Describe general security and network security features

Question 1

O que é defesa profunda(defense in depth)?

Answer 1

The objective of defense in depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it.

A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.

Question 2

what are the tier of defense of depth

Answer 2

The physical security layer is the first line of defense to protect computing hardware in the datacenter.

The identity and access layer controls access to infrastructure and change control.

The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users.

The network layer limits communication between resources through segmentation and access controls.
The compute layer secures access to virtual machines.

The application layer helps ensure that applications are secure and free of security vulnerabilities.
The data layer controls access to business and customer data that you need to protect.

Question 3

what is firewall?

Answer 3

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. You can create firewall rules that specify ranges of IP addresses. Only clients granted IP addresses from within those ranges are allowed to access the destination server. Firewall rules can also include specific network protocol and port information.

Question 4

what is Azure firewall?

Answer 4

Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks. A virtual network is similar to a traditional network that you’d operate in your own datacenter.

Question 5

What can I configure with Azure Firewall?

Answer 5

Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet.

Network rules that define source address, protocol, destination port, and destination address.

Network Address Translation (NAT) rules that define destination IP addresses and ports to translate inbound requests.

Question 6

What are DDoS attacks?

Answer 6

A distributed denial of service attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users. DDoS attacks can target any resource that’s publicly reachable through the internet, including websites.

Question 7

What is Azure DDoS Protection?

Answer 7

Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS attacks.

Question 8

What are network security groups?

Answer 8

A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of NSGs like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.

Question 9

how to protect the Secure the perimeter layer?

Answer 9

The perimeter layer is about protecting your organization’s resources from network-based attacks. Identifying these attacks, alerting the appropriate security teams, and eliminating their impact are important to keeping your network secure. To do this:

Use Azure DDoS Protection to filter large-scale attacks before they can cause a denial of service for users.

Use perimeter firewalls with Azure Firewall to identify and alert on malicious attacks against your network.

Question 10

como Proteger a camada de rede?

Answer 10

Use network security groups to create rules that define allowed inbound and outbound communication at this layer. Here are some recommended practices:

Limit communication between resources by segmenting your network and configuring access controls.

Deny by default.
Restrict inbound internet access and limit outbound where appropriate.

Implement secure connectivity to on-premises networks.

Question 11

Pergunta:

An attacker can bring down your website by sending a large volume of network traffic to your servers. Which Azure service can help Tailwind Traders protect its App Service instance from this kind of attack?

Azure Firewall

Network security groups

Azure DDoS Protection

Answer 11

Azure DDoS Protection

DDoS Protection helps protect your Azure resources from DDoS attacks. A DDoS attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users.

Question 12

Pergunta:

What’s the best way for Tailwind Traders to limit all outbound traffic from VMs to known hosts?

Configure Azure DDoS Protection to limit network access to trusted ports and hosts.

Create application rules in Azure Firewall.

Ensure that all running applications communicate with only trusted ports and hosts.

Answer 12

Create application rules in Azure Firewall.

Azure Firewall enables you to limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDNs).

Question 13

Pergunta:
How can Tailwind Traders most easily implement a deny by default policy so that VMs can’t connect to each other?

Allocate each VM on its own virtual network.

Create a network security group rule that prevents access from another VM on the same network.

Configure Azure DDoS Protection to limit network access within the virtual network.

Answer 13

Create a network security group rule that prevents access from another VM on the same network.

A network security group rule enables you to filter traffic to and from resources by source and destination IP address, port, and protocol.

Question 14

What’s Azure Security Center?

Answer 14

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Question 15

what security center can do?

Answer 15

Security Center can:

Monitor security settings across on-premises and cloud workloads.

Automatically apply required security settings to new resources as they come online.

Provide security recommendations that are based on your current configurations, resources, and networks.

Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited.

Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run.

Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred.

Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to.

Question 16

Oq é o azure sentinel?

Answer 16

Azure Sentinel is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.

Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system. A SIEM system aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response.

Question 17

what are the Azure Sentinel capabilities?

Answer 17

Azure Sentinel enables you to:

Collect cloud data at scale

Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.

Detect previously undetected threats

Minimize false positives by using Microsoft's comprehensive analytics and threat intelligence.

Investigate threats with artificial intelligence

Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.

Respond to incidents rapidly

Use built-in orchestration and automation of common tasks.

Question 18

Oq é Azure Key Vault?

Answer 18

Azure Key Vault is a centralized cloud service for storing an application’s secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.

Question 19

What can Azure Key Vault do?

Answer 19

Azure Key Vault can help you:

Manage secrets

You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.

Manage encryption keys

You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data.

Manage SSL/TLS certificates

Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources.

Store secrets backed by hardware security modules (HSMs)

These secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.

Question 20

o que é Host Dedicado do Azure?

Answer 20

Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

Question 21

What are the benefits of Azure Dedicated Host?

Answer 21

Azure Dedicated Host:

Gives you visibility into, and control over, the server infrastructure that's running your Azure VMs.

Helps address compliance requirements by deploying your workloads on an isolated server.

Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.

Question 22

Pergunta:

How can Tailwind Traders enforce having only certain applications run on its VMs?

Connect your VMs to Azure Sentinel.

Create an application control rule in Azure Security Center.

Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn’t be running.

Answer 22

Create an application control rule in Azure Security Center.

With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.

Question 23

Pergunta:
What’s the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on?

Collect security data in Azure Sentinel.

Build a custom tool that collects security data, and displays a report through a web application.

Look through each security log daily and email a summary to your team.

Answer 23

Collect security data in Azure Sentinel.

Azure Sentinel is Microsoft’s cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.

Question 24

Pergunta:

Which is the best way for Tailwind Traders to safely store its certificates so that they’re accessible to cloud VMs?

Place the certificates on a network share.

Store them on a VM that’s protected by a password.

Store the certificates in Azure Key Vault.

Answer 24

Store the certificates in Azure Key Vault.

Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs).

Question 25

Pergunta:

How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers?

Configure the network to ensure that VMs on the same physical host are isolated.

This is not possible. These workloads need to be run on-premises.

Run the VMs on Azure Dedicated Host.

Answer 25

Run the VMs on Azure Dedicated Host.

Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.