Implementing Azure Network Security Flashcards
What is the name of the service that provides a dedicated connection between Azure and the on-prem site?
A. Azure ExpressRoute
B. Azure Application Gateway
C. Azure Traffic Manager
D. Azure Virtual Private Gateway
E. I don’t know
A. Azure ExpressRoute
Explanation:
Microsoft Azure also supports dedicated WAN link connectivity from Azure VNETs to on-prem networks through Azure’s ExpressRoute offering. With ExpressRoute, the connection between Azure and the on-prem site uses a dedicated connection that does not ride over the public internet. This creates a more secure and more robust connection between an Azure virtual network and the physical on-prem network.
To leverage Just-in-Time VM Access, you need to be in the Standard pricing tier of which Azure service?
Azure DDOS Protection
A. Microsoft Defender for Cloud (formerly Azure Security Center)
B. Azure Active Directory
C. Azure Key Vault
D. I don’t know
A. Microsoft Defender for Cloud (formerly Azure Security Center)
Explanation:
To leverage Just-in-Time VM Access, you need to be in the Standard pricing tier of Microsoft Defender for Cloud In the next lesson, I’ll show you how to configure just-in-time access for a virtual machine.
CORRECT
Which of the following is used to filter network traffic to and from Azure resources in an Azure virtual network?
A. Virtual Network peering connections
B. Private subnets
C. Network route tables
D. Network security groups
E. I don’t know
D. Network security groups
Explanation:
Network security groups are used to filter network traffic to and from Azure resources in an Azure virtual network. When you create a network security group, that group will contain security rules that allow or deny inbound network traffic to or outbound network traffic from many types of Azure resources.
One caveat of the Front Door Service is that when you use it to deliver content, you must use __________ if you wish to have your domain name visible in the Front Door URL.
A. a default domain
B. a private domain
C. a public domain
D. a custom domain
I don’t know
D. a custom domain
Explanation:
What this means is that individual users can establish SSL connections directly with Front Door environments rather than establishing those connections with the applications backend.
One caveat of the Front Door Service is that when you use it to deliver content, you must use a custom domain if you wish to have your domain name visible in the Front Door URL
Front Door also supports HTTPS for custom domain names
By leveraging session affinity, which of the following Azure networking services or components allows you to keep a user session on the same application backend?
A. Azure VPN Gateway
B. Azure Network Security Groups
C. Azure Network Security Rules
D. Azure Front Door
E. I don’t know
D. Azure Front Door
Explanation:
What this does is offer you the ability to configure a more efficient topology for app deployments. By leveraging session affinity, Azure Front Door allows you to keep a user session on the same application backend
Front Door managed cookies ensure that subsequent traffic from a user session gets directs to the same application backend for processing