Azure resources Flashcards
What are NSGs?
A network security group (NSG) is an Azure resource that allows you to filter network traffic to and from Azure resources in an Azure VNet.
How do NSGs work?
By using security rules that allow or deny inbound traffic to or from several types of Azure resources using destination/source IPs, protocols, direction, port range.
Rules with a lower priority number (100) have precedence over a rule with a higher number (200).
NSGs can be assigned to multiple subnets or network interfaces.
Where are NSGs created?
In a VNet.
What is Azure Firewall?
A cloud-based network security service that protects your Azure Virtual Network resources
What’s the difference between Azure Firewall and NSGs?
NSGs are at the VNet level whilst Azure Firewall is central firewall for all your VNets and subscriptions across your tenant.
What are the features of Azure Firewall?
Built-in high availability
Network and application-level filtering
Outbound SNAT & inbound DNAT
Multiple public IP addresses
Threat intelligence
Integration with Azure Monitor.
What is Azure DDOS Protection?
An Azure service that analyses network traffic and discards anything that looks like a DDOS attack.
What are the Azure DDOS Protection editions?
Basic - Microsoft’s free, built-in service. Protects all Azure services without requiring configuration
Standard - Provides enhanced DDOS mitigation features.
What are the Azure DDOS Protection Standard features?
Adaptive Tuning - learns an app’s traffic and selects a profile that suits it. This adjusts over time.
Extensive Mitigation
Attack analytics
DDOS Rapid Response team
Cost guarantee
What is WAF?
Azure Web Application Firewall (WAF) is a centralized protection of web apps from common exploits and vulnerabilities.
How many apps can WAF protect at a time?
40 using a centralized manager.
True or False: WAF has only has pre-built policies.
False, WAF allows Pre-built and custom rules and policies, with some built-on ones covering best practises.
What are the benefits of WAF?
Protection against threats and intrusions
Simpler security management
Improves response time to a security threat
Built in monitoring
What kinds of encryption are on Azure?
Azure Storage Service Encryption (SSE)
Azure Disk Encryption
Transparent Data Encryption
What is SSE?
A service that can automatically encrypt data before it’s stored, and decrypt it when retrieved. (EX: Azure Blob, Azure Files, Queue Storage)
It’s a transparent process to users.