Exam Summary - Azure Identities and Governance Flashcards

1
Q

What Azure role(s) must you have before you can add or modify Azure identities (Users, Groups, Etc.)?

A

User Administator or Global Administrator Role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two cloud identities?

A

Local Azure AD

External Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Hybrid Identity?

A

An on premise to cloud directory-synchronized identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the Azure Guest Identities?

A
Azure AD B2B Collaboration
External Identities (Google, Facebook, Etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What PowerShell module is needed to connect to Azure AD, and what is the command to install it?

A

AzureAD

Install-Module -Name AzureAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What PowerShell command is used to connect to your Azure AD environment once the module as been installed?

A

Connect-AzureAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What PowerShell command is used to create a new Azure AD user?

A

New-AzureADUser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are your Azure group types?

A

Basic Group

Dynamic Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What AD group allows you to Bulk add using CSV templates?

A

Basic Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Dynamic AD Group?

A

Users can be added automatically and removed via Rules bases assignments determined by their user properties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can users be automatically assigned roles and licenses when added into a dynamic groups?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which Azure AD group can you NOT manually add users or devices to?

A

Dynamic Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How/where can you manage user and group properties?

A

Modify user and group properties In the Azure portal

Modify using the PowerShell AzureAD module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Differentiate the difference between a “Cloud Device Administrator” and a “Device Administrator”

A

Cloud Device Admin:
Can add, enable, disable, and delete devices in Azure AD
Can NOT modify device properties

Device Admin:
Local machine Administrator
Can NOT modify the object in Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s the minimum required licensing needed for Azure guest accounts?

A

Requires Azure AD Premium P2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Although the invite needs to be reviewed, what roles can invite guest accounts into your Azure environment?

A

Administrators

Users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What roles are required to review guest account invites?

A

Global Administrator

User Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Differentiate the difference between “Azure AD Registered” and “Azure AD Joined”

A

Azure AD Registered:
Personally Owned Device
MS Account or Local Account Sign-In
OS Supported - Win10, iOS, Android, macOS

Azure AD Joined:
Organization Owned Device
Azure AD Sign-In
OS Supported - Win10, Windows Server 2019 VMs in Azure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What licensing is needed enabling user’s Self-Service Password Reset functionality?

A

Azure AD Free:
Cloud-Only Password Change

Azure AD Premium P1 or P2
Cloud-Only Password Change
Cloud-Only Password Reset
Hybrid Password Change or reset with on-prem writeback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the “security principles” we can assign roles to in Azure?

A

Users
Groups
Service Principal
Managed Identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the User security principal?

A

An individual who has a profile in Azure Active Directory. You can also assign roles to users in other tenants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the Group security principal?

A

A set of users created in Azure Active Directory. When you assign a role to a group, all users within that group have that role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the “Service Principal” security principal?

A

A security identity used by applications or services to access specific Azure resources. You can think of it as a user identity (username and password or certificate) for an application.

24
Q

What is the Managed Identity security principal?

A

An identity in Azure Active Directory that is automatically managed by Azure. You typically use managed identities when developing cloud applications to manage the credentials for authenticating to Azure services.

25
What three built in Azure roles apply to all resource types?
Owner Contributor Reader (Example - Blob Storage Owner, Contributor, and Reader)
26
What are the built-in Azure roles?
Owner Contributor Reader User Access Administrator
27
Define the built-in Azure owner role.
Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
28
Define the built-in Azure contributor role.
Can create/manage all resources, but cannot grant access.
29
Define the built-in Azure reader role.
View all resources, but does not allow you to make any changes.
30
Define the built-in Azure user access administrator role.
Lets you manage user access to Azure resources.
31
What's the PowerShell Cmdlet that allows you to assign a new role to a user?
New-AzRoleAssignment
32
What are Azure Deny Assignments?
Blocks users from performing specific actions even if a role assignment allows it
33
Does a role assignment or deny assignment take precedence?
Deny assignment
34
Where do you have to create your own deny assignments?
Azure Blue Prints | Managed Apps
35
What are the PowerShell Cmdlets to get role / deny assignments, as well as the Azure CLI get role assignment command?
Get-AzRoleAssignment Get-AzDenyAssignment az role assignment list
36
Where/how can you create a custom role in Azure?
Portal ARM Template PowerShell Azure CLI
37
WHAT enforces rules to ensure your resources remain in compliant by focusing on the resource properties for both new and existing deployments?
Azure Policies
38
Does Azure Policies apply remediation to resources that are not compliant?
No, but it does suggest remediations in the Azure Portal.
39
``` Azure Policy Concepts What is a: 1. Policy Definition 2. Assignment 3 Initiative ```
1. A rule 2. An Application of an initiative or policy to a specific scope 3. A collection of policy definitions
40
What are the resource lock types?
Read-Only | Delete
41
Can resource locks be inherited for: 1. Existing resources 2. Newly created resources
1. Yes | 2. Yes
42
Whom do locks apply to in your Azure environment?
All users and roles
43
What are the PowerShell and Azure CLI basic lock creation commands?
PowerShell: New-AzResourceLock -LockLevel -LockName - ResourceName AzureCLI: az lock create --name --lock-type --resource-group
44
Each tag consists of what "pair"
Name and Value pair
45
What access does your account need to be able to assign tags?
Must have Write access to Microsoft.Resource/tags provider
46
What is an Azure Resource Group?
Containers that hold related Azure resources
47
Does moving a resource to a different resource group change the location/region where it was originally located?
No
48
Resource groups only store the WHAT about the resources it contains?
Metadata
49
What would happen to the resources in a group when you delete that resource group?
Deletes all resources in that resource group
50
What are the PowerShell and Azure CLI basic resource group creation commands?
PowerShell: New-AzResourceGroup -Name - Location AzureCLI: az group create --name --location
51
Can you move resources between subscriptions? Can you transfer subscriptions between tenants? Can a single tenant only have one subscription?
Yes Yes No
52
What is Azure Cost Management?
Analyzes your environment to help determine where your Azure costs are going.
53
What is Azure Cost Management "Cost Alerts"?
Cost alerts that can be generated when a threshold you defined is met.
54
What is Azure Cost Management "Budgets"?
Allows you to apply budgets to cost thresholds and limits to control your Azure spend.
55
What is Azure Cost Management "Recommendations"?
Displays ways to control costs through identifying trends in your usage.
56
What are Azure Management Groups?
Use to manage access, policies and compliance across MULTIPLE subscriptions in your environment.