Question: What must be enabled prior to conducting an Azure virtual machine failover test?
Encryption
Disaster recovery
Ans- Disaster recovery
Details:
- In Site Recovery in the Azure portal, click Recovery Plans > recoveryplan_name > Test Failover.
- Select a Recovery Point to which to fail over. You can use one of the following options:
- Latest processed: This option fails over all VMs in the plan to the latest recovery point processed by Site Recovery. To see the latest recovery point for a specific VM, check Latest Recovery Points in the VM settings. This option provides a low RTO (Recovery Time Objective), because no time is spent processing unprocessed data.
- Latest app-consistent: This option fails over all the VMs in the plan to the latest application-consistent recovery point processed by Site Recovery. To see the latest recovery point for a specific VM, check Latest Recovery Points in the VM settings.
- Latest: This option first processes all the data that has been sent to Site Recovery service, to create a recovery point for each VM before failing over to it. This option provides the lowest RPO (Recovery Point Objective), because the VM created after failover will have all the data replicated to Site Recovery when the failover was triggered.
- Latest multi-VM processed: This option is available for recovery plans with one or more VMs that have multi-VM consistency enabled. VMs with the setting enabled fail over to the latest common multi-VM consistent recovery point. Other VMs fail over to the latest processed recovery point.
- Latest multi-VM app-consistent: This option is available for recovery plans with one or more VMs that have multi-VM consistency enabled. VMs that are part of a replication group fail over to the latest common multi-VM application-consistent recovery point. Other VMs fail over to their latest application-consistent recovery point.
- Custom: Use this option to fail over a specific VM to a particular recovery point.
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-test-failover-to-azure
Question: What must be the same for all virtual machines when deploying a virtual machine scale set?
Operating system image
Private IP address
Ans- Operating system image
Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically upgrading the OS disk for all instances in the scale set.
Automatic OS upgrade has the following characteristics:
- Once configured, the latest OS image published by image publishers is automatically applied to the scale set without user intervention.
- Upgrades batches of instances in a rolling manner each time a new image is published by the publisher.
Question: How does the load balancer determine if back end virtual machines can process client requests?
Scale set
Health probe
Ans- Health probe
Details:
Your Classic Load Balancer periodically sends requests to its registered instances to test their status. These tests are called health checks. … The load balancer routes requests only to the healthy instances. When the load balancer determines that an instance is unhealthy, it stops routing requests to that instance.
Question: What is a security drawback of the ease and rapid virtual machine deployment in the cloud?
Reduced network performance
VM sprawl
Ans- VM sprawl
VM sprawl raises several serious concerns: Security and compliance. A virtual server can run for years, even if it was used for only a few days or weeks. Unused VMs might not get patched or receive proper maintenance and they tend to be easily forgotten.
Question: Which authentication protocol is used to forward authentication requests from network edge devices to central servers?
RADIUS
LDAP
Ans- RADIUS
the device will send authentication-specific information to the central server using either the TACACS+ or RADIUS protocol natively.
Question: What is the last step of conducting an IS audit?
Follow up
Determine control efficacy
Ans- Follow up
Question: To which scopes can Microsoft Azure RBAC roles be applied?
Resource group
Subscription
Policy
Virtual machine
Ans- Resource group
Subscription
Virtual machine
Question: Which tool sends unexpected data to an app for testing purposes?
Port scanner
Fuzzer
Ans- Fuzzer
A fuzzer is a program which injects automatically semi-random data into a program/stack and detect bugs. The data-generation part is made of generators, and vulnerability identification relies on debugging tools.
Question: You are using the Azure portal to configure virtual machine replication. Where in the virtual machine properties should you click?
Monitoring
Disaster recovery
Ans- Disaster recovery
Just browse to your VM, select Disaster recovery, select the target region of your choice, review the settings and click Enable replication.
https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-enable-replication
Question: How is the Annual Loss Expectancy (ALE) calculated?
ARO / SLE
ARO x SLE
Ans- ARO x SLE
Question: What is the first activity of a risk assessment?
Asset inventory
Security control configuration
Ans- Asset inventory
Question: What is the purpose of using a Microsoft Azure storage account shared access signature?
Limited access to storage account contents
Message authentication
Ans- Limited access to storage account contents
A shared access signature (SAS) provides secure delegated access to resources in your storage account. With a SAS, you have granular control over how a client can access your data. For example: What resources the client may access.
Question: Which type of security control is an alternative to a primary security control choice?
Compensating
Detective
Ans- Compensating
Question: Which Microsoft Azure cloud resources can a network security group be associated with?
Virtual machine
VNet
Subnet
Network interface
Ans- Subnet
Network interface
