Security, responsibility, and trust in Azure

Question 1

Security Note1

Answer 1

Regardless of the deployment type, you always retain responsibility for the following:

• Data
• Endpoints
• Accounts
• Access management

Question 2

is a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring unauthorized access to information. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure.

Answer 2

Defense in depth

Question 3

a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.

Answer 3

Azure Security Center

Question 4

• Authentication.
• Single-Sign-On (SSO)
• Application management: You can manage your cloud and on-premises apps using Azure AD Application Proxy, SSO, the My apps portal (also referred to as Access panel), and SaaS apps.
• Business to business (B2B) identity services: Manage your guest users and external partners while maintaining control over your own corporate data Business-to-Customer (B2C) identity services. Customize and control how users sign up, sign in, and manage their profiles when using your apps with services.
• Device Management

Answer 4

Azure AD services

Question 5

uses the same key to encrypt and decrypt the data. Consider a desktop password manager application. You enter your passwords and they are encrypted with your own personal key (your key is often derived from your master password). When the data needs to be retrieved, the same key is used, and the data is decrypted.

Answer 5

Symmetric encryption

Question 6

uses a public key and private key pair. Either key can encrypt but a single key can’t decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS) (used in HTTPS) and data signing.

Answer 6

Asymmetric encryption

Question 7

for data at rest helps you protect your data to meet your organizational security and compliance commitments. With this feature, the Azure storage platform automatically encrypts your data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval.

Answer 7

Azure Storage Service Encryption

Question 8

is a capability that helps you encrypt your Windows and Linux IaaS virtual machine disks. Azure Disk Encryption leverages the industry-standard BitLocker feature of Windows and the dm-crypt feature of Linux to provide volume encryption for the OS and data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets

Answer 8

Azure Disk Encryption

Question 9

centralized cloud service for storing your application secrets.

Answer 9

Azure Key Vault

Question 10

a managed, cloud-based, network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Answer 10

Azure FW

Question 11

are ideal options for non-HTTP services or advanced configurations, and are similar to hardware firewall appliances.

Answer 11

Network virtual appliances (NVAs)

Question 12

allow you to filter network traffic to and from Azure resources in an Azure virtual network.

Answer 12

Network Security Groups (NSG)