Understand Security, Privacy, Compliance, and Trust Flashcards

1
Q

_____: if we start on the perimeter of the network, we’re focused on limiting and eliminating attacks from the internet. Azure Security Center is a great place to look for information because it will identify internet-facing resources that do not have network security groups associated with them, as well as resources that are not secured behind a firewall

A

Internet Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_____: a service that grants server access based on the originating IP address of each request. You create _____ rules that specify ranges of IP addresses. Only clients from these granted IP addresses will be allowed to access the server

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_____: a managed, cloud-based, network security service that protects your Azure Virtual network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. _____ provides inbound protection for non-HTTP/S protocols such as Remote Desktop Protocol (RDP), Secure Shell (SSH), and File Transfer Protocol (FTP). It also provides outbound network-level protections for all ports and protocols, and application-level protection for outbound HTTP/S

A

Azure Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_____: a load balancer that includes a Web Application Firewall (WAF) that provides protection from common, known vulnerabilities in websites. It is specifically designed to protect HTTP traffic

A

Azure Application Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

_____: ideal options for non-HTTP services or advanced configurations, and are similar to hardware firewall appliances

A

Network Virtual Appliances (NVAs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_____: Any resource exposed on the internet is at risk of being attacked by a denial of service attack. These types of attacks attempt to overwhelm a network resource by sending so many requests that the resource becomes slow or unresponsive.When you combine _____ with application design best practices, you help provide defense against DDoS attacks. _____ leverages the scale and elasticity of Microsoft’s global network to bring DDoS mitigation capacity to every Azure region. The _____ service protects your Azure applications by scrubbing traffic at the Azure network edge before it can impact your service’s availability. Within a few minutes of attack detection, you are notified using Azure Monitor metrics

A

Azure DDoS Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Azure DDoS Protection Tier: _____: automatically enabled as part of the Azure platform. Always-on traffic monitoring and real-time mitigation of common network-level attacks provide the same defenses that Microsoft’s online services use. Azure’s global network is used to distribute and mitigate attack traffic across regions

A

Basic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Azure DDoS Protection Tier: _____: provides additional mitigation capabilities that are tuned specifically to Microsoft Azure Virtual Network resources. DDoS Protections Standard is simple to enable and requires no application changes. Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are added to public IP addresses which are associated with resources deployed in virtual networks, such as Azure Load Balancer and Azure Application Gateway. DDoS _____ protection can mitigate the following types of attacks:

  • Volumetric Attacks: the attackers goal is to flood the network layer with a substantial amount of seemingly legitimate traffic
  • Protocol Attacks: these attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack
  • Resource (Application) Layer Attacks: these attacks target web application packets to disrupt the transmission of data between hosts
A

Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

_____: for communication between virtual machines, Network Security Groups (NSGs) are a critical piece to restrict unnecessary communication

A

Virtual Network Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

_____: it is common to have existing network infrastructure that needs to be integrated to provide communication from on-premises networks or to provide improved communication between services in Azure

A

Network Integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_____: connections are a common way of establishing secure communication channels between networks. Connection between Azure Virtual Network and an on-premises _____ device is a great way to provide secure communication between your network and your Vnet on Azure

A

Virtual Private Network (VPN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_____: to provide a dedicated, private connection between your network and Azure, you can use Azure _____. _____ lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With _____, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365. This improves the security of your on-premises communication by sending this traffic over the private circuit instead of over the internet. You do not need to allow access to these services for your end users over the internet, and you can send this traffic through appliances for further traffic inspection

A

ExpressRoute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_____: allow you to filter network traffic to and from Azure resources in an Azure virtual network. An _____ can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol. They provide a list of allowed and denied communication to and from network interfaces and subnets and are fully customizable

A

Network Security Groups (NSGs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_____: is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are. This includes verifying identity to access applications and resources, and providing functionality such as self-service password reset, multi-factor authentication (MFA), a custom banned password list, and smart lockout services

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

_____: is the process of establishing what level of access and authenticated person or service has. It specifies what data they are allowed to access and what they can do with it

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Access to your Azure subscriptions is performed using _____. _____ is a modern cloud-based identity service/identity provider that supports multiple authentication protocols to secure applications and services in the cloud
  • _____ is not the same as Windows Active Directory. Windows Active Directory is focused on security Windows desktops and servers. In contrast, _____ is all about web-based authentication standards such as OpenID and Oauth
  • When you sign up for a Microsoft cloud services such as Microsoft Azure, Microsoft Intune, or Office 365, a dedicated instance of _____ is automatically created for your organization
  • Users, applications, and other entities registered in _____ are not all lumped into a single global service. Instead, _____ is partitioned into separate tenants
  • When it comes to _____ tenants, there is no concrete definition of “organization.” Tenants can be owned by individuals, teams, companies, or any other group of people
  • The email address you use to sign into Azure can be associated with more than one tenant. You can switch between tenants in the Switch Directory section
  • _____ tenants and subscriptions have a many-to-one trust relationship. A tenant can be associated with multiple Azure subscriptions, but every subscription is associated with only one tenant
  • Each tenant has an Account Owner, this is the original Azure account that is responsible for billing. You can add additional users to the tenant, and even invite guests from other _____ tenants to access resources in subscriptions
A

Azure Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

_____: a dedicated, isolated instance of the Azure Active Directory service, owned and managed by an organization

A

Tenant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

_____: enables users to remember only one ID and one password to access multiple applications. A single identity is tied to a user, simplifying the security model. As users change roles or leave an organization, access modifications are tied to that identity, greatly reducing the effort needed to change or disable accounts

A

Single Sign-On

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

_____: you can manage your cloud and on-premises apps using Azure AD Application Proxy, SSO, the My Apps portal (also referred to as Access Panel), and SaaS apps

A

Application Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

_____: manage your guest users and external partners while maintaining control over your own corporate data Business-to-Customer (B2C) identity services. Customer and control how users sign up, sign in, and manage their profiles when using your apps and services

A

Business-to-Business (B2B) Identity Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

_____: manage how your cloud or on-premises devices access your corporate data

A

Device Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

_____: provides additional security for your identities by requiring two or more elements for full authentication. These elements fall into three categories:

  • Something You Know: would be a password or the answer to a security questions
  • Something You Possess: could be a mobile app that receives a notification or token-generating device
  • Something You Are: typically some sort of biometric property, such as a fingerprint or face scan used on many mobile devices
A

Multi-Factor Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

_____: just a thing that can be authenticated. Obviously, this includes users with a user name and password, but it can also include applications or other servers, which might authenticate with secret keys or certificates. As a bonus definition, an account is data associated with an _____

A

Identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

_____: an identity acting within certain roles or claims. Usually, it is not useful to consider identity and _____ separately, but think of using sudo on a Bach prompt in Linux or on Windows using “run as Administrator.” In both those cases, you are still logged in as the same identity as before , but you’ve changed the role under which you are executing. Groups are often also considered _____ because they can have rights assigned

A

Principal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

_____: an identity that is used by a service or application. And like other identities, it can be assigned roles

A

Service Principal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

_____: the creation of service principals an be a tedious process, and there are a lot of touch points that can make maintaining they difficult. _____ are much easier and will do most of the work for you.A managed identity can be instantly created for any Azure service that supports it - and the list is constantly growing. When you create a _____, you are creating an account on the Azure AD tenant. The Azure infrastructure will automatically take care of authenticating the service and managing the account. You can then use that account like any other Azure AD account, including securely letting the authenticated service access other Azure resources

A

Managed Identities for Azure Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Data Governance & Rights Management: _____

A
  • On-Premises: Customer
  • IaaS: Customer
  • PaaS: Customer
  • SaaS Customer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Client Endpoint: _____

A
  • On-Premises: Customer
  • IaaS: Customer
  • PaaS: Customer
  • SaaS: Customer
29
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Account & Access Management: _____

A
  • On-Premises: Customer
  • IaaS: Customer
  • PaaS: Customer
  • SaaS: Customer
30
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Identity & Directory Infrastructure: _____

A
  • On-Premises: Customer
  • IaaS: Customer
  • PaaS: Shared
  • SaaS: Shared
31
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Application: _____

A
  • On-Premises: Customer
  • IaaS: Customer
  • PaaS: Shared
  • SaaS: Microsoft
32
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Network Controls: _____

A
  • On-Premises: Customer
  • IaaS: Customer
  • PaaS: Shared
  • SaaS: Microsoft
33
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Operating System: _____

A
  • On-Premises: Customer
  • IaaS: Customer
  • PaaS: Microsoft
  • SaaS: Microsoft
34
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Physical Hosts: _____

A
  • On-Premises: Customer
  • IaaS: Microsoft
  • PaaS: Microsoft
  • SaaS: Microsoft
35
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Physical Network: _____

A
  • On-Premises: Customer
  • IaaS: Microsoft
  • PaaS: Microsoft
  • SaaS: Microsoft
36
Q

Shared Security Responsibility with Azure. Who is responsible for what?Responsibility: Physical Datacenter: _____

A
  • On-Premises: Customer
  • IaaS: Microsoft
  • PaaS: Microsoft
  • SaaS: Microsoft
37
Q

A Layered Approach to Security: _____ is a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring unauthorized access to information. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure. Microsoft applies a layered approach to security, both in physical data centers and across Azure services. The objective of defense in depth is to protect and prevent information from being stolen by individual who are not authorized to use it. Defense in Depth can be visualized as a set of concentric rings, with data to be secured in the center. Each ring adds an additional layer of security around the data. This approach removes reliance on any single layer of protection and acts to slow down an attack and prove alert telemetry that can be acted upon, either automatically or manually

A

Defense in Depth

38
Q

_____: the process of making data unreadable and unusable to unauthorized viewers. To use or read the _____ data, it must be decrypted, which requires the use of a secret key. There are two top-level types of _____

A

Encryption

39
Q

_____: uses the same key to encrypt and decrypt the data. Consider a desktop password manager application. You enter your passwords and they are encrypted with you own personal key (your key is often derived from your master password). When the data needs to be retrieved, the same key is used, and the data is decrypted

A

Symmetric Encryption

40
Q

_____: uses a public key and private key pair. Either key can encrypt but a single key can’t decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for thing like Transport Layer Security (TLS) (used in HTTPS) and data signing

A

Asymmetric Encryption

41
Q

_____: data at rest is the data that has been stored on a physical medium. This could be data stored on the disk of a server, data stored in a database, or data stored in a storage account. Regardless of the storage mechanism, encryption of data at rest ensures that the stored data is unreadable without the keys and secrets needed to decrypt it

A

Encryption at Rest

42
Q

_____: data in transit is the data actively moving from one location to another, such as across the internet or through a private network. Secure transfer can be handled by several different layers. It could be done by encrypting the data at the application layer prior to sending it over a network. HTTPS is an example of application layer in transit encryption.You can also set up a secure channel, like a virtual private network (VPN), at a network layer, to transmit data between two systemsEncrypting data in transit protects the data from outside observers and provides a mechanism to transmit data while limiting risk of exposure

A

Encryption in Transit

43
Q

Encrypt Raw Data: _____: for data at rest helps you protect your data to meet your organizational security and compliance commitments. With this feature, the Azure storage platform automatically encrypts your data before persisting it to Azure Managed Disks, Azure Blob Storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval. The handling of encryption, encryption at rest, decryption, and key management in Storage Service Encryption is transparent to applications using the services

A

Azure Storage Service Encryption

44
Q

Encrypt Virtual Machine Disks: Storage Service Encryption provides low-level encryption protection for data written to physical disk, but how do you protect the VHDs of a VM? _____: is a capability that helps you encrypt your Windows and Linus IaaS VHDs. Azure Disk Encryption leverages the industry-standard BitLocker feature of Windows and the dm-crypt feature of Linux to provide volume encryptions for the OS and data disks. The solution is integrated with Azure Key Vault to help you control and managed the disk encryption keys and secrets

A

Azure Disk Encryption

45
Q

Encrypt Databases: _____helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. By default, _____ is enabled for all newly deployed Azure SQL Databases instances._____ encrypts the storage of an entire databased by using a symmetric key called the database encryption key. By default, Azure provides a unique encryption key per logical SQL Server instance and handles all the details. Bring your own key (BYOK) is also supported with keys stored in Azure Key Vault

A

Transparent Data Encryption (TDE)

46
Q

_____: a centralized cloud service for storing your application secrets. _____ helps you control your applications’ secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities. It is useful in a variety of scenarios:
– Secrets Management: you can use _____ to securely store and tightly control access to tokens, password, certificates, Application Programming Interface (API) keys, and other secrets
– Key Management: you can also use _____ as a key management solution. _____ makes it easier to create and control the encryption keys used to encrypt your data
– Certificate Management: _____ lets you provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates in Azure, and internally connected, resources more easily
- Store Secrets Backed by Hardware Security Modules (HSMs): the secrets and keys can be protected either by software, or by FIPS 140-2 Level 2 validated HSMs

A

Azure Key Vault

47
Q

_____: a monitoring service that provides threat protection across all your services both in Azure, and on-premises. _____ can:
- Provide security recommendations based on your configurations, resources, and networks
- Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online
- Continuously monitor all your services, and perform automatic security assessments to identify potential vulnerabilities before they can be exploited
- Use machine learning to detect and block malware from being installed on your virtual machines and services. You can also define a list of allowed applications to ensure that only the apps you validate are allowed to execute
- Analyze and identify potential inbound attacks, and help to investigate threats and any post-breach activity that might have occurred
- Provide just-in-time access control for ports, reducing your attack surface by ensuring the network only allows traffic that you require.
Available in two tiers:
- Free: available as part of your Azure subscription, this tier is limited to assessments and recommendations of Azure resources only
- Standard: this tier provides a full suite of security-related services including continuous monitoring, threat detection, just-in-time access control for ports, and more

A

Azure Security Center

48
Q

_____: a cloud-based solution that helps organizations classify and optionally protect document and emails by applying labels. Labels can be applied automatically based on rules and conditions, manually, or a combination of both where users are guided by recommendations. You can purchase _____ either as a standalone solution, or through one of the following Microsoft licensing suites: Enterprise + Mobility, or Microsoft 365 Enterprise

A

Azure Information Protection (AIP)

49
Q

_____: a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. _____ is capable of detecting known malicious attacks and techniques, security issues, and risks against your networks. _____ consists of several components:
- _____ Portal: through this portal you can monitor and response to suspicious activity. You can also use the portal to monitor, manage, and investigate threats in your network environment
- _____ Sensor: installed directly on your domain controllers. The sensor monitors domain controller traffic without requiring a dedicated server or configuration port mirroring
- _____ Cloud Service: runs on Azure infrastructure and is currently deployed in the US, Europe, and Asia. _____ Cloud Service is connected to Microsoft’s intelligent security graph.
_____ is available as part of the Enterprise Mobility + Security 5 suite (EMS E5) and as a standalone license

A

Azure Advanced Threat Protection (ATP)

50
Q

_____: a service in Azure that you use to define, assign, and manage standards for resources in your environment. It can prevent the creation of disallowed resources, ensure new resources have specific settings applied, and run evaluations of your existing resources to scan for non-compliance. _____ comes with many built-in policy and initiative definitions that you can use, under categories such as Storage, Networking, Compute, Security Center, and Monitoring

A

Azure Policy

51
Q

_____: expresses what to evaluate and what action to take. For example, you could ensure all public websites are secured with HTTPS, prevent a particular storage type from being created, or force a specific version of SQL Server to be used. The _____ itself is represented as a JSON file. You can use one of the pre-defined definitions in the portal or create your own (either modifying an existing one or starting from scratch)

A

Policy Definition

52
Q

Managing a few policies is easy, but once you have more than a few, you will want to organize them, that is where _____ come in._____ work alongside policies in Azure Policy

A

Initiatives

53
Q

_____: a set or group of policy definitions to help track your compliance state for a larger goal.

A

Initiative Definition

54
Q

_____: an initiative definition assigned to a specific scope. _____ reduce the need to make several initiative definitions for each scope

A

Initiative Assignment

55
Q

_____: gives you the control to define roles for people and grant them only the amount of access needed to do their jobs while using Azure services. Roles are sets of permissions, like “Read-Only” or “Contributor,” that users can be granted to access an Azure Service instance.Identities are mapped to roles directly or through group membership. Separating security principals, access permissions, and resources provides simple access management and fine-grained control. Administrators are able to ensure the minimum necessary permissions are granted.Roles can be granted at the individual service instance level, but they can also flow down the Azure Resource Manager hierarchy

A

Role-Based Access Control (RBAC)

56
Q

_____: a setting that can be applied to any resource to block modification or deletion. _____ can set to either delete or read-only
- Delete will allow all operations against the resources but block the ability to delete it.
- Read-Only will only allow read activities to be performed against the resource, blocking any modification or deletion of the resource.
_____ can be applied to Subscriptions, Resources Groups, and to individual resources, and they are inherited when applied at higher levels.
Use _____ to protect those key pieces of Azure that could have a large impact if they were removed or modified

A

Resource Locks

57
Q

_____: maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on

A

Azure Monitor

58
Q

_____: a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. _____ can also help you prepare for planned maintenance and changes that could affect the availability of your resources

A

Azure Service Health

59
Q

_____ explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
_____ applies to the interactions Microsoft has with you and Microsoft products such as Microsoft services, websites, apps, software, servers, and devices. It is intended to provide openness and honesty about how Microsoft deals with personal data in its products and services

A

Microsoft Privacy Statement

60
Q

_____: a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. _____ is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community including:

  • In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products
  • Recommended resources in the form of a curated list of the most applicable and widely-used resources for each topic
  • Information specific to key organizational roles, including business managers, tenant admins or data security teams, risk assessment and privacy officers, and legal compliance teams
  • Cross-company document search, which is coming soon and will enable existing cloud service customers to search the Service Trust Portal
  • Direct guidance and support for when you can’t find what you are looking for
A

Trust Center

61
Q

_____: hosts the Compliance Manger service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services. _____ also includes information about how Microsoft online services can help your organization maintain and track compliance standards, laws, and regulations

A

Service Trust Portal (STP)

62
Q

_____: International Organization for Standardization

A

ISO

63
Q

_____: System and Organization Controls

A

SOC

64
Q

_____: National Institute for Standards and Technology

A

NIST

65
Q

_____: Federal Risk and Authorization Management Program

A

FedRAMP

66
Q

_____: General Data Protection Regulation

A

GDPR

67
Q

_____: a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure
_____ provides the following features:
- Combines the following three items:
◊ Detailed information provided by Microsoft to auditors and regulators, as part of various third-party audits of Microsoft’s cloud services against various standards
◊ Information that Microsoft compiles internally for its compliance with regulations (such as HIPAA and the EU GDPR)
◊ An organization’s self-assessment of their own compliance with these standards and regulations
- Enables you to assign, track, and record compliance and assessment-related activities, which can help your organization cross team barriers to achieve your organization’s compliance goals
- Provides a Compliance Score to help you track your progress and prioritize auditing controls that will help reduce your organization’s exposure to risk
- Provides a secure repository in which to upload and manage evidence and other artifacts related to compliance activities
- Produces richly detailed reports in Microsoft Excel that document the compliance activities performed by Microsoft and your organization, which can be provided by auditors, regulators, and other compliance stakeholders

A

Compliance Manager

68
Q

_____ delivers a dedicated cloud enabling government agencies and their partners to transform mission-critical workloads to the cloud. _____ handle data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. In order to provide the highest level of security and compliance, ______ uses physically isolated datacenters and networks (located in U.S. only)

A

Azure Government Services

69
Q

_____: a differentiated option from these with separate accounts and pricing. It delivers our industry-leading services from German datacenters, with data residency in Germany, and strict data access and control measures provided through a unique data trustee model governed under German law

A

Azure Germany Services