Understand Security, Privacy, Compliance, and Trust

Question 1

What is a Network Security Group (NSG)?

Answer 1

It allows or denies inbound network traffic to your Azure resources. Think of a network security group as a cloud-level firewall for your network.

Question 2

What’s Multi-Factor Authentication (MFA)?

Answer 2

It is a form of authentication that requires more than one element for full authentication. These elements can fall into three categories: something you know (security question), something you own (mobile app, token generating device), something you are (fingerprint, face scan).

Question 3

What’s an identity?

Answer 3

It is something that can be authenticated - users, applications, servers.

Question 4

What’s a principal?

Answer 4

It is an identity acting with certain roles or claims.

Question 5

What’s a service principal?

Answer 5

It is an identity that is used by a service or an application and can be assigned roles.

Question 6

What is Role Based Access Control?

Answer 6

Roles are sets of permissions, like “Read-only” or “Contributor”, that users can be granted to access an Azure service instance. Identities are mapped to roles directly or through group membership.

Question 7

What’s Azure AD Privileged Identity Management (PIM)?

Answer 7

It is an additional, paid-for offering that provides oversight of role assignments, self-service, and just-in-time role activation and Azure AD and Azure resource access reviews.

Question 8

What’s encryption?

Answer 8

It is the process of making data unreadable and unusable to unauthorized viewers.

Question 9

What’s the difference between symmetric and asymmetric encryption?

Answer 9

Symmetric encryption uses the same key to encrypt and decrypt the data, while in asymmetric encryption either key can encrypt the data but a single key can’t decrypt its own encrypted data.

Question 10

What’s Azure Key Vault?

Answer 10

It is a cloud service that works as a secure secrets store. Key Vault allows you to create multiple secure containers, called vaults. Key Vault is designed to support any type of secret. These secrets could be passwords, database credentials, API keys, and certificates.

Question 11

What’s Azure Application Gateway?

Answer 11

It is a load balancer that includes a web application firewall that provides protection from common, known vulnerabilities.

Question 12

What’s DDoS?

Answer 12

Distributed Denial of Service is an attack that attempts to overwhelm a network resource by sending so many requests that the resource becomes slow or unresponsive.

Question 13

How does Azure DDoS Protection work?

Answer 13

It identifies the attacker’s attempt to overwhelm the network and blocks further traffic from reaching Azure services. Legitimate traffic from customers still flows into Azure without any interruption of service.

Question 14

What’s defense in depth?

Answer 14

It is a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring unauthorized access to information. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure.

Question 15

To which scopes can RBAC be applied:

• Subscription
• Resource group
• Files and folders withing a Linux filesystem
• Resource

Answer 15

• Subscription
• Resource group
• Resource

Files and folders within a Linux file system can be secured with various methods, but not with RBAC.

Question 16

What does web application firewall (WAF) provide protection from?

Answer 16

• cross-site scripting (XSS)
• SQL-injection

Question 17

What network security groups (NSG) are for?

Answer 17

Restricting unnecessary communication between virtual machines.

Question 18

What’s ExpressRoute for?

Answer 18

It provides a dedicated, private connection between your network (on-premise) and Azure.

Question 19

What is Azure Security Center (ASC)?

Answer 19

It is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.

Question 20

When should the input be validated?

Answer 20

Always

Question 21

What is a secret in Key Vault?

Answer 21

It is a name-value pair of strings.

name - 1-127 characters long, contain only alphanumeric characters and dashes; unique per vault

value - UTF-8 string up to 25 KB

Question 22

Command to create a key vault

Answer 22

az keyvault create –resource-group {rg} –name {name}

Question 23

Command to create a secret

Answer 23

az keyvault secret set –name {name} –value {value} –vault-name {vault_name}

Question 24

What’s Azure Information Protection (AIP)?

Answer 24

It is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels.

Question 25

What’s Advanced Threat Protection?

Answer 25

It is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.