How well do you know Azure security center Question Title * 1. What is the hardware size recommend to deploy Azure security center. DS series are the most suitable VM to deploy Azure security center. Azure security center is a PaaS service and there is no need to configure any infrastructure. OK Question Title * 2. What is the key role of security policies in Azure security center To create individual resource specific policies in a given resource group. To create default security policy for each of the Azure subscriptions. To create security policies for predefined resource groups in a given subscription. OK Question Title * 3. You customer wants to find out number of Disks that are unencrypted for a security audit. You are the lead CSA at your customer site. What will be your approach to address this question. You will create a custom power shell script to run across your subscription and identify un-encrypted disk and also enable scan in Azure security center to identify unencrypted disks. You will run search in the ARM templates of the deployment pipeline to find out the disk deployment and also check to find out if disk encryption is enabled. Run scan using Azure security center to find out the unencrypted disk. OK Question Title * 4. You deployed the Azure security center agent and customer wants to know how long it will take for the agents to collect the information about VMs and computer's configuration. What will be your response. Depending on the number of Virtual Machine , the duration will vary to collect the information. On average it takes 5 -10 minutes , per virtual machine depending on the VM Size. The data will be available instantaneously OK Question Title * 5. Does Azure security center provide any option to export the security alerts to 3rd party SIEM (Security and Information Event management solution) Currently there is no such options customer have to manually review the information and create entries into the SIEM system. Yes , there is native integration between Azure Security center and SIEM system and they can be integrated. Customer have to write their own custom export tool OK Question Title * 6. You are the lead cloud solution architect and your customer is a largest finserv company. They are not comfortable to have Jump boxes in the cloud with non-stop access. But for critical updates , that happen between 11 PM - 1 AM in the night. The system admin will require access. How will you go about this challenge and provide a security solution to your customer. Deploy citrix solution and schedule log in and log off time. Deploy automated process , that will create a virtual machine between 11 PM - 1 AM using azure automation. Use Just in time virtual machine (VM) access feature in Azure Security Center to open up the RDP/ssh connection OK Question Title * 7. Is it possible to create custom alert rules in Azure Security Center for any type of threat or suspicious activity. Yes , its possible create custom custom alert based on specific threats or suspicious activity. Currently there is no option to create any custom alert rules. Customer have to push the required event into a custom event hub and then publish the alerts from that system. The events has to be pushed into a custom SIEM system to push the required Alerts. OK Question Title * 8. Your customer has dedicated security team members that will be accessing security center to assesses the configuration of the resources to identify security issues and vulnerabilities. Your customer wants to split the roles accordingly. How will you advise your customer. Advise the customer to create Active Directory group and move the user to right type of security group. Advise the customer to use default RBAC roles and create any custom roles as necessary. Create custom RBAC roles to fine tune appropriate security configuration to access the Azure securitycenter resource. OK Question Title * 9. Is it possible to verify if Transparent Data Encryption in your SQL Azure DB through Azure Security Center No its not possible to view any type of SQL Azure DB settings. Yes, its possible to verify if TDE is enabled. Azure security center has special feature set to manage TDE configuration. OK Question Title * 10. You customer wants to use Trend Micro for their Endpoint Protection. What will be your response to your customer. There is no native integration between Azure security center and Trend Micro. Customer can manually configure trend micro as endpoint protection. Azure security center provides native integration with Trend micro and number of other 3rd party solutions. Azure security center provides native integration with Trend micro and number of other 3rd partysolutions. Trend micro should be configured Via Extension. OK Question Title * 11. Can you identify what the query will display do when you execute it successfully Displays stream of data collected in the last 24 hrs in intervals of 30 min. Displays stream of data collected in the past 30 min. The query will fail with error. OK DONE