Part 5: Identity/Governance Flashcards

1
Q

Authentication

Authorization

A

Authentication is the process of establishing the identity of a person or service that wants to access a resource.

Authorization is the process of establishing what level of access an authenticated person or service has.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Azure Active Directory

A

Azure AD is Microsoft’s cloud-based identity and access management service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Single sign-on

A

Single sign-on enables a user to sign in one time and use that credential to access multiple resources and applications from different providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Azure AD Connect

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Azure AD services

A

Authentication

Single sign-on

Application management

Device management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Multifactor Authentication

A

Something the user knows

This might be an email address and password.

Something the user has

This might be a code that’s sent to the user’s mobile phone.

Something the user is

This is typically some sort of biometric property, such as a fingerprint or face scan that’s used on many mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Conditional Access (Premium P1 or P2)

A

Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals.

Signals

who the user is

where the user is

what device the user is requesting access from.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cloud Adoption Framework

A

The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey.

Stages (DeePRAG)

Define,Plan,Ready,Adopt,Govern

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Subscription Strategy

A

Billing

Access control

Subscription limits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Role Based Access Control (RBAC)

A

Scope

Management group

Subscription

Resource group

Resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is RBAC enforced?

A

Azure RBAC is enforced on any action that’s initiated against an Azure resource that passes through Azure Resource Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who does Azure RBAC apply to?

A

person

group

special identity types, such as service principals and managed identities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do I manage Azure RBAC permissions?

A

The Access control (IAM) pane in the Azure portal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Resource Lock?

A

A resource lock prevents resources from being accidentally deleted or changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do I manage resource locks?

A

Azure portal

PowerShell

Azure CLI

Azure Resource Manager template.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What levels of locking are available?

A

CanNotDelete

ReadOnly

18
Q

Azure blueprints

A
19
Q

Tags

A

Resource tags are another way to organize resources.

20
Q

How do I manage resource tags?

A

PowerShell

Azure CLI,

Azure Resource Manager templates

REST API

Azure portal.

21
Q

Tag examples

A

AppName

CostCenter.

Owner

Environment

Impact

22
Q

Azure Policy

A

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resource

23
Q

Policy Initiatives

A

An Azure Policy initiative is a way of grouping related policies into one set.

The initiative definition contains all of the policy definitions to help track your compliance state for a larger goal.

24
Q

Builtin Initiative example

A

Initiative: Enable Monitoring in Azure Security Center

Policies:

Monitor unencrypted SQL Database in Security Center

Monitor OS vulnerabilities in Security Center

Monitor missing Endpoint Protection in Security Center

25
Q

Compliance standrads

A

HIPAA

ISO 27001

26
Q

Scope of initiaves

A

management group

subscription

resource group

27
Q

Azure blueprints

A

Azure Blueprints can define a repeatable set of governance tools and standard Azure resources that your organization requires.

Can handle multiple subscriptions!

28
Q

What are blueprint artifacts?

A

Each component in the blueprint definition is known as an artifact.

29
Q

Blueprint artifacts examples

A

Deploy threat detection on SQL servers (no parameters)

Allowed locations (parameter for allowed locations)

30
Q

Blueprint builtin example

A

ISO 27001: Shared Services Blueprint

31
Q

What is a control?

A

A known good standard that you can compare your solution against to ensure security.

32
Q

Compliance categories (image)

A
33
Q

Compliance categories

A

Criminal Justice Information Service

Cloud Security Alliance STAR Certification

European Union Model Clauses

Health Insurance Portability and Accountability Act

International Organization of Standards/International Electrotechnical Commission 27018

Multi-Tier Cloud Security Singapore

Service Organization Controls 1, 2, and 3

National Institute of Standards and Technology Cybersecurity Framework

United Kingdom Government G-Cloud

34
Q

Microsoft Privacy Statement

A

Explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.

35
Q

Online Services Terms (OST)

A

Legal agreement between Microsoft and the customer

applies specifically to Microsoft’s online services that you license through a subscription

36
Q

Data Protection Addendum (DPA)

A

further defines the data processing and security terms for online services

Compliance with laws

Disclosure of processed data

Data Security

Data transfer, retention, and deletion

37
Q

Trust Center

A

part of the Microsoft Trusted Cloud Initiative

provides support and resources for the legal and compliance community

Access to the Trust Center doesn’t require an Azure subscription or a Microsoft account.

38
Q

Azure compliance documentation

A

detailed documentation about legal and regulatory standards and compliance on Azure

39
Q

Compliance blueprints

A

reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription

Example: PCI DSS

Payment Card Industry (PCI) Data Security Standard (DSS)

40
Q

Azure Government

A

a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments

41
Q

Azure China 21Vianet

A

Operated by 21Vianet. It’s a physically separated instance of cloud services located in China.

42
Q
A