Microsoft Azure Exam certification notes Az-900

Describe securing network connectivity in Azure:-

Describe Network Security Groups (NSG)

  • The Network Security Group acts like a firewall that allows or denies the traffic from Different Network Interfaces.
  • The NSG’s can be configured for Network interfaces, Subnets and virtual Machines in different tiers.

Describe Application Security Groups (ASG)

  • The ASG increases the security in the virtual network environment by filtering traffic through pre-defined policies.
  • These policies can be applied on virtual machines, workloads, applications etc along with provision of grouping resources and filtering traffic.

Describe User Defined Rules (UDR)

Role assignments are used to define the type of user and level of access to the resources.

The roles given are-

OwnerFull control of resources along with management.
ReaderUser can just view but cant do any changes
ContributorFull control over everything except resource granting.
User Access AdminAdmin manages the users access to available resources.

Describe Azure Firewall

  • Network security service in the cloud environment that gives protection to the Azure resources.
  • Offers built-in high availability & scalability.
  • Azure has L3-L7 user configured firewall policies that offers protection from both HTTP/S attacks & non-http/s protocol attacks(ex:-Rdp,ssh etc).
  • Describe Azure DDoS Protection

Describe core Azure Identity services:-

Describe the difference between authentication and authorization

AuthenticationThe process of establishing the identity of a person
AuthorizationThe process of establishing the level of access the person has in the cloud environment.

Describe Azure Active Directory

Azure Active DirectoryIdentity and access Management Service

Describe Azure Multi-Factor Authentication

AMFA Extra security feature to enable secure access to the services and systems.

Describe security tools and features of Azure:-

Describe Azure Security Center

Azure Security CentreThis is a monitoring service to prevent threats and gives protection to all Azure workloads along with the on-premise(On systems).
Automatic Security assessments
Offered in two tiers:-
1. Free Tier
2.Standard Tier

Describe Azure Security Center usage scenarios

Scenario 1Security Recommendations given by Azure security centre to enhance the security features
Scenario 2Incident Response :- The security centre identify the threats , perform assessments and do the investigation.

Describe Key Vault

Key VaultThe key vault is a place where user can store passwords, tokens etc with high security.
Provides a Management solutions to securely store encryption keys, certificates(TLS/SSL) and Hardware security modules.

Describe Azure Information Protection (AIP)

AIP Classification and protection of documents & emails by labelling .
Labels:- Automatic-By Admin, Manual- Users and both types

Describe Azure Advanced Threat Protection (ATP)

Azure Advanced threat protection is a service offered in Azure to identify and mitigate the threats.

The three components of ATP are:

ATP PortalPortal to monitor and manage malicious activities
ATP SensorsThe data presented in the portal is collected by sensors
ATP ServiceConnected to Azure graph and get the reports on the Azure infrastructure

Describe Azure governance methodologies:-

Describe policies and initiatives with Azure Policy

Azure PoliciesWorkload standards can be defined, assigned and managed by the user.
Policy is giving a set of rules to the resources, workloads etc.
Scope to be created after policy creation and can be applied to the subscription .
Azure Initiatives Grouping of policies to assign them various scopes .

Describe Role-Based Access Control (RBAC)

RBACUsers will be given granular permissions depending on the role.
OwnerFull control of resources along with management.
ReaderUser can just view but cant do any changes
ContributorFull control over everything except resource granting.
User Access AdminAdmin manages the users access to available resources.

Describe Locks

LocksResource locks are the settings that can applied to prevent changes accidentally.
Resource Lock types are:-
1.Read-Only
2.Delete
Locks Azure
Creation of Locks

Describe Azure Advisor security assistance

Advisor integrates with the security centre to bring of the recommendations to enhance the security of the cloud environment.

Describe Azure Blueprints

Azure Blueprints maintains a connection between the defined standards and the deployment of the resources.

Helps in auditing the deployment of the cloud resources.

Describe monitoring and reporting options in Azure:-

Describe Azure Monitor

Azure MonitorA service that enables user to collect the data from cloud and on-premise environments and analyse the data to find better solutions.

Describe Azure Service Health

Azure Service HealthThis service allows users to track various azure services used in the regions and report on their health status.

Describe the use cases and benefits of Azure Monitor and Azure Service Health

Use cases that make sue of the above services can be Azure containers, Virtual Machines etc.

Describe privacy, compliance and data protection standards in Azure:-

Describe industry compliance terms such as GDPR, ISO and NIST

GDPRGlobal data Protection Regulations
European Union Law-Effective
New rules applied to anyone who collects information from EU citizens
ISOInternational Organisation for standardisation
NISTNational Institute of Standards and Technologies
Standards and guidelines to manage cyber-security risks

Describe the Microsoft Privacy Statement

This is the statement given by Microsoft on the how it handles the private data of the cloud users and the users of the applications associated with the azure resources .

Describe the Trust center

The trust centre provides the information on security appliance of Microsoft about their way to deal with privacy and Government regulations compliance all over the world.

Describe the Service Trust Portal

This is the website where Microsoft publishes its audit reports and compliance information in regards to it Cloud Services.

Describe Compliance Manager

This is a free tool hosted on STP.

This is workflow based risk assessment tool – to manage organisation compliance standards.

Determine if Azure is compliant for a business need

The Microsoft assists the users with how it follows all the standards and regulations according to the regions and the industries. It determines how it helps businesses to follow the guidelines according to the needs of the users.

Describe Azure Government cloud services

The Azure environment specially built for US government and defence department regions to meet their standards and regulations.

Describe Azure China cloud services

Offered in Partnership with the third party providers across china regions.

Click Here to move on to the next section

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Content is protected !!