Azure identity, access, and security

Question 1

Microsoft Entra ID

Answer 1

a directory service that enables you to sing in and access both Microsoft cloud applications and cloud applications that you have developed

Question 2

T or F

Microsoft Entra ID id Microsofts cloud based identity and access management service

Answer 2

True

Question 3

Who uses Microsoft Entra ID?

Answer 3

IT administrators

App Developers

Users

Online service subscribers

Question 4

What does Microsoft Entra ID do?

Answer 4

Authentication
Single sign on
Application management
Device management

Question 5

Microsoft Entra Connect

Answer 5

synchronizes user identities between on premises Active Directory and Microsoft Entra ID

Question 6

Microsoft Entra Domain Services

Answer 6

service that provides managed domain services such as :

domain join
group policy
lightweight directory access protocol (LDAP)
Kerberos/NTLM authentication

Question 7

T or F

with Microsoft Entra Domain Services you get the benefit of domain services without the need to deploy, manage, and patch domain controllers (CDs) in the cloud

Answer 7

True

Question 8

How does Microsoft Entra Domain work?

Answer 8

when you create M E D - you define a unique namespace. the namespace is the domain name

then two windows server domain controllers are deployed to your selected Azure region - DCs replica set

Question 9

T or F

A managed domain is configured to perform a one way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services

Answer 9

True

Question 10

Process of authentication

Answer 10

process of establishing the identity of a person, service, or device.

Question 11

Single Sign On (SSO)

Answer 11

one credintial to access multiple resources

Only one ID and one Password

Question 12

Multifactor authentication

Answer 12

prompting a user for an extra form or factor for identification during sign on.

password + code sent to phone
password + challenge question

Question 13

Microsoft Entra multifactor authentication

Answer 13

allows users to choose an addition form of authentication for sign on

Question 14

Passwordless authentication

Answer 14

Once something is registered to you ( a computer) it is associated with you and you can use a fingerprint or pin instead of a password

Question 15

Microsoft global Azure & Azur5e Government offer 3 passwordless authentication options

Answer 15

Windows Hello for Business
Microsoft Authenticator App
FIDO2 security keys. (Fast Identity Online)

Question 16

What is an external identity?

Answer 16

a person, device, service, etc that is outside of your organization

Question 17

T or F

With External Identities, external users can “bring their own identities”

Answer 17

True
They can use their own credentials to sign in

Question 18

The following capabilities make up External Identities:

Answer 18

Business to business (B2B) - typically guest users

B2B direct connect - two way trust. visible and can be monitored

Business to customer (B2C) - publish apps to consumers and customers while using Azure AD B2C for identity and access management

Question 19

Conditional Access

Answer 19

a tool that Microsoft Entra ID uses to allow or deny access to recourses based on identity signals

the signals include who the user is
where the user is,
and what device they are using

Question 20

What does contidonal access collect in order to make decisions?

Answer 20

Signals

Question 21

When is conditional access useful?

Answer 21

MFA
require access to services through approved client applications
Require access from managed devices
Block access from untrusted sources

Question 22

Role based access control

Answer 22

only grant access up to the level needed to complete a task

Question 23

T or F

Azure provides built in roles that describe common access rules for cloud resources through Azure RBAC ( azure role based access control)

Answer 23

True

Question 24

How is Azure RBAC enforced?

Answer 24

its enforced on any action that’s initiated against an Azure resource that passes through Azure Resource Manager

Question 25

Zero Trust

Answer 25

is a security model that assumes the worst case scenario and protects resources with that expectation

Question 26

T or F

Zero trust assumes breach at the outset, and then verifies each request as though it originated from an uncontrolled network

Answer 26

True

Question 27

T or F

Just because a device is in the network, Zero Trust trust it and does not require authentication

Answer 27

False.

Requires everyone to authenticate

Question 28

Objective of defense in depth

Answer 28

to protect information and prevent it from being stolen by unauthroized users

Question 29

Layers of defense in depth

Answer 29

Physical Security
Identity and Access
Perimeter
Network
Compute
Application
Data

Question 30

Defender for Cloud

Answer 30

a monitoring tool for security posture management and threat protection

Question 31

What does defender for cloud monitor?

Answer 31

cloud
on premises,
hybrid
multi cloud environments
- to provide guidance and notifications aimed at strengthening your security posture

Question 32

Defender for cloud helps to detect threats across

Answer 32

PaaS services
data services
networks

Question 33

T or F

You can add Defender for Cloud capabilities to your hybrid cloud environment to protect your non Azure servers

Answer 33

True

Question 34

T or F

Defender for cloud can also protect resources in other clouds (such as AWS and GCP)

Answer 34

True

Question 35

Defender of Cloud fills three vital needs :

Answer 35

Continuously assess
Secure
Defend

Question 36

T or F

Defender for cloud provides advanced threat protection features for many deployed resources

Answer 36

True

Question 37

Which Microsoft Entra tool can vary the credentials needed to log in based on signals, such as where the user is located?

Answer 37

Conditional Access

Question 38

Which security model assumes the worst-case security scenario, and protects resources accordingly?

Answer 38

Zero Trust

Question 39

A user is simultaneously assigned multiple roles that use role-based access control. What are their actual permissions? The role permissions are: Role 1 - read || Role 2 - write || Role 3 - read and write.

Answer 39

Read and write