The Tamilalt Corporation plans to comply with all privacy, compliance, and data protection standards. You are asked to investigate the standards.
Which of the following statements about the NIST standard in general and Azure’s compliance with the NIST standard are TRUE? (Choose three.)
A) Microsoft Antimalware protects VMs in real time to identify and remove viruses, spyware, and other malicious software.
B) The bastion host is the single point of entry that users can use to access the deployed resources.
C) All transactions to Azure Storage through the Azure portal occur via HTTP.
D) Diagnostics logs for Key Vault are enabled with a retention period of at least 90 days.
E) SQL database auditing writes database events to an audit log in an Azure storage account.
Explanation
The following statements are true:
- SQL database auditing writes database events to an audit log in an Azure storage account.
- Microsoft Antimalware protects VMs in real time to identify and remove viruses, spyware, and other malicious software.
- The bastion host is the single point of entry that users can use to access the deployed resources.
The SQL database instance uses the following database security measures:
- Active Directory enables identity management of database users and other Microsoft services in one central location.
- SQL database auditing writes database events to an audit log in an Azure storage account.
- SQL databases use transparent data encryption (TDE).
- Firewall rules can prevent access to database servers until the correct permissions have been granted.
- SQL Threat Detection enables the detection and response to potential threats as they occur.
- Encrypted columns prevent sensitive data from appearing as plain text inside the database system.
- Dynamic data masking prevents sensitive data from being accessed by non-privileged users or applications.
Customers can configure alerts when known malicious or unwanted software attempts to install or run on protected VMs.
The bastion host provides a secure connection to deployed resources by allowing only remote traffic from public IP addresses on a safe list. To permit remote desktop traffic, the source of the traffic must be defined in the NSG.
A customized retention period to store the diagnostics logs for Key Vault can be set. The default retention period for diagnostic logs is 0 days which means there is no retention period.
Azure uses Key Vault for the management of keys and secrets. Key Vault safeguards cryptographic secrets and keys used by cloud applications and services.
Azure encrypts all communications to and from Azure data centers by default. All transactions to Azure Storage through the Azure portal occur via HTTPS, not HTTP.
Objective:
Describe identity, governance, privacy, and compliance features
Sub-Objective:
Describe privacy and compliance resources
References:
கருத்துரையிடுக
Thanks for your comment