Understand Security, Privacy, Compliance, & Trust

Question 1

What is a Network Security Group (NSG)?

Answer 1

NSG is a regulatory mechanism that controls the communication amongs the N-tier loosely coupled architecture from low tier to high tier.

The Network Security Group feature is important because it only allows trusted communication between your different data layers.

Question 2

What is the Application Security Group (ASG)? **

Answer 2

Application Security Group provides protection by giving recommendations on a free tier, standard tier, and gives full-on monitoring service.

Detect Phase
Assess Phase
Diagnose Phase- containment strategy

Question 3

What is the Azure firewall?

Answer 3

Azure firewall protects the perimeter of the virtual network; cloud-based network security that establishes IP address boundaries & protects VN from the perimeter.

Question 4

What is Azure DDoS Protection?

Answer 4

DDoS are full-blown attacks on virtual machines that tries to overload load balancers with requests.

• Basic DDoS Protection
• Advanced DDoS protection

Question 5

What is authentication?

Answer 5

Authentication is the process where the cloud provider gives an employee an identity in the organization.

Question 6

What is authorization?

Answer 6

Authorization is when the employer gives the employee authorization or access to a set of resources.

Question 7

What is Azure Active Directory (AD)?

Answer 7

AD is an “active directory” of already given prior authentication lists for people and it can sync with your already- made active directory for authentications and authorizations.

• Azure AD gives:
• MF Authentication
• SSO (multiple environments)
• Application Management
• B2B Identity services
• Device Management

Question 8

What is SSO?

Answer 8

SSO also called Single-Sign-On is part of the Azure Active Directory.

• This decreases problems for Help Desk which gives more control to help desk by allowing a single password and username for multiple sign-in for different resources.

Question 9

What is Azure Multi-Factor Authentication?

Answer 9

MFA is part of the Azure Directory list of resources:
- It gives authentication by the provider- so multi-factor authentication can be created:

3 questions asked here:

• Something you know?
• Something you possess?
• Something you possess?

(pin code, thumbprint, mothers maiden name)

Question 10

What is Azure Security Center?

Answer 10

Azure security center is similar to the applications security group

• give DAD assessment
• give recommendations on security measures

Question 11

What is Azure Key Vault?

Answer 11

Azure Key Vault is a specialized application to store secrets via centralized cloud services.

Functions of Azure Key Vault:

• Secrets Management
• Key Management
• Certification Management
• Has hardware security modules

Question 12

What is Azure Information Protection?

Answer 12

AIP or Azure Information Protection helps organizations classify & optionally protect documents & emails by applying labels

• Ex: word documents (you label as: all employees, confidential employees- X,Y,Z)

Question 13

What is Azure Advanced Threat Protection?

Answer 13

Advanced Threat Protection (ATP) is cloud based security solution that identifies, detects, and helps you investigate ADVANCED THREATS.

Question 14

What is Azure Policy?

Answer 14

Policies created to ensure IT measures are met including:

• SLA met for customers
• allows for cost management
• keeps your corporate standards in place on a smaller level than higher level

Question 15

What is Role-Based-Access- Control (RBAC)?

Answer 15

Role Based Access Control (RBAC) is what it sounds like. It gives authorization to a specific authenticated identity to have access to resource groups/ resources.

• Also allowed through Azure Active Directory (AD)

Question 16

What is Azure Resource Locks?

Answer 16

Azure Resource Locks are a setting that can be applied to any resource to block modifications or deletions of that resource.
- Delete Feature- delete will allow all operations against the resource but block the ability to delete
*this is good for
modifications

• Read-Only- read- only feature will only allow you to read and no blocking or modifications

Question 17

What is Azure Advisor security assistance?

Answer 17

Azure Advisor provides high availability, security, performance, operational excellence, and cost improvement recommendations.

Question 18

What is Azure Blue Print?

Answer 18

Azure Blue Print is a tool that can replicate virtual environments.

-It can replicate: role assignments, policy assignments, resource groups, etc.

Question 19

What is Azure Monitor? **

Answer 19

Azure Monitor is an application on the Azure portal.

It collects, analyzes, and acts on telemetry from your cloud & on-premise environment. Monitors activity logs & metrics for your deployed apps with time stamps.

Question 20

What is Azure Service Health? **

Answer 20

Azure Service Health is a maintenance application that tracks milestone service objectives for your purchased applications and resources.

Question 21

What is the difference between Azure Monitor vs. Azure Service Health?

Answer 21

Azure Monitor= monitors resources for cost and efficiency

Azure Service Health= tracks and logs with reminders for service updates like a car that needs an oil change!

Question 22

What are GDPR, SIO, NIST?

Answer 22

These are government regulating organizations for IT to make sure that the terms of the provided conditions for cloud-providers are being met for the clients.

Question 23

What is the Microsoft Privacy Statement?*

Answer 23

The microsoft privacy statement states how personal data of clients are processed, what data is processed, and for what reasons.

Question 24

What is Microsoft Trust Center?*

Answer 24

The Microsoft Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products.

Question 25

What is the Service Trust Portal? **

Answer 25

The Service Trust Portal is where you can find published external audit reports by 3rd parties to validate the extent of Microsoft’s Privacy Statement.

Question 26

What is compliance manager?

Answer 26

Compliance manager is a compliance tool for clients to see how well mircosoft are meeting their own privacy statements via monitors.

Question 27

What is Azure Government Cloud Services?

Answer 27

Azure government cloud services allows you to apply policies by root management group which is linked to all different groups.