Module 4aa - Security and Network Security - Protect Against Security Threats - Security Center and Secure Score Flashcards

1
Q

What is Azure Security Center?

A

A monitoring service that provide visibility into your security posture for all services in Azure AND On-Prem. It centralizes all security concerns into one view

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some capabilities of Azure Security Center?

A
  • Monitor security settings across Cloud AND On-Prem
  • Auto-apply required security settings to newly provisioned resources
  • Security recommendations
  • Continuously monitor Resources
  • Security assessments to identify potential vulnerabilities before they can be exploited
  • Detect and analyze potential inbound attacks and investigate threats + any post-breach activity (requests from black-listed IPs for example)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can Machine Learning be used by the Security Center?

A

You can use Machine Learning to detect and block malware from being installed on VMs and other resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security Center can measure compliance against the specific Security Controls of any governance Policies or regulatory compliance Policies that are assigned to Resources (T/F)

A

True. Security center will list all the assigned compliances both governance and regulatory and show the total controls passing compliance/total controls PER Compliance assigned

Remember….Policy Assignments are what Security Center Recommendations are based on…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the Resource Security Hygiene section show? How are Recommendations categorized?

A

Shows the health of your Resources from a “Security && Priority” perspective, categorizing remediation recommendations by Low/Medium/High

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are Security Controls?

A

Groups of related security recommendations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What four (4) ways does Security Center protect against threats?

A
  • JIT VM Access
  • Adaptive App Controls
  • Adaptive Network Hardening
  • File Integrity Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

General Knowledge: What is your Security Posture?

A

An aggregate of all cybersecurity policies and controls, and how well you can predict, prevent, and respond to security threats…

Your RBAC, Security-based Policies, what security-based resources you have provisioned at each layer of Defense in Depth, etc. and how well they protect and prevent breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s the Secure Score and what’s it based on?

A

A measurement of an organization’s Security Posture.

Based on the percentage of Security Controls your organization satisfies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you grow your Secure Score?

A

Remediating all the recommendations for a SINGLE Resource within a Security Control

Each Control listed (under Security Center > Recommendations) has a sub list of all remediation items that will satisfy the the Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does a Secure Score help improve your organization?

A

It’s a KPI 👍

  • It serves as a KPI on the current state of the entire org’s Security Posture
  • Improves Posture discoverability, visibility, guidance and control
  • Allows for comparison with benchmarks and other established KPIs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

“Preview” Recommendations are also included in your Secure Score (T/F)?

A

False. Only the current built-in recommendations impact your score.

Pro-Tip: Remediate previews anyway. If they become fully released/built-in, they you’ll already have built your compliance around them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are two (2) ways to customize your Security Controls/Recommendations?

A
  • Disable Policies (can’t make Recommendation when there’s nothing to recommend lol)
  • Exempt specific Resources from a Recommendation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are two (2) ways to create an Exemption for a Recommendation and how are they shown in Security Center?

A

Exempt a Resource - The individual Resource will show up in Security Center as “Exempt” from the Recommendation

Exempt a Subscription or Management Group - When you create this kind of exemption, you select a justification for it, which is then applied to all Recommendations for the Subscription or Mgmt Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does Just-In-Time VM Access block and allow?

A

It can BLOCK traffic to specific network ports on a VM and can allow traffic for a specified time (upon admin approval)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Just-In-Time VM Access Control applies to network ports on a VM, either as a Block or time-limited Allow. What’s the benefit of this?

A

Ensures only REQUIRED traffic is allowed to access to the VM (reducing potential attack vectors)

17
Q

What is Adaptive Network Hardening?

A

Security Center analyzes internet traffic patterns on VMs, comparing them to your organization’s current NSG (Network Security Group) settings. Then will make Recommendations on whether or not to lock down or continue evaluating NSGs further.

18
Q

What is File Integrity Monitoring?

A

Security Center can monitor changes to important files (both Windows and Linux Systems), registry settings, apps, and other files to alert for security risks

19
Q

What is Security Center Workflow Automation?

A

Automation for responding to Security Center alerts through the use of Logic Apps and Security Center Connectors

  • Triggered by a Threat Detection Alert or Security Center Recommendation
  • Possible Actions: send email, post message in Teams, etc.
20
Q

What are Adaptive Application Controls?

A

It’s an “Allowed Applications” list.

You can define rules based on that list to ensure only those apps are allowed to run on your VMs and other Resources