Secure compute, storage, and databases

Question 1

What cloud service model does Azure Bastion fall under?

Answer 1

fully platform-managed PaaS.

Question 2

What are the 3 Azure Bastion SKUs?

Answer 2

1. Basic
2. Standard
3. Developer

Question 3

What two protocols does Azure Bastion support for virtual connectivity?

Answer 3

RDP and SSH

Question 4

Where is an Azure Bastion instance deployed?

Answer 4

Deployed to a virtual network.

Question 5

Does Azure Bastion function in a peered virtual network?

Answer 5

Yes

Question 6

How should Azure Bastion be deployed to mitigate exposing RDP/SSH ports over the internet?

Answer 6

Deploy bastion at the public side of your perimeter network.

Question 7

Does Azure bastion support zone redundancy?

Answer 7

No

Question 7

What Azure Bastion SKU allows bastion host scaling?

Answer 7

Standard.

Question 8

Up to how many host instances of Bastion does Azure Bastion allow?

Answer 8

50.

Question 9

Describe ‘Azure Kubernetes Service (AKS)’

Answer 9

Managed Kubernetes service to deploy and manage containerized applications.

Question 10

How is AKS managed?

Answer 10

Azure automatically creates, configures, and manages a control plane for you at no cost.

Question 11

What is the purpose/function of the control plane in Azure Kubernetes Service (AKS)?

Answer 11

Responsible for the Kubernetes objects and worker nodes that run the applications.

Question 12

What are the 3 Azure managed Kubernetes services?

Answer 12

1. Azure Kubernetes Service
2. Azure Red Hat OpenShift
3. Azure Container Apps

Question 13

What is the Azure unmanaged Kubernetes service?

Answer 13

Azure Arc-enabled Kubernetes

Question 14

What is the Azure Managed Docker container service?

Answer 14

Azure Container Instances

Question 15

Can workloads in Azure Kubernetes Service (AKS) be isolated from each other?

Answer 15

Yes

Question 16

What is best practice for logically isolating workloads?

Answer 16

Separate teams and projects using logical isolation for multiple workloads, teams, or environments.

Question 17

What is the benefit of logical cluster isolation compared to physical isolation?

Answer 17

Logical separation of clusters usually provides a higher pod density than physically isolated clusters.

Question 18

Describe physical isolated clusters

Answer 18

Teams or workloads are assigned their own AKS cluster.

Question 19

What service is used to improve, monitor, and maintain the security your containerized assets?

Answer 19

Microsoft Defender for Containers.

Question 20

What are the 4 core domains of container security?

Answer 20

1. Security posture management
2. Vulnerability assessment
3. Run-time threat protection
4. Deployment & monitoring

Question 21

What agentless services does Microsoft Defender for containers offer?

Answer 21

Agentless discovery for Kubernetes and Agentless vulnerability assessment.

Question 22

What is best practice for Kubernetes data plane hardening?

Answer 22

Install the Azure Policy for Kubernetes.

Question 23

Is Azure Policy for Kubernetes agent-based or agentless?

Answer 23

Agent-based.

Question 24

How does Defender for Containers perform vulnerability assessments on containers?

Answer 24

Scans the container images in Azure Container Registry (ACR) to provide vulnerability reports for your container images.

Question 25

What is best practice to secure authentication and authorization to a Azure Kubernetes Service (AKS)?

Answer 25

Deploy AKS clusters with Microsoft Entra integration using Kubernetes RBAC or Azure RBAC.

Question 26

What two levels of access are needed to fully operate an AKS cluster?

Answer 26

1. Access the AKS resource on your Azure subscription
2. Access to the Kubernetes API

Question 27

What service is used to provide insight into the compute resources used by container instances?

Answer 27

Azure Monitor.

Question 28

What is the Azure CLI command to gather metrics for container instances?

Answer 28

az monitor metrics list

Question 29

What should be used to