Active Directory

Question 1

What does Active Directory provide?

Answer 1

Single sign-on (SSO) and Multi-factor authentication (MFA)

Question 2

What are the 4 pricing tiers for AD?

Answer 2

Free, Office 365 Apps, Premium P1, and Premium P2

Question 3

What pricing tier do you need to provide ‘Identity Protection’ and ‘Identity Governance’?

Answer 3

Premium P2

Question 4

What is the acronym RBAC stand for?

Answer 4

Role Based Access Control

Question 5

What 3 things to you need to specify when creating a role?

Answer 5

Security Principal, Role Definition, Scope

Question 6

Name the different types of Service Principals

Answer 6

User, managed identity, service principal, group

Question 7

How long are RBAC Activity Logs stored by default?

Answer 7

90 days

Question 8

What is the workaround for the RBAC activity log storage limitation?

Answer 8

Use Azure Event Hub

Question 9

How many RBAC Activity Log categories are there?

Answer 9

8

Question 10

List the RBAC Activity Log categories

Answer 10

Administrative, Service Health, Resource Health, Alert, Autoscale, Recommendation, Security, Policy

Question 11

What are the 3 methods for achieving Hybrid Identity?

Answer 11

Password Hash Synchronisation (PHS), Pass-through authentication (PTA), Federation

Question 12

What is PHS?

Answer 12

Password Hash Synchronisation. Sync the hash of the hashed password to Azure

Question 13

What is PTA?

Answer 13

Pass-through authentication. Use the same password as on-premise. Validates directly with On-premise AD. Password never stored on Azure

Question 14

What is Federation Hybrid Identity?

Answer 14

Collections of domain trust each other for shared access of resources

Question 15

What does the acronym SAML stand for?

Answer 15

Security Assertion Markup Language

Question 16

What does the acronym MFA stand for?

Answer 16

Multi-Factor Authentication

Question 17

What types of MFA are there?

Answer 17

Password, SMS, Voice Call, Email, App, Security questions, App passwords, OAUTH hardware token

Question 18

What is Azure AD B2B used for?

Answer 18

To allow external partners access to Azure. No need for external accounts and passwords or syncing accounts. Invite guest user via email

Question 19

What is Azure AD B2C used for?

Answer 19

To control how customers use apps

Question 20

What identity methods are there for Azure B2C?

Answer 20

Identity Providers, Users, Other systems, Local Directory

Question 21

What is Self-service Password reset (SSPR)?

Answer 21

Allows users to reset their own passwords

Question 22

What SSPR functionality is provided in the BASIC AD license?

Answer 22

Only allows CLOUD USERS to reset their passwords

Question 23

What AD licenses provide full SSPR functionality?

Answer 23

AD Premium P1 and P2

Question 24

What is SAS used for?

Answer 24

Provided delegated access to Azure Resources with granular control

Question 25

What are the 3 types of SAS for storage accounts?

Answer 25

User delegation SAS, Service SAS, Account SAS

Question 26

What is User delegation SAS?

Answer 26

Use AD to create SAS

Question 27

What resource is User Delegation SAS limited to?

Answer 27

Blob Storage

Question 28

What is Service SAS?

Answer 28

Use Storage Account key to create SAS

Question 29

What are the limitations of Service SAS?

Answer 29

Can only access ONE storage account type

Question 30

What are the limitations of Account SAS?

Answer 30

Use the Account Key to create SAS

Question 31

Are there any limitations to using Account SAS?

Answer 31

No. You can give access to one or more storage account types

Question 32

What 3 benefits does Azure AD Identity Protection provide?

Answer 32

1) Get summary of flagged users and detected risk events. 2) Set risk-based conditional access policies 3) Get suggested vulnerabilities to act on