3.2.10 Azure Security and Features Facts

What defends the Perimeter layer?

Firewalls and DDoS protection. The perimeter is critical — it's much harder to eliminate a threat once it has breached it. What makes up the Network layer defense?

What makes up the Network layer defense?

• Network segmentation

• Secure connectivity

• Limited internet access

• Secure cloud-to-on-premises connectivity

What does the Data layer protect?

Data stored in databases, virtual machines, cloud storage, and SaaS applications. Many regulatory requirements govern data confidentiality.

What are the 7 layers of Defense in Depth?

• Data

• Application

• Compute

• Network

• Perimeter

• Identity and access

• Physical

What does the Identity and Access layer cover?

• SSO and multifactor authentication

• Controlling access

• Event auditing

• Granting access only as needed

• Logging all events and changes

What does the Compute layer include and how is it secured?

Virtual machines, systems, and endpoints — each should be secured with access controls in place.

What does the Application layer focus on?

Securing applications and application secret storage. Organizations should integrate security into the application development process.

What does the Physical layer protect?

Building security and data center access — ensuring only authorized individuals can enter and that any loss or theft is documented and addressed.

What types of sensitive data does Azure Key Vault store?

Passwords, certificates, tokens, and API keys. It can also create/manage encryption keys and SSL/TLS certificates for internal and Azure resources.

What is Azure Sentinel?

A Security Information and Event Management (SIEM) system that collects data from multiple sources, uses Microsoft analytics and threat intelligence to detect hidden threats, and automates incident response.

How do you configure Azure Dedicated Host for high availability?

Select the appropriate Azure region, availability zone, and fault domain.

What is Azure Key Vault used for?

A centralized cloud service for storing highly sensitive secrets: passwords, certificates, tokens, and API keys. It also manages encryption keys and SSL/TLS certificates, with access control and monitoring.

What does SIEM stand for and which Azure service uses it?

Security Information and Event Management — used by Azure Sentinel.

Name 3 things Azure Security Center monitors or does.

• Monitors cloud and on-premises services

• Performs security assessments

• Identifies vulnerabilities

• Detects and stops malware installation

• Applies security settings to new resources

Name 3 things Azure Security Center monitors or does.

• Monitors cloud and on-premises services

• Performs security assessments

• Identifies vulnerabilities

• Detects and stops malware installation

• Applies security settings to new resources

What is Azure Security Center?

A centralized security monitoring service that protects cloud and on-premises services by monitoring resources, assessing security, identifying vulnerabilities, stopping malware, and applying security settings to new resources.

What problem does Azure Dedicated Host solve?

By default, VMs from different organizations may share physical hardware. Azure Dedicated Host ensures your VMs run on dedicated physical servers, meeting strict compliance and regulatory requirements.

What three types of DDoS attacks does Azure DDoS Protection defend against?

• Volumetric attacks

• Resource-level attacks

• Protocol attacks

What are Network Security Groups (NSGs)?

Firewall services offered by Azure that filter network traffic between services within an Azure virtual network.

What does Azure Firewall do and how does it filter traffic?

Azure Firewall inspects and filters network traffic by port number, protocol, FQDN, and network address. Admins set NAT, network, or application rules to permit or block traffic.

How does Azure Firewall process traffic against rules?

It reviews incoming traffic, compares it against existing rules, and either permits or blocks the traffic accordingly.