Protect against security threats on Azure Flashcards
Azure Security Center can:
Monitor security settings across on-premises and cloud workloads.
Automatically apply required security settings to new resources as they come online.
Provide security recommendations that are based on your current configurations, resources, and networks.
Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited.
Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources.
You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run.
Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred.
Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to.
What’s secure score?
Secure score is a measurement of an organization’s security posture.
Secure score helps you:
Report on the current state of your organization’s security posture.
Improve your security posture by providing discoverability, visibility, guidance, and control.
Compare with benchmarks and establish key performance indicators (KPIs).
Security Center includes advanced cloud defense capabilities:
Just-in-time VM access
Tailwind Traders will configure just-in-time access to VMs. This access blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it.
Adaptive application controls
Tailwind Traders can control which applications are allowed to run on its VMs. In the background, Security Center uses machine learning to look at the processes running on a VM. It creates exception rules for each resource group that holds the VMs and provides recommendations. This process provides alerts that inform the company about unauthorized applications that are running on its VMs.
Adaptive network hardening
Security Center can monitor the internet traffic patterns of the VMs, and compare those patterns with the company’s current network security group (NSG) settings. From there, Security Center can make recommendations about whether the NSGs should be locked down further and provide remediation steps.
File integrity monitoring
Tailwind Traders can also configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.
Workflow automation utilizes what:
Azure Logic Apps and Security Center connectors.
What is Azure Sentinel capabilities
Collect cloud data at scale
Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.
Detect previously undetected threats
Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.
Investigate threats with artificial intelligence
Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
Respond to incidents rapidly
Use built-in orchestration and automation of common tasks.
Azure Sentinel can connect with what data sources?
These connections are handled by built-in connectors or industry-standard log formats and APIs.
Connect Microsoft solutions
Connectors provide real-time integration for services like Microsoft Threat Protection solutions, Microsoft 365 sources (including Office 365), Azure Active Directory, and Windows Defender Firewall.
Connect other services and solutions
Connectors are available for common non-Microsoft services and solutions, including AWS CloudTrail, Citrix Analytics (Security), Sophos XG Firewall, VMware Carbon Black Cloud, and Okta SSO.
Connect industry-standard data sources
Azure Sentinel supports data from other sources that use the Common Event Format (CEF) messaging standard, Syslog, or REST API.
How does Azure Sentinel detect threats
Built in analytics use templates designed by Microsoft’s team of security experts and analysts based on known threats, common attack vectors, and escalation chains for suspicious activity. These templates can be customized and search across the environment for any activity that looks suspicious. Some templates use machine learning behavioral analytics that are based on Microsoft proprietary algorithms.
Custom analytics are rules that you create to search for specific criteria within your environment. You can preview the number of results that the query would generate (based on past log events) and set a schedule for the query to run. You can also set an alert threshold.
How to use the investigation graph?
To review information from entities directly connected to the alert, and see common exploration queries to help guide the investigation.
What’s an example of using Azure Monitor Playbooks to automate responses to threats?
It can set an alert that looks for malicious IP addresses that access the network and create a workbook that does the following steps:
- When the alert is triggered, open a ticket in the IT ticketing system.
- Send a message to the security operations channel in Microsoft Teams or Slack to make sure the security analysts are aware of the incident.
- Send all of the information in the alert to the senior network admin and to the security admin. The email message has two user option buttons: Block or Ignore.
What is Azure Key Vault?
A centralized cloud service for storing an application’s secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.
What can Azure Key Vault do?
Manage secrets
You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Manage encryption keys
You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data.
Manage SSL/TLS certificates
Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources.
Store secrets backed by hardware security modules (HSMs)
These secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.
What are the benefits of Azure Key Vault?
Centralized application secrets
Centralizing the storage for your application secrets enables you to control their distribution, and reduces the chances that secrets are accidentally leaked.
Securely stored secrets and keys
Azure uses industry-standard algorithms, key lengths, and HSMs. Access to Key Vault requires proper authentication and authorization.
Access monitoring and access control
By using Key Vault, you can monitor and control access to your application secrets.
Simplified administration of application secrets
Key Vault makes it easier to enroll and renew certificates from public certificate authorities (CAs). You can also scale up and replicate content within regions and use standard certificate management tools.
Integration with other Azure services
You can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services. These services can then securely reference the secrets stored in Key Vault.
Describe Azure Dedicated Host
It provides dedicated physical servers to host your Azure VMs for Windows and Linux.
Some organizations must follow regulatory compliance that requires them to be the only customer using the physical machine that hosts their virtual machines.
What are some pricing considerations for Azure Dedicated Host?
You’re charged per dedicated host, independent of how many VMs you deploy to it. The host price is based on the VM family, type (hardware size), and region.
Software licensing, storage, and network usage are billed separately from the host and VMs.
