Secure Cloud Solutions Flashcards

1
Q

GRAPH

What is Microsoft Graph?

A

Is a gateway to data and intelligence in Microsoft 465, Windows 10 and Enterprise Mobility + Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

GRAPH

What apps does Graph work with?

A

(1) Office 365
(2) Excel
(3) Windows 10
(4) Calendar
(5) Enterprise Mobility + Security
(6) Mail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

GRAPH

Features of Graph?

A

(1) Provides an unified programming model that you can use to access data in various apps
(2) Single End Point (https://graph.microsoft.com)
(3) Use REST API’s or SDK’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Azure Key Vault

What components are in Azure Key Vault

A

(1) Keys
(2) Secrets
(3) Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Azure Key Vault

Pricing Tiers

A

Standard and Premium

Premier contains Standard + HSM-protected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Azure Key Vault

PowerShell command to create an Key Vault

A

New-AzKeyVault
-VaultName $name
-ResourceGroupName $rgname
-Location $location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Azure Key Vault

Az Command to create a Secret in Key Vault

A

az keyvault secret
–name $name
[–description
–disabled
–encoding
–expires
–file
–not-before
–subscription
–tags
–value]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Azure Key Vault

Az Command to create a Key Vault

A

az keyvault create
–name
–resource-group
–location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Azure Key Vault

Authentication types for Azure Key Vault

A

(1) Use Azure AD App Registration
(2) Use Managed Identity
(3) Use Key Vault References

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Azure Key Vault

What is the recommend option for Azure Key Vault

A

Managed Identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Azure Key Vault

What is recommended option for Azure Key Vault for App Functions and App Services

A

Use Key Vault References

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Azure Key Vault

What is the steps to assign Manage Identity

A

(1) After creating an App Service, click on “Identity” link and get the system system assigned identity (ObjectId)
(2) In Azure Key Vault, “Add Access Policy” and select the principal
(select the secret permissions)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Azure Key Vault

Describe a basic C# application to retrieve a secret

A

using Azure.Security.KeyVault.Secrets;

string url = “https://myvault.vault.azure.net;

SecretClient client = new SecretClient(new Uri(url), new DefaultAzureCredential());

string secret = client.GetSecretAsync(“secretmessage”).Result.Value;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Azure Key Vault

Accessing a secret in App Settings

A

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecrets/ec944ffg3992iff2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Azure Key Vault

Steps to migrate app configurations to Key Vault

A

(1) Move configuration to Key Vault
(2) Create a system assigned identity for your app
(3) Update the configuration values with the KV reference syntax
(4) Deploy your App Service or Azure Function
(5) Give Get KV Secrets access to the app identity
(6) Verify app functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Important (WILL BE ON EXAM)

A
17
Q

Information - Objects for Exam

A
18
Q

Azure Key Vault

What is soft-delete?

A

Allows recovery of the defaulted vautls and key value objects such as keys, secrets, and certificates

Is enabled by default

Recoverable within retention period 7 - 90 days

To finally delete, use the PURGE operation

Can use Portal, Azure CLI, ARM, and PowerShell commands to enable soft deletes and purge protection

19
Q

The NUGET packages used for Key Vault

A

(1) Azure.Security.KeyVault.Keys
(2) Azure.Security.KeyVault.Secrets
(3) Azure.Security.KeyVault.Certificates

Probably need to add Azure.Identity as well

20
Q

Azure Key Vault

C# Example to get a key type

A

var uri = “https://myvault.vault.azure.net”;
var client = new KeyClient(new Uri(uri), new DefaultAzureCredential());
var key = client.GetKeyAsync(“mykey”).Result;
Console.WriteLine($”Key = {key.Value.KeyType}”);

21
Q

Information

May want to better understand Service Principals vs. Managed Identity

A