Manage Identity and Access Flashcards

1
Q

How many directory objects can you have in the free AD plan?

A

500.000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which four editions does Azure AD come in?

A

Free, Microsoft 365 Apps, Premium 1, Premium 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the different ways to query Azure AD and Active Directory Domain Services?

A

Azure Ad is designed for HTTP/Https and queried via REST APIs.. Active Directory Domain Services are queried via LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Organizational Units (OU’s) and Group Policy (GPO’s) exist in Azure AD or Active Directory Domain Services

A

Organizational Units (OUs) and Group Policy Objects (GPOs are in Active Directory Domain Services.

Azure AD has a flat structure with users/groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Are both Azure AD and Active Directory Domain Services for cloud?

A

No Active Directory Domain Services are for On-premises

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What AD service supports Kerberos authentication?

A

Active Directory Domain Services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Where can user permissions be changed?

A

The default user permissions can be changed only in user settings in Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which role can read and modify every administrative setting in your Azure AD org?

A

Global administrator role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which role can set or reset any auth method for non-admins and some other roles?

A

Authentication Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain the traditional vs new security preimeter and who is responsible for securing?

A

Traditionally entrance and exit points of a network was the primary security perimeter.

With the rise of the internet the privileged administrative accounts are now effectively in control of this new security perimeter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is LDAP?

A

Lightweight Directory Access Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Azure AD DS is compatible with what?

A

Windows Service Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Explain how Azure AD DS can work with on-premise or cloud

A

It automatically replicates identity information from Azure AD or it can be synchronized with an on-prem Azure AD DS env.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which three Azure AD identities exist?

A

Cloud identities (exist only in Cloud), Directory-synced identities (exist in on-prem AD) and Guest ussers (Exist outside of azure for example other cloud providers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How are on-prem users synced with Azure AD?

A

Occurs via Azure AD Connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which two Azure AD Groups exist?

A

Security groups: Used to manage member and computer access to shared resources.

Microsoft 365 groups: Provides collab opportunities by for example giving access to a shared mailbox, calender or sharepoint site

17
Q

Which three ways exist to assign group access rights?

A

Assigned: Lets you add specific users to be members of this group…

Dynamic User: Lets your use dynamic membership rules to auto. add/remove members.

Dynamic Device: (Security groups only).. Dynamic rules to add/remove device

18
Q

What can an adminisitrative unit in Azure AD consist of?

A

Users and groups

19
Q

What is an Administrative Unit?

A

Restricts permissions in a role to any portion of your org.

To use administrative units, you need an Azure Active Directory Premium license for each administrative unit admin, and Azure Active Directory Free licenses for administrative unit members.

20
Q

Your organization is considering multifactor authentication in Azure. Your manager asks about secondary verification methods. Which of the following options could serve as secondary verification method?

1) Automated phone call.

2) Emailed link to verification website.

3) Microsoft account verification code.

A

You can configure an automated phone call for verification.

21
Q

Which license is required for Identity Protection?

A

Premium License 2

22
Q

What happens when you delete an Azure AD Account

A

It is placed in the Recycle Bin for 30 days

23
Q

Where should Auzre AD Connect be installed?

A

On prem on a Windows Server machine with GUI.. It must be able to connect to microsoft on TCP 433

24
Q

Can you use Azure SQL for Azure AD Connect?

A

No

25
Q

Azure AD Connect: Explain when it might be necessary for a full SQL Serer instance

A

If you have more than 100.000 objects you’ll need to leverage a full instance of SQL Server .. it is recommended to have Azure AD Connect and the instance on different server so these server also must be able to communiate

26
Q

Which two accounts are needed for configuring Azure AD Connect?

A

You need one account to have specific Azure AD permissions (Global Administrator) and the other must have specific on-premise Active AD permissions (local administrator)

27
Q

How does one install Azure AD Connect?

A

You download a msi file from the Microsoft Download center .. this will initiate a dialog where you specify SQL instance and other options