MICROSOFT AZURE SECURITY, PRIVACY, COMPLIANCE AND TRUST

Question 1

• A layered approach to securing computer systems.
• Provides multiple levels of protection
• Attacks against one layer are isolated from subsequent layers

Answer 1

Defense in Depth

Question 2

What are the Defense in Depth?

Answer 2

Data
Application
Compute
Network
Perimeter
Identity & Access
Physical Security

Question 3

Security becomes a shared concern between cloud providers and customers

Answer 3

Shared security

Question 4

Stateful, managed, Firewall as a Service (FaaS) that grants / denies server access based on originating IP address, to protect network resources.

Answer 4

Azure Firewall

Question 5

What does DDoS Protection do?

Answer 5

• Sanitizes unwanted network traffic, before it
  impacts service availability.
• Basic service tier is automatically enabled in
  Azure.
  -Standard service tier adds mitigation capabilities,
  tuned to protect Azure Virtual Network resources.

Question 6

Set inbound and outbound rules to filter by source and
destination IP address, port, and protocol.

Answer 6

Network Security Groups (NSGs)

Question 7

What are the network security solutions ?

Answer 7

Perimeter layer
Networking layer

Question 8

protects your networks boundaries with Azure DDoS Protection and Azure Firewall.

Answer 8

Perimeter layer

Question 9

only permits traffic to pass between networked resources with Network Security Group (NSG) inbound
and outbound rules.

Answer 9

Networking layer

Question 10

What are the 2 concepts that are fundamental to understanding identify and access

Answer 10

• Authentication
  -Authorization

Question 11

Provides additional security for your identities by requiring two or more elements for full authentication.

Answer 11

Azure Multi-Factor Authentication

Question 12

Stores application secrets in a centralized cloud
location, to securely control access permissions, and
access logging.

Answer 12

Azure Key Vault

Question 13

Classifies and protects documents, and emails, by
applying labels.

Automatically using rules and conditions
defined by administrators.

Answer 13

Azure Information Protection (AIP)

Question 14

Cloud-based security solution for identifying, detecting, and investigating advanced threats, compromised identities, and malicious insider actions.

Answer 14

Azure Advanced Threat Protection

Question 15

is a service to create, assign, and, manage policies.

Answer 15

Azure Policy

Question 16

What are the Policy Initiatives work with Azure Policies

Answer 16

• Initiative definitions
• Initiative assignments

Question 17

group multiple policy definitions into a single unit, to track compliance at a higher scope. For example, one initiative can monitor all your Azure Security Center recommendations.

Answer 17

Initiative definitions

Question 18

are assigned to a specific scope and reduce the need to make an initiative definition for each scope.

Answer 18

Initiative assignments

Question 19

Enables allowing or disallowing access to the Azure portal, and controlling access to resources.

Answer 19

Role-based access control (RBAC)

Question 20

Protect your Azure resources from accidental deletion or modification

Answer 20

Resource locks

Question 21

Create reusable environment definitions that can recreate your Azure resources, like VMs, and apply your policies instantly.

Answer 21

Azure Blueprints

Question 22

Provides metadata for your Azure resources.

Answer 22

Tags

Question 23

Evaluate the impact of Azure service issues with personalized guidance and support, notifications, and issue resolution updates.

Answer 23

Azure Service Health