Resource Hierarchy Flashcards
What is the Azure Resource Hierarchy?
Management Groups - Manage access, policies, compliance
Subscriptions - Manages costs for resources. You can have different subscriptions for different business departments.
Resource Groups
Resources - VMs, DBs, Storage
You can create further hierarchies with management groups but not resource groups.
What is cloud security posture management?
Automate the identification and remediation of security risks of your cloud configuration e.g. is your VNet set up correctly. Can be used for multi-cloud and hybrid cloud.
What is cloud workload protection?
Continuously monitor and fix threats to workloads deployed in the cloud e.g. your app that’s running in the cloud. Can be used to multi cloud and hybrid cloud.
What would you use to store API keys, certificates, passwords or cryptographic keys?
Azure Key Vault.
What service allows your to configure identity and access management to and of your cloud resources?
Azure Active Directory (Azure AD - the managed service)
What does authentication and authorisation mean?
Authentication = Are they the right user?
Authorisation = Does that user have the right access?
You would use 2 of the 3 methods to authenticate a user’s identity. What are the 3 methods?
Something you know - a password
Something you have - a code generator or trusted device
Something you are - finger print
What is conditional access and what three signals does azure look for?
Conditional access build intelligence based on 3 signals of who the user is, where they are and what device they’re using. E.g. if they’re an admin, require MFA. If they are NOT on a trusted device, deny access. If they are logging in from a previously known location, allow access with MFA.
What is the difference between MS Active Directory and Azure Active Directory?
AD is MS’s proprietary directory service that allows you to create organizational units with hierarchies and group policy objects.
Azure AD is a flat, tones down version of AD. Azure AD also only allows web based protocols like OAuth.
If you need some of the services of AD using Azure AD then use Azure AD Domain Services.
What are the 3 parts of role-based access control assignment?
Who is the role relevant for
What permissions do they have
What scope (resource level, group level, sub level or management group level). Permissions always flow down i.e. if I have access to a management group then I have access to everything downstream of it.
What are the Azure AD password-less options?
Windows Hello for business - Credentials are tied to user PC
MS Authenticator App on a user’s phone
FIDO2 security keys - use common devices like the finger scanner on your phone