0
0
Azurecloud~10 mins

Security pillar principles in Azure - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to enable network security group on a subnet in Azure.

Azure
resource "azurerm_subnet_network_security_group_association" "example" {
  subnet_id                 = azurerm_subnet.example.id
  network_security_group_id = [1]
}
Drag options to blanks, or click blank then click option'
Aazurerm_network_security_group.example.id
Bazurerm_virtual_network.example.id
Cazurerm_subnet.example.id
Dazurerm_resource_group.example.id
Attempts:
3 left
💡 Hint
Common Mistakes
Using the virtual network ID instead of the network security group ID.
Using the subnet ID for the network security group field.
2fill in blank
medium

Complete the code to enable encryption at rest for an Azure Storage Account.

Azure
resource "azurerm_storage_account" "example" {
  name                     = "examplestorageacct"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"

  [1] {
    services {
      blob {
        enabled = true
      }
    }
    key_source = "Microsoft.Storage"
  }
}
Drag options to blanks, or click blank then click option'
Anetwork_rules
Baccess_tier
Cencryption
Dblob_properties
Attempts:
3 left
💡 Hint
Common Mistakes
Using network_rules block which controls network access, not encryption.
Using access_tier which controls performance tier.
3fill in blank
hard

Fix the error in the Azure role assignment code to grant a user Reader access to a resource group.

Azure
resource "azurerm_role_assignment" "example" {
  scope                = azurerm_resource_group.example.id
  role_definition_name = [1]
  principal_id         = var.user_object_id
}
Drag options to blanks, or click blank then click option'
A"User Access Administrator"
B"Contributor"
C"Owner"
D"Reader"
Attempts:
3 left
💡 Hint
Common Mistakes
Using Contributor which allows write access.
Using Owner which grants full control.
4fill in blank
hard

Fill both blanks to configure an Azure Key Vault access policy granting secret get and list permissions to a user.

Azure
resource "azurerm_key_vault_access_policy" "example" {
  key_vault_id = azurerm_key_vault.example.id
  tenant_id    = var.tenant_id
  object_id    = var.user_object_id

  [1] = ["get", "list"]
  [2] = []
}
Drag options to blanks, or click blank then click option'
Asecret_permissions
Bkey_permissions
Ccertificate_permissions
Dstorage_permissions
Attempts:
3 left
💡 Hint
Common Mistakes
Confusing key permissions with secret permissions.
Granting permissions in the wrong permission block.
5fill in blank
hard

Fill all three blanks to define an Azure Policy assignment that enforces HTTPS traffic on a storage account.

Azure
resource "azurerm_policy_assignment" "example" {
  name                 = "enforce-https"
  scope                = azurerm_storage_account.example.id
  policy_definition_id = [1]

  parameters = {
    effect = {
      value = [2]
    }
  }

  description = [3]
}
Drag options to blanks, or click blank then click option'
A"/providers/Microsoft.Authorization/policyDefinitions/StorageAccountHttpsOnly"
B"Audit"
C"Enforces HTTPS traffic on storage accounts"
D"Deny"
Attempts:
3 left
💡 Hint
Common Mistakes
Using the wrong policy definition ID.
Setting effect to Audit instead of Deny.
Omitting the description or using unclear text.