Azure resources Flashcards

1
Q

What are NSGs?

A

A network security group (NSG) is an Azure resource that allows you to filter network traffic to and from Azure resources in an Azure VNet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do NSGs work?

A

By using security rules that allow or deny inbound traffic to or from several types of Azure resources using destination/source IPs, protocols, direction, port range.

Rules with a lower priority number (100) have precedence over a rule with a higher number (200).

NSGs can be assigned to multiple subnets or network interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where are NSGs created?

A

In a VNet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Azure Firewall?

A

A cloud-based network security service that protects your Azure Virtual Network resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s the difference between Azure Firewall and NSGs?

A

NSGs are at the VNet level whilst Azure Firewall is central firewall for all your VNets and subscriptions across your tenant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the features of Azure Firewall?

A

Built-in high availability

Network and application-level filtering

Outbound SNAT & inbound DNAT

Multiple public IP addresses

Threat intelligence

Integration with Azure Monitor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Azure DDOS Protection?

A

An Azure service that analyses network traffic and discards anything that looks like a DDOS attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the Azure DDOS Protection editions?

A

Basic - Microsoft’s free, built-in service. Protects all Azure services without requiring configuration

Standard - Provides enhanced DDOS mitigation features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the Azure DDOS Protection Standard features?

A

Adaptive Tuning - learns an app’s traffic and selects a profile that suits it. This adjusts over time.

Extensive Mitigation

Attack analytics

DDOS Rapid Response team

Cost guarantee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is WAF?

A

Azure Web Application Firewall (WAF) is a centralized protection of web apps from common exploits and vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How many apps can WAF protect at a time?

A

40 using a centralized manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True or False: WAF has only has pre-built policies.

A

False, WAF allows Pre-built and custom rules and policies, with some built-on ones covering best practises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the benefits of WAF?

A

Protection against threats and intrusions

Simpler security management

Improves response time to a security threat

Built in monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What kinds of encryption are on Azure?

A

Azure Storage Service Encryption (SSE)

Azure Disk Encryption

Transparent Data Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is SSE?

A

A service that can automatically encrypt data before it’s stored, and decrypt it when retrieved. (EX: Azure Blob, Azure Files, Queue Storage)

It’s a transparent process to users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does Azure Disk Encryption do?

A

Protects Windows and Linux VM by encrypting their OS and data disks with BitLocker (Win) and DM-Crypt (Linux).

The encryption keys and secrets are stored in Azure key vault.

17
Q

What is Transparent Data Encryption used for?

A

Encrypting SQL server, Azure SQL server and Azure Synapse Analytics in real time/

It protects data and log files using AES and is enabled by default on newly created Azure SQL Databases.