Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AZ-500 > Manage identity and access > Flashcards

Manage identity and access Flashcards

1
Q

Which 5 main features does the free version of Microsoft Entra provide?

A

User and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Microsoft 365, and many popular SaaS apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which 5 main features does Premium 1 of Microsoft Entra add?

A

Hybrid users access both on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities, which allow self-service password reset for your on-premises users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which 2 big features does Premium 2 of Microsoft Entra add?

A

Microsoft Entra ID Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 3 types of Active Directory-based identity solutions?

A

Microsoft Entra ID, Active Directory Domain Services and Microsoft Entra Domain Services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Suppose that you need traditional authetication mechanisms such as Kerberos or NTLM, what are the two ways to provide ADDS in the cloud?

A
  1. A managed domain that you create using Microsoft Entra Domain Services
  2. A self-managed domain that you create and configure using traditional resources such as virtual machines (VMs), Windows Server guest OS, and Active Directory Domain Services (AD DS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are 3 common deployment methods for self-managed AD DS?

A
  1. Standalone cloud-only AD DS
  2. Resource forest deployment
  3. Extend on-premises domain to Azure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a domain controller?

A

A server that responds to security authentication requests within a computer network domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is self-managed AD DS via standalone cloud-only AD DS?

A

Azure VMs are configured as domain controllers, and a separate, cloud-only AD DS environment is created. This AD DS environment doesn’t integrate with an on-premises AD DS environment. A different set of credentials is used to sign in and administer VMs in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is self-managed AD DS resource forest deployment?

A

Azure VMs are configured as domain controllers, and an AD DS domain that’s part of an existing forest is created. A trust relationship is then configured to an on-premises AD DS environment. Other Azure VMs can domain-join this resource forest in the cloud. User authentication runs over a VPN / ExpressRoute connection to the on-premises AD DS environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is self-managed AD DS where you extend the on-premise domain to Azure?

A

An Azure virtual network connects to an on-premises network using a VPN / ExpressRoute connection. Azure VMs connect to this Azure virtual network, which lets them domain-join to the on-premises AD DS environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Microsoft Entra ID for?

A

It lets you manage the identity of devices used by the organization and control access to corporate resources from those devices. Users can also register their personal device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are 5 benefits of using Microsoft Entra joined devices?

A

Single sign-on (SSO) to applications secured by Microsoft Entra ID.
Enterprise policy-compliant roaming of user settings across devices.
Access to the Windows Store for Business using corporate credentials.
Windows Hello for Business.
Restricted access to apps and resources from devices compliant with corporate policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What 3 passwordless authentication options integrate with Microsoft Entra ID?

A

Windows Hello for Business
Microsoft Authenticator
Fast Identity Online2 (FIDO2) security keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are Fast Identity Online2 (FIDO2) security keys?

A

Unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO2 security keys are a great option for enterprises that are very security sensitive or have scenarios or employees who aren’t willing or able to use their phone as a second factor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Microsoft Entra Connect used for?

A

Integrating your on-premise directories with Microsoft Entra ID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are 5 features of Microsoft Entra Connect?

A

Password hash synchronization, pass-through authentication, federation integration, synchronization and health monitoring in Microsoft Entra Connect Health.

17
Q

What is federation with Microsoft Entra ID?

A

Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes authentication and almost always includes authorization.

18
Q

What is pass-through authentication?

A

A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn’t require the additional infrastructure of a federated environment.

19
Q

What is password writeback?

A

A feature enabled with Microsoft Entra Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.

20
Q

What 3 main things is Microsoft Entra ID protection used for?

A

Automate the detection and remediation of identity-based risks.
Investigate risks using data in the portal.
Export risk detection data to third-party utilities for further analysis.

21
Q

What are the 3 default policies available in Microsoft Entra ID protection?

A

Multi-Factor Authentication registration policy, user risk remediation policy and sign-in risk policy

22
Q

What are the 6 different conditions of conditional access?

A

user/group, cloud application, device state, location (IP range), client application, and sign-in risk

23
Q

What are the 3 guiding principles of Zero Trust?

A

Verify explicitly
Use least privilege access
Assume breach

24
Q

How many hierarchies deep can management groups be?

A

6

25
Q

What are the 3 main pillars in the functionalities of Azure policy?

A

Real-time enforcement and compliance assessment, applying policies at scale by leveraging Management Groups and remediation by leveraging a remediation policy.

26
Q

What is RBAC?

A

Role based access control, an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources

27
Q

What are Azure Blueprints?

A

A declarative way to orchestrate the deployment of various resource templates and other artifacts, such as: Role Assignments, Policy Assignments, Azure Resource Manager templates and Resource Groups. Blueprint objects are replicated in multiple Azure regions.

28
Q

How do you assign an Azure Blueprint to a management group?

A

Use the Create or Update REST API, and the request body must include a value for properties.scope to define the target subscription.

AZ-500 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions