Microsoft security solutions

Question 1

Azure Bastion

Answer 1

You use TLS protocol to establish a connection to Azure Bastion from the Azure portal. From there, Bastion uses the RDP protocol to provide remote connectivity to the target VM

You do not need to install an agent. Bastion is agentless and does not require any additional software

Question 2

Do you need to open the RDP port (3389) on the target VM with Azure Bastion?

Answer 2

Yes, you still need to open the RDP port on the target VMs.

The value add of Azure Bastion is you do not expose the RDP port of the target VMs outside of the virtual network since it lets you use Private IPs for those VMs.

Bastion will connect to target VMs over the Private IP, not the public IP

Question 3

Azure DDoS Protection Standard

Answer 3

Does NOT protect against man-in-the-middle attacks
Is NOT enabled by default in an Azure subscription
It DOES protect against protocol attacks
The maximum number of resources that Azure DDoS Protection Standard can protect without additional cost is 100!

Question 4

Microsoft 365 Defender

Answer 4

Unified enterprise defense suite that comprises of:
Microsoft Defender for Endpoint
Microsoft Defender for Office 365 (documents and emails)
Microsoft Defender for Identity
Microsoft Cloud App Security

Question 5

Microsoft Defender XDR

Answer 5

A unified pre-post brech enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks

Question 6

Built-in security initiative in Microsoft Defender for Cloud

Answer 6

“Microsoft Cloud Security Benchmark” is a built-in security initiative that is automatically assigned when you enable Microsoft Defender for Cloud on your subscription

Question 7

Microsoft Defender for Endpoint

Answer 7

A unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.

Question 8

Microsoft Intune

Answer 8

Intune, which is apart of Microsoft Endpoint Manager, provides the cloud infrastructure, the cloud-based mobile device management (MDM), cloud-based mobile application management, and cloud-based PC management for your organization

You manage Microsoft Intune by using the Microsoft Endpoint Manager admin center!

Question 9

Microsoft Defender for Office 365

Answer 9

safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools

Question 10

Microsoft Defender for Identity

Answer 10

Uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Question 11

Microsoft Defender for Cloud Apps

Answer 11

A comprehensive cross-SaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps

Question 12

What is the minimun edition of Microsoft Entra ID needed to use Microsoft Entra Privilege Identity Management (PIM)?

Answer 12

Microsoft Entra ID P2. This is the only edition that provides PIM support

Question 13

What are types of distributed denial-of-service (DDoS) attacks?

Answer 13

Resource layer attackers, protocol attacks, and volumetric attacks are the most common DDoS attacks

Question 14

Which Azure featue provides network-level filtering, application-level filtering, and outbound SNAT?

Answer 14

Azure firewall

Question 15

Which Azure feature provides application-level filtering and SSL termination?

Answer 15

Azure Web Application Firewall (WAF)

Question 16

Which three authentication methods does Hello for Business support?

Answer 16

Fringer print
Facial recognition
PIN

Question 17

Your organization has developed a line-of-business app that handles sensitive customer information. Your IT team installs an app on your smartphone (BYOD). Which is true?

Answer 17

Your IT team can remotely update thee office apps on your mobile devices
You can use your personal apps along with the business apps
If the device is stolen/lost, the IT team can erase just the business apps

Mobile Application Management enables this BYOD scenario, NOT MDM (Mobile Device Management)

Question 18

Which of the following Azure services can you deploy Azure Web Application Firewall with?

Answer 18

Azure Application Gateway
Azure Front Door
Azure Content Delivery Network (CDN) services

Question 19

Which of the following implements Azure Security Benchmark’s security recommendations on an individual Azure service?

Answer 19

Security baseline!
Security baseline can only be used on devices running Windows 10 version 1809 or later. No iOS or Android devices
Security benchmark contains security recommendatiosn grouped by the security control. They target specific technology