Bash, the Crucial Exams Chat Bot
AI Bot
Cloud Security in Microsoft Azure Flashcards
Microsoft Security, Compliance, and Identity Fundamentals SC-900 Flashcards
Study our Cloud Security in Microsoft Azure flashcards for the Microsoft Security, Compliance, and Identity Fundamentals SC-900 exam with 35+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| How can access to sensitive Azure resources be restricted | By implementing Azure Privileged Identity Management (PIM) |
| How can Azure Resource Locks improve security | By preventing accidental deletion or modification of critical resources |
| How can you enforce encrypted data transfer in Azure | By using Azure SSL certificates and configuring HTTPS endpoints |
| How can you limit access to Azure resources based on geography | Use Azure Geolocation-based policies in Azure Policy |
| How can you protect data in transit using Azure VPN Gateway | By encrypting data transmissions with IPsec protocols |
| How can you secure access to Azure Virtual Machines | By using Just-in-Time access and multifactor authentication |
| How can you secure data at rest in Azure Storage | By enabling encryption such as Azure Storage Service Encryption (SSE) |
| How do tags assist in managing Azure resources | By categorizing and identifying resources for better security and organization |
| How does Azure ExpressRoute contribute to cloud security | It offers private connections that bypass the public internet for enhanced data protection |
| How does Azure Log Analytics enhance security | It enables detailed monitoring and log analysis for better threat detection |
| How does Azure Monitor help with security | It provides insights and alerts for identifying vulnerabilities and suspicious activity |
| How does Immutable Blob Storage add security to Azure | It ensures stored data cannot be altered or deleted during a specified retention period |
| What are Azure Blueprints used for | To automate compliance and security configurations across Azure environments |
| What Azure tool helps in monitoring security threats | Microsoft Defender for Cloud |
| What do Network Security Groups (NSGs) do | They allow or deny inbound/outbound network traffic to Azure resources |
| What does DDoS Protection in Azure prevent | It minimizes downtime from malicious Distributed Denial-of-Service attacks |
| What does Secure Score in Microsoft Defender for Cloud measure | Overall security posture and provides recommendations to improve security |
| What does the term 'secure workloads' mean in Azure | Protecting applications and data running in the Azure environment |
| What is a benefit of using Azure Key Vault | Securely storing and accessing keys, secrets, and certificates |
| What is a common way to segment networks in Azure | Using Virtual Networks (VNets) for isolation and security |
| What is Azure Bastion used for | To provide secure and seamless RDP and SSH access to virtual machines directly in Azure |
| What is Azure Policy used for in terms of security | It ensures compliance with company standards and regulations |
| What is the advantage of using Private Link in Azure | It allows secure and private connections to Azure services using private endpoints |
| What is the Azure role-based access control (RBAC) used for | To manage user permissions for Azure resources |
| What is the benefit of implementing conditional access policies in Azure | It ensures access to resources is only granted under specific conditions |
| What is the best way to ensure data is securely deleted in Azure | Using Azure Storage Account features like Blob Delete Lock and data lifecycle management |
| What is the difference between a public and a private IP address in Azure | Public IP is accessible from the internet, while private IP is restricted within the virtual network |
| What is the function of Azure Sentinel | Cloud-native solution for intelligent security analytics and threat detection |
| What is the importance of Multi-Factor Authentication (MFA) in Azure security | It adds an extra layer of protection by requiring multiple verification methods |
| What is the purpose of Azure Firewall | To control and monitor network traffic to and from Azure resources |
| What is the purpose of Azure Private Endpoint | To connect securely to Azure PaaS services without exposing them to the public internet |
| What is the purpose of Azure Security Center | To provide unified security management and advanced threat protection |
| What is the purpose of Azure Traffic Manager | To control the distribution of network traffic for high availability and security |
| What is the role of Azure Active Directory in cloud security | It provides identity and access management for Azure resources |
| What is the role of managed identities in Azure | They provide a secure way for applications to access Azure services without storing credentials |
About the Flashcards
Flashcards for the Microsoft Security, Compliance, and Identity Fundamentals exam give you rapid practice on core Azure security skills. Review how Azure Firewall, Network Security Groups, VNets and Traffic Manager control and route traffic, and learn when to deploy DDoS Protection, VPN Gateway, ExpressRoute or Private Link to keep data flows isolated and encrypted.
Cards explain identity and access safeguards like Azure AD, RBAC, PIM, MFA and managed identities, plus governance tools such as Policy, Blueprints, tags and Resource Locks that enforce compliance. You'll also practice securing workloads with Key Vault, Storage Service Encryption, Immutable Blobs, Microsoft Defender for Cloud, Sentinel and Log Analytics.
Topics covered in this flashcard deck:
- Network security controls
- Identity & access management
- Data protection & encryption
- Threat detection & monitoring
- Governance & compliance
- Private connectivity options