Describe Azure identity, access, and security Flashcards
What is the primary difference between Microsoft Entra ID and on-premises Active Directory regarding management?
Microsoft Entra ID is a cloud-based service managed by Microsoft, while on-premises Active Directory is managed by your organization within your own infrastructure. Microsoft ensures the availability of Entra ID globally, unlike on-premises AD.
Explain the concept of ‘bring your own identity’ in the context of external identities.
‘Bring your own identity’ allows external users to sign in with their existing credentials from their own identity providers, such as social accounts or corporate accounts, without needing to create new credentials specifically for your system.
What is the main benefit of using Single Sign-On (SSO) for users?
SSO allows users to access multiple applications and resources with just one set of credentials, which reduces the need to remember multiple usernames and passwords and simplifies the security model.
How does multifactor authentication (MFA) enhance security?
MFA enhances security by requiring users to provide additional verification beyond a password, making it more difficult for attackers to gain unauthorized access even if they have a password.
What are the main benefits of using Microsoft Entra Domain Services?
Microsoft Entra Domain Services provides managed domain services like domain join and LDAP, eliminating the need to manage domain controllers in the cloud and enabling the migration of legacy applications.
What is a key principle of the Zero Trust security model?
The key principle of Zero Trust is ‘assume breach,’ which means that all access requests are treated as if they originate from an uncontrolled network.
Explain how the principle of least privilege is implemented using Azure Role-Based Access Control (RBAC)?
Azure RBAC implements least privilege by granting users only the access necessary to complete their tasks through defined roles and scopes, avoiding granting excessive permissions.
What is the purpose of the perimeter layer in the defense-in-depth model?
The perimeter layer in defense-in-depth uses DDoS protection to filter large-scale network-based attacks before they can cause a denial of service, protecting resources.
How does Defender for Cloud help secure multi-cloud environments?
Defender for Cloud extends its cloud security posture management (CSPM) and threat detection features to other clouds (like AWS and GCP) through agents or agentless integrations.
What are the three main components of Conditional Access?
The three main components of Conditional Access are the signal (user location, device, app), the decision (allow or deny), and enforcement (action such as blocking access or requiring MFA).
