Security and connectivity for Azure data services Flashcards

1
Q

How would you enable a secure connection to an Azure data service from an on-premises machine?

A

By adding its IP address to the data service’s firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the default connectivity setting for Azure relational services?

A

To disable access to the world.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the default connectivity setting for Azure non-relational services?

A

To enable access to the world.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the two ways of securely connecting an Azure service to an Azure data service?

A

By either adding the data service to a VNet with the resources that need access or adding a firewall rule of 0.0.0.0 to enable all Azure services to connect to the data service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What can you use to allow a service that can’t be isolated through VNets and firewall rules to connect to an Azure data service?

A

Exceptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Azure Private Endpoint?

A

A network interface that lets you connect privately and securely to an Azure service powered by Azure Private Link.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does Azure Private Endpoint work?

A

By using a private IP address from a virtual network, effectively bringing the service into the virtual network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Azure AD?

A

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps users sign in and access resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is RBAC?

A

Role-based Access Control (RBAC) is a system that provides fine-grained access-management of Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is role assignment?

A

The process of attaching a role definition to a user, group, service principal or managed identity at a scope for the purpose of granting access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a role assignment made up of?

A

A service principle, scope and a role definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a scope?

A

The set of resources a user has access to. It can be as wide as a subscription or as narrow as a resource group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a role definition?

A

A role definition (also known as a role) is a collection of permissions. It can be given a high-level name like owner or specific names like virtual machine reader.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are 4 of Azure’s built-in roles?

A

Owner, Reader, Contributor and User-access Administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How would you enable a secure connection to an Azure data service from an on-premises network?

A

By using Azure Private Endpoint. (possibly with an internal load balancer)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How would you enable a secure connection to an Azure data service from the internet?

A

Via a public endpoint using firewall rules to protect the database.