Azure resources

Question 1

What are NSGs?

Answer 1

A network security group (NSG) is an Azure resource that allows you to filter network traffic to and from Azure resources in an Azure VNet.

Question 2

How do NSGs work?

Answer 2

By using security rules that allow or deny inbound traffic to or from several types of Azure resources using destination/source IPs, protocols, direction, port range.

Rules with a lower priority number (100) have precedence over a rule with a higher number (200).

NSGs can be assigned to multiple subnets or network interfaces.

Question 3

Where are NSGs created?

Answer 3

In a VNet.

Question 4

What is Azure Firewall?

Answer 4

A cloud-based network security service that protects your Azure Virtual Network resources

Question 5

What’s the difference between Azure Firewall and NSGs?

Answer 5

NSGs are at the VNet level whilst Azure Firewall is central firewall for all your VNets and subscriptions across your tenant.

Question 6

What are the features of Azure Firewall?

Answer 6

Built-in high availability

Network and application-level filtering

Outbound SNAT & inbound DNAT

Multiple public IP addresses

Threat intelligence

Integration with Azure Monitor.

Question 7

What is Azure DDOS Protection?

Answer 7

An Azure service that analyses network traffic and discards anything that looks like a DDOS attack.

Question 8

What are the Azure DDOS Protection editions?

Answer 8

Basic - Microsoft’s free, built-in service. Protects all Azure services without requiring configuration

Standard - Provides enhanced DDOS mitigation features.

Question 9

What are the Azure DDOS Protection Standard features?

Answer 9

Adaptive Tuning - learns an app’s traffic and selects a profile that suits it. This adjusts over time.

Extensive Mitigation

Attack analytics

DDOS Rapid Response team

Cost guarantee

Question 10

What is WAF?

Answer 10

Azure Web Application Firewall (WAF) is a centralized protection of web apps from common exploits and vulnerabilities.

Question 11

How many apps can WAF protect at a time?

Answer 11

40 using a centralized manager.

Question 12

True or False: WAF has only has pre-built policies.

Answer 12

False, WAF allows Pre-built and custom rules and policies, with some built-on ones covering best practises.

Question 13

What are the benefits of WAF?

Answer 13

Protection against threats and intrusions

Simpler security management

Improves response time to a security threat

Built in monitoring

Question 14

What kinds of encryption are on Azure?

Answer 14

Azure Storage Service Encryption (SSE)

Azure Disk Encryption

Transparent Data Encryption

Question 15

What is SSE?

Answer 15

A service that can automatically encrypt data before it’s stored, and decrypt it when retrieved. (EX: Azure Blob, Azure Files, Queue Storage)

It’s a transparent process to users.

Question 16

What does Azure Disk Encryption do?

Answer 16

Protects Windows and Linux VM by encrypting their OS and data disks with BitLocker (Win) and DM-Crypt (Linux).

The encryption keys and secrets are stored in Azure key vault.

Question 17

What is Transparent Data Encryption used for?

Answer 17

Encrypting SQL server, Azure SQL server and Azure Synapse Analytics in real time/

It protects data and log files using AES and is enabled by default on newly created Azure SQL Databases.