Hack 1 - Implement user authentication and authorization Flashcards

1
Q

What is Azure Active Directory (Azure AD)?

A

Azure AD is a cloud-based identity and access management service that helps employees sign in and access resources like Microsoft 365, Azure, and other SaaS apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is OAuth 2.0?

A

OAuth 2.0 is an open standard for token-based authentication, allowing third-party services to exchange credentials without exposing user passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is OpenID Connect (OIDC)?

A

OpenID Connect is a protocol built on OAuth 2.0 that adds an identity layer, allowing applications to verify the user’s identity and obtain profile information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the key roles of Azure AD B2C?

A

Azure AD B2C provides business-to-consumer identity management, allowing users to sign in using social accounts (Google, Facebook) or local accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between Authentication and Authorization?

A

Authentication is the process of verifying the user’s identity, while Authorization determines what actions the user is permitted to perform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you secure an Azure App Service using Azure AD?

A

You can secure an Azure App Service by enabling authentication/authorization in the Azure portal and configuring Azure AD as the identity provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Managed Identity in Azure?

A

Managed Identity is a feature that allows an Azure service to authenticate with Azure AD without managing credentials directly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does Role-Based Access Control (RBAC) work in Azure?

A

RBAC allows you to assign specific roles to users, groups, or applications, limiting access to resources based on the role assigned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the main token types used in Azure AD authentication?

A

The main token types are Access Tokens, ID Tokens, and Refresh Tokens, used to authenticate, authorize, and maintain sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Multi-Factor Authentication (MFA)?

A

MFA adds an additional layer of security by requiring two or more verification methods, such as a password and a phone verification, to access resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of Conditional Access in Azure AD?

A

Conditional Access controls access to cloud apps based on conditions like user location, device, and risk level, enforcing security policies dynamically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do you implement authentication in a single-page application (SPA) using Azure AD?

A

You can use MSAL.js (Microsoft Authentication Library for JavaScript) to integrate Azure AD into SPAs, handling authentication and obtaining tokens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the Microsoft identity platform?

A

Microsoft identity platform is a collection of tools and services for developers to build applications that can authenticate users and get tokens for accessing resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a security principal in Azure?

A

A security principal is an object in Azure AD representing a user, group, or service principal with access rights to Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can you configure app roles for an Azure AD app registration?

A

App roles are defined within an app registration in Azure AD and can be assigned to users or groups to control access to specific app functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly