3 - Security, Privacy & Trust

Question 1

Azure Firewall​

Answer 1

a managed service inside Azure that protects your virtual networks from unauthorized traffic

Question 2

Azure DDoS Protection

Answer 2

Basic - Free and tuned for Azure region traffic

Standard - Tuned for application traffic. Adds logging, alerting and telemetry for you to see these attacks happening

Question 3

Network Security Group (NSG)​

Answer 3

Rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations and ports are allowed to travel through from outside the virtual network to inside the virtual network

Question 4

Application Security Group (ASG)

Answer 4

A way of grouping related resources together to simplify the way NSG rules are created. All front end VMs can be in one ASG, while the mid-tier is in another. And then you can refer to them in the NSG rule by their ASG name

Question 5

User Defined Routes (UDR)​

Answer 5

A way of forcing traffic travelling over a virtual network over a specific path. This is usually used in conjunction with Firewall devices, or ExpressRoute.

Question 6

Security Best Practices

Answer 6

1. All virtual networks should use an NSG
2. Security through layers is also a good idea because if one layer is breached, there are backups
3. Application Gateway with WAF is generally a good idea for production systems

Question 7

Azure Security Center​

Answer 7

A Unified security management and threat protection; a security dashboard inside Azure Portal

Question 8

Azure Information Protection (AIP)

Answer 8

Classify emails and documents; likea DRM for documents; secret, top secret, public, etc.; enforced by Outlook 365

Question 9

Azure Advanced Threat Protection (ATP)​

Answer 9

monitor Azure AD and detect when users are behaving differently than they normally do; requires additional login requirements like MFA or even locks them out when they do

Question 10

Azure Policy

Answer 10

• Implement standards in Azure for your organization

- Rules can be enforced by blocking the action or just reporting the action

Question 11

Azure Policy Types

Answer 11

● Require SQL Server 12.0 
● Allowed Storage Account SKUs 
● Allowed Regions for resources to be created in 
● Allowed Virtual Machine SKUs 
● Require resources have tag

Question 12

Locks Access Control​

Answer 12

Limit who has the ability to delete locks

Question 13

Azure Advisor​

Answer 13

Recommendations based on your specific account

• HA
• Security
• Performance
• Cost
• Op Excellence

Question 14

GDPR - General Data Protection Regulation

Answer 14

law that covers how you collect, store, protect and report data of EU citizens

Question 15

NIST

Answer 15

• Cyber security framework

- requires an audit to see that you’re following security and privacy best practices

Question 16

Compliance Manager

Answer 16

• Manage your own regulatory compliance

- Track, Assign and verify your companies regulatory compliance

Question 17

Service Trust Portal

Answer 17

Service Trust Portal (STP)

-Compliance Manager

Question 18

Azure China cloud services

Answer 18

• Not connected to the rest of Azure

- Separate datacenters, login, standards

Question 19

Trust center

Answer 19

A website with details about how Microsoft implements and supports security, privacy, compliance in all Microsoft cloud products and services.

Question 20

Azure Monitor vs. Service Health

Answer 20

• Use Azure monitor to alert on issues in your subscription

- Use Azure Service Health to alert on issues across all of Azure worldwide

Question 21

Azure Blueprints

Answer 21

Can consists of a set of resource groups, policies, role assignments, and Resource Manager template deployments.

• A blueprint is a package to bring each of these artifact types together and allow you to compose and version that package – including through a CI/CD pipeline.
• Ultimately, each is assigned to a subscription in a single operation that can be audited and tracked.

Question 22

Locks

Answer 22

Read Only or Can Not Delete

Question 23

Application Insights

Answer 23

Service that monitors the availability, performance, and usage of your web applications

Question 24

Microsoft Privacy Statement

Answer 24

Explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Question 25

ISO/IEC 27018

Answer 25

Code of practice for protection of personally identifiable information in public clouds

Question 26

Service Trust Portal - Details

Answer 26

The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.

Compliance Manager
Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.