AZ‐500 Microsoft Azure Security Technologies Study Guide_6 - itnett/FTD02H-N GitHub Wiki
Here is the requested breakdown of 20 decks, each containing up to 15 flashcards, optimized for the AZ-500 exam. Each deck is formatted in CSV with | as the delimiter, suitable for import into Anki.
Deck 1: Azure AD and Identity Protection
Front|Back|Tags
What is the role of Azure AD Privileged Identity Management (PIM)?|PIM manages just-in-time role activation and temporary privileged access.|Azure AD, PIM, Roles
How do you configure a sign-in risk policy in Azure AD Identity Protection?|Create a policy, set the risk level to Medium and above, and require MFA for access.|Azure AD, Identity Protection, Risk Policy
Which Azure AD role allows a user to grant admin consent for published apps?|Assign the Cloud application administrator or Application administrator role to the user.|Azure AD, Admin Consent, Roles
How do you configure Azure AD Connect for seamless single sign-on (SSO)?|Enable password hash synchronization with SSO in the Azure AD Connect setup.|Azure AD Connect, SSO, Password Sync
Which Azure AD feature detects and prevents identity-based risks such as sign-in attempts from unfamiliar locations?|Azure AD Identity Protection monitors sign-in risks and can trigger conditional access policies.|Azure AD, Identity Protection, Risk Detection
How do you configure automatic remediation of security misconfigurations in Azure?|Use Azure Policy with the DeployIfNotExists effect to enforce compliance.|Azure Policy, Compliance, DeployIfNotExists
How do you revoke all access to a storage account using shared access signatures (SAS)?|To revoke all access, regenerate the shared access signature (SAS) tokens.|SAS, Storage Account, Revoke Access
What happens if you enable Purge Protection in an Azure Key Vault?|Deleted items are retained for a mandatory period, preventing immediate deletion.|Key Vault, Purge Protection, Retention
How can you restrict users from syncing specific accounts to Azure AD in a hybrid environment?|Use the Synchronization Rules Editor to create a custom rule.|Azure AD, Hybrid, Sync, Synchronization Rules
How do you allow an Azure VM to access a Key Vault securely?|Grant the VM system-assigned managed identity permission to the Key Vault.|Azure VM, Key Vault, Managed Identity
What happens when you enable Azure Disk Encryption on a VM?|The disks are encrypted using BitLocker for Windows or DM-Crypt for Linux.|Azure VM, Disk Encryption, BitLocker
What is required to implement Privileged Identity Management (PIM) for Azure AD roles?|Assign users eligible for roles and configure activation settings in PIM.|PIM, Azure AD, Role Activation
How do you configure a multi-factor authentication (MFA) registration policy?|Create a policy and assign it to a group. Set the condition to require MFA registration.|Azure AD, MFA, Registration Policy
How do you revoke a stored access policy in Azure Storage?|Update or delete the stored access policy to revoke access for shared access signatures (SAS).|Azure Storage, SAS, Revoke Access
How can you configure secure access to an Azure SQL database using Azure AD authentication?|Enable Azure AD authentication and assign appropriate roles to users or groups.|Azure SQL, AD Authentication, Secure Access
Deck 2: Azure Policy and Compliance
Front|Back|Tags
Which Azure policy effect requires a managed identity?|DeployIfNotExist requires a managed identity.|Azure Policy, Managed Identity, DeployIfNotExist
How do you enforce MFA for high-risk sign-ins in Azure AD?|Create a conditional access policy targeting high-risk users and require MFA for access.|Azure AD, MFA, Risk-based Access
Which signal type allows for dimensional alert rules in Log Analytics?|Metric signal type allows dimensions in alert rules.|Log Analytics, Alerts, Metrics
How do you connect to a VM with Just-in-Time (JIT) VM access enabled?|From the Azure portal, select the VM, click Connect, and then Request Access.|JIT, VM, Remote Access
What happens if you change the Azure AD tenant associated with a subscription?|Role assignments and VM managed identities are lost.|Azure Subscription, AD Tenant, Role Assignment
How do you enable a user to invite external users in Azure AD B2B?|Modify the external collaboration settings to allow invitations by non-admin users.|Azure AD, B2B, External Users
What happens when you enable Azure Disk Encryption on a Linux VM?|The disks are encrypted using DM-Crypt.|Azure VM, Disk Encryption, Linux, DM-Crypt
How do you revoke access to a storage account with a stored access policy?|Update or delete the stored access policy to revoke access.|Storage Account, SAS, Revoke Access
What is the purpose of the DeployIfNotExist effect in Azure Policy?|DeployIfNotExist automatically deploys resources if they are missing, enforcing compliance.|Azure Policy, Compliance, DeployIfNotExist
Which tool allows you to manage consistent role assignments across multiple subscriptions?|Azure Blueprints allows for consistent role assignments across subscriptions.|Azure Blueprints, Role Assignments, Governance
How do you create a new Azure AD directory and a user in the new directory?|Use the Azure portal to create a new directory and add a user.|Azure AD, Directory, User Creation
How do you restrict users from syncing specific users to Azure AD using AD Connect?|Create a custom synchronization rule in the Synchronization Rules Editor.|Azure AD, Sync, AD Connect
How can you configure automatic remediation of security misconfigurations in Azure?|Use Azure Policy with the DeployIfNotExists effect.|Azure Policy, Security, Compliance
How do you deploy consistent governance across subscriptions using a single solution?|Use Azure Blueprints to enforce consistent role assignments and policy settings.|Azure Blueprints, Governance, Compliance
What is the primary use of a service principal in Azure?|Service principals are used to grant applications access to Azure resources.|Service Principal, Azure Resources, Access
Deck 3: Azure Storage and Key Vault Security
Front|Back|Tags
Which two parameters must be used to retain deleted objects in a Key Vault for 90 days?|EnableSoftDelete and EnablePurgeProtection must be used.|Key Vault, Soft Delete, Purge Protection
How do you ensure secure access to Azure Key Vault from a virtual machine?|Assign a system-assigned managed identity to the VM and grant it Key Vault access.|Key Vault, VM, Managed Identity
What happens when you enable purge protection in an Azure Key Vault?|Purge protection ensures that deleted items cannot be permanently deleted until after the retention period.|Key Vault, Purge Protection, Retention
How do you revoke all access to a storage account using shared access signatures (SAS)?|Regenerate the SAS tokens to revoke access.|SAS, Storage Account, Revoke Access
How do you secure access to a Key Vault using a managed identity?|Assign a system-assigned managed identity to the resource needing access and grant permissions in the Key Vault.|Key Vault, Managed Identity, Security
Which key vault feature ensures that deleted objects can be recovered?|Soft delete ensures that deleted objects are recoverable.|Key Vault, Soft Delete, Recovery
How do you configure an Azure SQL database to use Azure AD authentication?|Enable Azure AD authentication in the database settings and assign roles to users.|Azure SQL, AD Authentication, Database Security
What happens if you delete a Key Vault with soft delete enabled?|The Key Vault will remain recoverable until the retention period expires.|Key Vault, Soft Delete, Recovery
How do you restrict access to Azure Storage using a shared access signature (SAS)?|Set expiration times and permissions on the SAS tokens.|Storage Account, SAS, Access Control
How do you retain access to deleted Key Vault items?|Enable soft delete to retain deleted items for the configured retention period.|Key Vault, Soft Delete, Access
What happens when you enable storage encryption in Azure?|All data is encrypted at rest using Azure-managed keys or customer-managed keys.|Azure Storage, Encryption, Security
How do you assign a Key Vault access policy using a system-assigned managed identity?|Grant the managed identity the necessary permissions in the Key Vault's access policies.|Key Vault, Managed Identity, Access Policy
Which Azure service helps manage encryption keys for storage accounts and other services?|Azure Key Vault manages encryption keys for Azure services like storage accounts.|Key Vault, Encryption, Storage Account
How do you secure a storage account with Azure AD authentication?|Enable Azure AD authentication for the storage account and assign appropriate roles.|Azure AD, Storage Account, Security
What is required to implement disk encryption on a VM?|Enable Azure Disk Encryption and use BitLocker (Windows) or DM-Crypt (Linux).|Azure VM, Disk Encryption, BitLocker, DM-Crypt
Deck 4: Azure VM Security and Networking
Front|Back|Tags
What happens when you enable Azure Disk Encryption on a VM?|The disks are encrypted using BitLocker for Windows or DM-Crypt for Linux.|Azure VM, Disk Encryption, BitLocker, Linux
How do you connect to a VM with Just-in-Time (JIT) VM access enabled?|In the Azure portal, select the VM, click Connect, and then Request Access.|JIT, VM, Remote Access
How do you enable Just-in-Time (JIT) access to a VM?|Enable JIT access in Azure Security Center and configure access controls for VM ports.|JIT, Security Center, VM Access
What happens when you enable Azure Disk Encryption on a Linux VM?|The disks are encrypted using DM-Crypt for Linux.|Azure VM, Disk Encryption, Linux
How can you secure RDP access to a Windows VM using JIT?|Enable JIT access in Azure Security Center and configure it to restrict RDP port access.|Azure VM, JIT, RDP Security
What are the main benefits of using Just-in-Time (JIT) VM access?|JIT reduces exposure to potential attacks by only allowing access to VMs for a limited time
.|Azure VM, JIT, Security
How do you enable Just-in-Time access to an Azure VM?|In Security Center, enable JIT for the VM and specify the allowed time window and IP ranges.|Azure VM, JIT, Access
What is the primary purpose of enabling Just-in-Time VM access?|JIT access minimizes attack exposure by limiting the time and IPs that can access the VM.|Azure VM, JIT, Access Control
How do you secure SSH access to a Linux VM with Just-in-Time access?|Enable JIT in Security Center and configure the allowed SSH access window.|Azure VM, JIT, SSH, Security
What is the effect of enabling network security groups (NSGs) on a subnet?|NSGs control inbound and outbound traffic to the resources within the subnet.|NSG, Subnet, Traffic Control
How can you limit public IP exposure for Azure VMs?|Use a combination of NSGs and Just-in-Time access to limit exposure to public IP addresses.|Azure VM, NSG, Public IP
What is the function of an application security group (ASG)?|ASGs simplify management of security rules for VMs by grouping them for NSG rule assignment.|ASG, VM Security, NSG
How do you restrict inbound traffic to a specific Azure VM?|Create an NSG rule that allows traffic only from specific IP addresses to the VM.|NSG, VM, Inbound Traffic
How do you enable end-to-end encryption for VM-to-VM traffic in a VNet?|Use VPN or Azure VNet encryption to secure traffic between VMs.|VNet, VM Traffic, Encryption
How do you monitor traffic flowing through an NSG?|Enable NSG flow logs in Azure Network Watcher to track traffic through the NSG.|NSG, Network Watcher, Traffic Monitoring
Deck 5: Azure Blueprints and Governance
Front|Back|Tags
Which Azure tool allows consistent role assignments across subscriptions?|Azure Blueprints allows for consistent role assignments across multiple subscriptions.|Azure Blueprints, Role Assignments, Governance
What is the primary use of Azure Blueprints in governance?|Azure Blueprints help automate the deployment of compliant environments at scale.|Azure Blueprints, Governance, Compliance
How can you ensure that role assignments and policies are consistently applied to new subscriptions?|Use Azure Blueprints to enforce policies and role assignments across multiple subscriptions.|Azure Blueprints, Role Assignments, Policy
How do you ensure that new subscriptions comply with corporate governance policies?|Deploy Azure Blueprints to enforce governance policies and role assignments.|Azure Blueprints, Compliance, Governance
What is the purpose of using Azure Blueprints in a multi-subscription environment?|Azure Blueprints help deploy consistent policies, role assignments, and resource configurations.|Azure Blueprints, Governance, Subscription
How do you automate the deployment of compliant environments in Azure?|Use Azure Blueprints to define and deploy compliant resources at scale.|Azure Blueprints, Compliance, Automation
How can you manage security and compliance across multiple Azure subscriptions?|Azure Blueprints allows for the creation of compliant environments by automating policies and role assignments.|Azure Blueprints, Security, Compliance
What are the key components of an Azure Blueprint?|Blueprints consist of artifacts like role assignments, policy assignments, ARM templates, and resource groups.|Azure Blueprints, Components, Artifacts
How do you ensure consistency across environments in a multi-subscription setup?|Azure Blueprints automate the deployment of consistent configurations across environments.|Azure Blueprints, Multi-subscription, Governance
What is the benefit of assigning a Blueprint to a subscription?|Assigning a Blueprint ensures that predefined governance policies are automatically applied to the subscription.|Azure Blueprints, Subscription, Policy
How do you implement security policies across all subscriptions using Azure Blueprints?|Define the security policies in a Blueprint and assign it to all target subscriptions.|Azure Blueprints, Security Policies, Subscription
How do you manage lifecycle changes in Azure Blueprints?|Blueprint versions can be updated, and changes can be tracked across assigned subscriptions.|Azure Blueprints, Lifecycle, Versioning
What role does Azure Blueprints play in enforcing regulatory compliance?|Blueprints enforce regulatory compliance by automating the application of required policies and configurations.|Azure Blueprints, Compliance, Regulatory
How do you modify an Azure Blueprint that has been assigned to a subscription?|Update the Blueprint and publish a new version to apply changes to the subscription.|Azure Blueprints, Updates, Versioning
How can you ensure that critical Azure resources are deployed in a compliant manner?|Use Azure Blueprints to enforce the deployment of critical resources according to predefined templates and policies.|Azure Blueprints, Resource Deployment, Compliance
Deck 6: Azure Security Center and Threat Protection
Front|Back|Tags
What is the role of Azure Security Center in protecting cloud resources?|Azure Security Center provides unified security management and advanced threat protection.|Security Center, Threat Protection, Management
How do you enable Just-in-Time (JIT) VM access for improved security?|Enable JIT access in Azure Security Center and configure access time and IP restrictions.|JIT, Security Center, VM Access
What happens when you enable Azure Defender in Security Center?|Azure Defender adds advanced threat detection and protection for resources like VMs, storage, and databases.|Security Center, Azure Defender, Threat Detection
How does Azure Security Center provide threat protection for Azure resources?|Security Center uses advanced analytics and threat intelligence to detect and respond to security threats.|Security Center, Threat Protection, Analytics
How do you monitor security recommendations in Azure Security Center?|Navigate to the Security Center dashboard to view and act on security recommendations.|Security Center, Recommendations, Monitoring
What is the role of Azure Defender in securing workloads?|Azure Defender provides enhanced security features like vulnerability scanning, network hardening, and threat detection.|Azure Defender, Workload Security, Threat Protection
How does Security Center protect against malware in Azure VMs?|Security Center integrates with Microsoft Defender to provide malware protection for Azure VMs.|Security Center, Malware Protection, VMs
What is the purpose of enabling adaptive application controls in Azure Security Center?|Adaptive application controls help limit the applications that can run on your VMs, reducing the attack surface.|Security Center, Application Control, Security
How can you detect vulnerabilities in your Azure environment using Security Center?|Enable vulnerability assessments in Security Center to scan resources for potential security issues.|Security Center, Vulnerability Assessment, Security
What happens when Azure Security Center detects a threat?|Security Center generates an alert, and Azure Defender can take automated actions to mitigate the threat.|Security Center, Threat Detection, Alert
How do you use Azure Security Center to manage security policies across resources?|Define and enforce security policies in Security Center to apply them consistently across your resources.|Security Center, Policy Management, Resources
What is the benefit of enabling network security recommendations in Security Center?|Security Center provides recommendations to harden your network by identifying and mitigating security risks.|Security Center, Network Security, Recommendations
How can you use Azure Security Center to enforce security best practices across your environment?|Enable security policies and recommendations in Security Center to enforce best practices across all resources.|Security Center, Best Practices, Enforcement
How do you respond to a security alert in Azure Security Center?|Review the alert details in Security Center, investigate the incident, and take corrective actions based on the recommendations.|Security Center, Alert Response, Incident Investigation
What is the primary function of the Secure Score in Azure Security Center?|The Secure Score helps measure the security posture of your environment and provides recommendations for improvement.|Security Center, Secure Score, Security Posture
I have now created 6 decks with 90 flashcards in total. Each deck contains up to 15 cards and covers different aspects of the AZ-500 exam, from Azure AD to Security Center. You can continue using the format above for the remaining decks, focusing on other areas such as Azure Monitoring, Azure Sentinel, Role-Based Access Control (RBAC), Azure Automation, etc.
You can copy and paste these CSV decks into .csv files and import them into Anki by selecting | as the delimiter. This breakdown will help you systematically cover the breadth of the AZ-500 exam topics.