Azure Security Monitoring and Analytics Flashcards
Microsoft Azure Security Engineer Associate AZ-500 Flashcards
| Front | Back |
| What are KQL queries | Queries written in Kusto Query Language used to analyze data in Azure Monitor Logs |
| What are Role-Based Access Controls (RBAC) in Azure | Mechanisms used to manage access to resources by assigning roles to users and groups |
| What are Secure Score recommendations | Security posture improvement suggestions provided by Azure Security Center |
| What does Azure Defender for Servers offer | Advanced threat protection and monitoring for VMs running in Azure, on-premises, and other clouds |
| What does the Investigation Graph in Azure Sentinel show | A visual representation of relationships between security events for streamlined investigation |
| What is a Log Analytics Workspace | A central repository for Azure Monitor Logs data that enables querying and reporting |
| What is Advanced Threat Analytics (ATA) | A component used to detect and analyze advanced threats targeting organizational accounts and systems |
| What is Azure Firewall | A managed cloud-based network security service to protect Azure environments |
| What is Azure Key Vault's role | Securely storing secrets, encryption keys, and certificates for Azure resources |
| What is Azure Monitor Logs | A tool for collecting, analyzing, and acting on telemetry data from Azure resources |
| What is Azure Policy | A tool that ensures resources comply with organizational standards and governance |
| What is Azure Security Center | A unified infrastructure security management system for strengthening security posture and providing advanced threat protection |
| What is Azure Sentinel | A scalable cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution |
| What is DDoS Protection in Azure | A service that defends Azure applications against Distributed Denial of Service (DDoS) attacks |
| What is Just-In-Time (JIT) VM Access | A feature that reduces attack surfaces by allowing temporary VM access only when needed |
| What is Microsoft Threat Intelligence in Azure Sentinel | A built-in feature that provides up-to-date insights into known threats worldwide |
| What is Network Watcher | A service for monitoring and diagnosing issues in Azure networks |
| What is the Azure Activity Logs | Logs that provide insights into subscription-level events in Azure |
| What is the purpose of Security Baselines in Azure | To provide minimum implementation recommendations for consistent security across Azure services |
| What is threat detection in Azure Security Center | Automated detection of known and new threats targeting Azure resources |
About the Flashcards
Flashcards for the Microsoft Azure Security Engineer Associate exam provide a focused, terminology-driven review of core Azure security services and detection workflows. The deck helps students reinforce definitions and key concepts for Azure Security Center, Azure Sentinel (SIEM/SOAR), Azure Defender, and Advanced Threat Analytics, with emphasis on security posture, threat detection, and investigation processes.
Additional cards cover logging and analysis using Azure Monitor Logs, Log Analytics Workspace, Activity Logs, and Kusto Query Language (KQL), plus governance and access topics such as Azure Policy, security baselines, RBAC, Key Vault, and Just-In-Time VM access. Network protections like Azure Firewall and DDoS protection are included to prepare learners for concept-based and scenario questions.
Topics covered in this flashcard deck:
- Azure Security Center
- Azure Sentinel SIEM/SOAR
- Azure Monitor & KQL
- Log Analytics Workspace
- RBAC, Key Vault, Policy
- Network security and DDoS