Security, Pricing, Compliance and Trust

Question 1

Azure firewall

Answer 1

firewall that protects azure VPN resources.

• built in high availability
• unrestricted cloud scalability

Inbound protection for non HTTPS protocols e.g. remote desktops and file transfer (FTP)

Outbound protection, network level protection for all ports and protocols.

Question 2

Network Security Group (NSG)

Answer 2

List of allowed and denied communication to and from network interfaces. Fully customisable and give the ability to lock down network communication to and from virtual machines.

Question 3

Authentication

Answer 3

Who are you?

process of establishing identity of a person or service looking to access a resource.
It establishes if the person is who they say they are

Question 4

Azure DDoS protection

Answer 4

protects azure applications by scrubbing/monitoring traffic at the azure network edge before it can impact the service’s availability.
Notifications of attacks through azure monitor metrics

protects against DoS attacks (aim to make services unavailable for users)

Question 5

Authorisation

Answer 5

What are you allowed to do?

what level of access an authenticated person is allowed

Question 6

Azure active directory

Answer 6

cloud based identity service, can sync with existing AD. Includes:

• authentication
• single sign on
• application management
• access controls

Question 7

Azure MFA

Answer 7

additional security for identities by requiring 2 or more elements for authentication:

• something you know (password)
• something you possess (mobile phone)
• biometric (fingerprint, face scan)

Question 8

Azure security centre

Answer 8

monitoring service that provides threat protection across all services - azure and on prem

Question 9

Usage scenarios for azure security center

Answer 9

• incident response (detect, assess, diagnose)

- implement recommendations

Question 10

Key Vault

Answer 10

Centralised cloud service for storing application secrets and keys

Question 11

Azure Information Protection

Answer 11

cloud-based solution that helps organisations classify and protect documents and emails by applying labels.

analyse data flows, detect risky behaviour, track access, prevent data leakage

Question 12

Azure advanced threat protection ATP

Answer 12

cloud-based security that identifies, detects and helps you investigate threats, compromised identities and malicious insider actions

Question 13

Azure policies

Answer 13

service to create, assign and manage policies. Policies apply rules that resources need to follow.
Gives visibility into compliance

Question 14

Initiatives

Answer 14

Initiatives work alongside policies in Azure policy.

A set or group of policy definitions to help track compliance state

Question 15

Role-based access controls

Answer 15

fine grained access management for azure resources

Question 16

Resource locks

Answer 16

setting that can be applied to any resource to block modification or deletion

Question 17

Azure monitor

Answer 17

Maximises availability and performance of applications by providing monitoring using telemetry from cloud and on premise environments

Question 18

Azure service health

Answer 18

Notifies about issues with azure services, help you understand impact and keep you updated.
Also provides personalised guidance and support when issues with azure services affect you.

Question 19

General Data Protection Regulation (GDPR)

Answer 19

European privacy law

Regulation on organisations, governments on the way they can collect and analyse data tied to EU residents

Question 20

National institute of standards and technology (NIST) cybersecurity framework (CSF)

Answer 20

voluntary framework that consists of standards, guidelines and best practise to managing cybersecurity related risks.

Microsoft cloud services have gone through FedRAMP (federal risk and authorisation management program) and also through assessments performed by HITRUST (health information trust alliance).

Question 21

Microsoft privacy statement

Answer 21

explains what personal data microsoft processes and for what purposes

Question 22

Trust center

Answer 22

Website containing details on how microsoft implements and supports security, privacy, compliance and transparency

Question 23

Service Trust Portal

Answer 23

hosts the compliance manager service and is microsoft’s public site for publishing compliance related information including audit reports, compliance guides

Question 24

Compliance manager

Answer 24

Workflow-based risk assessment dashboard within the trust portal. Allows you to track, assign and verify compliance activities related to microsoft cloud services

Question 25

Azure Government Services

Answer 25

cloud environment designed to meet compliance and security requirements for US government. Physically separated instance of Azure

Question 26

Azure blueprints

Answer 26

enable you to create a repeatable set of resources in Azure that adhere to an organisation’s standards and requirements