You're reading from Microsoft Azure Security Technologies Certification and Beyond
Chapter 1 – Introduction to Azure Security
- False – Cloud security is a responsibility that both the Cloud provider (Microsoft) and the Cloud customers (us) share.
- a. Infrastructure as a Service (IaaS). If we are using an IaaS service such as a virtual machine, we have more security responsibilities to take care of.
- True – The principles of digital security are the same whether our workload sits in a traditional on-premises data center or in a cloud environment such as Microsoft Azure. The way we apply those principles is what differs.
- c. Physical security. The cloud provider is solely responsible for physical security.
Chapter 2 – Understanding Azure AD
- False – Azure AD is Microsoft's cloud-based identity and access management service that supports modern authentication/authorization protocols.
- d. Internal user imported from ADFS. Users cannot be imported from ADFS. It is a federation service. Other answer options are valid.
- c. Basic. The basic edition of Azure AD has been deprecated.
- c. Change the membership type of "London-Group" to Assigned. Create two new groups that have dynamic memberships. Add the new groups to "London-Group". A dynamic group assignment can be either for devices or users, but not for both. The membership type will need to be modified and two dynamic groups added to it.
Chapter 3 – Azure AD Hybrid Identity
- d. Instant authentication. There is no hybrid authentication method called instant authentication. Other answer options are valid.
- d. Pass-through authentication with seamless single sign-on. With pass through authentication, authentication requests are fulfilled on-premises and it does not have the server management overhead of ADFS.
- c. The Synchronization Rules Editor - The Synchronization Rules Editor can be used to configure complex synchronization rules like preventing users with certain attributes from being synchronized to Azure AD.
- False. Passwords stores in Azure AD are NOT stored with a reversible encryption algorithm.
- c and d. The Global administrator role in Azure AD and the Enterprise Admins group in Active Directory.
Chapter 5 – Azure AD Identity Governance
- b. The user's access will be revoked and removed. The option to "Take recommendation" is based on usage (whether a user has signed in recently within the past month). If the user has not signed in within the past month, the recommendation will be to revoke access.
- b. It means that the user can request to be assigned the role by PIM whenever they need it to perform a task. Eligible assignment type means that the user has to go through a request process in PIM.
Chapter 6 – Implementing Perimeter Security
- a. Create a new subnet in the virtual network. We need to create a subnet called
AzureFirewallSubnet
. - a. Deploy Azure Front Door. Azure Front Door is one of the services in Azure with WAF integration.
- a. A user-defined route. A user-defined route is used to send traffic to a customer specified route path in Azure.
Chapter 9 – Implementing Container Security
- b. The Linux image only. Azure Defender currently only supports Linux image scans in the registry.
- a. Update the settings of AKS1 to enable Azure AD integration. In order for users to authenticate using their Azure AD credentials, Azure AD integration will need to be enabled.
- a. From the Azure portal, modify the pricing tier settings of Security Center. Azure Defender for Container Registry is an option that can be enabled in the Azure Defender plan of Security Center.
Chapter 13 – Azure Cloud Governance and Security Operations
- a. Analytics. Using an Analytics rule, Sentinel can automatically create an incident when a threat is detected.
- c. Playbooks. Using a playbook, we can trigger a response to an incident including raising a ticket in a service management platform.
Why subscribe?
- Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
- Improve your learning with Skill Plans built especially for you
- Get a free eBook or video every month
- Fully searchable for easy access to vital information
- Copy and paste, print, and bookmark content
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.
At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
The rest of the chapter is locked
You have been reading a chapter from
Microsoft Azure Security Technologies Certification and BeyondPublished in: Nov 2021Publisher: PacktISBN-13: 9781800562653
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime