Describe features and tools in Azure for Governance and Compliance Flashcards
1
Q
what are azure blueprints?
A
- helps manage multiple subscriptions
- let you standardize cloud subscription or environment deployements
- can define repeatable settings and policies that are applied as new subs are created
- dev teams can rapidly build and deploy new environments
2
Q
what are artifacts?
A
- each blueprint definition is known as an artifact
- it is possible for artifacts to have no additional params
- can also contains one or more params that you can configure such as allowed locations for resource deployments
3
Q
what can artifacts include?
A
- role assignments
- policy assignments
- azure resource manager templates
- resource groups
4
Q
how do azure blueprints help monitor deployments?
A
- versionable allowing for initial config to be made and then add updates later on and assign a new version to that update
- azure creates record that associates a resource with the blueprint that defines it; helps track and audit deployments
5
Q
what is azure policy?
A
- service that enables you to create, assign and manage policies that control or audit your resources
- these policies enforce rules across resource configs so that configs stay compliant with corporate standards
6
Q
how does azure policy define policies?
A
- can define indivual and groups of related policies known as initiatives
- evaluates resources and highlights resources that arent compliant with the policies you’ve created, also prevents noncompliant resources being created
-can set policies on each level - policies can be inherited comes with built in policy and initiative for storage, networking, compute, security center and monitoring
7
Q
what are azure policy initiatives?
A
a way of grouping related policies together
8
Q
what are resource locks?
A
- prevents resource from being accidentally deleted or changed
- can be applied to individual resources, resource groups or even an entire sub
- inherited, so lock on group will lock all resources within it
9
Q
what are the types of resource locks?
A
- Delete; authorised users cna read and modify a resource but not delete
- ReadOnly; authorised users can read but not delete or update a resource
10
Q
how do I delete or change a locked resource?
A
- first remove lock
- apply action
11
Q
what is the service trust portal?
A
- ## portal that provides access to various content, tools and other resources about security, privacy and compliance practices