Should include the six pillars: identities, devices, applications, data, infrastructure, and networks. Refer to the content to see explicit examples for each. This topic will be revisited in subsequent learning paths/modules as you further explore identity, security, and compliance

The responses should show that, as the customer moves from on-premises to IaaS to PaaS to SaaS, more of the responsibility shifts to the cloud provider. Importantly, the answer should also reflect that, regardless of which hosting is used, the customer always owns information and data, devices, and accounts and identities.

Should include the layers from the training content: physical security, identity and access, perimeter, network, compute, application, and data. Refer to the training content for some examples of the types of security measures that can be applied to each.

Should include the terms confidentiality, integrity, and availability. Refer to the training content for a description of what is referred to by each of these three components

Should include a statement that defines an identity and the drivers that have led to this concept. This should include the acceleration in number of people working from home; SaaS applications that are hosted outside of the corporate network; the use of personal devices to access corporate resources; the use of unmanaged devices by partners and customers who may need to access your corporate resources; proliferation of IoT devices―and more.

Should include the following identity types: user, service principal, managed identity, and device. When describing the user identity type, the response should include the different external identities supported by Microsoft Entra (B2B and B2C). The response should reference the point that a service principal is like an identity for an application. For a managed identity, there should be reference to system-assigned and user-assigned and some of the differences. For a device identity type, there should be reference to the multiple options for getting devices into Microsoft Entra.

Should include a statement about security defaults in Microsoft Entra, and some of its features, including enforcing multifactor authentication registration for all users. Additionally, the answer should state that security defaults are available as part of the free tier of Microsoft Entra.