Azure Security AD-General Info Flashcards

1
Q

What is Azure AD and how does it compare to on-prem AD DS?

A

Azure AD -active directory allows us to perform active directory services in Azure and offers SSO functionality and it does sync with on-prem AD DS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the benefits of using Az AD?

A

Az AD provides us with MFA, PIM, RBAC and multiple other features and capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many products are there with Az AD?

A

There is the free tier, MS 365 and the two Premium tiers P1 and P2 .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What additional features does Premium P2 offer?

A

The premium P2 offers PIM -privilege identity management, risk mitigation conditional access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is Az AD different from AD DS and what protocols does it support?

A

Az AD does not support LDAP, it can support API requests,Az AD supports Open ID, SAML for auth and OAUTH for authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the highest level of Admin role and how many should we have?

A

The highest level of admin role is Global Admin and ideally we should have two Global admins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain why has the identity layer become so important in auth and authorisation?

A

Now that we have hybrid topologies and modern networks with most apps being SAAS we require the access to our apps and services to be controlled at the users workstations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Az AD DS ?

A

Az AD DS is the same as Windows Server AD DS on prem as it is a Az managed service so we cannot create it and it syncs with on prem AD services and Az AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does AZ AD INTEGRATE with AZ AD DS?

A

Yes, you can sync and integrate AZ AD with AZ AD DS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is AZ AD DS service a Az managed service?

A

Yes, AZ AD DS is a fully managed service from Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Az AD Connect?

A

Az AD Connect lets us connect and sync both on-prem and Az AD .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How many groups are there with Az AD?

A

There is two groups the SECURITY GROUP and the M 365 GROUP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Name the different ways that I can assign group access rights?

A

group access rights can be assigned statically or dynamically with predefined policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a AZ admin unit?

A

an administrative unit is a group of users or groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is there any benefit in using passwordless method of connectivity?

A

yes , not having to remember passwords is convenient and much safer .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is Password hash synchronization?

A

pwd hash sync allows me to sync my pwd onprem with my pwd in Az.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what is AD FS and why would I use it?

A

AD Federation services allows me to use onprem AD FS to authenticate users for hybrid networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does Az health monitoring do?

A

AZ Health monitoring monitors the health for the AZ AD Connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What do I need to do to setup AZ AD CONNECT?

A

To setup AZ AD Connect I need to add agents to onprem servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

List the three way that I can authenticate using AZ AD?

A

using AZ AD I can authenticate using AZ AD just in the cloud, or AZ AD and AD FS for federation or password protection with hash sync and passthru.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Explain password hash sync?

A

password hash sync allows me to sync my pwds onprem and in the cloud so only one password is used.

22
Q

Is the password hash encrypted during the pwd hash sync process?

A

yes, the pwd hash is encrypted and then decrypted and stored in azure.

23
Q

Is passthru authentication free?

A

yes PTA is free and it is lightweight as an agent.

24
Q

Is IDENTITY the new control plane for IT SECURITY?

A

yes identity is the new control plane for IT SECURITY.

25
Q

Does password protection require password hash sync?

A

yes password protection does require password hash sync feature enabled.

26
Q

What is password write back?

A

password write back allows me to make sure my pwd changes in azure is also changed on my AD DS system onprem via AZ AD CONNECT.

27
Q

What port does password write back use ?

A

port 443 is used for write back.

28
Q

How many default IDENTITY PROTECTION policies are there?

A

there are three identity protection policies.

29
Q

If there is a sign in risk detected what should i do?

A

enable MFA when a risk is identified.

30
Q

If a risk is identified with identity what should we do?

A

if risk is identified then enable a pwd reset .

31
Q

Can I block/permit users with risk identified ?

A

yes, users can be blocked or permitted it all depends on your policy defined and business security policies.

32
Q

Is sig in risk part of conditional access policy?

A

yes sign in risk is part of the conditional risk policy.

33
Q

How can I define my conditional access parameters?

A

define the conditional access using either “location” or browsers and mobile apps etc.

34
Q

How can I secure my apps and services with MFA?

A

MFA provides a second form of auth and additional layer of security its easier for the users as well and complies with regulatory compliance requirements.

35
Q

Is MFA available with SAAS apps?

A

yes MFA is available with SAAS apps like servicenow.

36
Q

List the MFA auth types?

A

voice calls, one way SMS, authenticator app, authenticator app code.

37
Q

what is the default number of days that the pwd is cached with MFA?

A

it is 14 days by default a password is cached but you can select between 1 to 60 days.

38
Q

with MFA and FRAUD alerts , what is the number thats pressed before the # when a call is received?

A

the number 0 is pressed before the hash # when fraud is communicated.

39
Q

How can I enable MFA for my users?

A

on the portal or through powershell under AZ AD i can select groups and enable MFA.

40
Q

what are the three user states for MFA?

A

the three user states is enabled, disabled and enforced.

41
Q

Can I enabled MFA for any types of accounts?

A

No I cannot enable MFA for any type of account only for organizational accounts.

42
Q

Explain conditional access when it comes to IDENTITY?

A

conditional access is the core now with hybrid networking and WFH as it can help enforce our business security policies and gives us flexibility etc.

43
Q

What brings the signals together in ACTIVE DIRECTORY?

A

the conditional access brings the signals together that determines if a user is allowed or not to access my network.

44
Q

Can you name some of the signals that are considered with conditional access?

A

yes, some of the signals are location, device the users is using to access my network, apps being used etc.

45
Q

What are the access controls used with conditional access?

A

some of the access controls is location , managed devices, domain joined devices, apps being used etc.

46
Q

with AD identity access can I enable access reviews?

A

yes i can enable access reviews which basically allows me to review the people accessing my network.

47
Q

Which premium product will i need for access reviews?

A

I will require the Premium P2 license for the access reviews feature which allow me to regularly ensure access to my network is reviewed.

48
Q

which admin ca reset a users password?

A

the global admin can reset a users password.

49
Q

which license provides identity protection?

A

the P2 premium license provides the identity protection.

50
Q

How can IDENTITY PROTECTION help protect our identities?

A

IDENTITY PROTECTION helps with identifying risks, investigating them and thirdly remediating the risks with our identities, it is a feature of the AZ AD.

51
Q

what are some of the user sign in risk?

A

source of sign is is an IP that might be related to botnet service, or a atypical travel , sign in originating from multiple locations distance apart etc.