Security

Question 1

What does the term security posture refer to?

Answer 1

The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Question 2

What is Azure Security Center?

Answer 2

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises.

Question 3

What does SIEM stand for?

Answer 3

security information and event management

Question 4

What is Microsoft’s cloud-based SIEM system?

Answer 4

Azure Sentinel. It uses intelligent security analytics and threat analysis.

Question 5

What are Azure Sentinel capabilities?

Answer 5

AI security

• Collect cloud data at scale
• Detect previously undetected threats
• Investigate threats with artificial intelligence
• Respond to incidents rapidly

Question 6

How is your Azure Security Center limited with a free tier subscription?

Answer 6

While you can use a free Azure subscription tier with ASC, it is limited to assessments and recommendations of Azure resources only.

Question 7

What are the three main defense techniques against malicious input being entered into your applications?

Answer 7

• validate input
• encode output
• create parameterized queries

Question 8

Why should you always encode your output?

Answer 8

This design principle will make sure that everything is displayed as output and not inadvertently interpreted as something that should be executed, which is another common attack technique that is referred to as “Cross-Site Scripting” (XSS).

Question 9

What does a WORM state mean?

Answer 9

Write once read many (WORM) describes a data storage device in which information, once written, cannot be modified. This write protection affords the assurance that the data cannot be tampered with once it is written to the device.

Question 10

What is a region pair?

Answer 10

Two regions close to each other become a pair. These pairs are never updated at the same time, and if both regions do down because of an outage, one region will be prioritized to get back up and running.

Question 11

Will Microsoft ever transfer your data to a third party?

Answer 11

No never.

Question 12

Azure Data Lake Storage is build on …

Answer 12

It’s built on Azure Blob storage, so it inherits all of its security features

Question 13

What is a single instanced key?

Answer 13

Only one key exists.

Question 14

What are versioned keys?

Answer 14

A key is an object with a primary (active) key, and a collection of zero, one or more secondary (archived) keys created when keys are rolled (renewed).

Question 15

What is the difference between management plane and data plane of Azure key vault?

Answer 15

Key Vault access has two facets: the management of the Key Vault itself, and accessing the data contained in the Key Vault. Documentation refers to these facets as the management plane and the data plane.

Question 16

Does the role Key vault contributor give access to the data plane or the management plane?

Answer 16

Management plane.

Question 17

Does the role Contributor give access to the data plane or the management plane?

Answer 17

Both.

Question 18

What is a Key Vault access policy?

Answer 18

A Key Vault access policy is a permission set assigned to a user or managed identity to read, write, and/or delete secrets and keys.

Question 19

Is encrypted communication turned on automatically when connecting to an Azure SQL Server?

Answer 19

Yes. Azure SQL Database enforces encryption (SSL/TLS) at all times for all connections.

Question 20

Transparent Data Encryption will encrypt which database files?

Answer 20

Transparent Data Encryption encrypts all database, log, and backup files. When new Azure SQL databases are created, Transparent Data Encryption will be enabled by default.

Question 21

A mask has been applied to a column in the database that holds a user’s email address, laura@contoso.com. From the list of options, what would the mask display when a database administrator account accesses user data?

Answer 21

When database administrator accounts access data that have a mask applied, the mask is removed, and the original data is visible.

Question 22

Which of the following is the most efficient way to secure a database to allow only access from a VNet while restricting access from the internet?

Answer 22

A server-level virtual network rule will allow you to allow connectivity from specific Azure VNet subnets, and will block access from the internet. This is the most efficient manner to secure this configuration.