deck-1 (m) Flashcards
License and Access Review
P2
ACR accessing from SF office vnet and using MFA. 2 things for access control?
Disable admin and Set Firewall rule
Storage Account V1 supported by AD authentication? need to upgrade to V2?
Yes, No
VM update management and 2 related resources
Log Analytics workspace, Automation Account
Enterprise App running non-interactive mode. What permission? Admin or User consent? Where to review the enterprise app? MDC or AD
App Permission, Admin consent. AD
SQL injection attack. What to implement? ATP?
Advanced Threat Protection
TLS certificate format for Web App to upload and Min Service plan
PFX and Basic. CRT for public key certificate.
3 encryptions in SQL: at rest, column encryption, and in transit
TDE (Transparent Data Encryption), Always Encrypted, TLS/SSL encryption. DDM is not a encryption.
cmd to create a spn (Service principal name) in AKS
az ad sp create-for-rbac
Web app reading a secret from KV on behalf of users. What permission and consent?
Delegated permission + no admin consent (why? no write).
and no user consent either since it is not reading from user’s profile.
Enterprise App reading all user profile within the tenant. Graph API scope, scope type, consent
Directory.Read.All, app-only (not app.only), and admin consent - Yes.
- why? running as a service
Payroll manager reviews group membership. What implementation? Licenses?
Access Review, P2
traffic going thru NVA. what routing solution?
UDR (User Defined Route)
NSG migration to AKS environment. What implementation? NetworkPolicy or NetworkRule? What sub-elements?
NetworkPolicy
with ingress and port
Locate the trusted data? Purview what?
Catalog
a set of cloud-based experience at scale? Purview what?
Policy App
discover what kinds of data? Purview what?
Data Estate Insights App
Failed Login. Which KQL table?
SecurityEvent
MDC logs to KQL what table? for example, Virus detection on a VM
SecurityAlert
VM is power-off or resized. Which KQL table?
Operation
KQL syntax for 5 days ago?
ago(5d)
ago(-5) XXX
(Get-Date).AddDays(-5) is not allowed powershell syntax in KQL
A firewall in a vnet. 2 resources needed?
AzureFirewallSubnet, and a public IP
webapp accessing a storage account. Authentication implementation?
managed identity
RBAC assignment is not for authentication.
SPA with personal account login. which grant flow and account type, single or multi-tenant?
Implicit
to get token without performing server credential exchange. authorization code grant requires stores a client secrete or certificate. SPA cannot store it.
no tenant account type. Pick Personal only type.
3 levels of KV
managed HSM, HSM-protected KV, software-protected KV
what resource can trigger what NearExpiry?
EventGrid and Certificate
Two KV key related roles?
Crypto Officer, Crypto Service Encryption user
3 file share-level permissions and roles
SMB share reader
SMB share contributor
SMB share Elevated contributor
diff: to modify ACL
MDC 2 roles for Regulatory Compliance Access
Resource Policy Contributor,
Security Admin
PIM needs a consent?
No. It is automatically activated when visiting PIM portal page. To activate PIM, user needs to be in
a priv role (e.g. Global admin) and with P2 license.
can set “Create remediate task” to Yes by doing what?
Creating/modifying policy your assignment
For access review, P2 license needs to be assigned to all group members or group owner only?
group owner only