Part 4: Security features

Question 1

Azure Security Center

Answer 1

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises.

Question 2

Security Posture

Answer 2

The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Question 3

Security Center (example)

Answer 3

Question 4

Resource security Hygiene

Answer 4

Question 5

Secure score

Answer 5

Secure score is a measurement of an organization’s security posture.

Report on the current state of your organization’s security posture.

Improve your security posture by providing discoverability, visibility, guidance, and control.

Compare with benchmarks and establish key performance indicators (KPIs).

Question 6

Protection: Just-in-time VM access

Answer 6

Just-in-time VM access

Tailwind Traders will configure just-in-time access to VMs. This access blocks traffic by default to specific network ports of virtual machines, but allows traffic for a specified time when an administrator requests and approves it.

Question 7

Protection: Adaptive application controls

Answer 7

Adaptive application controls

Tailwind Traders can control which applications are allowed to run on its virtual machines. In the background, Security Center uses machine learning to look at the processes running on a virtual machine. It creates exception rules for each resource group that holds the virtual machines and provides recommendations. This process provides alerts that inform the company about unauthorized applications that are running on its VMs.

Question 8

Protection: Adaptive network hardening

Answer 8

Adaptive network hardening

Security Center can monitor the internet traffic patterns of the VMs and compare those patterns with the company’s current network security group (NSG) settings. From there, Security Center can make recommendations on whether the NSGs should be locked down further and provide remediation steps.

Question 9

Protection: File integrity monitoring

Answer 9

File integrity monitoring

Tailwind Traders can also configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.

Question 10

Security: Workflow automation

Answer 10

Workflow automation uses Azure Logic Apps and Security Center connectors. The logic app can be triggered by a threat detection alert or by a Security Center recommendation, filtered by name or by severity.

Question 11

What is SIEM?

Answer 11

security information and event management (SIEM)

Question 12

Azure Sentinel

Answer 12

Collect cloud data at scale

Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.

Detect previously undetected threats

Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.

Investigate threats with artificial intelligence

Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.

Respond to incidents rapidly

Utilize built-in orchestration and automation of common tasks.

Question 13

Azure Sentinel data sources

Answer 13

Connect Microsoft solutions

Connectors provide real-time integration for services like Microsoft Threat Protection solutions, Microsoft 365 sources (including Office 365), Azure Active Directory, and Windows Defender Firewall.

Connect other services and solutions

Connectors are available for common non-Microsoft services and solutions, including AWS CloudTrail, Citrix Analytics (Security), Sophos XG Firewall, VMware Carbon Black Cloud, and Okta SSO.

Connect industry-standard data sources

Azure Sentinel supports data from other sources that use the Common Event Format (CEF) messaging standard, Syslog, or REST API.

Question 14

Detect threats

Answer 14

Built in analytics

use templates designed by Microsoft’s team of security experts and analysts based on known threats, common attack vectors, and escalation chains for suspicious activity. These templates can be customized and search across the environment for any activity that looks suspicious. Some templates use machine learning behavioral analytics that are based on Microsoft proprietary algorithms.

Custom analytics

are rules that you create to search for specific criteria within your environment. You can preview the number of results that the query would generate (based on past log events) and set a schedule for the query to run. You can also set an alert threshold.

Question 15

Automated response to threats

Answer 15

Azure Monitor Workbook

Question 16

Azure Key Vault

Answer 16

Manage secrets

Manage encryption keys

Manage SSL/TLS certificates

Store secrets backed by hardware security modules (HSMs)

Question 17

Azure Key Vault benefits

Answer 17

Centralized application secrets

Securely stored secrets and keys

Access monitoring and access control

Simplified administration of application secrets

Integration with other Azure services

Question 18

Azure Dedicated Host

Answer 18

Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

Question 19

Host Group

Answer 19

A host group is a collection of dedicated hosts.

Question 20

Dedicated host pricing

Answer 20

You’re charged per dedicated host, independent of how many virtual machines you deploy to it. The host price is based on the VM family, type (hardware size), and region.

Question 21

Dedicated host benefits

Answer 21

Gives you visibility into, and control over, the server infrastructure that’s running your Azure VMs.

Helps address compliance requirements by deploying your workloads on an isolated server.

Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.

Question 22

Defense in depth

Answer 22

Question 23

Security posture principles CIA

Answer 23

Confidentiality

The principle of least privilege means restricting access to information only to individuals explicitly granted access, at only the level that they need to perform their work.

Integrity

Prevent unauthorized changes to information:

At rest/In transit

Availability

Ensure that services are functioning and can be accessed only by authorized users.

Question 24

Azure Firewall

Answer 24

Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks.

Question 25

Stateful firewall

Answer 25

A stateful firewall analyzes the complete context of a network connection, not just an individual packet of network traffic.

Question 27

Firewall: what to configure?

Answer 27

Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet.

Network rules that define source address, protocol, destination port, and destination address.

Network Address Translation (NAT) rules that define destination IP addresses and ports to translate inbound requests.

Question 28

Web Application Firewall

Answer 28

WAF provides centralized, inbound protection for your web applications against common exploits and vulnerabilities.

Is part of: Azure Application Gateway

Question 29

What are DDoS attacks?

Answer 29

A distributed denial of service attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users.

Question 30

Azure DDoS Protection

Answer 30

Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS attacks.

Question 31

DDoS Protection tiers

Answer 31

Basic

The Basic service tier is automatically enabled for free as part of your Azure subscription.

Standard

The Standard service tier provides additional mitigation capabilities that are tuned specifically to Azure Virtual Network resources. DDoS Protection Standard is relatively easy to enable and requires no changes to your applications.

Question 32

Network Security Group

Answer 32

A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network.

You can think of NSGs like an internal firewall.