Azure identity, access, and security Flashcards
Microsoft Entra ID
a directory service that enables you to sing in and access both Microsoft cloud applications and cloud applications that you have developed
T or F
Microsoft Entra ID id Microsofts cloud based identity and access management service
True
Who uses Microsoft Entra ID?
IT administrators
App Developers
Users
Online service subscribers
What does Microsoft Entra ID do?
Authentication
Single sign on
Application management
Device management
Microsoft Entra Connect
synchronizes user identities between on premises Active Directory and Microsoft Entra ID
Microsoft Entra Domain Services
service that provides managed domain services such as :
domain join
group policy
lightweight directory access protocol (LDAP)
Kerberos/NTLM authentication
T or F
with Microsoft Entra Domain Services you get the benefit of domain services without the need to deploy, manage, and patch domain controllers (CDs) in the cloud
True
How does Microsoft Entra Domain work?
when you create M E D - you define a unique namespace. the namespace is the domain name
then two windows server domain controllers are deployed to your selected Azure region - DCs replica set
T or F
A managed domain is configured to perform a one way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services
True
Process of authentication
process of establishing the identity of a person, service, or device.
Single Sign On (SSO)
one credintial to access multiple resources
Only one ID and one Password
Multifactor authentication
prompting a user for an extra form or factor for identification during sign on.
password + code sent to phone
password + challenge question
Microsoft Entra multifactor authentication
allows users to choose an addition form of authentication for sign on
Passwordless authentication
Once something is registered to you ( a computer) it is associated with you and you can use a fingerprint or pin instead of a password
Microsoft global Azure & Azur5e Government offer 3 passwordless authentication options
Windows Hello for Business
Microsoft Authenticator App
FIDO2 security keys. (Fast Identity Online)
What is an external identity?
a person, device, service, etc that is outside of your organization
T or F
With External Identities, external users can “bring their own identities”
True
They can use their own credentials to sign in
The following capabilities make up External Identities:
Business to business (B2B) - typically guest users
B2B direct connect - two way trust. visible and can be monitored
Business to customer (B2C) - publish apps to consumers and customers while using Azure AD B2C for identity and access management
Conditional Access
a tool that Microsoft Entra ID uses to allow or deny access to recourses based on identity signals
the signals include who the user is
where the user is,
and what device they are using
What does contidonal access collect in order to make decisions?
Signals
When is conditional access useful?
MFA
require access to services through approved client applications
Require access from managed devices
Block access from untrusted sources
Role based access control
only grant access up to the level needed to complete a task
T or F
Azure provides built in roles that describe common access rules for cloud resources through Azure RBAC ( azure role based access control)
True
How is Azure RBAC enforced?
its enforced on any action that’s initiated against an Azure resource that passes through Azure Resource Manager
Zero Trust
is a security model that assumes the worst case scenario and protects resources with that expectation
T or F
Zero trust assumes breach at the outset, and then verifies each request as though it originated from an uncontrolled network
True
T or F
Just because a device is in the network, Zero Trust trust it and does not require authentication
False.
Requires everyone to authenticate
Objective of defense in depth
to protect information and prevent it from being stolen by unauthroized users
Layers of defense in depth
Physical Security
Identity and Access
Perimeter
Network
Compute
Application
Data
Defender for Cloud
a monitoring tool for security posture management and threat protection
What does defender for cloud monitor?
cloud
on premises,
hybrid
multi cloud environments
- to provide guidance and notifications aimed at strengthening your security posture
Defender for cloud helps to detect threats across
PaaS services
data services
networks
T or F
You can add Defender for Cloud capabilities to your hybrid cloud environment to protect your non Azure servers
True
T or F
Defender for cloud can also protect resources in other clouds (such as AWS and GCP)
True
Defender of Cloud fills three vital needs :
Continuously assess
Secure
Defend
T or F
Defender for cloud provides advanced threat protection features for many deployed resources
True
Which Microsoft Entra tool can vary the credentials needed to log in based on signals, such as where the user is located?
Conditional Access
Which security model assumes the worst-case security scenario, and protects resources accordingly?
Zero Trust
A user is simultaneously assigned multiple roles that use role-based access control. What are their actual permissions? The role permissions are: Role 1 - read || Role 2 - write || Role 3 - read and write.
Read and write
