What should you do?

Topic 2, Trey Research (NEW)

Background

You are an architect for Trey Research Inc., a software as a service (SaaS) company. The company is developing a new product named Tailspin for consumer and small business financial monitoring. The product will be offered as an API to banks and financial instructions. Banks and financial institutions will integrate Tailspin into their own online banking offerings.

All employees of Trey Research are members of an Active Directory Domain Services (AD DS) group named TREY.

Technical Requirement

Architecture

All application and customer data will be stored in Azure SQL Database instances.

API calls that modify data will be implemented as queue messages in an Azure Storage Queue. Queue messages must expire after 90 minutes.

Security

The solution has the following security requirements:

・ Common security issues such as SQL injection and XSS must be prevented.

・ Database-related security issues must not result in customers’ data being exposed.

・ Exposure of application source code and deployment artifacts must not result in customer data being exposed.

Every 90 days, all application code must undergo a security review to ensure that new or changed code does not introduce a security risk.

Remote code execution in the Web App must not result in the loss of security secrets.

Auditing, Monitoring, Alerting

The solution has the following requirements for auditing, monitoring, and alerting:

・ Changes to administrative group membership must be auditable.

・ Operations involving encryption keys must be auditable by users in the Azure Key Vault Auditors user role.

・ Resources must have monitoring and alerting configured in Azure Security Center.

Authorization, authentication

The solution has the following authentication and authorization requirements:

・ Azure Active Directory (Azure AD) must be used to authenticate users.

・ Compromised user accounts should be disabled as quickly as possible.

・ Only employees of Trey Research Inc. should be able to address automated security recommendations.

Service Level agreement

Failure of any one Azure region must not impact service availability. Customer data must not be lost once accepted by the application.

Performance, resource utilization

The solution must meet the following performance and resource usage requirements:

・ Azure costs must be minimized.

・ Application performance must remain level, regardless of the geographic location of users.

・ All application diagnostic and activity logs must be captured without loss.

・ Compute resources must be shared across all databases used by the solution.

・

You need to ensure that authentication requirements are met.

What should you do?
A . Enable multi-factor authentication.
B . Enable Azure AD Identity Protection.
C . Require users to authenticate by using Windows Hello for Business.
D . Require users to authenticate by using certificate-based authentication.

View Answer

Answer: B

Explanation:

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication