Exam AZ-900 topic 1 question 227 discussion

DRAG DROP -
You need to complete the defense-in-depth strategy used in a datacenter.
What should you do? To answer, drag the appropriate layers to the correct positions in the model. Each layer may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Suggested Answer:
Defence in depth layers (from bottom to top):
✑ Data
- In almost all cases attackers are after data.
- Data can be in database, stored on disk inside VMs, on a SaaS application such as Office 365 or in cloud storage.
- Those storing and controlling access to data to ensures that it's properly secured
- Often regulatory requirements dictates controls & processes
- to ensure confidentiality, integrity, and availability.
✑ Application
- Ensure applications are secure and free of vulnerabilities.
- Store sensitive application secrets in a secure storage medium.
- Make security a design requirement for all application development.
- Integrate security into the application development life cycle.
✑ Compute
- Secure access to virtual machines.
- Implement endpoint protection and keep systems patched and current.
- Malware, unpatched systems, and improperly secured systems open your environment to attacks.
✑ Networking
- Limit communication between resources.
- Deny by default.
- Allow only what is required
- Restrict inbound internet access and limit outbound, where appropriate.
- Implement secure connectivity to on-premises networks.
✑ Perimeter
- Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users.
- Use perimeter firewalls to identify and alert on malicious attacks against your network.
✑ Identity and access
- Control access to infrastructure and change control.
- Access granted is only what is needed
- Use single sign-on and multi-factor authentication.
- Audit events and changes.
✑ Physical security
- Building security & controlling access to computing hardware.
- First line of defense.
Reference:
https://github.com/undergroundwires/Azure-in-bullet-points/blob/master/AZ-900%20Microsoft%20Azure%20Fundamentals/4.2.%20Defence%20in%20Depth.md