Security and connectivity for Azure data services Flashcards
How would you enable a secure connection to an Azure data service from an on-premises machine?
By adding its IP address to the data service’s firewall.
What is the default connectivity setting for Azure relational services?
To disable access to the world.
What is the default connectivity setting for Azure non-relational services?
To enable access to the world.
What are the two ways of securely connecting an Azure service to an Azure data service?
By either adding the data service to a VNet with the resources that need access or adding a firewall rule of 0.0.0.0 to enable all Azure services to connect to the data service.
What can you use to allow a service that can’t be isolated through VNets and firewall rules to connect to an Azure data service?
Exceptions.
What is Azure Private Endpoint?
A network interface that lets you connect privately and securely to an Azure service powered by Azure Private Link.
How does Azure Private Endpoint work?
By using a private IP address from a virtual network, effectively bringing the service into the virtual network.
What is Azure AD?
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps users sign in and access resources.
What is RBAC?
Role-based Access Control (RBAC) is a system that provides fine-grained access-management of Azure resources.
What is role assignment?
The process of attaching a role definition to a user, group, service principal or managed identity at a scope for the purpose of granting access.
What is a role assignment made up of?
A service principle, scope and a role definition.
What is a scope?
The set of resources a user has access to. It can be as wide as a subscription or as narrow as a resource group.
What is a role definition?
A role definition (also known as a role) is a collection of permissions. It can be given a high-level name like owner or specific names like virtual machine reader.
What are 4 of Azure’s built-in roles?
Owner, Reader, Contributor and User-access Administrator.
How would you enable a secure connection to an Azure data service from an on-premises network?
By using Azure Private Endpoint. (possibly with an internal load balancer)