Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ500 > AZ 500 Terms > Flashcards

AZ 500 Terms Flashcards

1
Q

Azure Active Directory (Azure AD)

A

Definition:
Microsoft’s cloud based identity and access management service, used for managing users, groups and access to resources in Azure.
Key concepts:
Single sign on (SSO), Multi factor authentication and conditional access policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Role Based Access Control (RBAC)

A

Definition:
A system for managing access to Azure resources based on user roles. These roles determine what actions users can perform.
Key concepts:
Roles like Owner, Contributor, and Reader. Roles can be assigned at different scopes such as subscription, resource group or specific resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Azure Security Center

A

Definition:
A unified security management system that provides advanced threat protection across Azure workloads
Key Concepts:
Security score, security recommendations and vulnerability assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network Security Groups (NSG)

A

Definition:
A tool used to filter network traffic to and from Azure resources within an Azure Virtual Network
Key Concepts:
Inbound and outbound rules to control traffic based on source/destination IP addresses, ports and protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Azure Firewall

A

Definition:
A managed, cloud based network security service that protects Azure Virtual Network Resources
Key Concepts:
Stateful firewall that provides centralized control and protection over network traffic flows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Azure Key Vault

A

Definition:
A service for securely storing and managing cryptographic keys, secrets, and certificates
Key Concepts:
Provides encryption at rest, and integrates with services to safeguard data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Azure Policy

A

Definition:
A service used to create, assign and manage policies that enforce governance across Azure resources
Key Concepts:
Ensures compliance with security standards by preventing violations (like enabling encryption on storage accounts)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Azure DDoS Protection

A

Definition:
A service that protects Azure applications from DDoS attacks
Key Concepts:
Includes basic (default) and standard tiers, protecting against volumetric, protocol and application layer attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Azure Privileged Identity Management (PIM)

A

Definition:
A service that provides oversight of privileged roles, such as global administrator, to ensure controlled and limited user.
Key Concepts:
Just In Time Access, Approval Workflows, and monitoring of privileged roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Azure Information Protection (AIP)

A

Definition:
A cloud based solution that helps organizations classify, label and protect documents and emails.
Key Concepts:
Data classification and protection based on sensitivity labels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Azure Monitor

A

Definition:
A comprehensive solution for collecting, analyzing and acting on telemetry from Azure resources.
Key Concepts:
Centralized logging and monitoring with integration into security alerting systems like Azuree Security Center.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Azure Sentinel

A

A cloud native security information and event management (SIEM) tool that provides intelligent security analytics for enterprises.
Uses artificial intelligence to detect, prevent and respond to threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Virtual Private Network (VPN) Gateway

A

A type of virtual network gateway that sends encrypted traffic between an Azure virtual network and an on premises location. This is used for hybrid cloud solutions and secure site to site or point to site VPN connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Managed Identities

A

Azures service used for managing identity in Azure applications without the need to manage credentials. There are two types of managed identities, system assigned and user assigned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Encryption at rest

A

The process of encrypting data when it is stored, ensuring that data is inaccessible without proper key.s Azure Storage encryption, Azure SQL Database encryption (TDE) and Key Vault integrations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Conditional Access

A

A tool used to enforce access controls to applications and data based on conditions like user, location and device
Enforces MFA, restricts access based on device health or requires compliant devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Just in Time VM Access

A

A feature in Azure Security Center that limits access to virtual machines by granting access only when needed
Reduces the attack surface by restricting the time a VM port is open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Azure Application Gateway

A

A web traffic load balancer that enables you to manage traffic to your web applications
This is application layer (layer 7) routing, web application firewall for protection from common threats like SQL injection and cross site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Azure Log Analytics

A

A service in Azure Monitor that collects and analyzes log data from multiple sources which enables querying and alerting on log data for insights in resource operations and security incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Security Baselines

A

Pre configured security settings that service as recommendations or requirements for a secure environment
Baselines provided by Microsoft such as Azure Security Benchmark guide organizations in secure their workloads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Azure MFA

A

An authentication method that requires more than one verification method such as password and a phone based code to access resources. This helps secure user identities by requiring two or more verification methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Service Endpoints

A

Extends virtual networks to Azure services by enabling private access to services like Azure storage, without the need for public IP.
This increases security by limiting traffic between resources to the Azure backbone network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Private Link and Private Endpoints

A

Allows you to securely connect to Azure services over a private virtual network, eliminating exposure to the public internet. This ensures that Azure resources such as storage accounts and databases are only accessible through a private endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Azure Blueprint

A

A service that helps with deploying Azure resources according to organizational policies, ensuring compliance and governance. This automates resource configuration, policies and security controls to adhere to industry standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Azure AD Identity Protection

A

A tool within Azure AD that uses machine learning to detect and remediate identity based risks. This detects suspicious user activities, such as leaked credentials and risky sign ins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Microsoft Defender for Identity

A

A cloud based security solution that identifies and protects against identity based attacks within your on premises Active Directory. This monitors suspicious user activity such as lateral movement and helps detect compromised identities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Microsoft Defender for Endpoint

A

An endpoint security platform designed to help enterprises prevent, detect, investigate and respond to advanced threats. Provides endpoint detection and response, vulnerability management and attack surface reduction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Azure Disk Encryption (ADE)

A

A feature that uses BitLocker (for Windows) or DM Crypt (for Linux) to encrypt operating system and data disks of VMs. This ensures data security at rest using keys stored in Azure Key Vault

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Azure Storage Encryption

A

Automatically encrypts data at test using Microsoft managed keys or customer managed keys in Azure Storage. Data is encrypted using 256 bit AES encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Shared Access Signature (SAS)

A

A URI that grants restricted access rights to Azure Storage resources, such as blobs, queues and tables. You can specify the levels of access, time constraints, and IP restrictions for a SAS token.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Azure Policy Initiative

A

A collection of Azure policies that are grouped together to track compliance across multiple policies. This helps ensure compliance with governance standards across resources by enforcing multiple policies simultaneously

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Azure Bastion

A

A fully managed service that provides secure and seamless RDP/SSH access to virtual machines without exposing them to the internet. This eliminates the need for a public IP on VMs and reduces security risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Custom RBAC roles

A

Customizable roles in Azure RBAC that allow for precise control over what actions a user can perform on Azure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

SIEM

A

System that provide real time analysis of security alerts generate by network hardware and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Security Orchestration, Automation and Response (SOAR)

A

Technology that enables organizations to collect security data and alerts from different sources, automate the response to low level threats and orchestrate activities across multiple teams and tools. Azure Sentinel offers SOAR capabilities to automate threat response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Azure DDos Protection Standard

A

An enhanced DDoS protection service for protecting Azure applications from volumetric, protocol and application layer DDoS attacks. Provides mitigation against large scale attacks by absorbing and mitigating DDoS traffic before it affects the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Azure Application Security Groups (ASG)

A

Logical groups of VMs used to simplify the management of network security rules in Azure NSGs. This reduces complexity in NSG rules by grouping VMs based on application functions or tiers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Azure SQL Database Auditing

A

A feature that tracks database activities and writes audit logs to an audit log destination such as a storage account or Log Analytics. This helps in maintaining compliance and detecting security violations or unusual database activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Network Virtual Appliances (NVA)

A

Pre configured network solutions deployed in Azure as VMs, used to control network traffic, inspect traffic for malware or set up secure networking environments. This includes firewalls load balances and VPN gateways deployed in a virtual network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Microsoft Cloud App Security (MCAS)

A

A Cloud Access Security Broker (CASB) that protects your cloud apps by providing visibility, control over data movement and sophisticated analytics to identify and combat cyber threats. MCAS monitors and manages the security of cloud applications and enforces security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Azure Dedicated Hosts

A

A service that provides physical servers that host one or more Azure virtual machines, offering isolation from other customer VMs. This ensures full control over compliance and regulatory requirements, especially for workloads with strict compliance needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Azure Security Benchmark

A

A collection of best practices and recommendations for securing Azure services, aligned with common compliance frameworks. This helps establish a secure foundation by guiding the implementation of security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Azure SQL Always Encrypted

A

A feature that encrypts sensitive data inside databases so that it is encrypted both in rest and in use, protecting it from high privileged users. Data remains encrypted throughout the lifecycle and the keys are managed separately in Azure Key Vault

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Azure Policy Exemptions

A

A configuration that allows specific resources to be exempt from policy evaluation without removing the policy itself. This is useful for managing compliance in special cases where resources need temporary exemptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Azure Disk Encryption Sets

A

A resource for managing encryption keys across multiple disks in Azure virtual machines. Allows for uniform encryption policies across different VMs by centralizing key management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Azure Resource Locks

A

Locks that prevent accidental deletion or modification of critical Azure resources. Two types of locks are CanNotDelete (prevents deletion) and ReadOnly (prevents modification)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Azure Automation

A

A service that allows you to automate repetitive tasks like patching, deployment and configuration management . This is used for automating security related tasks like updating VMs and monitoring compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Azure Site Recovery (ASR)

A

A disaster recovery service that replicates workloads running on VMs to secondary locations to ensure business continuity. This protects from site outages and ensures fail-over to a secondary location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Azure Security Center Regulatory Compliance

A

A dashboard in Azure Security Center that provides insights in your organizations compliance posture . This assesses your environment against regulatory standards like ISO, NIST and CIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Azure Availability Zones

A

Physically separate data centers within an Azure region that provide high availability for workloads. This protects from data center failures by distributing services across different zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Azure ExpressRoute

A

A service that enables private connections between Azure data centers and on premises infrastructure. This provides a secure, fast, and reliable connection for hybrid cloud architectures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Azure App Service Environments (ASE)

A

A fully isolated and dedicated environment for securely running Azure App Service apps at scale.THis is used for running mission critical applications with high security and compliance requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Azure Policy Compliance State

A

The compliance state of Azure resources as evaluated against the assigned Azure polices. This helps track whether resources comply with organizational policies and security standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Azure Front Door

A

A scalable and secure entry point for global applications that provides routing, load balancing and security. This supports SLL offloading, Web Application Firewall and DDoS protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Azure Network Watcher

A

A network performance monitoring and diagnostics tools for Azure Virtual Networks. This provides tools for packet capture, network diagnostics and connection monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Azure Backup

A

A service that provides scalable solutions for backing up data and virtual machines in Azure. This protects data from accidental deletion, corruption or ransomware attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Azure Identity Risk Policies

A

Policies in Azure AD Identity Protection that can automatically respond to detected risks by enforcing access controls like MFA. This automates remediation of risky users, sign ins and vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Managed Service Identity (MSI)

A

A feature that provides Azure services with an automatically managed identity in Azure AD. This eliminates the need to manage credentials in applications that access Azure resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Azure Log Analytics Workspaces

A

A workspace that allows you to collect and analyze log data from different Azure resources and on premises systems. This is used for security monitoring, troubleshooting and alerting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Azure Devps Security

A

Security features and practices to secure the Azure DevOps environment, including repository protection and pipeline security. This protects the software development lifecycle with RBAC, auditing and secure code practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Conditional Access Policies

A

Rules that govern how and when users can access Azure resources based on various conditions like location and device compliance. This is used to enforce policies such as MFA or access restrictions based on risk

62
Q

Azure Cost Management and Billing

A

A service that provides insights into cloud costs and usage, with tools to set budgets and track spending. This can help manage security costs by monitoring resource usage and alerting for anomalies.

63
Q

Resource Health

A

A service that provides information about the health of Azure resources and notifications of outages or service issues. Ensures proactive management of security risks related to resource availability

64
Q

Managed Disk Encryption

A

Azure’s disk encryption solution that encrypts disks attached to Azure VMs using Azure Key Vault. Protects sensitive data stored on virtual machine disks.

65
Q

Azure Resource Manager (ARM) Templates

A

JSON files that define the infrastructure and configurations for Azure resources. Enables deployment automation and consistency, including the security configurations of resources.

66
Q

Azure Application Insights

A

An application performance monitoring service that helps detect, diagnose, and monitor security vulnerabilities in applications. Provides end to end tracking of user actions and insights into application security.

67
Q

Azure DDoS Protection Basic

A

A default DDoS protection service included with all Azure services that provides basic defense against common attacks. Protects against smaller scale attacks without requiring additional configurations

68
Q

Virtual Networking Peering

A

A method that connects two Azure Virtual Networks (VNets) to allow traffic to flow securely between them. Ensures secure communication between VMs in different VNets

69
Q

User Entity and Behavior Analytics (UEBA)

A

A technique that uses machine learning to analyze and detect anomalous user and entity behaviors. Helps identify potential security threats based on unusual activity.

70
Q

Service Principals

A

An identity used by applications, services or automation tools to access Azure resources securely. This is used for controlling access to resources with fine grained permissions

71
Q

Azure DNS Private Zones

A

A DNS service that provides a secure way to manage domain names and access them privately within a virtual network. Secures DNS queries and isolates traffic within Azure VNets

72
Q

Azure Custom Domains

A

Allows users to configure a custom domain for Azure services like websites or storage accounts. Secures traffic with SSL certificates and encryption

73
Q

Azure Blueprint Artifacts

A

Components within Azure Blueprints that consist of ARM templates, role assignments and policies. This helps define and implement security and compliance controls in a consistent manner

74
Q

Azure Conditional Access Named Locations

A

A feature in Azure AD Conditional Access that defines trusted locations (such as specific IP ranges) to control access. This restricts access to Azure resources based on geographic location

75
Q

Azure Privileged Access Workstations (PAW)

A

Hardened workstations dedicated to critical tasks, providing a secure operating environment for privileged users. This helps prevent credential theft and lateral movement in cyberattacks

76
Q

Azure Sentinel Playbooks

A

Automated workflows in Azure Sentinel that help respond to security incidents by executing predefined actions. This uses Azure Logic Apps to orchestrate responses to security alerts

77
Q

Azure Resource Tags

A

Metadata attached to Azure resources that helps in organizing and managing them. This is useful for tracking security related configurations, auditing and cost management

78
Q

Azure NSG Flow Logs

A

Logs that capture network traffic information through Network Security Groups (NSGs). This helps in analyzing and monitoring network traffic for security anomalies.

79
Q

Azure Policy Aliases

A

Shortcuts that represent specific Azure resource properties when defining custom policies. This simplifies policy management by using aliases to refer to resource properties

80
Q

Azure Security Center Just In Time VM Access

A

This is a feature that locks down ports on Azure VMs and provides access only when needed, reducing the attack surface. This helps prevent unauthorized access by enforcing time based access control to virtual machines.

81
Q

Data Loss Prevention (DLP)

A

A policy based approach to protect sensitive data from being lost, accessed or shared inappropriately. This is used in Azure Information Protection to secure sensitive information

82
Q

Azure Virtual WAN

A

A networking service that provides optimized and automated branch connectivity. Enhances the security of global network architectures using encryption and optimized routing.

83
Q

Azure RBAC Deny Assignments

A
84
Q

Azure RBAC Deny Assignments

A

A feature that allows admins to explicitly deny certain actions to specific users, overriding any other role assignments they may have. Enforces strict control by ensuring certain actions cant be performed, regardless of other permissions.

85
Q

Azure Activity Logs

A

Logs that provide information about operations on resources in your environment, such as modifications or deletions. This is essential for auditing and tracking changes to detect security incidents

86
Q

Azure Private DNS

A

A DNS service that provides name resolution for virtual machines and resources in a private network This ensures secure and isolated DNS name resolution within your virtual network.

87
Q

Azure Managed Identity Authentication

A

An identity management service that provides applications with their own identities in Azure AD, which can be used to authenticate against Azure services. This eliminates the need for storing credentials in code for accessing Azure resources

88
Q

Azure Secure Score

A

A security metric in Azure Security Center that evaluates the security posture of your environment and provides recommendations. The higher the score, the more aligned your setup is with best security practices

89
Q

Azure SQL Database Threat Detection

A

A feature that detects potential security threats in your Azure SQL Database, such as SQL injection or abnormal access patterns. This monitors and alerts administrators of suspicious database activity.

90
Q

Azure Virtual Machine Scale Sets

A

A service that automatically scales virtual machines to meet demand, increasing or decreasing resources. This provides high availability and scalability, and integrates with load balancing and auto scaling features.

91
Q

Azure AD Domain Services

A

A managed service that provides domain services like LDAP, Kerberos and NTLM authentication without deploying domain controllers. This allows you to manage traditional on premises apps in the cloud without the need to manage VMs

92
Q

Azure Lighthouse

A

A service that enables providers to manage customer environments securely at scale. Provides cross tenant visibility and management for large scale Azure environments

93
Q

Azure AD Password Protection

A

A security features that prevents users from using weak or compromised passwords in Azure AD. This enhances password security by enforcing custom or global banned password lists

94
Q

Azure Blueprint Versioning

A

A feature of Azure Blueprints that allows you to manage version of blueprints, providing control over updates and changes. This ensures that updates to compliance and security configurations are consistent and traceable

95
Q

Azure Tenant

A

A dedicated instance of Azure AD associated with your organization, including users, groups and application registrations. This is used to manage identities and security for the Azure environment

96
Q

Azure Identity Protection Risk Events

A

Specific types of detected risks in Azure AD Identity Protection, such as sign ins from unfamiliar locations or leaked credentials. This helps identify and respond to threats against user identities

97
Q

Azure SQL Always ON

A

A high availability and disaster recovery solution for Azure SQL databases that allows automatic failover. This provides continuous database availability even during planned or unplanned outages.

98
Q

Azure Traffic Manager

A

A traffic routing service that directs user traffic for high availability and performance across global Azure regions. This uses DNS based routing to ensure availability and performance of services across multiple locations

99
Q

Azure Arc

A

A service that extends Azure management and security to on premises, multi cloud and edge environments. This unifies operations and security management across hybrid and multi cloud environments.

100
Q

Azure Active Directory B2B

A

A feature that allows external users (partners or collaborators) to access your resources using their existing credentials. Ensures secure collaboration across organizations while retaining control over access

101
Q

Azure Active Directory B2C (Business to Consumer)

A

A feature for enabling external users to sign in and use applications with their social or personal identities. Facilitaties consumer identity management with features like MFA and conditional access

102
Q

Azure Security Center Adaptive Application Controls

A

A feature that recommends and enforces application whitelisting for VMs to reduce the attack surface. This helps restrict which applications can run on your VMs, enhancing security.

103
Q

Azure SQL Data Encryption

A

A combination of Transparent Data Encryption (TDE), Always Encrypted and cell level encryption to protect SQL databases. This ensures sensitive data remains encrypted at rest, in transit and in use

104
Q

Azure Key Vault Managed HSM (Hardware Security Module)

A

A dedicated hardware security module for managing and safeguarding cryptographic keys and secrets. This provides the highest level for key management, useful for regulatory compliance

105
Q

Azure Network Security Group (NSG) Prioritization

A

The ordering of rules within an NSG based on priority values, which determine which rules are applied first. This helps resolve conflicts between security rules, ensuring the correct rules are enforced.

106
Q

Azure File Sync

A

A service that centralizes your file shares in Azure, allowing replication and synchronization with on premises Windows servers. This ensures secure, centralized file management while reducing on premises storage costs

107
Q

Azure Key Vault Access Policies

A

Policies that control access to Key Vault secrets, keys and certificates defining what actions users or services can perform. This is essential for controlling who can access sensitive cryptographic material

108
Q

Azure AD Hybrid Identity

A

A solution for integrating on premise Active Directory with Azure AD, enabling a unified identity for accessing resources both on premises and in Azure. This supports seamless authentication across hybrid environments.

109
Q

Azure AD Seamless Single Sign On (SSO)

A

A feature that automatically signs users in when they are on their corporate devices and connected to the corporate network. This provides users with a smooth sign in experience, reducing the need to remember passwords

110
Q

Azure DDoS Protection Metrics

A

Metrics that provide insights into the performance of Azure DDoS protection, including traffic analysis, attacker patterns and mitigation efforts

111
Q

Azure Security Center Workflow Automation

A

A feature that allows you to automate responses to security alerts using logic apps to create workflows for remediation. This reduces the time to react to security incidents and enhances the efficiency of incident response.

112
Q

Azure Policy Guest Configuration

A

A feature that helps ensure VMs in your environment are configured according to your security and compliance policies. This enforces policies related to security baselines and configuration settings inside the guest operating system

113
Q

Azure Active Directory Self Service Password Reset (SSPR)

A

A feature that allows users to reset their own passwords without contacting the help desk. This increases security and reduces IT workload by empowering users to manage their passwords securely

114
Q

Azure Automation Update Management

A

A feature that allows you to manage updates and patching for Windows and Linux VMs in your environment. This automates the process of applying updates to improve security compliance and reduce vulnerabilities.

115
Q

Azure AD Access Reviews

A

A feature that allows administrators to review user access to ensure that only the right people have access to specific resources. This improves security by regularly reviewing and verifying access permissions for users

116
Q

Azure AD Role Based Access Control (RBAC) Conditions

A

Advanced conditions that can be added to RBAC role assignments to enforce security requirements such as time based access or device based access. Provides fine grained access control to resources by introducing additional conditional logic.

117
Q

Azure Service Trust Portal

A

A portal that provides access to audit reports, compliance documentation and security practices for Azure services. This is essential for verifying the compliance and security posture of Azure services for regulatory purposes.

118
Q

Azure Active Directory Conditional Access Device Compliance

A
119
Q

Azure Bastion

A

A fully managed service that provides secure and seamless RDP/SSH access to virtual machines without exposing them to the public internet. This protects VMs by keeping them within the private network, reducing exposure to external threats

120
Q

Azure AD Identity Governance

A

A collection of features in Azure AD that help organizations manage identities, including access reviews, entitlement management and privilege identity management. This ensures secure and efficient management of user identities and access rights

121
Q

Azure Security Center Continuous Export

A

A feature that allows you to continuously export security alerts and recommendations to a Log Analytics workspace or Event Hubs for further processing. This facilitates integration with other security tools and enables automated responses

122
Q

Azure Monitor Diagnostic Settings

A

Configurations that allow the collection of logs and metrics from Azure resources for monitoring and alerting purposes. This is essential for gaining insights into the performance, health and security of resources

123
Q

Azure AD App proxy

A

A service that allows you to securely expose on premises web applications to external users. Enables remote and secure access to internal applications without needing to expose them to the internet directly

124
Q

Azure Security Benchmark

A

A set of best practices and guidelines provided by Microsoft to help secure Azure services. This is used as a framework for improving security posture and ensuring alignment with industry standards

125
Q

Azure AD Access Tokens

A

JSON Web Tokens (JWT) issues by Azure AD that contain claims about the user and can be used to authenticate and authorized API access. This is essential for securing communications between services and APIs by ensuring only authorized users can access them

126
Q

Azure Virtual Network Service Endpoints

A

A feature that extends your virtual networks private IP address space to Azure services, securing the network traffic between VMs and Azure services. This ensure secure and private connections between Azure services and virtual networks

127
Q

Azure AD Token Lifetimes

A

Configurations that control how long tokens, such as access tokens and refresh tokens, remain valid. This helps strike the right balance between security (shorter token lifetimes) and user convenience (longer lifetimes)

128
Q

Azure Role Assignment Scope

A

Defines the level at which a role is assigned in Azure (ie management group, subscription, resource group or individual resource). This helps control and limit access to resources based on the scope of the role assignment

129
Q

Azure Active Directory External Identities

A

A feature that allows organizations to provide access to external users (partners, customers) using Azure AD B2B and B2C. This ensures secure collaboration and identity management for users outside the organization

130
Q

Azure Virtual Network Encryption

A

Encryption of network traffic within virtual networks, both within and between virtual machines. This adds an additional layer of security to communication within the Azure cloud environment.

131
Q

Azure Container Registry (ACR) Geo replication

A

A feature of ACR that allows the replication of container images across multiple Azure regions. This ensures high availability and disaster recovery for containerized applications

132
Q

Azure API Management (APIM) Security

A

Security features of Azure API Management, including authentication, authorization, IP filtering and rate limiting. Protects APIs from unauthorized access, malicious use and overload by implementing security policies

133
Q

Azure AD Identity Protection Risk Detentions

A

Automated detection mechanism in Azure AD that identify risky user sign ins or behaviors (ie sign in from unfamiliar locations or IP addresses). Alerts admins to potential threats and helps enforce policies like MFA or risky sign in.

134
Q

Azure AD Enterprise Applications

A

Applications registered with Azure AD that can be assigned to users and groups for single sign on and access management. Centralized management of access to SaaS and custom applications in the cloud

135
Q

Azure AD Dynamic Groups

A

Groups in Azure AD that automatically include or exclude members based on criteria such as user attributes (job title, location, etc). This simplifies access management by automatically adjusting group memberships based on user attributes.

136
Q

Azure AD Workload Identities

A

Identities used by applications, services and automation tools to access Azure resources securely. These identities reduce the need for human interaction and their permissions can be controlled using RBAC and other security measures.A

137
Q

Azure API Management Certificates

A

Certificates used in Azure API management to secure communication between the API Management gateway and backend servers. This ensures secure and encrypted API communication, protecting data integrity and confidentiality.

138
Q

Azure Policy Exemptions

A

Configurations that exclude certain resources from policy enforcement, often for specific, temporary reasons. This provides flexibility in policy enforcement while maintaining overall governance and compliance

139
Q

Azure AD Conditional Access Terms of Use

A

A feature that presents users with terms of use agreements before they can access resources. This enhances security by ensuring users acknowledge organizational policies before accessing critical services.

140
Q

Azure DDoS Protection Standard Tier

A

A paid, enhanced service that offers advanced DDoS protection with real time mitigation reports and attack analytics. This provides stronger DDoS protection beyond the basic, default offering, including attack monitoring and alerting

141
Q

Azure Firewall Forced Tunneling

A

A feature that forces outbound internet traffic from Azure to pass through an on premises firewall or another security appliance. This enhances security by ensuring that all outbound traffic is inspected by security controls.

142
Q

Azure Defender for IoT

A

A security solution designed to monitor, detect and protect IoT devices and environments from cyberthreats

143
Q

Azure Security Center Just in Time VM Access

A

A feature that locks down inbound traffic to Azure VMs, allowing access only when explicitly requested and for a limited time. This reduces exposure by granting access to VMs only when needed, minimizing the attack surface

144
Q

Azure Resource Manager Locks

A

A feature that prevents the accidental deletion or modification of critical Azure resources. Useful for protecting resources like virtual machines, storage accounts and network configurations from being altered.

145
Q

Azure Firewall Policy

A

A centralized management solution that allows you to define and enforce firewall rules across multiple firewalls in different regions. This simplifies rule management and ensures consistent security across global deployments

146
Q

Azure Disk Encryption for VMs

A

A feature that uses BitLocker for Windows VMs and DM-Crypt for Linux VMs to encrypt the operating system and data disks. This ensures that data at rest is secure, protecting it from unauthorized access or theft

147
Q

Azure Information Protection Scanner

A

A tool that scans on premises file shares and document libraries for sensitive information and applies appropriate protection labels. This helps organizations enforce data protection policies for documents outside of Azure and Office 365

148
Q

Azure Sentinel Hunting Queries

A

Predefined or custom queries that allow security teams to proactively search for security threats across data ingested into Azure Sentinel. This helps identify threats that may not have triggered alerts but are visible in logs and telemetry data

148
Q

Azure AD Group Based Licensing

A

A feature that allows organization to assign licenses to groups in Azure AD, automatically assigning those licenses to all group members. This streamlines license management, ensuring all members of a group receive the necessary licenses for accessing services

149
Q

Azure Policy Effect

A

The action that a policy takes when it is applied to resources, such as deny, audit, append or deployifnotexists. This controls how Azure resources are managed and enforces governance rules to ensure compliance with organizational standards

150
Q
A

AZ500 (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions