IAM & AAD Flashcards

Question 1

Q

Azure Tenant

Answer

A

Identity Security Boundary
Can contain one or more subscriptions via a trust relationship
Azure AD: Subscription = 1: N

Contains IAM Resources (via AAD)

Active Directory Tenant > root account owner

Question 2

Q

AAD Groups

Answer

A

Security Group
Users/computer access to shared resources/groups

O365 Groups
Access to shared mailbox, calendar, SP and OneDrive

Question 3

Q

AAD Group Membership Types

Answer

A

Assigned - manual

Dynamic User
- Rules to auto add/remove users, dependent on member attribute

Dynamic Device
- Rules, Auto add/remove, device attributes for devices

Question 4

Q

Azure AD Specific Toles

Answer

A

Azure AD Specific Roles
– Tenant Level Scope
– Only applicable to AD specific resources
— user/groups/billing/passwords

Global Administrator
Security Administrator
User Administrator
Application Developer

Question 5

Q

Azure B2C

Answer

A

AWS Cognito

Allows 3rd party OIDC providers to connect to Azure App’s

Question 6

Q

Azure AAD Licenses

Answer

A

Azure AD Free
Azure AD Premium
- P1
- P2

Question 7

Q

Conditional Access - AAD Licenses

Answer

A

P1 and P2

Question 8

Q

Dynamic Groups - AAD Licenses

Question 9

Q

Identity Protection - AAD Licenses

Question 10

Q

Azure AD Groups

Answer

A

AAD Groups > Membership Types > Dynamic Users
> Add Dynamic Querry > Add Expressions

user.country -eq “India”

Takes times for SYNC

Question 11

Q

Azure RBAC Roles

v/s Azure AD Roles

Answer

A

Azure RBAC Roles
– Access Control to Azure Resources
– Multiple Levels
- Subscriptions
- Resource Groups
- Resources

Prebuilt Roles
- Owner
- Contributor (everything else, but no IAM changes)
- Reader
- User Access Administrator

Question 12

Q

Administrative Unit

Answer

A

Used to restrict scope of roles
Default Scope: Tenant Level

AAD > Administrative Unit > Limited Set of Roles

Question 13

Q

IAM - Different Entities

Answer

A

User Principal
Service Principal
Managed Identity

Question 14

Q

Azure AD Privileged Identity Management

Answer

A

Tool that will allow you to see who has elevated permissions within your environment.

You can examine the history of that access, and whether they use those permissions.
Also you can ask users to justify the need for those elevated permissions in a security review.

Brainscape's Knowledge GenomeTM

IAM & AAD Flashcards

Brainscape's Knowledge Genome^TM