Manage Identities and Governance in Azure

Question 1

Multi-tenant cloud-based directory and identity management service

Answer 1

Azure AD

Question 2

A dedicated and trusted instance of Azure AD

Answer 2

Azure tenant/directory

Question 3

Differences between Azure AD and AD DS

Answer 3

• Identity Solution; -REST API Querying; Communication Protocols; Federation Services; Flat Structure

Question 4

Azure AD uses the __ __ over __ and ___.

Answer 4

REST API; HTTP & HTTPS

Question 5

Communication protocols that can be used by Azure AD:

Answer 5

SAML, WS-Federation, OpenID Connect (OAuth)

Question 6

Azure AD Four Editions:

Answer 6

Free, Microsoft 365 Apps, Premium P1, Premium P2

Question 7

Azure AD Edition included with an Azure Subscription

Answer 7

Free

Question 8

Azure AD edition available through a Microsoft Enterprise Agreement, the Open Volume License Program, and the Cloud Solution Providers program

Answer 8

Premium editions

Question 9

Azure AD edition that adds in Identity Protection & Governance

Answer 9

Premium P2

Question 10

Designed to provide access to organizational apps and resources and to simplify Windows deployments of work-owned devices

Answer 10

Azure AD Join

Question 11

AD Join benefits:

Answer 11

SSO, Enterprise state roaming, Access to Microsoft Store for Business, Windows Hello, Restriction of Access, Seamless access to on-premise resources

Question 12

Azure AD two options:

Answer 12

Registering & Joining

Question 13

AD defines users in 3 ways:

Answer 13

Cloud, Directory-synchronized, Guest users

Question 14

Examples include accounts from other cloud providers and Microsoft accounts such as Xbox LIVE accounts

Answer 14

Guest users

Question 15

Deleted users can be restored for ___ days.

Answer 15

30

Question 16

In addition to the Portal, Users can also be added to Azure AD through ___, ___, and the ___.

Answer 16

Microsoft 365 Admin Center, Microsoft Intune admin console, and the CLI

Question 17

Azure AD allows you to define two different types of groups:

Answer 17

Security & Microsoft 365 groups

Question 18

Provide collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more

Answer 18

Microsoft 365 Groups

Question 19

Three ways to assign access rights (add members to groups):

Answer 19

Assigned, Dynamic User, Dynamic Device (Security groups only)

Question 20

Can manage administrative units by using the __, ___ __ & ___, or ___.

Answer 20

Azure Portal, PowerShell Cmdlets & Scripts, or Microsoft Graph

Question 21

Regional pairs key knowledge:

Answer 21

Physical isolation, Platform-provided replication, Region recovery order, Sequential updates, Data residency

Question 22

Azure prefers at least ___ miles of separation between datacenters in a regional pair.

Answer 22

300

Question 23

Logical unit of Azure services that is linked to an Azure account

Answer 23

Azure subscription

Question 24

Four ways to get an Azure subscription:

Answer 24

Enterprise, Resellers, Partners, Personal

Question 25

Enterprise agreement SLA

Answer 25

99.95%

Question 26

Commonly used subscriptions are:

Answer 26

Free, Pay-as-you-go, Enterprise Agreement, Student

Question 27

Azure free subscription - credit to spend on any service for the first ___ days; free access to most popular Azure products for ___ months; access to more than __ products that are always free

Answer 27

30, 12, 25

Question 28

Each resource or resource group can have a maximum of ___ tag name/value pairs.

Answer 28

509

Question 29

Pricing benefit for customers who have licenses with Software Assurance.

Answer 29

Azure Hybrid Benefits

Question 30

Provide a level of scope above subscriptions

Answer 30

Management group

Question 31

A service in Azure that you use to create, assign, and manage policies

Answer 31

Azure Policy

Question 32

Main advantages of Azure Policy:

Answer 32

Enforcement & Compliance, Apply policies are scale, Remediation

Question 33

To implement Azure Policies, do:

Answer 33

(1) Browse Policy Definitions (2) Create Initiative Definitions (3) Scope the Initiative Definition (4) View Policy Evaluation Results

Question 34

Object that represents something that is requesting access to resources (ex: user, group, service principal, managed identity)

Answer 34

Security Principal

Question 35

Collection of permissions that lists the operations that can be performed (ex: Reader, Contributor, Owner, User Access Administrator)

Answer 35

Role Definition

Question 36

Boundary for the level of access that is requested (Ex: management group, subscription, resource group, resource)

Answer 36

Scope

Question 37

Attaching a role definition to a security principal at a particular scope

Answer 37

Assignment

Question 38

Each role is a set of properties defined in a ___ file.

Answer 38

JSON

Question 39

A resource ___ role assignments from its parent source.

Answer 39

Inherits

Question 40

Manage access to Azure Resources

Answer 40

Azure RBAC Roles

Question 41

Manage access to Azure AD Resources

Answer 41

Azure AD Roles

Question 42

Four fundamental built-in-roles

Answer 42

Owner, Contributor, Reader, User Access Administrator

Question 43

Role allows a user to create and manage virtual machines

Answer 43

Virtual Machine Contributor