Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ500 > Chapter 1: Identity and Access (Alan R) > Flashcards

Chapter 1: Identity and Access (Alan R) Flashcards

1
Q

Your team has just registered an application in Azure AD
They want to create a specific application role. And then assign the new application role to a user. Where would you assign the role to the user?

A. External Identities
B. Administrative Units
C. Enterprise Applications
D. App Registrations

A

C. Enterprise Applications

Explanation:
You have to go to Enterprise Applications. Go to the application and then go to user/group and then assign the role to the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company has setup an Azure AD tenant and an Azure subscription. They want to start using Azure AD Privileged Identity Management. They want a user defined in the Azure AD tenant to manage the assignments when it comes to Azure AD Privileged Identity Management. Which of the following role needs to be assigned to the user for this requirement?

A. Password Administrator
B. User Administrator
C. Global Administrator
D. Security Administrator

A

C. Global Administrator

Explanation:
When it comes to Azure AD Roles, the user needs to be given the Global Administrator Role or the Privileged Role Administrator Role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company has an Azure subscription and an Azure AD tenant. They have 2 resource groups named app-grp1 and app-grp2.
They have the following Azure AD group defined
They want the IT Admin group to be able to deploy Azure virtual machines to app-grp1. You have to ensure the principle of least privilege is used.
Which of the following role can be used for this requirement?

A. The contributor role assigned at the subscription level
B. The contributor role assigned at the app-grp1 level
C. The Network Contributor role assigned at the app-grp1 level
D. The Virtual Machine Contributor role assigned at the app-grp1 level
E. A Custom role assigned at the app-grp1 level

A

D. The Virtual Machine Contributor role assigned at the app-grp1 level

Explanation:
Here we can make use of the Virtual Machine Contributor role. This can be applied at the resource group level. This will ensure that the users of the group can only deploy Virtual Machines to the resource group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your company has an Azure subscription and an Azure AD tenant. They have 2 resource groups named app-grp1 and app-grp2.

They have the following Azure AD group defined

They want the IT Admin group to be able to connect to virtual machines that are part of a virtual network named app-network. The virtual machines would be part of the app-grp1 resource group. You have to ensure the principle of least privilege is used.

Which of the following role can be used for this requirement?

A. The contributor role assigned at the subscription level
B. The contributor role assigned at the app-grp1 level
C. The Network contributor role assigned at the app-grp1 level
D. The virtual machine contributor role assigned at the app-grp1 level
E. A custom role assigned at the app-grp1 level

A

E. A custom role assigned at the app-grp1 level

Explanation:
This would need a custom RBAC role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When you register an enterprise application in an Azure AD tenant, which of the following also gets created in the Azure AD tenant?

A. A user assigned managed identity
B. A service principal
C. An encryption key
D. A secret

A

B. A service principal

Explanation:
A service principal also gets created when you register an enterprise application in Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your company has an Azure AD tenant and an Azure subscription. They are currently using Azure AD Free Edition for the tenant. They want to define user risk policies within Azure AD Identity Protection. Which of the following must be carried out for this requirement?

A. Ensure that MFA is enabled for all users
B. Purchase Azure AD Premium P2 based licenses for the users
C. Ensure that Diagnostic settings are set for the Sign in logs in Azure AD
D. Enable Microsoft Defender for Cloud when it comes to Identities

A

B. Purchase Azure AD Premium P2 based licenses for the users

Explanation:
To make use of Azure AD Identity Protection, you need to have Azure AD Premium-based licenses in place. For more information on the license requirements, one can visit the below URL - https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#license-requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AZ500 (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions