Bird
Raised Fist0
Azurecloud~10 mins

Why security posture matters in Azure - Test Your Understanding

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to enable Azure Security Center's default policy.

Azure
az security [1] enable
Drag options to blanks, or click blank then click option'
Aconfiguration
Bsettings
Cpolicy
Dmanagement
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'configuration' instead of 'policy' will not enable security rules.
Using 'management' or 'settings' commands are invalid here.
2fill in blank
medium

Complete the code to list all security recommendations in Azure Security Center.

Azure
az security [1] list
Drag options to blanks, or click blank then click option'
Arecommendations
Balerts
Cpolicies
Dconfigurations
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'alerts' lists current security alerts, not recommendations.
Using 'policies' shows policies, not improvement suggestions.
3fill in blank
hard

Fix the error in the command to show the security posture score.

Azure
az security [1] show --query 'securityScore'
Drag options to blanks, or click blank then click option'
Asecure-score
Bposture
Cconfiguration
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'posture' or 'configuration' commands will cause errors.
Repeating 'secure-score' with wrong spelling causes failure.
4fill in blank
hard

Fill both blanks to create a policy assignment for security baseline.

Azure
az policy assignment create --name [1] --policy [2]
Drag options to blanks, or click blank then click option'
AsecureBaselineAssignment
BdefaultSecurityPolicy
C/providers/Microsoft.Authorization/policyDefinitions/SecurityBaseline
D/providers/Microsoft.Authorization/policyDefinitions/DefaultSecurityPolicy
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'defaultSecurityPolicy' as assignment name is confusing.
Using wrong policy definition path causes deployment failure.
5fill in blank
hard

Fill all three blanks to create a resource group and enable security auto provisioning.

Azure
az group create --name [1] --location [2]
az security auto-provisioning-setting create --name [3] --auto-provision "On" --resource-group [1]
Drag options to blanks, or click blank then click option'
AMySecurityGroup
Beastus
Cdefault
Dwestus
Attempts:
3 left
💡 Hint
Common Mistakes
Using inconsistent resource group names between commands.
Choosing a region not supported or misspelled.

Practice

(1/5)
1. Why is maintaining a good security posture important in Azure cloud environments?
easy
A. It helps prevent unauthorized access and data breaches.
B. It increases the speed of virtual machines.
C. It reduces the cost of storage automatically.
D. It guarantees 100% uptime for all services.

Solution

  1. Step 1: Understand security posture purpose

    Security posture is about protecting cloud resources from threats and vulnerabilities.

  2. Step 2: Identify correct benefit

    Preventing unauthorized access and data breaches is a key goal of good security posture.

  3. Final Answer:

    It helps prevent unauthorized access and data breaches. -> Option A

  4. Quick Check:

    Security posture = Prevent breaches [OK]
Hint: Security posture protects data and access, not performance or cost [OK]
Common Mistakes:
  • Confusing security posture with performance optimization
  • Thinking it controls costs automatically
  • Assuming it guarantees uptime
2. Which Azure service is primarily used to assess and improve your security posture?
easy
A. Azure Security Center
B. Azure Blob Storage
C. Azure DevOps
D. Azure Functions

Solution

  1. Step 1: Identify Azure services related to security

    Azure Security Center is designed to monitor and improve security posture.

  2. Step 2: Eliminate unrelated services

    Blob Storage is for data storage, DevOps for development, Functions for serverless compute.

  3. Final Answer:

    Azure Security Center -> Option A

  4. Quick Check:

    Security posture tool = Security Center [OK]
Hint: Security Center monitors and improves security posture [OK]
Common Mistakes:
  • Choosing storage or compute services instead of security tools
  • Confusing DevOps with security monitoring
3. Consider this Azure CLI command to check security recommendations: 
az security assessment list --query "[?status.code=='Unhealthy'].name"
What does this command output?
medium
A. List of virtual machines only
B. List of all healthy security assessments
C. List of all Azure resources
D. List of security assessments with issues

Solution

  1. Step 1: Understand the command filter

    The query filters assessments where status.code equals 'Unhealthy', meaning issues found.

  2. Step 2: Interpret output meaning

    The command outputs names of assessments that have security problems.

  3. Final Answer:

    List of security assessments with issues -> Option D

  4. Quick Check:

    Filter 'Unhealthy' = Issues list [OK]
Hint: Filter 'Unhealthy' means problems found [OK]
Common Mistakes:
  • Thinking it lists healthy assessments
  • Assuming it lists all resources or only VMs
4. You wrote this Azure Policy to enforce encryption on storage accounts: 
{
  "if": {
    "field": "type",
    "equals": "Microsoft.Storage/storageAccounts"
  },
  "then": {
    "effect": "audit"
  }
}
But it does not flag unencrypted accounts. What is the likely issue?
medium
A. Wrong resource type specified
B. Effect should be 'deny' instead of 'audit'
C. Missing condition to check encryption status
D. Policy JSON syntax error

Solution

  1. Step 1: Analyze policy condition

    The policy only checks resource type but does not check if encryption is enabled.

  2. Step 2: Identify missing encryption check

    Without a condition on encryption property, unencrypted accounts won't be flagged.

  3. Final Answer:

    Missing condition to check encryption status -> Option C

  4. Quick Check:

    Check encryption condition missing = No flags [OK]
Hint: Policy must check encryption property explicitly [OK]
Common Mistakes:
  • Assuming 'audit' effect flags all issues
  • Not adding encryption property condition
  • Confusing resource type or syntax errors
5. Your company wants to improve its Azure security posture by automating threat detection and response. Which combination of Azure services best supports this goal?
hard
A. Azure DevOps + Azure Monitor
B. Azure Security Center + Azure Sentinel
C. Azure Blob Storage + Azure Functions
D. Azure Virtual Machines + Azure Backup

Solution

  1. Step 1: Identify services for threat detection

    Azure Security Center provides security posture management and threat protection.

  2. Step 2: Identify services for automated response

    Azure Sentinel is a SIEM tool that automates threat detection and response.

  3. Step 3: Evaluate other options

    Other options focus on storage, development, monitoring, or backup, not automated security response.

  4. Final Answer:

    Azure Security Center + Azure Sentinel -> Option B

  5. Quick Check:

    Security Center + Sentinel = Automated threat detection [OK]
Hint: Combine Security Center with Sentinel for automation [OK]
Common Mistakes:
  • Choosing storage or backup services for security automation
  • Confusing monitoring with threat response
  • Ignoring Sentinel's role in automation