AZ 900 Obj 3 - Security, Privacy, and Compliance

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Difference between authentication and authorization

-Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it

use cases and benefits of Azure Monitor and Azure Service Health

-Azure monitor is for reviewing the metrics about your services. -Azure Service Health is for information about Azure Datacenters, planned maintenances and changes to azure services that require your attention.

Azure Trust Center

-Security - Learn how all the Microsoft Cloud services are secured. • Privacy - Understand how Microsoft ensures privacy of your Data in the Microsoft cloud. • Compliance - Discover how Microsoft helps organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals' data. • Transparency - View how Microsoft believes that you control your data in the cloud and how Microsoft helps you know as much as possible about how that data is handled. • Products and Services - See all the Microsoft Cloud products and services in one place • Service Trust Portal - Obtain copies of independent audit reports of Microsoft cloud services, risk assessments, security best practices, and related materials.

Azure Germany services

-is a physically isolated instance of Microsoft Azure. It uses world-class security and compliance services that are critical to German data privacy regulations for all systems and applications built on its architecture. Operated by a data trustee, Azure Germany supports multiple hybrid scenarios for building and deploying solutions on-premises or in the cloud

Azure Firewall

-managed, cloud-based network security service that protects your Azure Virtual Network resources. -It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability -uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network

Azure DDoS Protection

A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. -There are two service tiers: Basic & Standard. Basic is the automatically included level

Locks

As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.

Azure Active Directory

Cloud-based identity service and it has built in support for synchronizing with your existing on-premises Active Directory or can be used stand-alone. -Azure AD is not Windows Server Active Directory running on Virtual Machines in Microsoft Azure -Provides services such as Authentication, Single Sign On, Application management, B2B Identity Services, Device Management.

NIST

Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement.

Compliance Manager

Microsoft Cloud solution that helps you meet complex compliance obligations with ongoing risk assessments, actionable insights, and a simplified compliance process.

Role-Based Access Control (RBAC)

Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. • Here are some examples of what you can do with RBAC: o Allow one user to manage virtual machines in a subscription and another user to manage virtual networks o Allow a DBA group to manage SQL databases in a subscription o Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets o Allow an application to access all resources in a resource group

GDPR

The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU

Service Trust Portal

The Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein.

Microsoft Privacy Statement

This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Network Security Group - NSG

allows or denies inbound network traffic to your Azure resources

Azure Service Health

customizable dashboard which tracks the health of your Azure services in the regions where you use them

Azure Government services

delivers a dedicated cloud enabling government agencies and their partners to transform mission-critical workloads to the cloud. -handles data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. In order to provide you with the highest level of security and compliance, Azure Government uses physically isolated datacenters and networks (located in U.S. only).

Azure Advisor security assistance

has a security recommendation section which provides a consolidated view of recommendations for all your Azure resources. It integrates with Azure Security Center to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard. prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources

ISO

international standard-setting body composed of representatives from various national standards organizations.

Azure Advanced Threat Protection (ATP)

is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to: o Monitor users, entity behavior, and activities with learning-based analytics o Protect user identities and credentials stored in Active Directory o Identify and investigate suspicious user activities and advanced attacks throughout the kill chain o Provide clear incident information on a simple timeline for fast triage

Azure Information Protection (AIP)

is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.

Azure governance methodologies

is a service in Azure that you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. evaluating your resources for non-compliance with assigned policies

Azure Monitor

maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on

Azure Multi-Factor Authentication

provides additional security for your identities by requiring two or more elements for full authentication. These elements fall into three categories: Something you know - Example: Password or pin Something you possess - Example: Your Phone Something you are - Example: Fingerprint, Face Scan, Eye Scan

Azure Security center usage scenarios

unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.

Key Vault

use Key Vault to safeguard and manage cryptographic keys and secrets used by cloud applications and services • Secrets Management • Key Management (Encryption Keys) • Certificate Management • Store secrets backed by Hardware Security Modules


Ensembles d'études connexes

ABEKA WORLD HISTORY AND CULTURES APPENDIX QUIZ M

View Set

med-surg. Pharm. Chapter 91: Miscellaneous Antibacterial Drugs: Fluoroquinolones, Metronidazole, Daptomycin, Rifampin, Rifaximin, Bacitracin, and Polymyxins

View Set

Chapter 18 9th grade Geography Test

View Set

H&C Ch. 4: Health Education and Health Promotion

View Set