Security and connectivity for Azure relational data services Flashcards

1
Q

What does Azure Defender for SQL do?

A

Azure Defender for SQL provides a set of advanced SQL security capabilities, including SQL Vulnerability Assessment and Advanced Threat Protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is DoSGuard?

A

DoSGuard is SQL gateway service that reduces Denial of service (DoS) attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does DoSGuard work?

A

If there’s multiple failed login attempts from an IP within a period of time, the IP address is blocked from accessing any resources in the service for a short while.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does a connection policy of Proxy do?

A

A policy of Proxy ensures that once a service connects with a gateway, all traffic from then on flows through the gateway.
Each request could potentially be serviced by a different database in the cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What tasks does the Azure SQL Database gateway do?

A

1) It validates all connections to the database servers
2) It encrypts all communications between a client and the database servers.
3) It inspects each network packet sent over a client connection. The gateway validates the connection information in the packet, and forwards it to the appropriate physical server based on the database name that’s specified in the connection string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What connection policy do non-Azure services connecting to Azure SQL Database have by default?

A

Proxy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What connection policy do Azure services connecting to Azure SQL Database have by default?

A

Redirect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does a connection policy of Redirect do?

A

A policy of Redirect means after a service has connected to the gateway once, all subsequent traffic from the service goes straight to the Azure SQL database rather than through the gateway.

If the service loses connection with database, the next connection will have to authenticate through the gateway again. when it may be connected to a different copy of the database on another server in the cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does Azure Defender for open-source relational databases do?

A

Azure Defender for open-source relational databases provides security alerts on anomalous activities so you can detect potential threats and respond to them as they occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What can you do to further improve an Azure open-source data service’s security?

A

Enable Azure Defender for open-source relational databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What can you do to further improve an Azure SQL data service’s security?

A

Enable Azure Defender for SQL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is a connection to Azure SQL Database established?

A

1) Clients connection to a gateway that has a public IP address and listens on port 1443.
2) Depending on the connection policy, the gateway either redirects the traffic to the database cluster or acts as a proxy for the database cluster.
3) Inside the database cluster, traffic is forwarded to the appropriate Azure SQL database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are VLANs and ACLs used for?

A

Restricting network communications by source and destination networks, protocols and port numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an ACL?

A

An access control list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a VLAN?

A

Virtual local area networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the overarching principle of network security for Azure SQL Databases?

A

Allow only the connection and communication necessary for a service to operate. All other ports, protocols and connections are blocked by default.

17
Q

What port does PostgreSQL communicate over?

A

Port 5432.

18
Q

How do you manage authentication for Azure relational data services?

A

By using Azure Active Directory (Azure AD).

19
Q

What port does SQL communicate over?

A

Port 1443.

20
Q

What port does MySQL communicate over?

A

Port 3306.

21
Q

What is security measure is required and enforced by default on MySQL databases?

A

SSL connection security

22
Q

How does Azure SQL database provide availability?

A

By using a clustered topology. Each database and server is transparently replicated to ensure that a server is always accessible, even in the event of a database or server failure.