Identity and Governance Flashcards

1
Q

How would you associate a number of VMs in the same resource group with their corresponding department?

A

Assign tags

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is needed to enforce the use of MFA and device registration for global administrators?

A

Azure AD conditional access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you implement Azure AD conditional access policy?

A

Create a new policy in the Azure portal
Set the policy to require MFA and AD device registration
Specify global administrators as the target
Specify locations that are untrusted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do you alter in an Azure AD conditional access policy to require MFA for global administrators?

A

Grant control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Are you able to change the usage model (per enabled user/per authentication) after an MFA provider is created?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What can you assign locks and tags to?

A

Subscriptions
Resource groups
Resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do you allows users to use Azure AD Premium features?

A

From the Licenses section of the portal, assign a license

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How would you make a user an administrator for all workstations that will be joined to the Azure AD domain?

A

From the Devices section of the portal, go to device settings and configure an additional local administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who can can add devices to a group?

A

The owner of the group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What can global administrators and cloud device administrators do with devices?

A

Manage already registered or joined devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some characteristics of tags?

A
  • A resource can have 50 tags
  • Values are case-sensitive, limit of 256
  • Tag names are not case-sensitive, limit of 512
  • Limits are halved for storage accounts
  • Not inherited by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What command would you use for an immediate Azure AD sync?

A

Start-ADSyncSyncCycle -PolicyType Delta

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What command initiates a full Azure AD sync?

A

Start-ADSyncSyncCycle -policy initial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In the Azure portal, how would you assign an administrative role to a user?

A

Directory > Users > Select user > Add role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What role would allow a user to create Azure apps?

A

Some type of contributor role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How would you access a report that details costs for each department?

A

Assign a tag to each resource > Subscriptions > Cost analysis, Download usage report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What happens when you move a resource from one RG to another RG in a different region?

A

The resource is moved but the location stays the same

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What blade do you use to optimize and reduce your overall Azure spend by identifying idle/underutilized resources?

A

Advisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How do you ensure an admin can invite external partners to log into the Azure AD tenant?

A

Users > External collaboration settings

20
Q

Who is able to elevate themselves to gain access to the root management group?

A

Azure AD Global Administrators

21
Q

Can you dynamically assign unlicensed users to a group?

22
Q

Who can access traffic analytics?

A

Owner
Contributor
Network/Monitoring Contributor

23
Q

Describe the Contributor role

A

Lets you manage resources but cannot manage access to them

24
Q

Describe the Owner role

A

Grants full access to manage all resources
Allows you to assign roles in Azure ABAC

25
Who can assign a user the owner role?
Owner User Access admin
26
How do Azure RBAC roles and Microsoft Entra ID roles work together?
They work independently AD roles to not grant access to Azure resources and vice versa
27
Describe the User Access Administrator role
Can manage access but not the resources themselves
28
What do managed identities for Azure resources do?
Provide Azure services with an automatically managed identity in Microsoft Entra ID
29
What was Azure Active Directory renamed to?
Microsoft Entra ID
30
What do you use managed identities for?
So the identity can authenticate to any service that supports Azure AD authentication
31
Why might you be unable to delete a vault?
Can't delete a vault that contains backup data
32
Why might you be unable to delete a VNET?
Has a Delete resource lock
33
What do you need to bulk delete users in Azure AD?
User principal name
34
What does "Append a tag and its value to resources" not apply to?
* Resources before the policy was applied, until they are changed * Resource groups
35
What would you use to grant local admin permissions for people in three different offices?
Administrative units
36
What are administrative units useful for?
Restricting the administrative scope in independent divisions
37
What do you need to bulk invite guest users?
A .csv template with email addresses and a redirection URL Or, create a PowerShell script that runs New-MgInvitation for each external user
38
What type of roles can be cloned?
You cannot clone built-in AD roles. You can clone built-in subscription roles
39
How does group-based licensing assignment work?
* Does not support nested groups * If you apply a license to a nested group, only the immediate first-level user members of the group have the license applied
40
What happens when a user's access package assignment expires?
They are removed from the group/team Unless they have an assignment to another package that includes the same group/team
41
How do Microsoft 365 groups and security groups interact?
Microsoft 365 groups cannot be added in security groups
42
Is nesting supported for groups that can be assigned to a role?
No
43
Who can assign the owner role?
Owner User Administrator Access Role
44
If a license is assigned by group, can you remove the license from a user in the group?
No, cannot remove without removing the group
45
What does an asterisk denote in a role definition?
All actions
46
Can you delete users or groups with assigned license?
Can delete a user regardless of license status Cannot delete groups that have an assigned license
47
Are administrators enabled for SSPR by default?
Yes, with a strong default two-gate password reset policy