Azure Security, Authentication & Authorization Flashcards
What is a requirement for Azure AD to work?
Both Client and API application must be registred in Azure via APP registrations.
True Or False? You can configure an Instance of API mananagment to protect the API by using OAuth 2.0 with Azure Active Directory
True
True or False? Microsoft implements OpenID Connect protocol for handling athentication
True
Explain what Authentication means
Authentication is the process of proving you are who you say you are. (AuthN)
Explain what Authorization means
Authorization is the act of granting an authenticated party permission to do something.It specifies what data you’re allowed to access and what you can do with that data. (AuthZ)
Explain what a Shared access Signature (SAS) is and what you can do with it.
Its used to grant access to a resource in your storage account. For Blob Storage for example, its simply a token thats added to the url. Everyone that has this url, can use the defined privileges that where used to create the SAS.
Explain what the difference is between an ad-hoc SAS and a SAS that is associated with a stored access policy
An ad-hoc SAS contains all information like startime, end time and permissions directly in the URI
example: ?sv=2018-11-09&sr=c&sig=rS3eUbL5eCSmmth57EQkTEd6DEIo4luyg%2FtXvqvorXc%3D&st=2020-05-28T18%3A14%3A50Z&se=2020-05-29T18%3A19%3A50Z&sp=wl
When SAS is associated with a stored access policy, it inherits the settings from the policy. Its also possible to revoke those by changing the policy.
example: http://127.0.0.1:10000/devstoreaccount1/sas-container-637262939086872312?sv=2018-11-09&sr=c&si=tutorial-policy-637262939086922296&sig=0pZAShTGtP7qYz%2FaXIf4Zr32hcA4RMr4dYDFPQUcj3w%3D
True or False? When copying files between different Storage Account, you must use a SAS
true
Explain on a high level what Azure RBAC is and what you can do with it
Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Name the three key elements that are part of the RBAC security concept
Security principal, role definition and scope
Explain what Security principal means
A security principal is an object that represents a user, group, service principal, or managed identity that is requesting access to Azure resources.
What forms of Service Principal does Azure work with, name at list three
User, individual with profile in Azure Active Directory
Group, a set of User
Service Principal, apps can use this to access specific azure resources. Think of like user+pw or certificate
Managed Identity, automatically managed by Azure. Used by cloud applications to manage credentials for authenticating to azure services
Explain what a Role definition (role) is
A Collection of permissions. Like read, write delete
Explain what a Scope is
Scope is the set of resources that the access applies to. When you assign a role, you can further limit the actions allowed by defining a scope. This is helpful if you want to make someone a Website Contributor, but only for one resource group.
What is a role assignment
A role assignment is the process of attaching a role definition to a user, group, service principal, or managed identity at a particular scope for the purpose of granting access. Access is granted by creating a role assignment, and access is revoked by removing a role assignment.
