Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ-303 > Azure AD > Flashcards

Azure AD Flashcards

1
Q

What is the main auth protocol used by Azure AD?

A

OAUTH, SAML, OPEN ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Is Azure AD like Windows AD?

A

No, Azure AD is a multi Tennant, global service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What do we use Azure AD for?

A 
Identity Management
- Identity Management, users, groups, ect.
- User names, passwords
- Domain name
Enterprise Access
- Single sign-on
- Device management
Identity and access security
- Just in time access
- MFA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a tenant?

A

A tenant represents an organization in Azure Active Directory. It’s a dedicated Azure AD service instance that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Microsoft 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What must each tenant have?

A

a unique domain name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

I wnat to add a custom domain to my tenant, how can i do this?

A

You have the option to add a custom domain to a tenant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an AD association?

A

This is where we associate a subscription with an AD tenant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is an AD tenant global?

A

No, it is like USA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

I would like to give my users the ability to self service reset there passwords, how can I do this?

A

Azure has Serf-service password reset (SSPR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What auth options do i have available for Azure has Serf-service password reset (SSPR) ?

A
  • SMS
  • Phone (Voice)
  • Email
  • Mobile app
  • Security passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Azure has Serf-service password reset (SSPR)?

A

It provides a portal you can use as a user to reset the password, its a service provided by Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

I have an AD group that has access to a custom web application, I want to ensure people in the AD group still use the application and remove them form the group if they are not needing access, what options do i have?

A

You can use AD Access Review, the enables you to create a review process where either the owner of the group or it members get to select if the still require access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Azure AD Access Review?

A

It enables you to have the owners or users of an AD group validate through email if they still requires access to the AD group and then automatically remove people, that do not need accessor did not respond.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Azure Identity protection?

A

Enables the detection and remediation of identity-based risks. It used Microsoft cyber security (both human and AI) to detect password suite breaches or issues, like password been available on dark web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When using Azure Identity protection, is it at the subscription or tenant level?

A

It a tenant or subscription solution?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When using Azure Identity protection, what are the risk events?

A
  • Users with leaked creds
  • Sign-in from anonymous IP address
  • Impossible travel to atypical location
  • Sign-in from infected device
  • Sign-in from IP addresses with suspicious activity
  • Sign-in form unfamiliar locations
17
Q

When using Azure Identity protection, what are the risk policies?

A

A set of policies you can define to take action on the following detected issues,

  • Users with leaked creds
  • Sign-in from anonymous IP address
  • Impossible travel to atypical location
  • Sign-in from infected device
  • Sign-in from IP addresses with suspicious activity
  • Sign-in form unfamiliar locations
18
Q

What is offline and online risk policy?

A

These policy are applied and action taken if user is attempting to login, as in online or offline as in user password was detected on dark web.

19
Q

What is Azure Conditional Access?

A

Controls when a user can have access, this depends on where they are located or the device they are using. In these situation you may require more or less security, you can set up con

20
Q

Is conditional access service or part of AD?

A

It is a separate service?

21
Q

When using conditional access, what is a signal?

A

It is group membership, IP location service used, risk level

22
Q

How can I provide access to Azure storage by my application running on my Azure Functions, VM, Containers?

A

You have options here,

  • Access keys (but they give full access, no recommended)
  • Shared access signature (not recommended)
  • Register app and secret (you have to store secret in app)
  • Managed identity
23
Q

What is an AAD app secret used for?

A

When you register you application with AAD you can get a app secret to be used in you code to access the application. The downside is you now have to store this secret in you app or in Azure KeyVault.

24
Q

What is a managed identity?

A

In VM, App Service or in Azure Functions you switch on the optional managed identity and Azure will create a AAD identity for you that you can use with RBAC on the Azure services. You app code will pull the required access keys automatically from the metadata service.

25
Q

I want to register a custom domain name in AD, how can i do this?

A
  • You register domain with external provider.
  • Create a TXT record and put values form Azure AD in
  • Click verify button and all should be good
26
Q

When you are using free license, what are you not getting?

A
  • No custom branding
  • No self-service pass reset service
  • No SLA
27
Q

What are access reviews?

A

Enables you to set up a group of reviewers that will review what uses in a AAD group will have access.

28
Q

Is an access review one off?

A

It can be bit it can also be run often

29
Q

Is an access review one off?

A

It can be bit it can also be run often, as in a schedule.

30
Q

Can i have one of more AAD tenants (directories)?

A

Yes, you can have one or more AAD directories

31
Q

When you create a new AAD what is one or the first things you have to name?

A
  • You have to give the organization name the is used as part of the domain.
  • And the AAD region country
32
Q

What type of AAD connect Auth is available?

A
  • Password hash (Password is synced between on-prem and AAD)
  • Pass through (Password is sent to AAD)
  • Password write back ()
33
Q

When using AAD connect in pass through mode, are passwords kept on the AAD?

A

No, only on the on-prem

34
Q

When using AAD connect in pass through mode, are passwords synced with on-pre3m?

A

No

35
Q

What are the two components of AAD connect?

A
  • AAD connect sync

- AAD connect service

36
Q

How do you use your own domain name with AAD?

A

In you registered domain name you

37
Q

Can you install AAD Connect sync on a standalone server?

A

No, it has to be on a server connected wit the domain.

38
Q

When using AAD connect what DNS resolve abilities do you need?

A

You need both intra and internet DNS resolve capabilities.

AZ-303 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions