dec-2(m) Flashcards
Entra Application Proxy. When to use? what is the service running on the cloud side and on premise?
To enable users to access on-premises web applications (RDP, sharepoint, teams, etc) from remote client. Proxy service on the cloud side and Proxy connector on premises. You can enable single-sign-on (SSO), but
proxy does not authenticate user Azure file share access.
Which SAS can be used and signed with Entra ID credential? What service(s) it can secure?
User delegtion SAS, Blob
2 DDos Protection SKUS(s)?
Network Protection, IP-Protection
which service can be interagrated with both DDos Protection SKUS?
Azure Firewall Manager
Which DDos SKU provides Cost-protection and rapid-response team support?
Network Protection
Is a Monitoring role is enough to set up container insight and monitor your AKS cluster?
No. A monitoring role allows to read monitoring data and edit monitoring settings within Azure monitor, but does not enable insight. Need Log Analytics contributor role.
what 3 things you are settings for group membership access review?
review setting (group or M360 group with guest) -> select group
scope (guest user only or all users). - > select all users so that all users of group be reviewed.
reviewer setting -> select group owner
to allow group owners to create their own group access review, what to do? To configure this, what role is needed to configure?
You need to be at least Identity Governance administrator. Global adim works.
Go to Identity Governance-> setting. On the Delegate who can create and manage access reviews page, set Group owners can create and manage access reviews for groups they own to Yes.
What KV access policy permissions is needed for Always encryption?
get, list, unwrap key, wrap key, create, sign, verify
What encryption keys are involved in Always encryption?
column encryption key, column master key
In Always encryption, which encryption types are used for SSN column? How about for Salary column?
Deterministric (Equation-based Search with SSN column).
Radonmized (no computation with Salary column).
Which Sentinel connector is for sign-in log?
Azure AD connector including user sign-in, audit and provisioning (user,group).
Which Sentinel connector is for risk sign in attempt?
Azure AD identity protection
deletion of resource lock on VM appears in which log?
Activity
Owner assignment to a resource group can be searched in which log?
Activity
Which client devices are supporting P2S VPN with Azure AD authentication?
Windows 10, Mac OS.
Scenario: access to dev.azure.com (Azure pipeline), access to dns resolver (1.1.1.1).
what resources and rules we need?
Azure Firewall policy and 2 rules (application rule, and network rule) defined under it
Allow access to SQL. Which firewall rule?
Application rule based on dns name like server1.database.windows.net
Remote desktop connection using Azure Firewall. What do you need?
DNAT (Destination Network address Translation)
URL filtering. Which Firewall SKU?
Premium
Two restrictions to think about in Azure Disk Encryption. (i.e. VM series, and OS)
Basic and A series VM is not supported.
Windows only. And, Server core OS needs bdehdcfg
To enable dynamic membership, what license needed?
P1
Can JIT access to VM protected by Firewall in the same VNET?
Yes
Can JIT access to VM protected by Firewall controlled by Firewall Manager?
No
In Scenario with MDC and MMA (Microsoft Monitoring Agent), what resource and key are needed for onboarding?
Log Analytics workspace, and its workspace key
what to use to protect backend servers in authentication
Managed identity
To remediate the non-compliance policy, what to do?
Modify the policy assignment and create a remediation task.
To allow access from specific FD to Function App or Web app, what needs to be done?
Add access restriction rule with the service tag ‘AzureFrontDoor.Backend’ and Further filter the specific instance with X-Azure-FDID header.
What is the cloud-based workflow automation for MDC?
Logic app
Can you attach NSG to ACR?
No. NSG can be attached to NIC or subnet
Is Conditional Access related to Access Review?
No
