Identity Management Flashcards

1
Q

What is the name of the service providing managed domain services in Azure?

A

Azure Active Directory Domain Services

  • provides a managed domain controller
  • features: Domain Join, Group Policy, LDAP, Kerberos, NTLM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two options for providing AD domain services in Azure?

A
  1. Install a domain controller on a VM (Active Directory Domain Services)
  2. Azure Active Directory Domain Services - managed domain controller
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the main Azure AD features?

A
  1. Enterprise Identity Solution
  2. Single Sign-On for apps and infrastructure services
  3. Multifactor Authentication
  4. Self Service - password resets, access requests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the limit for # of objects and in what version of AAD?

A

Only FREE version has a limit of 500,000 objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What AAD license do you need for Identity Protection, PIM, Access Reviews, and 3rd party MFA?

A

Premium 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the components of AD Connect?

A
  1. Synchronization Services
  2. Active Directory Federation Services (optional)
  3. Health Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AD Connect sync features

A
  1. Filtering - what objects are synced (e..g. what domains)
  2. Password hash synchronization - allows to keep your on-premises AD password policy
  3. Password writeback - users can change passwords in the cloud
  4. Device writeback - from AAD to AD for conditional access
  5. Prevent accidental deletes
  6. Automatic upgrade of AD Connect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the password sync options?

A
  1. Password Sync - passwords are kept in both AD DS and AAD
  2. Passthrough Authentication - AD DS is the source
  3. AD Federation Services - full federation across AD DS and Azure AD, along with other services or SaaS apps e.g. ServiceNow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the hybrid authentication option required by Identity Protection?

A

Password Hash Sync

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does Authentication Federation mean?

A

It means that authentication is handed over to a separate authentication system - allows to use smart cards. You can customize sign-in pages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which hybrid authentication option requires the least effort?

A

Password Hash Sync

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What needs to be added to on-prem for passthrough authentication to work?

A

Authentication Agents need to installed on existing servers - recommended are 3
- hash sync can be used as backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Identity Protection provide?

A

Leaked credential reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In IAM Add role assignment, what are the 3 options for “Assign access to”?

A
  1. Azure AD user, group, or application
  2. User assigned managed identity
  3. System assigned managed identity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the two new roles that come with PIM?

A

Security Administrator and Privileged Role Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly