(1) AZ-500 Identify security threats with Azure Security Center

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Data Collection can collect two log sources from every VM (2)

- Boot-time diagnostics - OS guest diagnostics

What is an incident response plan?

An incident response plan (IRP) allows you to identify and minimize the damage, reduce the cost, and fix the cause of a security attack

How are smart groups created? - Through a template deployment. - Through the Azure CLI. - Automatically, using machine learning algorithms.

Automatically, using machine learning algorithms

Workflow automations are built on

Azure Logic Apps

Which of the following is NOT a state of a smart group alert? - Failed - New - Acknowledged - Closed

Failed

What is Workflow automation in Azure Security Center?

A collection of grouped procedures that the security response team can execute with a single click in Security Center when a specific alert is detected (These actions are not automatically triggered)

Select the best definition of a Security Center incident - A single event indicating a successful security intrusion. - An alert reported in the security dashboard. - A collection of related individual alerts.

A collection of related individual alerts

Cyber kill chain is

A series of steps that trace the stages of a cyberattack from the early reconnaissance stages to the exfiltration of data

Which of the following is an example of a log data type? - Percentage of CPU over time. - HTTP response records. - Database tables. - Website requests per hour

HTTP response records

Viewing recommendations by category under

RESOURCE SECURITY HYGIENE header in Security Center

Azure Security Center is fully integrated with Azure Policy (true/false)

True

Azure Monitor enables you to gather

monitoring and diagnostic information about the health of your services

For responding to alerts a security engineer can get information about (5)

- What happened - When did it happen - What resource was attacked - Where is the resource located - What should you do about it

Log file storage locations

- Windows - D:\Home\LogFiles - Linux - managed through the underlying Docker container

Data types in Azure Monitor (2)

- metric-based data types - log-based data types

Azure Monitor collects data automatically from a range of components (5)

- Application data - Operating system data - Azure resource data - Azure subscription data - Azure tenant data

Security Center detect threats such as (4)

- Compromised VMs communicating with known malicious IP addresses - Advanced malware detected by Windows error reporting - Brute-force attacks against VMs - Security alerts from integrated partner security solutions, such as anti-malware or web application firewalls

ASC Free Tier Services (5)

- Compute resources such as VMs, Azure Functions and App Service - Network access and endpoint security - Data storage including Azure Storage, Redis cache for Azure, and Azure SQL - Identity and access including Azure Key Vault - IoT Hubs and resources

ASC Workflow pre-built actions (3)

- Create an automated incident report in another system, filling in fields from the active alert - Email a distribution group with details about the active alert(s) - Send a notification to a Teams or Slack channel

Extend the data that Azure Monitor collects by (2)

- Enabling diagnostics - Adding an agent (increases the amount of information that's sent to Azure Monitor)

Steps for an IRP (Incident response plan) (3)

- Establish an incident response team - Practice the plan - Revise the plan

CSIRT teams consists of (4)

- Executive - IT - Communications - Legal

Azure Security Center has two available tiers: (2)

- Free - Standard

Three signal types that you can use to monitor your environment (3)

- Metric (threshold is exceeded) - Activity log (Azure resources change state) - Log (things written to log files)

Azure Monitor collects two fundamental types of data (2)

- Metrics (how the resource is performing) - Logs (records that show when resources are created or modified)

Monitor service for VMs can provide these safeguards (6)

- OS security settings with the recommended configuration rules - System security updates and critical updates that are missing - Endpoint protection recommendations - Disk encryption validation - Vulnerability assessment and remediation - Threat detection

Phases of an incident response (4)

- Preparation - Detection and Analysis - Containment, Eradication & Recovery - Post-Incident activity

Four areas you can influence customizing ASC options (4)

- Pricing tier - Threat detection - Data Collection (enable auto-provisioning to install a monitoring agent on all VMs) - Email notifications

Composition of an alert rule (4)

- RESOURCE - CONDITION - ACTIONS - ALERT DETAILS (0: Critical, 1: Error, 2: Warning, 3: Informational, 4: Verbose)

Azure Security Center addresses the three most urgent security challenges (3)

- Rapidly changing workloads - Increasingly sophisticated attacks - Security skills are in short supply

Eight phases of Cyber Kill Chain (8)

- Reconnaissance - Intrusion - Exploitation - Privilege Escalation - Lateral Movement - Obfuscation / Anti-forensics - Denial of Service - Exfiltration

Built-in security policies that Security Center monitors (7)

- Secure transfer to storage accounts should be enabled - Azure AD administrator for SQL server should be provisioned - Client authentication should use Azure Active Directory - Diagnostics logs in Key Vault should be enabled - System updates should be installed on your machines - Audit missing blob encryption for storage accounts - Just-In-Time network access control should be applied on virtual machines

ASC Standard Tier Services (extend from free) (10)

- Security event collection - Network Map - Just-in-time VM access - Adaptive application controls (application whitelisting) - Regulatory compliance reports - File integrity monitoring - Adaptive Network Hardening - Security alerts - Threat intelligence - Workflow Automation

Security Center categories of alerts (4)

- Virtual machine behavioral analysis - Network analysis - SQL database and SQL Data Warehouse analysis - Contextual information

What is a security alert?

Alerts are the notifications that Security Center generates when it detects threats on your resources.

CSIRT

Computer Security Incident Response Team

What data does Azure Monitor collect? - Data from a variety of sources, such as the application event log, the operating system (Windows and Linux), Azure resources, and custom data sources - Azure billing details - Backups of database transaction logs

Data from a variety of sources, such as the application event log, the operating system (Windows and Linux), Azure resources, and custom data sources

What is live log streaming

Live log streaming is an easy and efficient way to view live logs for troubleshooting purposes

What two fundamental types of data does Azure Monitor collect? - Metrics and logs - Username and password - Email notifications and errors

Metrics and logs

Which feature is not available in the basic (free) tier? - Monitor VM activity for intrusion attempts. - Provide continuous security assessments. - Monitor external cloud and non-Azure resources.

Monitor external cloud and non-Azure resources.

What types of Web apps can save logs to Azure Blob storage? - Node.js apps on Windows. - Node.js apps on Linux. - ASP.NET Core apps on Linux.

Node.js apps on Windows

What's the composition of an alert rule? - Resource, condition, log, alert type - Metrics, logs, application, operating system - Resource, condition, actions, alert details

Resource, condition, actions, alert details

Security Center reviews your security recommendations across all workloads and calculates a

Security Score

What level can you apply security policies to? (Select the best answer). - Security policies are always turned on for every subscription and are not configurable. - Security policies can be configured at the subscription level. - Security policies can be configured at the subscription and resource group level.

Security policies can be configured at the subscription and resource group level

What are smart groups?

Smart groups are an automatic feature of Azure Monitor, Smart groups allow you to address a group of alerts instead of each alert separately.

Select the best description of the Secure Score shown on the dashboard. - The Secure Score is a calculation based on the ratio of healthy resources vs. total resources. - The Secure Score is a count of recommendations made against your monitored resources - The Secure Score is a machine-learning based prediction of how likely your resources are to be infiltrated by a hacker

The Secure Score is a calculation based on the ratio of healthy resources vs. total resources

What information is not present in the alert details - The number of times this alert has occurred. - Where is the resource located? - What should you do about it?

The number of times this alert has occurred

Why is file system logging automatically turned off after 12 hours? - To optimize app performance. - So that storage space can be reused. - To enable Web apps to reinstantiate on different server instances, with different file system storage.

To optimize app performance

Lateral movement in the cyber kill chain is the act of moving laterally to connected servers to gain greater access to potential data (true/false)

True

NIST publishes a standard guide on how to handle security incidents (true/false)

True

You can collect boot-time diagnostics from VMs with Security Center (true/false)

True

You can enable Security Center on a per-subscription basis (true/false)

True

Analyzing logs by using Kusto

You write a log query with the Kusto query language, which is also used by Azure Data Explorer

What is Azure Monitor?

service for collecting and analyzing telemetry


Ensembles d'études connexes

Community Ch 3,8, 9, 10, 13, 26, 27, 30 Tb Qts

View Set

Linux Ch. 24 Troubleshooting Application and Hardware Issues

View Set

Adenoma-Carcinoma sequence in Colorectal cancer.

View Set

mother baby chapter 3 practice questions

View Set