components, platforms, and architectures that must be secured"
48
+
explanation: "Data Protection covers data at rest, in transit, and access controls, but doesn't specifically address AI-specific risks like prompt injection."
49
+
- content: "DevOps Security (DS)"
50
+
isCorrect: false
51
+
explanation: "DevOps Security covers security engineering and operations in DevOps processes, but AI-specific risks have their own dedicated domain."
explanation: "Using best practices can reduce staffing needs, complexity, and risk exposure, bringing financial benefits that arise from economies of reuse and simplification rather than reducing the number of platforms, components, or architectures alone."
52
-
- content: "Patterns enable software to adapt to any type of threat in real-time"
54
+
explanation: "AI Security is a dedicated control domain in MCSB v2 that addresses security considerations specific to AI workloads, including risks like prompt injection, model theft, and adversarial attacks."
55
+
- content: "Posture and Vulnerability Management (PV)"
53
56
isCorrect: false
54
-
explanation: "Best practices can help provide for efficient responses to certain classes of arising threats, but they aren't dynamic enough to handle every possible attack vector."
55
-
- content: "What is the purpose of the Microsoft Cloud Security Benchmark?"
57
+
explanation: "Posture and Vulnerability Management focuses on assessing and improving cloud security posture, not AI-specific security risks."
58
+
- content: "What are the three distinct threat categories that a Security Architect must design solutions to protect against?"
56
59
choices:
57
-
- content: "To provide a set of recommended security configurations and best practices for Microsoft cloud services."
58
-
isCorrect: true
59
-
explanation: "The Microsoft Cloud Security Benchmark is designed to provide a set of recommended security configurations and best practices for Microsoft cloud services."
60
-
- content: "To provide a comprehensive list of all possible security threats to Microsoft cloud services."
60
+
- content: "Network attacks, application attacks, and data breaches"
61
61
isCorrect: false
62
-
explanation: "The Microsoft Cloud Security Benchmark isn't a comprehensive list of all possible security threats to Microsoft cloud services. Rather, it provides recommended security configurations and best practices."
63
-
- content: "To provide a list of all security breaches that occurred in Microsoft cloud services."
62
+
explanation: "While these are valid security concerns, the module organizes threat protection around insider threats, external attacks, and supply chain compromises."
63
+
- content: "Insider threats, external attacks, and supply chain compromises"
64
+
isCorrect: true
65
+
explanation: "These three threat categories require different controls but share common elements rooted in Zero Trust principles. Effective security architecture addresses all three with overlapping controls that create defense in depth."
66
+
- content: "Phishing attacks, ransomware attacks, and denial-of-service attacks"
64
67
isCorrect: false
65
-
explanation: "The Microsoft Cloud Security Benchmark doesn't provide a list of all security breaches that occurred in Microsoft cloud services."
66
-
- content: "To provide a tool for testing the vulnerability of Microsoft cloud services to attacks."
68
+
explanation: "These are specific attack types that fall under the broader category of external attacks, not the three main threat categories discussed in the module."
69
+
- content: "Identity attacks, endpoint attacks, and cloud attacks"
67
70
isCorrect: false
68
-
explanation: "The Microsoft Cloud Security Benchmark isn't a tool for testing cloud service vulnerabilities."
69
-
- content: "What is the difference between defensive and detective security controls, as discussed in the Microsoft cloud security benchmark"
71
+
explanation: "These relate to attack surfaces rather than the three threat categories (insider threats, external attacks, and supply chain compromises) discussed in the module."
72
+
- content: "According to MCSB v2 AI security controls, what is the purpose of implementing safety meta-prompts?"
70
73
choices:
71
-
- content: "Detective controls focus on changing user behavior while defensive controls monitor for incidents"
74
+
- content: "To improve the accuracy of AI model responses"
72
75
isCorrect: false
73
-
explanation: "This description reverses the meanings of the two types of controls. Defensive controls aim to reduce the likelihood and impact of security incidents while Detective controls aim to address Incidents when they happen (including looking for indicators of compromise like log data)."
74
-
- content: "Defensive controls proactively prevent security incidents while Detective controls detect and respond to these incidents after they occur"
76
+
explanation: "Safety meta-prompts aren't primarily about improving response accuracy. They're about guiding AI models toward secure and ethical behavior."
77
+
- content: "To guide AI models toward intended, secure, and ethical behavior and resist prompt injection attacks"
75
78
isCorrect: true
76
-
explanation: "This text gives the correct explanation of the differences between the two types of controls as outlined in the 2021 Cloud Security Benchmark."
77
-
- content: "Detective controls rely on passive monitoring of system logs while defensive controls require active scanning"
79
+
explanation: "Safety meta-prompts use system instructions to guide AI models toward intended, secure, and ethical behavior. They're designed to prioritize system instructions over user inputs to resist prompt injection attacks."
80
+
- content: "To reduce the computational cost of running AI models"
78
81
isCorrect: false
79
-
explanation: "This distinction isn't accurate as both types of controls might necessitate either active surveillance, passive monitoring, or a mix of the two techniques."
80
-
- content: "Defensive controls rely entirely on preemptive configuration while Detective controls mostly operate via heuristic algorithms"
82
+
explanation: "Safety meta-prompts are security controls, not performance optimizations. They address security risks like prompt injection."
83
+
- content: "To enable AI models to learn from user interactions"
81
84
isCorrect: false
82
-
explanation: "This distinction is also not accurate as both types of control measures take advantage of heuristics and machine learning algorithms when feasible."
85
+
explanation: "Safety meta-prompts are about security guardrails, not about enabling learning from user interactions."
Imagine you're the lead cybersecurity architect at a global financial services company. Your organization is expanding its cloud footprint, deploying AI-powered customer service tools, and integrating with third-party vendors. Leadership asks you to design a security architecture that protects against sophisticated external attacks, prevents insider data leaks, and secures the new AI systems—all while meeting regulatory compliance requirements.
2
+
3
+
Where do you start? How do you ensure your security design is comprehensive and aligned with industry best practices?
4
+
5
+
This module covers best practices for cybersecurity capabilities and controls, which are essential to reduce the risk of attackers succeeding. You learn how to use Microsoft's security frameworks—the Security Adoption Framework (SAF), Microsoft Cybersecurity Reference Architecture (MCRA), and Microsoft Cloud Security Benchmark (MCSB)—to design comprehensive security solutions that address scenarios like the one described.
6
+
7
+
## Learning objectives
8
+
9
+
In this module, you learn how to:
10
+
11
+
- Use the Microsoft Cybersecurity Reference Architecture (MCRA) to design more secure solutions.
12
+
- Use Microsoft Cloud Security Benchmark (MCSB) to design more secure solutions.
13
+
- Design solutions with best practices for security capabilities and controls.
14
+
- Design solutions for protecting against insider threats, external attacks, and supply chain attacks.
15
+
- Design AI solutions that align to the Microsoft Cloud Security Benchmark.
16
+
- Design solutions to align to a Zero Trust rapid modernization plan.
17
+
18
+
The content in the module helps you prepare for the certification exam SC-100: Microsoft Cybersecurity Architect.
19
+
20
+
## Prerequisites
21
+
22
+
- Conceptual knowledge of security policies, requirements, Zero Trust architecture, and management of hybrid environments
23
+
- Working experience with Zero Trust strategies, applying security policies, and developing security requirements based on business goals
0 commit comments