Describe general security and network security features

Question 1

What’s Azure Security Center?

Answer 1

Is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises.

Question 2

What is a security posture?

Answer 2

Refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Question 3

What can the Security Center do?

Answer 3

Monitor Security settings across on-premises and cloud workloads
Automatically apply required security settings to new resources as they come online.
Provide security recommendations that are based on your current configurations, resources, and networks.
Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited.
Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run.
Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred.
Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to.

Question 4

What is Resource security hygiene?

Answer 4

Section of Azure Security Center that helps prioritize remediation actions. Recommendations are categorized as low, medium, and high.

Question 5

What is the Secure Score?

Answer 5

Security score is based on security controls, or groups of related security recommendations. Your score is based on the percentage of security controls that you satisfy. Secures score helps you
-report on the current state of your organization’s security posture
Improve your security posture by providing discoverability, visibility, guidance and control.
Compare with benchmarks and establish key performance indicators (KPIs)

Question 6

What are some cloud defense capabilities for VMs, network security, and file integrity?

Answer 6

Just-in-time VM Access
Adaptive application controls
Adaptive network hardening
File integrity monitoring

Question 7

What is just-in-time VM access?

Answer 7

This access blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it.

Question 8

What is adaptive application controls?

Answer 8

In the background, Security Center uses machine learning to look at the processes running on a VM. It creates exception rules for each resource group that holds the VM and provides recommendations. This process provides alerts that inform the company about unauthorized applications that are running on its VMs.

Question 9

What is Adaptive Network Hardening?

Answer 9

Security Center can monitor the internet traffic patterns of the VMs, and compare those patterns with the company’s current network security group NSG settings. From there, Security Center can make recommendations about whether the NSGs should be locked down further and provide remediation steps.

Question 10

What is File Integrity Monitoring?

Answer 10

Can configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.

Question 11

What is workflow automation?

Answer 11

Workflow automation uses Azure Logic Apps and Security Center connectors. The logic app can be triggered by a threat detection alert or by a Security Center recommendation, filtered by name or by severity.

Question 12

What is Azure Sentinel?

Answer 12

Is a Microsoft cloud based SIEM ( Security information and event management ) system. It uses intelligent security analytics and threat analysis.

Question 13

What does Azure Sentinel enable you to do?

Answer 13

Collect cloud data at scale - Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.
Detect previously undetected threats - minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence
Investigate threats with artificial intelligence - Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
Respond to incidents rapidly - Use built-in orchestration and automation of common tasks.

Question 14

What Azure Sentinel connections are possible?

Answer 14

Connect Microsoft solutions - Connectors provide real-time integration for services like Microsoft Threat Protection solutions, Microsoft 365 sources, Azure Active Directory, and Windows Defender Firewall.
Connect other service and solutions - Connectors are available for common non-Microsoft services and solutions, including AWS CloudTrail, Citrix Analytics
Connect industry-standard data sources - Azure Sentinel supports data from other sources that use the Common Event Format CEF, messaging standard, Syslog, or REST API.

Question 15

What are the Azure Sentinel Built in analytics?

Answer 15

Use templates designed by Microsoft’s team of security experts and analysts based on known threats, common attack vectors, and escalation chains for suspicious activity. These templates can be customized and search across the environment for any activity that looks suspicious. Some templates use machine learning behavioral analytics that are based on Microsoft proprietary algorithms.

Question 16

What are the Azure Sentinel custom analytics?

Answer 16

These are rules you create to search for specific criteria within your environment.

Question 17

What is Azure Monitor Workbooks?

Answer 17

Automates responses to threats. It can set an alert that looks for malicious IP addresses that access the network and create a workbook that does the following steps

• When the alert is triggered, open a ticket in the IT ticketing system
• Send a message to the security operations channel in Microsoft Teams or Slack to make sure the security analysts are aware of the incident.
• Send all of the information in the alert to the senior network admin and to the security admin.

Two options. Block or Ignore.

Question 18

What is Azure Key Vault?

Answer 18

Is a centralized cloud service for storing an applications secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.

Question 19

What can Azure Key Vault do?

Answer 19

Manage secrets
Manage encryption keys
Manage SSL/TLS certificates
Store secrets backed by hardware security modules

Question 20

What are the benefits of Azure Key Vault?

Answer 20

Centralized application secrets
Securely stored secrets and keys
Access monitoring and access control
Simplified administration of application secrets
Integration with other Azure services

Question 21

What is Azure Dedicated Host?

Answer 21

Provides a dedicated physical servers to host Azure VMs for Windows and Linux.

Question 22

What are the benefits of Azure dedicated host?

Answer 22

Gives you visibility into, and control over, the server infrastructure that’s running your Azure VMs.
Helps address compliance requirements by deploying your workloads on an isolated server.
Lets you choose the number of processors, server capabilities, VM series and VM sizes within the same host.

Question 23

What is Defense in depth?

Answer 23

To protect information and prevent it from being stolen by those who aren’t authorized to access it.

Question 24

What are the layers of defense in depth?

Answer 24

Physical Security Layer
Identify and access 
Perimeter
Network
Compute
Application
Data

Question 25

What are the common principles of CIA?

Answer 25

Confidentiality - Principle of least privilege
Integrity - prevent unauthorized changes to information at rest and in transit.
Availability - ensure services are functioning and can be accessed only by authorized users.

Question 26

What’s Azure Firewall?

Answer 26

Is a managed cloud-based network security service that helps protect resource s in your Azure Virtual networks.

Question 27

What are the features of Azure Firewall?

Answer 27

Built-in high availability
Unrestricted cloud scalability
Inbound and outbound filtering rules
Inbound Destination Network Address Translation
Azure Monitor Logging

Typically deploy Azure Firewall on a central virtual network to control general network access.

Question 28

What can you configure with Azure Firewall?

Answer 28

Application rules that define fully qualified domain names
Network rules that define source address, protocol, destination port, and destination address
Network Address Translation rules that define destination IP addresses and ports to translate inbound requests

Question 29

What is the Web Application Firewall?

Answer 29

Azure Application Gateway also provides centralized, inbound protection for your web applications against common exploits and vulnerabilities.

Question 30

What are DDoS attacks?

Answer 30

Distributed denial of service attacks attempts to overwhelm and exhaust an application’s resources.

Question 31

What is Azure DDoS protection?

Answer 31

Helps protect your Azure resources from DDoS attacks.

Question 32

What service tiers are available to DDoS protection?

Answer 32

Basic - The basic service tier is automatically enabled for free as part of your Azure subscription. Always- on traffic monitoring and real time mitigation of common network-level attacks provide the same defenses that Microsoft’s online services us.
The Azure global network is used to distribute and mitigate attack traffic across Azure Regions.

Standard- The standard service tier provides additional mitigation capabilities that are tuned specifically to Azure Virtual Network Resources. DDoS protection standard is relatively easy to enable and requires no change to your applications. The standard tier provides always-on traffic monitoring and real-time mitigation of common network-level attacks. It provides the same defense that Microsoft’s online services use. Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses, which are associated with resources deployed in virtual networks such as Azure Load Balancer and Application Gateway.

Question 33

What kings of attacks can DDoS protection help prevent?

Answer 33

Volumetric attacks
Protocol attacks
Resource-layer (application-layer) attacks (only with web application firewall)

Question 34

What are network security groups?

Answer 34

A network security group enables you to filter network traffic to and from Azure resources within an Azure Virtual Network. You can think of NSGs like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.

Question 35

How to secure the perimeter layer?

Answer 35

Use Azure DDoS protection to filter large-scale attacks before they can cause a denial of service for users.
Use perimeter firewalls with Azure Firewall to identify and alert on malicious attacks against your network

Question 36

How to secure the network layer?

Answer 36

Limit communication between resources by segmenting your network and configuring access controls
Deny by default
Restrict inbound internet access and limit outbound where appropriate
Implement secure connectivity to on-premise networks

Question 37

How can you combine Azure networking and security services to manage your network security and provide increased layered protection?

Answer 37

Network security groups and Azure Firewall - Azure Firewall complements the functionality of network security groups. Network security groups provide distributed network-layer traffic filtering to limit traffic to resources within virtual networks in each subscription. Azure Firewall is a fully stateful, centralized network firewall as a service. it provides network-level and application-level protection across different subscriptions and virtual networks.

Azure Application Gateway web application firewall and Azure Firewall. Web application firewall is a feature of Azure Application Gateway that provides your web applications with a centralized, inbound protection against common exploits and vulnerabilities. Azure Firewall provides inbound protection for non-HTTP/S protocols, outbound network-level protection for all ports and protocols and application-level protection for outbound HTTP/S