Configuring Data Loss Prevention for Cognitive Services in Azure

Configuring Data Loss Prevention

Question

You plan to enable data loss prevention for your Cognitive Services in Azure.

This control will prevent customer's data loss and will meet your organizational objective.

Assuming that you already have an Azure subscription and provisioned the Cognitive Services resources, which actions would you perform to configure data loss prevention.

(select two answer choices)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answers: C and D.

Option A is incorrect because enforcing TLS 1.2 will enhance the transport layer security.

However, it does not restrict the access to outbound traffic for the unapproved urls.

Option B is incorrect because Customer lockbox is used by costumes to allow or reject access to their resources especially by the technical consultants from Microsoft.

Option C is correct because the first step in enabling the data loss prevention for your Cognitive Services is to set the value of property restrictOutboundNetworkAccessto true.

Option D is correct because the second step in enabling the data loss prevention for your Cognitive Services is to maintain the approved urls to the allowedFqdnList property.

These two steps will ensure that customer data loss is prevented.

Reference:

To learn more about setting data loss prevention while creating cognitive services resources , use the link given below:

To configure data loss prevention for your Cognitive Services in Azure, you would perform the following actions:

  1. Enforce TLS 1.2 for the Cognitive Services endpoints: TLS 1.2 is a protocol that provides secure communication over the internet. By enforcing TLS 1.2 for the Cognitive Services endpoints, you can help prevent unauthorized access to the customer data. You can configure this by setting the "minimumTlsVersion" property to "1.2" for the Cognitive Services resource.

  2. Set property restrictOutboundNetworkAccess value to true: Setting the "restrictOutboundNetworkAccess" property to true will restrict the Cognitive Services resource from accessing any external resources. This will help prevent any accidental or malicious data loss from the Cognitive Services. You can configure this property through the Azure portal or using Azure CLI.

Therefore, options A and C are the correct answer choices for this scenario.

Option B, "Enable Customer Lockbox for Microsoft Azure," is not related to configuring data loss prevention for Cognitive Services. Customer Lockbox is a feature that allows customers to review and approve or reject any requests made by Microsoft engineers to access their Azure resources.

Option D, "Maintain list of approved urls to the allowedFqdnList property," is not related to configuring data loss prevention for Cognitive Services. The "allowedFqdnList" property is used to specify the list of fully qualified domain names that are allowed to be accessed by the Cognitive Services resource.