Part 4: Security features Flashcards

1
Q

Azure Security Center

A

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Posture

A

The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Center (example)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Resource security Hygiene

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Secure score

A

Secure score is a measurement of an organization’s security posture.

Report on the current state of your organization’s security posture.

Improve your security posture by providing discoverability, visibility, guidance, and control.

Compare with benchmarks and establish key performance indicators (KPIs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Protection: Just-in-time VM access

A

Just-in-time VM access

Tailwind Traders will configure just-in-time access to VMs. This access blocks traffic by default to specific network ports of virtual machines, but allows traffic for a specified time when an administrator requests and approves it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Protection: Adaptive application controls

A

Adaptive application controls

Tailwind Traders can control which applications are allowed to run on its virtual machines. In the background, Security Center uses machine learning to look at the processes running on a virtual machine. It creates exception rules for each resource group that holds the virtual machines and provides recommendations. This process provides alerts that inform the company about unauthorized applications that are running on its VMs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Protection: Adaptive network hardening

A

Adaptive network hardening

Security Center can monitor the internet traffic patterns of the VMs and compare those patterns with the company’s current network security group (NSG) settings. From there, Security Center can make recommendations on whether the NSGs should be locked down further and provide remediation steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Protection: File integrity monitoring

A

File integrity monitoring

Tailwind Traders can also configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security: Workflow automation

A

Workflow automation uses Azure Logic Apps and Security Center connectors. The logic app can be triggered by a threat detection alert or by a Security Center recommendation, filtered by name or by severity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is SIEM?

A

security information and event management (SIEM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Azure Sentinel

A

Collect cloud data at scale

Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.

Detect previously undetected threats

Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.

Investigate threats with artificial intelligence

Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.

Respond to incidents rapidly

Utilize built-in orchestration and automation of common tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Azure Sentinel data sources

A

Connect Microsoft solutions

Connectors provide real-time integration for services like Microsoft Threat Protection solutions, Microsoft 365 sources (including Office 365), Azure Active Directory, and Windows Defender Firewall.

Connect other services and solutions

Connectors are available for common non-Microsoft services and solutions, including AWS CloudTrail, Citrix Analytics (Security), Sophos XG Firewall, VMware Carbon Black Cloud, and Okta SSO.

Connect industry-standard data sources

Azure Sentinel supports data from other sources that use the Common Event Format (CEF) messaging standard, Syslog, or REST API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Detect threats

A

Built in analytics

use templates designed by Microsoft’s team of security experts and analysts based on known threats, common attack vectors, and escalation chains for suspicious activity. These templates can be customized and search across the environment for any activity that looks suspicious. Some templates use machine learning behavioral analytics that are based on Microsoft proprietary algorithms.

Custom analytics

are rules that you create to search for specific criteria within your environment. You can preview the number of results that the query would generate (based on past log events) and set a schedule for the query to run. You can also set an alert threshold.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Automated response to threats

A

Azure Monitor Workbook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Azure Key Vault

A

Manage secrets

Manage encryption keys

Manage SSL/TLS certificates

Store secrets backed by hardware security modules (HSMs)

17
Q

Azure Key Vault benefits

A

Centralized application secrets

Securely stored secrets and keys

Access monitoring and access control

Simplified administration of application secrets

Integration with other Azure services

18
Q

Azure Dedicated Host

A

Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

19
Q

Host Group

A

A host group is a collection of dedicated hosts.

20
Q

Dedicated host pricing

A

You’re charged per dedicated host, independent of how many virtual machines you deploy to it. The host price is based on the VM family, type (hardware size), and region.

21
Q

Dedicated host benefits

A

Gives you visibility into, and control over, the server infrastructure that’s running your Azure VMs.

Helps address compliance requirements by deploying your workloads on an isolated server.

Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.

22
Q

Defense in depth

A
23
Q

Security posture principles CIA

A

Confidentiality

The principle of least privilege means restricting access to information only to individuals explicitly granted access, at only the level that they need to perform their work.

Integrity

Prevent unauthorized changes to information:

At rest/In transit

Availability

Ensure that services are functioning and can be accessed only by authorized users.

24
Q

Azure Firewall

A

Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks.

25
Q

Stateful firewall

A

A stateful firewall analyzes the complete context of a network connection, not just an individual packet of network traffic.

26
Q
A
27
Q

Firewall: what to configure?

A

Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet.

Network rules that define source address, protocol, destination port, and destination address.

Network Address Translation (NAT) rules that define destination IP addresses and ports to translate inbound requests.

28
Q

Web Application Firewall

A

WAF provides centralized, inbound protection for your web applications against common exploits and vulnerabilities.

Is part of: Azure Application Gateway

29
Q

What are DDoS attacks?

A

A distributed denial of service attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users.

30
Q

Azure DDoS Protection

A

Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS attacks.

31
Q

DDoS Protection tiers

A

Basic

The Basic service tier is automatically enabled for free as part of your Azure subscription.

Standard

The Standard service tier provides additional mitigation capabilities that are tuned specifically to Azure Virtual Network resources. DDoS Protection Standard is relatively easy to enable and requires no changes to your applications.

32
Q

Network Security Group

A

A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network.

You can think of NSGs like an internal firewall.