Intro to Azure Security

Question 1

What is the responsibility of the cloud provider with Infrastructure as a Service (IaaS)

Answer 1

Storage, logical networking, Servers/Virtualization

Question 2

What is the responsibility of the customer with Infrastructure as a Service (IaaS)

Answer 2

Applications, runtimes, security, databases

Question 3

What is the responsibility of the cloud provider with Platform as a Service (PaaS)

Answer 3

Storage, logical networking, Servers/Virtualization, runtimes, security, databases

Question 4

What is the responsibility of the customer with Platform as a Service (PaaS)

Answer 4

Only the applications

Question 5

What is the responsibility of the cloud provider with Software as a Service (SaaS)

Answer 5

Everything - Storage, logical networking, Servers/Virtualization, applications, runtimes, security, databases

Question 6

Regardless of the cloud service model, what will customers always retain the responsibilities for?

Answer 6

• Data governance and rights management
• Endpoint protection
• Account and access management

Question 7

Regardless of the cloud service model, what will the cloud service provider always retain the responsibilities for?

Answer 7

• Physical data center
• Physical network
• Physical hosts

Question 8

What responsibilities vary based on the cloud service model?

Answer 8

• Identity and directory infrastructure
• Applications
• Logical Network
• Operating system

Question 9

What are the two ways azure networks can be managed?

Answer 9

managed by Microsoft and managed by us

Question 10

What networking model is used in Azure data centers?

Answer 10

3-tier topology:
* Core
* Distribution
* Access

Question 11

in terms of network topology, what elements does an Azure data center contain?

Answer 11

• Edge network
• Wide area network (WAN)
• Regional gateways network
• Data center network

Question 12

Describe the “Edge network” in an Azure data center

Answer 12

Represents a separation point between the Microsoft network and other networks (such as the internet or corporate networks); responsible for providing internet connectivity and ExpressRoute peering into Azure

Question 13

Describe the “Wide area network (WAN)” in an Azure data center

Answer 13

Microsoft’s backbone; provides connectivity between Azure regions

Question 14

Describe the “Regional gateways network” in an Azure data center

Answer 14

A point of aggregation for Azure regions and applies to all data centers within the region; provides connectivity between data centers within the Azure region and enables connectivity with other regions

Question 15

Describe the “Data center network” in an Azure data center

Answer 15

Enables connectivity between data centers and enables communication between servers within the data center; The network is separated into three stages – ingress, middle, and egress. Each stage contains multiple switches.

Question 16

How is traffic routed in the Azure data center network?

Answer 16

When a call is made, it enters the ingress switch and from there it can be routed to any available middle switch, and from the middle switch to any available egress switch.

Question 17

What steps are taken when a security issues arises?

Answer 17

1. The customer is notified of the incident.
2. An immediate investigation is started to provide detailed information regarding the security incident.
3. Steps are taken to mitigate the effects and minimize the damage of the security incident.