Azure Security Solutions Flashcards
Regarding the shared responsibility for system security, for which Azure cloud computing service model does Microsoft Azure bear the most responsibility?
A. Platform as a Service (PaaS)
B. Infrastructure as a Service (IaaS)
C. Software as a Service (SaaS)
D. Anything as a Service (XaaS)
E. I don’t know
C. Software as a Service (SaaS)
Explanation:
Software as a Service (SaaS) is the cloud computing service model where Microsoft Azure or Another Cloud Service provider offers the highest level of service management, meaning they take care of a great deal of day to day service management and security. This can include responsibilities including data center security, virtual machine and network controls, as well as application controls
How many storage account keys are generated when you create a new storage account in Azure?
A. 1
B. 3
C. 4
D. 2
I don’t know
D. 2
Explanation:
Azure generates two storage Account keys when you create a storage account
What database encryption feature is designed to protect sensitive data, like credit card numbers or social security numbers, stored in an Azure SQL Database, by ensuring unauthorized users, including database admins, can’t access this sensitive data?
A. Azure Encrypted SQL
B. Azure SQL Always Encrypted
C. Azure SQL Transparent Data Encryption
D. Azure Key Vault
E. I don’t know
B. Azure SQL Always Encrypted
Explanation:
The Always Encrypted Feature is designed to protect sensitive data, like credit card numbers or social security numbers, stored in an Azure SQL Database or even in a traditional SQL Server database
With Always Encrypted, clients can encrypt sensitive data inside the client applications without revealing the encryption keys to the SQL Server, ensuring separation between the owners of the data and those who manage it. This is important because those who manage this sensitive data shouldnt be able to see the data
Always Encrypted ensures unauthorized users, including database admins, cant access sensitive data. This means customers can confidently store sensitive data, even when its outside of their direct control
CORRECT
Whether a customer is using on-premises hardware or any type of cloud computing service, from IaaS to SaaS, the customer is always responsible for securing which of the following aspects of your environment? (Choose 2 answers)
A. The operating system the customer uses
B. The identity the customer uses
C. The data the customer stores
D. The network controls the customer uses
E. I don’t know
B. The identity the customer uses
C. The data the customer stores
Explanation:
The shared security model is important to understand because you are an organization considering a move to the cloud, you need to understand which security tasks the cloud provider is responsible for handling and which tasks are handled by you. These responsibilities will vary depending on the workload. For example, the responsibilities for SaaS workloads will differ from IaaS workloads, which will differ from PaaS workloads, which will differ from on prem responsibilities
To ensure the encryption of data that is persisted to the cloud, you must _____________.
A. Configure a Certificate
B. Enable Disk Encryption
C. Configure Azure Key Vault
D. Do Nothing
E. I don’t know
D. Do Nothing
Explanation:
Data that is persisted to the cloud is automatically encrypted by Azure through Azure storage encryption
Data stored in Azure Storage is encrypted and decrypted transparently using 256bit AES encryption
When a new storage account is provisioned, Azure storage encryption is automatically enable for it - and this encryption cannot be disabled
