šŸ”„ Check out my documented journey on how to set up Configuration Manager (MECM) and my updated notes on the Azure AZ-104 Exam! šŸ”„
Posts
Microsoft
Azure
AZ-900
AZ-900 Certification Notes
Acloudguru
chapter10
Chapter 10.11 - Security Quiz

AZ-900 Certification Notes

Chapter 10.11 - Security Quiz

Question 1

  • What is a distributed denial-of-service attack?
    • An attack that is partly generated by cloud services and partly by on-premises servers
    • An attack meant to target multiple services and bring them to a stop
    • An attack where lots of computers target a single server or website with the aim of making it stop
    • An attack carried out from multiple Azure datacenters

A distributed denial-of-service (DDoS) attack comes from a large number of sources with the sole aim of stopping your service. This is done through sending web traffic to your service until it can't handle it all and stops working. Azure has tools to protect against DDoS attacks, which sometimes aren't attacks at all but just increased visitor interest in services or content.

Question 2

  • If you don't want to share the hardware your VMs run on, how can you manage that in Azure?
    • Secure the network connection to your VM using a network security group.
    • Use Premium tier virtual machines.
    • Use Azure Security Center to create a private zone for your VM cluster.
    • Use Azure Dedicated Host.

Azure dedicated hosts run on their own dedicated hardware inside the Azure datacenter and only your chosen VMs will run on it.

Question 3

  • There is a potential threat to your Azure infrastructure from an outside attacker. Which service is best for detecting the threat?
    • Defense in Depth
    • Microsoft Sentinel
    • Key Vault
    • Azure Security Center

Microsoft Sentinel will collate, aggregate, and analyze data from multiple Azure services to detect any unusual behavior or patterns. You can then take action on the information.

Question 4

  • What does Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) do?
    • Helps an organization to classify and (optionally) protect its documents and emails by applying labels
    • Protects your privacy when sharing access to Azure resources with third parties
    • Helps you monitor user behavior in your on-premises and cloud environments
    • Finds vulnerabilities in the data passed to an Azure service in your subscription

Microsoft Defender for Identity helps you detect and investigate security incidents across your Azure accounts, both on-premises and in the cloud. It monitors users, devices, and resources in terms of their behavior. If any behavior is out of the ordinary, an alarm can be raised.

Question 5

  • What is the main function of Azure Information Protection?
    • To make sure attackers can't get to the Azure services in your subscription
    • To help an organization classify and (optionally) protect its documents and emails by applying labels
    • To protect your privacy when sharing access to Azure resources with third parties
    • To find vulnerabilities in the data passed to an Azure service in your subscription

Azure Information Protection helps secure email, documents, and sensitive data inside and outside your company walls. You can classify sensitive data, track activities on shared files and documents, collaborate securely, and much more. There is no active security service included, such as scanning the files being protected.

Chapter 10.10 - SummaryChapter 11 - Governance