Question $1$: Secure Data and Applications $($Total Marks: $12)$

Learning Unit: Unit $3$: Secure Data and Applications

Scenario:

You are a cloud security engineer responsible for securing data and applications in a Microsoft Azure environment. Your organization plans to migrate a business$-$critical application to Azure, and you need to design a secure data protection strategy.

a$)$Outline the key factors you would consider when selecting an appropriate encryption mechanism for data protectionin Azure. Discuss the advantages of using Azure Key Vault and Azure Disk Encryption in this scenario. Justify your choices based on security principles. $(7$ marks$)$

b$)$Given the sensitive nature of the data, describe the steps you would take to configure and enable encryption at rest forAzure SQL Database. Explain how Transparent Data Encryption $($TDE$)$ contributes to data security and outline any additional security measures you would implement. $(5$ marks$)$

Question $2$: Secure Data and Applications $($Total Marks: $13)$

Learning Unit: Unit $3$: Secure Data and Applications

Scenario:

You are working as an Azure security consultant for a financial institution that deals with sensitive customer information. The organization needs to ensure the confidentiality and integrity of data stored in Azure services.

a$)$Given the scenario, provide a detailed comparison between Azure Storage Service Encryption $($SSE$)$ with a Microsoft$-$managed key and SSE with a customer$-$managed key. Analyze the advantages and considerations of each approach, considering the organization's regulatory requirements. $(7$ marks$)$

b$)$Based on the security requirements of the financial institution, recommend a strategy for implementing Azure Backupfor virtual machines used to process financial data. Include the steps you would take to set up and configure Azure Backup, emphasizing data protection and disaster recovery aspects. $(6$ marks$)$

Question $3$: Secure Data and Applications $($Total Marks: $13)$

Learning Unit: Unit $3$: Secure Data and Applications

Scenario:

You are the lead security architect for an e$-$commerce company that uses Azure services to manage customer data and transactions. The organization aims to enhance access security and minimize the risk of unauthorized access.

a$)$Analyze the benefits of Azure Active Directory $($Azure AD$)$ Multi$-$Factor Authentication $($MFA$)$ in the context of the e$-$commerce company's authentication strategy. Describe how MFA works and explain how it helps prevent unauthorized access to customer accounts. $(7$ marks$)$

b$)$Given the company's requirement to manage privileged access, assess the role of Azure AD Privileged IdentityManagement $($PIM$)$ in enforcing just$-$in$-$time $($JIT$)$ access for administrative roles. Explain the steps you would follow to implement JIT access using PIM and discuss the advantages of this approach. $(6$ marks$)$

Grand Total: $38$

End of Formative Assessment $2$