Saturday, February 1, 2020

Day 16: Microsoft Module Security, responsibility, and trust in Azure

Read this module carefully and slowly since most of them are quite important and compact, I cannot summarize them here.

Knowledge check:
  1. Cloud security is a shared responsibility between you and your cloud provider. Which category of cloud services requires the greatest security effort on your part?
  • Infrastructure as a service (IaaS)
At this level, the cloud provider provides physical security to compute resources. However, it's your responsibility to patch and secure your operating systems and software, as well as configure your network to be secure.
  • Platform as a service (PaaS)
  • Software as a service (SaaS)

  1. Which of these options helps you most easily disable an account when an employee leaves your company?
  • Enforce multi-factor authentication (MFA)
  • Monitor sign-on attempts
  • Use single sign-on (SSO)
SSO centralizes user identity, so you can disable an inactive account in a single step.

  1. Which of these approaches is the strongest way to protect sensitive customer data?
  • Encrypt data as it sits in your database
  • Encrypt data as it travels over the network
  • Encrypt data both as it sits in your database and as it travels over the network
Encrypting your data at all times, both as it sits in your database and as it travels over the network, minimizes the opportunity for an attacker to access your data in plain text.

  1. There has been an attack on your public-facing website, and the application's resources have been overwhelmed and exhausted, and are now unavailable to users. What service should you use to prevent this type of attack?
  • DDoS protection
DDoS protection is the correct answer, because it will help prevent DDoS attacks.
  • Azure Firewall
  • Network Security Group
  • Application Gateway

  1. You want to store certificates in Azure to centrally manage them for your services. Which Azure service should you use?
  • AIP
  • Azure AD
  • Azure Key Vault
Azure Key Vault is the correct answer, because it is a centralized cloud service for storing application secrets, referred to as a secret store.
  • Azure ATP

Thats all about the security for today.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)