5 - Review Concepts

Question 1

NSG vs. Firewall

Answer 1

NSG = Allow\Deny Ports
Firewall = Control bandwidth and access

Question 2

AD Privileged Identity Management

Answer 2

• *Managing Privileged Accounts**
• just-in-time privileged access to Azure AD
• Assign time-bound access to resources using start and end dates
• Require approval to activate privileged roles
• Enforce multi-factor authentication to activate any role
• Get notifications when privileged roles are activated
• Conduct access reviews to ensure users still need roles
• Download audit history for internal or external audit

Question 3

Compliance Manager & Service Trust Portal

Answer 3

Compliance Manager is a workflow-based risk assessment dashboard
-track, assign, and verify your organization’s regulatory compliance related to Microsoft professional services & Microsoft cloud services such as Office 365, Dynamics 365, and Azure

Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services

Question 4

Main Factors for Cost

Answer 4

• Resource Type
• Services - Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers.
• Location

Question 5

BluePrints

Answer 5

Azure Blueprints is intended to assist with environment setup. Such environments often include Azure resource groups, role assignments, Azure policies and Resource Manager template deployments

Question 6

DDOS Protection

Answer 6

Basic - Free and across region
Standard - Provides additional mitigation capabilities over the Basic service tier that are tuned specifically to Azure Virtual Network resources. DDoS Protection Standard is simple to enable, and requires no application changes. Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses associated to resources deployed in virtual networks, such as Azure Load Balancer, Azure Application Gateway, and Azure Service Fabric instances, but this protection does not apply to App Service Environments. Real-time telemetry is available through Azure Monitor views during an attack, and for history. Rich attack mitigation analytics are available via diagnostic settings. Application layer protection can be added through the Azure Application Gateway Web Application Firewall or by installing a 3rd party firewall from Azure Marketplace. Protection is provided for IPv4 and IPv6 Azure public IP addresses.

Question 7

Application Insights

Answer 7

Application Monitoring - performance

Question 8

CLI, Powershell, CloudShell,

Answer 8

CLI - Cross platform used for managing Azure. *Cant run powershell scripts
PowerShell -
Cloudshell - Browser based access to Powershell or BASH. Requires a fileshare. Android
Azure Portal -

Question 9

AD Identity Protection

Answer 9

RISKS

• Automate the detection and remediation of identity-based risks.
• Investigate risks using data in the portal.
• Export risk detection data to third-party utilities for further analysis.
• offers MFA.
• prompt to change password from anonymous

Question 10

Azure Logic App

Answer 10

-implement a workflow that could be run on a serverless infrastructure?

Question 11

Azure AI Bot Service

Answer 11

Provide a digital online assistant that provides speech support