Exam Summary - Azure Identities and Governance Flashcards

1
Q

What Azure role(s) must you have before you can add or modify Azure identities (Users, Groups, Etc.)?

A

User Administator or Global Administrator Role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two cloud identities?

A

Local Azure AD

External Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Hybrid Identity?

A

An on premise to cloud directory-synchronized identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the Azure Guest Identities?

A
Azure AD B2B Collaboration
External Identities (Google, Facebook, Etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What PowerShell module is needed to connect to Azure AD, and what is the command to install it?

A

AzureAD

Install-Module -Name AzureAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What PowerShell command is used to connect to your Azure AD environment once the module as been installed?

A

Connect-AzureAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What PowerShell command is used to create a new Azure AD user?

A

New-AzureADUser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are your Azure group types?

A

Basic Group

Dynamic Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What AD group allows you to Bulk add using CSV templates?

A

Basic Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Dynamic AD Group?

A

Users can be added automatically and removed via Rules bases assignments determined by their user properties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can users be automatically assigned roles and licenses when added into a dynamic groups?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which Azure AD group can you NOT manually add users or devices to?

A

Dynamic Groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How/where can you manage user and group properties?

A

Modify user and group properties In the Azure portal

Modify using the PowerShell AzureAD module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Differentiate the difference between a “Cloud Device Administrator” and a “Device Administrator”

A

Cloud Device Admin:
Can add, enable, disable, and delete devices in Azure AD
Can NOT modify device properties

Device Admin:
Local machine Administrator
Can NOT modify the object in Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s the minimum required licensing needed for Azure guest accounts?

A

Requires Azure AD Premium P2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Although the invite needs to be reviewed, what roles can invite guest accounts into your Azure environment?

A

Administrators

Users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What roles are required to review guest account invites?

A

Global Administrator

User Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Differentiate the difference between “Azure AD Registered” and “Azure AD Joined”

A

Azure AD Registered:
Personally Owned Device
MS Account or Local Account Sign-In
OS Supported - Win10, iOS, Android, macOS

Azure AD Joined:
Organization Owned Device
Azure AD Sign-In
OS Supported - Win10, Windows Server 2019 VMs in Azure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What licensing is needed enabling user’s Self-Service Password Reset functionality?

A

Azure AD Free:
Cloud-Only Password Change

Azure AD Premium P1 or P2
Cloud-Only Password Change
Cloud-Only Password Reset
Hybrid Password Change or reset with on-prem writeback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the “security principles” we can assign roles to in Azure?

A

Users
Groups
Service Principal
Managed Identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the User security principal?

A

An individual who has a profile in Azure Active Directory. You can also assign roles to users in other tenants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the Group security principal?

A

A set of users created in Azure Active Directory. When you assign a role to a group, all users within that group have that role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the “Service Principal” security principal?

A

A security identity used by applications or services to access specific Azure resources. You can think of it as a user identity (username and password or certificate) for an application.

24
Q

What is the Managed Identity security principal?

A

An identity in Azure Active Directory that is automatically managed by Azure. You typically use managed identities when developing cloud applications to manage the credentials for authenticating to Azure services.

25
Q

What three built in Azure roles apply to all resource types?

A

Owner
Contributor
Reader
(Example - Blob Storage Owner, Contributor, and Reader)

26
Q

What are the built-in Azure roles?

A

Owner
Contributor
Reader
User Access Administrator

27
Q

Define the built-in Azure owner role.

A

Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.

28
Q

Define the built-in Azure contributor role.

A

Can create/manage all resources, but cannot grant access.

29
Q

Define the built-in Azure reader role.

A

View all resources, but does not allow you to make any changes.

30
Q

Define the built-in Azure user access administrator role.

A

Lets you manage user access to Azure resources.

31
Q

What’s the PowerShell Cmdlet that allows you to assign a new role to a user?

A

New-AzRoleAssignment

32
Q

What are Azure Deny Assignments?

A

Blocks users from performing specific actions even if a role assignment allows it

33
Q

Does a role assignment or deny assignment take precedence?

A

Deny assignment

34
Q

Where do you have to create your own deny assignments?

A

Azure Blue Prints

Managed Apps

35
Q

What are the PowerShell Cmdlets to get role / deny assignments, as well as the Azure CLI get role assignment command?

A

Get-AzRoleAssignment
Get-AzDenyAssignment

az role assignment list

36
Q

Where/how can you create a custom role in Azure?

A

Portal
ARM Template
PowerShell
Azure CLI

37
Q

WHAT enforces rules to ensure your resources remain in compliant by focusing on the resource properties for both new and existing deployments?

A

Azure Policies

38
Q

Does Azure Policies apply remediation to resources that are not compliant?

A

No, but it does suggest remediations in the Azure Portal.

39
Q
Azure Policy Concepts
What is a:
1. Policy Definition
2. Assignment
3 Initiative
A
  1. A rule
  2. An Application of an initiative or policy to a specific scope
  3. A collection of policy definitions
40
Q

What are the resource lock types?

A

Read-Only

Delete

41
Q

Can resource locks be inherited for:

  1. Existing resources
  2. Newly created resources
A
  1. Yes

2. Yes

42
Q

Whom do locks apply to in your Azure environment?

A

All users and roles

43
Q

What are the PowerShell and Azure CLI basic lock creation commands?

A

PowerShell:
New-AzResourceLock -LockLevel -LockName - ResourceName

AzureCLI:
az lock create –name –lock-type –resource-group

44
Q

Each tag consists of what “pair”

A

Name and Value pair

45
Q

What access does your account need to be able to assign tags?

A

Must have Write access to Microsoft.Resource/tags provider

46
Q

What is an Azure Resource Group?

A

Containers that hold related Azure resources

47
Q

Does moving a resource to a different resource group change the location/region where it was originally located?

A

No

48
Q

Resource groups only store the WHAT about the resources it contains?

A

Metadata

49
Q

What would happen to the resources in a group when you delete that resource group?

A

Deletes all resources in that resource group

50
Q

What are the PowerShell and Azure CLI basic resource group creation commands?

A

PowerShell:
New-AzResourceGroup -Name - Location

AzureCLI:
az group create –name –location

51
Q

Can you move resources between subscriptions?
Can you transfer subscriptions between tenants?
Can a single tenant only have one subscription?

A

Yes
Yes
No

52
Q

What is Azure Cost Management?

A

Analyzes your environment to help determine where your Azure costs are going.

53
Q

What is Azure Cost Management “Cost Alerts”?

A

Cost alerts that can be generated when a threshold you defined is met.

54
Q

What is Azure Cost Management “Budgets”?

A

Allows you to apply budgets to cost thresholds and limits to control your Azure spend.

55
Q

What is Azure Cost Management “Recommendations”?

A

Displays ways to control costs through identifying trends in your usage.

56
Q

What are Azure Management Groups?

A

Use to manage access, policies and compliance across MULTIPLE subscriptions in your environment.