Describe the shared responsibility model

Practice Test

True/False: In the shared responsibility model, Azure is only responsible for the security of their cloud platforms, not for the security of data within the applications hosted on their platforms.

Answer: True

Explanation: In the shared responsibility model, Microsoft Azure provides security for the underlying infrastructure and cloud platform, whereas the responsibility of securing the data within the applications rest with the customer.

What does the shared responsibility model in Microsoft Azure ensure?

• a) Speed and efficiency
• b) Compliance and agility
• c) Security and compliance
• d) Accuracy and precision

Answer: c) Security and compliance

Explanation: The shared responsibility model ensures security and compliance; Microsoft provides security for the cloud, while the customers are responsible for security in the cloud.

True/False: The customer only has to handle the physical security of their resources in the shared responsibility model.

Answer: False

Explanation: In the shared responsibility model, Microsoft Azure handles the physical security of the cloud infrastructure, while the customer is responsible for securing resources including data, applications, and networks they deploy on Azure.

Data encryption, identity, access management, application controls are usually responsibilities of:

• a) Azure
• b) Customer
• c) Both Azure and Customer

Answer: b) Customer

Explanation: While the Azure shared responsibility model covers physical security, customers are typically responsible for areas such as data encryption, access management, and application controls.

True/False: Microsoft is responsible for patching and maintaining the virtualization layer in Azure.

Answer: True

Explanation: Microsoft, as part of infrastructure services in Azure, is responsible for patching and maintaining the virtualization layer.

Which of the following is the customer’s responsibility in the shared responsibility model?

• a) Operational security
• b) Network security
• c) OS and network controls
• d) Storage services

Answer: c) OS and network controls

Explanation: In the shared responsibility model, customers are responsible for managing the operating system, network controls, and potentially other elements based on the service model used.

True/False: The shared responsibility model is the same across all cloud service models like IaaS, PaaS, and SaaS.

Answer: False

Explanation: The shared responsibility model varies depending on the cloud service model used. In IaaS, customers have more responsibility compared to PaaS or SaaS.

Which of the following responsibilities does Azure share with the customer?

• a) Application level controls
• b) Virtual network configuration
• c) Data classification and accountability
• d) Physical hosts, networks, and data center

Answer: b) Virtual network configuration

Explanation: Azure provides the ability to configure virtual networks, but it’s the customer’s responsibility to ensure that they’re configured correctly and securely.

In Azure, who is responsible for user access management?

• a) Azure only
• b) Customer only
• c) Both Azure and Customer

Answer: b) Customer only

Explanation: User access management, including identity management and role-based access controls, is the responsibility of the customer.

True/False: The shared responsibility model relieves the customer from all security responsibilities.

Answer: False

Explanation: The shared responsibility model does not absolve customers from all security responsibilities; it simply distributes responsibilities between Azure and the customer.

Interview Questions

What is the Shared Responsibility model in Azure?

The shared responsibility model in Azure is the distribution of obligation between Microsoft and users for Azure services. Microsoft is responsible for the infrastructure, including hardware, software, networking, and facilities, while the client is accountable for securing resources such as virtual machines and applications.

What is Microsoft’s responsibility under the Azure Shared Responsibility Model?

Under the Shared Responsibility Model, Microsoft is responsible for protecting the infrastructure that runs all of the services provided in the cloud. This includes hardware, software, storage, networks and databases, and the Azure global network.

What is the responsibility of the user in the Microsoft Azure Shared Responsibility model?

The user is responsible for protecting their data and the virtual machines they run on Azure. This includes setting up appropriate security measures, like firewalls and encryption, as well as managing their data and access controls.

How does the Shared Responsibility Model affect software as a service (SaaS) in Azure?

For SaaS services in Azure, like Office 365, Microsoft takes more responsibility, including application controls, network controls, and host infrastructure. However, the user retains responsibility for their data, access management, and account settings.

What is the user’s responsibility when operating with Infrastructure as a Service (IaaS) in Azure?

When utilizing IaaS in Azure, the user carried the responsibility of managing data, endpoints, accounts, and access, along with the responsibility for network controls, firewall configuration, and the operating system security settings.

Why is understanding the Shared Responsibility Model important for Azure users?

Understanding the Shared Responsibility Model is crucial for Azure users because it clarifies what aspects of security and management they are responsible for and what aspects are handled by Microsoft. This helps users ensure their workloads are secure.

In the Azure shared responsibility model, who is responsible for managing applications?

In the Azure shared responsibility model, the customer or user is responsible for managing the applications, including developing, maintaining, and updating them as necessary.

Who takes care of patch management as per the Azure shared responsibility model?

Patch management in the Azure shared responsibility model depends on the service model. In IaaS, patch management is the customer’s responsibility. However, in PaaS and SaaS, Microsoft takes care of patch management.

What role does Azure play in data governance according to the shared responsibility model?

According to the Azure shared responsibility model, Microsoft provides built-in controls for users to manage access and maintain data governance, but the ultimate responsibility for data management and governance lies with the user.

Who handles incident response in the Azure Shared Responsibility Model?

Incident response is a shared responsibility in Azure. Microsoft pledges to inform users of potential security incidents, but the onus is on the user to configure their service for appropriate incident response.

In the Azure shared responsibility model, who is responsible for network controls in a PaaS offering?

In a Platform as a Service (PaaS) offering within the Azure shared responsibility model, network controls are a shared responsibility, although Microsoft as the provider handles a significant portion of it.

How does the shared responsibility model work with Azure’s Database as a Service (DBaaS)?

With Azure’s DBaaS, Microsoft handles more aspects including the operational functions of running the database like patching, and the customer or user is primarily responsible for managing the data and access controls.

Who is responsible for the physical security of the Azure data centers?

Microsoft is responsible for the physical security of the Azure data centers under the Shared Responsibility Model.

In Azure’s Shared Responsibility Model, who is responsible for identity and access management?

The customer or user is responsible for identity and access management in Azure’s Shared Responsibility Model. This includes user identity, access policies, and role-based access control.

What is the responsibility of the user in securing the virtual network in the Azure shared responsibility model?

In the Azure shared responsibility model, the user is responsible for securing the virtual network. This includes setting up firewall rules, securing the subnet, and managing network policies.