Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ900 > Azure Security and Network Security > Flashcards

Azure Security and Network Security Flashcards

1
Q

What is Azure security centre?

A

A monitoring service that provides threat protection across all services for both Azure and on prem datacentres.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the features of Azure Security Centre?

A

Provides security recommendations
Continuous monitoring
Detects and blocks malware
Analyses and identify potential attacks and vulnerabilities
Provides just in time access control for ports
Policy compliance
Provides tailored recommendations for your resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the two tiers of Azure Security centre?

A

Free
Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What features does the free tier of Azure Security Centre provide?

A

Gives base recommendations for security
Analyses and displays basic security data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What features does the standard tier of Azure Security Centre provide?

A

All of them:
Provides security recommendations
Continuous monitoring
Detects and blocks malware
Analyses and identify potential attacks and vulnerabilities
Provides just in time access control for ports
Policy compliance
Provides tailored recommendations for your resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TRUE OR FALSE: Azure Security Centre analyses security data and provides a score based on everything it monitors.

A

TRUE
The score is out of 100, and shows vulnerabilities in your resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TRUE OR FALSE: Azure Security Centre can fix vulnerabilities itself.

A

TRUE
When it provides recommendations, it can carry out the fixes itself with the approval of the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Azure Sentinal?

A

A security information management and security automated responses solution that provides security analytics and threat intelligence across a whole enterprise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why might you choose Azure Sentinel?

A

It manages and protects an entire enterprise and scales elastically to meet your organisational needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Azure Key Vault?

A

A service that stores certificates, keys, tokens, passwords and secrets in a centralised location.
It provides logs on who has accessed the data stored in it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Key Vault used for?

A

Protecting secrets and access to specific data so that only those who have authority can access the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Azure Dedicated Hosts?

A

A solution that provides specific servers and sets them aside for use by only one organisation/subscription/workload. Thes servers and private.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the benefits of Azure Dedicated Hosts?

A
  1. Hardware isolation are the server level
  2. Control over maintenance and configuration of the server
  3. Aligned with Azure Hybrid use benefits
  4. Keeps your resources separate from other organisations/subscriptions
  5. Provides more latency for your resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the main drawback of Azure Dedicated Hosts?

A

It costs more money than going public.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the main levels described in Defence in Depth in order starting from the outer most layer?

A

Physical security
Identify & access
Perimeter
Network
Compute
Application
Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why is defence in depth used?

A

It provides multiple layers of defence, so that even if one level is breached, the other levels are still safe. All layers need to be breached to get the highest level data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In defence in depth, what is the physical security layer?

A

Security in the physical world, like locks, security cameras etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In defence in depth, what is the identity and access layer?

A

Online security that involves MFA, authentication, logins and permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In defence in depth, what is the perimeter layer?

A

A later that prevents unwanted users and services from accessing internal azure resources. It keeps them out at the outmost online layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

In defence in depth, what is the network layer?

A

The layer where you can limit permissions and access to resources in your organisation. It’s where you create rules, preventing inbound and outbound messages etc..

21
Q

In defence in depth, what is the Compute layer?

A

The layer that ensures security of the compute resources and makes sure user have complete control of the service and OS.

22
Q

In defence in depth, what is the Application layer?

A

Security within azure applications using things like Azure Key Vault.

23
Q

In defence in depth, what is the Data layer?

A

The core layer you want to protect. You also want to make sure your data is protected in transit.

24
Q

What is Zero Trust?

A

Zero trust assumes all resources/services are on a network that cannot be trusted. Everything must have the highest level of security.

25
Q

What are the 3 principals of zero trust?

A
  1. Verifying user access explicitly
  2. Least privilege access
  3. Assume there is always a breach
26
Q

What is least privilege access?

A

When you give other least possible level of access required for the assets for the user to do their job.

27
Q

What is Microsoft Defender for Cloud?

A

A monitoring service that provides threat protection across both Azure and on prem datacentres.

28
Q

What are the features of Microsoft Defender for Cloud?

A
  1. Provides security recommendations based on your current situation
  2. Detects and blocks malware in your Azure and alerts you
  3. Analyses and identifies potential attacks based on the security you have implemented
  4. Just in time access control for ports
  5. Provides a security score based on how secure your resources are
29
Q

What is the Shared Security model?

A

It describes the responsibilities of security by the customer/user and the provider/azure. Some things are manage by the customer, some by the provider and some shared by both.

30
Q

What are the 10 types of responsibilities described in the Shared Security model?

A
  1. Data governance and rights management
  2. Client endpoints
  3. Account and access management
  4. Identity and directory infrastructure
  5. Application
  6. Network controls
  7. Operating system
  8. Physical hosts
  9. Physical network
  10. Physical datacenter
31
Q

What responsibilities does the customer have in the Shared security model for on prem?

A

All of them:
1. Data governance and rights management
2. Client endpoints
3. Account and access management
4. Identity and directory infrastructure
5. Application
6. Network controls
7. Operating system
8. Physical hosts
9. Physical network
10. Physical datacenter

32
Q

What responsibilities are split between the customer, the provider and shared in the Shared Security model for IaaS?

A

CUSTOMER
1. Data governance and rights management
2. Client endpoints
3. Account and access management
4. Identity and directory infrastructure
5. Application
6. Network controls
7. Operating system

PROVIDER
8. Physical hosts
9. Physical network
10. Physical datacenter

33
Q

What responsibilities are split between the customer, the provider and shared in the Shared Security model for PaaS?

A

CUSTOMER
1. Data governance and rights management
2. Client endpoints
3. Account and access management

SHARED
4. Identity and directory infrastructure
5. Application
6. Network controls

PROVIDER
7. Operating system
8. Physical hosts
9. Physical network
10. Physical datacenter

34
Q

What responsibilities are split between the customer, the provider and shared in the Shared Security model for SaaS?

A

CUSTOMER
1. Data governance and rights management
2. Client endpoints
3. Account and access management

SHARED
4. Identity and directory infrastructure

PROVIDER
5. Application
6. Network controls
7. Operating system
8. Physical hosts
9. Physical network
10. Physical datacenter

35
Q

What do Network Security Groups (NSGs) do?

A

They filter network traffic to and from azure resources on azure Virtual networks. They can be configured to add traffic rules.

36
Q

What layer in defence in depth do NSGs protect?

A

The network layer, it filters inbound and outbound traffic to make it more secure.

37
Q

What is a traffic rule?

A

A restriction that is put on network traffic to filter potential malicious traffic. Traffic can be filtered by IP address, port, source, protocol.

38
Q

What does a traffic rules priority decide?

A

It decides what rules filter the traffic if multiple rules apply to said traffic. The rule with the highest priority overrides.

39
Q

TRUE OR FALSE: You cannot delete the default azure traffic rules that come with NSGs.

A

TRUE
You cannot delete them, but you can override them with higher priority rules

40
Q

What is Azure Firewall?

A

A stateful, managed firewall as a service that grants and denies server access for traffic based on originating IP address, in order to protect network resources. Protects an entire network.

41
Q

What layer in defence in depth does the Azure Firewall protect?

A

The perimeter layer, it keeps unwanted traffic out of the internal network.

42
Q

What does Azure Firewall and NSGs have in common?

A

They both apply traffic rules to traffic.

43
Q

What is the Web Application Firewall (WAF)?

A

The firewall service that comes with Azure Application Gateway. It protects the gateway by granting and denying access.

44
Q

What are some benefits of Azure Firewall?

A
  1. Protection of your network
  2. Configurable to your rules and needs
  3. Unrestricted cloud scalability
  4. Includes azure monitoring and logging
45
Q

What does the Azure Distributed Denial of Service (DDoS) protection do?

A

It prevents DDoS attacks on your network and resources. It prevents potential unwanted DDoS traffic from reading the network before it impacts service availablity.

46
Q

What are the two tiers of Azure Distributed Denial of Service (DDoS) protection?

A

Basic
Standard

47
Q

TRUE OR FALSE: You must opt in for the basic tier of Azure Distributed Denial of Service (DDoS) protection.

A

FALSE
it is automatically enabled in azure.

48
Q

What does the standard tier of Azure Distributed Denial of Service (DDoS) protection provide compared to the basic tier?

A

Mitigation capabilities that are tuned to protect Azure Virtual Network services.

49
Q

What defence in depth layer does Azure Distributed Denial of Service (DDoS) protection protect?

A

The perimeter layer

AZ900 (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions