Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ-900 > General Security and Network Security - 10-15% > Flashcards

General Security and Network Security - 10-15% Flashcards

1
Q

Objective area 4

A 
Includes the following concepts:
▪ Azure Security features
• Security Center and resource hygiene
• Key Vault, Sentinel, and Dedicated Hosts
▪ Azure network security
• Defense in depth
• Network Security Groups and Firewalls
• DDoS protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security tools and features - Objective Domain

A

Describe the features and the functionality of:
• Azure Security Center, including policy compliance, security alerts, secure score, and resource hygiene
• Azure Sentinel
• Key Vault
• Azure Dedicated Hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an Azure Security Center?

A 
Azure Security Center is a monitoring service that provides threat protection across both Azure and on-premises datacenters.
• Provides security recommendations
• Detect and block malware
• Analyze and identify potential attacks
• Just-in-time access control for ports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Walkthrough of the Azure Security Center?

A

Open Azure Security Center and view some of the common features and configuration options.

  1. Launch Azure Security Center.
  2. View Policy compliance options.
  3. Review your Secure Score.
  4. Set a Security Alert.
  5. Explore Resource Hygiene.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the Azure Security center capabilities?

A

-Policy compliance
Security Center is built on top of Azure Policy controls so you can set and monitor your policies to run on management groups, across subscriptions, and even for a whole tenant.

-Security alerts
Security Center automatically collects, analyzes, and integrates log data from your Azure resources like firewall and endpoint protection to detect real threats. Then list of prioritized security alerts is shown in Security Center along with the information you need to quickly investigate and remediate an attack.

-Secure score
Security Center continually assesses your resources for security issues; then aggregates all the findings into a single score so that you can tell your current security situation.

-Resource Security Hygiene
Security visibility and recommendations by resource.

-Policy Compliance
Run policies across management groups, subscriptions, or tenants

-Continuous Assessments-
Assess new and deployed resources to ensure that they are configured properly

-Tailored Recommendations
Recommendations based on existing workload with instructions on how to implement them.

-Threat Protection- Analyze attempted threats through alerts and impacted resource reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Azure Sentinel?

A

Azure Sentinel is a security information management (SIEM) and security automated response (SOAR) solution that provides security analytics and threat intelligence across an enterprise.

Connector and Integrations:
• Office 365
• Azure Active Director
• Azure Advanced Threat Protection
• Microsoft Cloud App Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Azure Key Vault?

A

Azure Key Vault stores application secrets in a centralized cloud location in order to securely control access permissions and access logging.

  • Secrets management.
  • Key management.
  • Certificate management.
  • Storing secrets backed by hardware security modules (HSMs).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the walkthrough to implement Azure Key Vault?

A

Create an Azure Key vault and then create a password secret within the key vault.

  1. Create an Azure key vault.
  2. Add a secret to the Azure key vault.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an Azure Dedicated Host?

A

Azure Dedicated Host provides physical servers that host one or more Azure virtual machines that is dedicated to a single organization’s workload.

Benefits
• Hardware isolation at the server level
• Control over maintenance event timing • Aligned with Azure Hybrid Use Benefits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Secure Network Connectivity - Objective Domain

A 
Describe the concept and functionality of:
• Defense in depth
• Network Security Groups (NSG)
• Azure Firewall
• Azure DDoS protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is defense in depth?

A

Defense in depth
• A layered approach to securing computer systems.
• Provides multiple levels of protection.
• Attacks against one layer are isolated from subsequent layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is shared security?

A

Shared Security
• Migrating from customer- controlled to cloud-based datacenters shifts the responsibility for security.
• Security becomes a shared concern between cloud providers and customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are NSGs?

A

Network Security Groups (NSGs)
Network Security Groups (NSGs) filter network traffic to and from Azure resources on
Azure Virtual Networks.
• SetinboundandoutboundrulestofilterbysourceanddestinationIPaddress,port, and protocol.
• Addmultiplerules,asneeded,withinsubscriptionlimits.
• Azureappliesdefault,baselinesecurityrulestonewNSGs. • Overridedefaultruleswithnew,higherpriorityrules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Azure Firewall?

A

Azure Firewall
A stateful, managed Firewall as a Service (FaaS) that grants/denies server access based on originating IP address, in order to protect network resources.
• Applies inbound and outbound traffic filtering rules
• Built-in high availability
• Unrestricted cloud scalability
• Uses Azure Monitor logging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Azure Distributed Denial of Service (DDoS) protection?

A

Azure Distributed Denial of Service (DDoS) protection
DDoS attacks overwhelm and exhaust network resources, making apps slow or unresponsive.
• Sanitizes unwanted network traffic before it impacts service availability.
• Basic service tier is automatically enabled in Azure.
• Standard service tier adds mitigation capabilities that are tuned to protect Azure Virtual Network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Summary of Defense in Depth ?

A

Defence in Depth Reviewed
Combining network security solutions
• NSGs with Azure Firewall to achieve defense in depth.
• Perimeter layer protects your network boundaries with Azure DDoS Protection and Azure Firewall.
• Networking layer only permits traffic to pass between networked resources with Network Security Group (NSG) inbound and outbound rules.

17
Q

Walkthrough - Secure network traffic?*

A

Walkthrough - Secure network traffic

Create and configure inbound & outbound security port rules.

18
Q 
Knowledge Check-
Which of the following is not a method for protecting internet facing services from network attacks?
a) Azure DDoS
b) Azure Application Gateway WAF
c) Azure Disk Encryption
d) Azure Firewall
A

Azure Disk Encryption
• Azure Disk Encryption protects your virtual machine VHDs from exposure but does not provide protection from network-based attacks.
• Azure DDoS can be used to protect your internet facing services from a DoS attack.
• Application Gateway WAF can be used to protect your internet facing services from attacks such as XSS and SQL injection.
• Azure Firewall is a cloud-native firewall that can provide customized network protection traffic that requires inspection from your virtual network

AZ-900 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions