In this post, I am going to share some quick tips, including Q/A and useful links from Day 3 of our previously launched Azure Fundamentals [AZ-900] training covering:
Module 4: General Security & Network Security Features where we have the topics like General Security, Shared Security, Network Security, Azure Network Security Solutions, Azure Firewalls, Network Security Groups (NSGs), Distributed Denial of Service (DDoS) Protection.
We also covered hands-on Lab 13 and Lab 14 out of our extensive 20+ hands-on labs.
So, here are some of the Q/As asked during the Live session from Day 3.
General Security
Security is a small word for a significant concept. There are so many factors to consider to protect your applications and your data.
General or Cloud security protects data stored online via cloud computing platforms from theft, leakage, and deletion. Methods of providing cloud security include firewalls, penetration testing, obfuscation, tokenization, virtual private networks (VPN), and avoiding public internet connections.
Azure Security Center
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers. It provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on-premises.
Read more about Azure Security Center.
Q1. How does Azure Security Center help in improving the security infrastructure?
Ans. This is your “base layer” for monitoring the security configuration and health of your workloads. Azure Security Center strengthens the security posture by helping you identify and perform the solidifying tasks recommended as security best practices and execute them across your machines, data services, and apps.
Azure Sentinel
Azure Sentinel provides a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel helps to collect, detect, investigate and respond to security threats and incidents. Thus delivering intelligent security analytics and threat intelligence all across the enterprise ecosystem.
Read more about Azure Sentinel
Q2. Is Sentinel a SaaS or PaaS?
Ans. Sentinel offers various cloud-based business applications available as Software as a Service (SaaS) solutions.
Read more about The difference between Azure Security Center, Azure Defender, and Azure Sentinel.
Shared Security
A number of different teams within an organization could be responsible for cloud security: the network team, security team, apps team, compliance team, or the infrastructure team. However, cloud security is also a shared responsibility between the broader organization and its cloud vendor.
Example: Organizations are responsible for all security aspects for a private cloud because it is hosted in the organization’s own data center. This includes the physical network, infrastructure, hypervisor, virtual network, operating systems, firewalls, service configuration, identity and access management, etc. The organization also owns the data and its security.
Read more about Shared responsibility in the cloud
Network Security
Network security focuses on tools used to protect data, applications, and resources at the network level. The primary focus is to protect against unauthorized access into or between parts of the overall network infrastructure.
Azure Network Security Solutions
The process of protecting resources from unauthorized access or attack by applying controls to network traffic. Azure includes a robust networking infrastructure to support your application and service connectivity requirements.
Network connectivity is possible between resources located in Azure, between on-premises and Azure-hosted resources, and to and from the internet and Azure.
Read more about Azure Network Security
Azure Firewalls
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. Azure provides a firewall service in which you can centrally manage inbound and outbound firewall rules. We can create network firewall rules, application firewall rules, inbound SNAT rules, outbound DNAT rules, etc.
Read more about Azure Firewalls
Network Security Groups (NSGs)
Network Security Groups are another method for implementing security rules. NSGs provides a virtual firewall for a set of Cloud resources that have the same security posture.
A Network Security Group consists of a set of access control rules that describe traffic filters. These can be associated with a virtual machine or a subnet in the same region. The rules defined in the Network Security Group act as filters.
Read more about Network Security Groups.
Q3. What is the difference between Network Security Groups (NSGs) and Azure Firewall?
Ans. The Azure Firewall service complements network security group functionality. Together, they provide better “defense-in-depth” network security. Network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription.
Azure Firewall is a fully stateful, centralized network firewall as-a-service, which provides network- and application-level protection across different subscriptions and virtual networks.
Q4. What is the difference between Application Gateway WAF and Azure Firewall?
Ans. The Web Application Firewall (WAF) is a feature of Application Gateway that provides centralized inbound protection of your web applications from common exploits and vulnerabilities.
Azure Firewall provides inbound protection for non-HTTP/S protocols (for example, RDP, SSH, FTP), outbound network-level protection for all ports and protocols, and application-level protection for outbound HTTP/S.
Distributed Denial of Service (DDoS) Protection
DDoS mitigation refers to the process of successfully protecting a targeted server or network from a distributed denial-of-service (DDoS) attack. By utilizing specially designed network equipment or a cloud-based protection service, a targeted victim can mitigate the incoming threat.
Read more about Distributed
Q5. What is a DDoS attack?
Ans. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic, hence making the website or server unreachable for the normal user.
Q6. What does DDoS Protection do?
Ans. Sanitizes unwanted network traffic before it impacts service availability.
The basic service tier is automatically enabled in Azure.
The standard service tier adds mitigation capabilities, tunes to protect Azure Virtual Network resources.
Q7. What services do I need to protect web applications?
Ans. Azure Web Application Firewall and Azure DDoS Protection help you protect your web applications from malicious attacks, bots, and common web vulnerabilities.
Explore defense in depth
A layered approach to securing computer systems. Provides multiple levels of protection. Attacks against one layer are isolated from subsequent layers.
Read more about Defense in depth.
Quiz Time (Sample Exam Questions)!
With our Microsoft Azure Administrator training program, we cover 250+ sample exam questions to help you prepare for the certification AZ-900.
Check out one of the questions and see if you can crack this…
Ques: Your company plans to migrate all its network resources to Azure. You need to start the planning process by exploring Azure. What should you create first?
a. Subscription
b. Resource group
c. Virtual network
d. Management group
Comment down the right answer below or the right answer will be revealed in my next week’s blog.
Here is the answer to the question shared last week (Scroll down at the end of this post for the question).
Ques: What is the different type of services offered in the Azure cloud?
a. Platform as a Service
b. Infrastructure as a Service
c. Software as a service
d. All of these
Answer: d
Feedback
We always work on improving and being the best version of ourselves from the previous session hence constantly ask feedback from our attendees.
Here’s the feedback that we received from our trainees who had attended the session…
Related/References
- Learn how to create a Free Microsoft Azure Trial Account
- What are Resources and How to Create a Resource Group
- [AZ-900] Microsoft Azure Certification Fundamental Exam: Everything You Must Know
- How to Register For [AZ-900] Microsoft Azure Fundamentals Certification Exam
Next Task For You
Still, feeling confused about where to start or which certification is right for you? Just click on the register now button below to register for a Free Masterclass on Microsoft Azure Fundamentals Certification, Live Demo & Q/A, which will help you better understand and choose the right path and clear certification exam.
The post [Recap] Day 3: General Security & Network Security Features [Azure Fundamentals] [AZ-900] appeared first on Cloud Training Program.