ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 12 - AZ-900 discussion

Report
Export

DRAG DROP

You need to complete the defense-in-depth strategy used in a datacenter.

What should you do? To answer, drag the appropriate layers to the correct positions in the model. Each layer may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.


Question 12
Correct answer: Question 12

Explanation:

Defence in depth layers (from bottom to top):

Data

Data

- In almost all cases attackers are after data.

- Data can be in database, stored on disk inside VMs, on a SaaS application such as Office 365 or in cloud storage. - Those storing and controlling access to data to ensures that it's properly secured

- Often regulatory requirements dictates controls & processes

- to ensure confidentiality, integrity, and availability.

Application

- Ensure applications are secure and free of vulnerabilities.

- Store sensitive application secrets in a secure storage medium.

- Make security a design requirement for all application development.

- Integrate security into the application development life cycle.

Compute

Compute

- Secure access to virtual machines.

- Implement endpoint protection and keep systems patched and current.

- Malware, unpatched systems, and improperly secured systems open your environment to attacks.

Networking

- Limit communication between resources.

- Deny by default.

- Allow only what is required

- Restrict inbound internet access and limit outbound, where appropriate.

- Implement secure connectivity to on-premises networks.

Perimeter

- Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users. - Use perimeter firewalls to identify and alert on malicious attacks against your network.

Identity and access

- Control access to infrastructure and change control.

- Access granted is only what is needed

- Use single sign-on and multi-factor authentication.

- Audit events and changes.

Physical security

- Building security & controlling access to computing hardware.

- First line of defense.

Reference:

https://github.com/undergroundwires/Azure-in-bullet-points/blob/master/AZ-900%20Microsoft%20Azure%20Fundamentals/4.2.%20Defence%20in%20Depth.md

asked 02/10/2024
Paul Bryant
30 questions
User
0 comments
Sorted by

Leave a comment first