Describe Azure architecutre and services: Describe Azure identity, access, and security

Question 1

What is Microsoft Entra ID?

Answer 1

A cloud-based identity and access management service that allows users to sign in and access Microsoft cloud applications, custom applications, and on-premises resources integrated with the cloud.

Question 2

Who uses Microsoft Entra ID?

Answer 2

IT administrators to control access to apps and resources.
Developers for integrating single sign-on (SSO) and identity features.
End users for password resets and managing their credentials.

Question 3

What is Microsoft Entra Connect?

Answer 3

A tool to synchronize on-premises Active Directory with Microsoft Entra ID, enabling a unified identity experience.

Question 4

What authentication methods does Azure support?

Answer 4

Standard passwords, single sign-on (SSO), multifactor authentication (MFA), and passwordless authentication.

Question 5

What is single sign-on (SSO)?

Answer 5

A method allowing users to sign in once and access multiple resources without needing to reauthenticate.

Question 6

What is multifactor authentication (MFA)?

Answer 6

A security measure requiring two or more factors (something you know, have, or are) to verify identity.

Question 7

What is passwordless authentication?

Answer 7

An authentication method that replaces passwords with alternatives like biometrics (e.g., fingerprints), PINs, or security keys.

Question 8

What is Azure RBAC?

Answer 8

A system for managing access to Azure resources by assigning roles to users, groups, or applications at a specific scope.

Question 9

What is the principle of least privilege in RBAC?

Answer 9

Users should only have the minimum access required to perform their tasks.

Question 10

What scopes can roles be assigned to in RBAC?

Answer 10

Management groups.
Subscriptions.
Resource groups.
Individual resources.

Question 11

What is Conditional Access in Microsoft Entra ID?

Answer 11

A tool that allows or denies access based on identity signals like location, device, or user role.

Question 12

Give an example of a Conditional Access policy.

Answer 12

Requiring multifactor authentication for access when users sign in from an unknown location.

Question 13

What is the Zero Trust model?

Answer 13

A security model that assumes a breach is possible and verifies every request regardless of the source.

Question 14

What are the three guiding principles of Zero Trust?

Answer 14

Verify explicitly.
Use least privilege access.
Assume breach.

Question 15

What is defense-in-depth?

Answer 15

A layered security strategy designed to protect data by slowing the advance of potential attacks.

Question 16

What are the layers of defense-in-depth?

Answer 16

Physical security.
Identity and access management.
Perimeter security.
Network security.
Compute security.
Application security.
Data security.

Question 17

What is Microsoft Defender for Cloud?

Answer 17

A monitoring tool for security posture management and threat protection across cloud, on-premises, and hybrid environments.

Question 18

What are the three core functions of Defender for Cloud

Answer 18

Continuously assess security posture.
Secure workloads and services.
Defend against threats with alerts and threat protection.

Question 19

How does Defender for Cloud integrate with Azure environments?

Answer 19

It provides built-in security monitoring and protection for Azure resources, including VMs, containers, and SQL databases.

Question 20

What are external identities in Azure?

Answer 20

Users, devices, or services outside your organization that can securely interact with your resources using Microsoft Entra External ID.

Question 21

What is Azure AD B2C?

Answer 21

A service enabling organizations to provide identity management for consumer-facing apps.

Question 22

What is Microsoft Entra Domain Services?

Answer 22

A managed domain service providing domain join, LDAP, group policies, and authentication without managing domain controllers.

Question 23

How does Microsoft Entra Domain Services synchronize information?

Answer 23

It performs one-way synchronization from Microsoft Entra ID to the managed domain.