HOTSPOT - You need to ensure that security policies for the unauthorized detection system are met. What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Box 1: Blob storage - Configure blob storage for audit logs. Scenario: Unauthorized usage of the Planning Assistance data must be detected as quickly as possible. Unauthorized usage is determined by looking for an unusual pattern of usage. Data used for Planning Assistance must be stored in a sharded Azure SQL Database.
Box 2: Web Apps - SQL Advanced Threat Protection (ATP) is to be used. One of Azure's most popular service is App Service which enables customers to build and host web applications in the programming language of their choice without managing infrastructure. App Service offers auto-scaling and high availability, supports both Windows and Linux. It also supports automated deployments from GitHub, Visual Studio Team Services or any Git repository. At RSA, we announced that Azure Security Center leverages the scale of the cloud to identify attacks targeting App Service applications. Reference: https://azure.microsoft.com/sv-se/blog/azure-security-center-can-identify-attacks-targeting-azure-app-service-applications/ Design for data security and compliance
Now Finally got it:
To make it "as quick as possible" and "minimize costs" you need to:
1. Output the data to blob storage
2. Deploy Function App with Blob trigger
Source: https://docs.microsoft.com/en-us/azure/azure-sql/database/advanced-data-security
According to this, you can use ATP or, and I quote, "For a full investigation experience, it is recommended to enable auditing, which writes database events to an audit log in your Azure storage account. To enable auditing, see Auditing for Azure SQL Database and Azure Synapse or Auditing for Azure SQL Managed Instance."
Based on this, I fully agree that we should use Blob storage to minimize costs and use a Function App with a Blob Trigger to analyse the logs and to make it as fast as possible.
Audit logs are written to append blobs, meaning the creation of logs happens in some long intervals, every day for instance. So Function App will not be triggered until the next day, so this solution is not very fast. I believe using Event Hub makes it more quickly. But regarding the detection app service, I couldn't find any relevant architecture to monitor SQL DB using app services. So I think this question is either old, or faulty.
As per Microsoft, if your function app is on the Consumption plan (which is assumed based on the "minimize costs" requirement), there can be up to a 10-minute delay in processing new blobs (via a blob trigger) if a function app has gone idle. This doesn't meet the "quickly as possible" requirement. Therefore, use Event Hub for immediate processing.
If the answer is correct about the web app, I can only say that the case study does not contain enough information. Planning Assistance data will be stored in a database, but nowhere is it mentioned that the front end will be created via App Service...
https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview:
"Auditing for Azure SQL Database and Azure Synapse Analytics tracks database events and writes them to an audit log in your Azure storage account, Log Analytics workspace, or Event Hubs."
I would pick event hubs since you want to detect unauthorized usage fast
As for app service, function app is the best answer out of the 3
Case study requirement: "Unauthorized usage of the Planning Assistance data must be detected as quickly as possible."
Audit log destination = Event Hub
Detection app service = Function App
As per Microsoft, if your function app is on the Consumption plan (which is assumed based on the case study requirement regarding minimizing costs), there can be up to a 10-minute delay in processing new blobs (via a blob trigger) if a function app has gone idle. Hence use Event Hub for immediate processing.
Why it is NOT using Event Hub which can steaming audit logs and then the unauthorized usage can be detected as quick as possible? The requirement is "Unauthorized usage of the Planning Assistance data must be detected as quickly as possible."
It's OK to use both - Event Hub & Blob Storage - either by SQL Audit or ATP. So I don't get this question.
upvoted 1 times
...
...
...
This section is not available anymore. Please use the main Exam Page.DP-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Leonido
Highly Voted 5 years, 1 month agoobj95
5 years agodfrp92
5 years agoM0e
4 years, 8 months agoAJMorgan591
4 years, 9 months agomohowzeh
Most Recent 4 years, 5 months agosyu31svc
4 years, 6 months agoAJMorgan591
4 years, 9 months agoTaco
5 years agoLuke97
5 years, 2 months agoYuri1101
5 years, 2 months agoLeonido
5 years, 1 month ago