Manage Microsoft Entra Identities

Question 1

What does RBAC stand for?

Answer 1

Role-Based Access Control

Question 2

True or false: Entra ID supports management via GPO settings

Answer 2

False

Question 3

Which Entra ID tier includes self-service group management and PIM?

Answer 3

Entra ID Premium P2

Question 4

How can Entra users access Entra apps using the web portal?

Answer 4

myapps.microsoft.com

Question 5

What are the 3 built-in roles that the Azure RBAC mechanism is built on?

Answer 5

Owner / Contributor / Reader

Question 6

Why is it recommended to use organisational accounts to manage an Entra tenant?

Answer 6

To avoid mixing authentication methods

Question 7

What type of Entra group can be used as an email distribution list?

Answer 7

Microsoft 365 Group

Question 8

True or false: groups from on-prem AD-DS with dynamic membership don’t sync with Entra ID

Answer 8

True

Question 9

Which version of Powershell is recommended for use with the MS Graph Powershell SDK?

Answer 9

Powershell 7

Question 10

What is the Powershell command to install the Graph SDK?

Answer 10

Install-Module -Name Microsoft.Graph -Scope CurrentUser

Question 11

What cmdlet is used to connect the Powershell Graph SDK to Entra?

Answer 11

Connect-MgGraph

Question 12

For which Entra ID tiers is on-prem directory sync only one-directional?

Answer 12

Entra ID Free/Basic

Question 13

True or false: By default, Entra connect syncs all users and groups

Answer 13

True

Question 14

What is pass-through authentication in the context of directory sync?

Answer 14

True SSO: Entra ID uses cloud identities to verify validity, and passes authentication to Entra Connect.

Question 15

What is a synchronised password in the context of directory sync?

Answer 15

When an AD-DS User password syncs with the entity in Entra ID

Question 16

What is is a separate cloud password in the context of directory sync?

Answer 16

When a user identity is synced but not its password, requiring a separate unique password for the cloud-based user

Question 17

What are federated identities in the context of directory sync?

Answer 17

AD-FS performs authentication on-prem instead of using Entra Connect, providing claims-based authentication that multiple cloud-based apps can use

Question 18

True or false: a computer running Entra Connect requires inbound internet connectivity

Answer 18

False - Entra Connect initiates all communication

Question 19

When installing Entra connect, should an organisation syncing a single AD-DS forest with an Entra tenant use Express or Custom settings?

Answer 19

Express

Question 20

When installing Entra Connect using Express settings, what settings are configured? (6)

Answer 20

-SQL server Express is installed
-All identities in the forest are synced
-All attributes are synced
-Password sync is enabled
-An initial sync is performed immediately after install
-Automatic upgrade is enabled

Question 21

When installing Entra Connect with Custom settings, what settings are available? (5)

Answer 21

-Pass-through authentication
-Federation with AD-FS
-Filtering based on OUs or attributes
-Exchange Hybrid
-Password, group and device writeback

Question 22

What is Pass-through authentication?

Answer 22

When users sign in to applications by validating their passwords directly against on-premises Active Directory

Question 23

What is Exchange Hybrid?

Answer 23

Extending on-prem Exchange servers to Exchange Online

Question 24

True or false: Entra connect automatically assigns licenses for MS365 services from on-prem AD to synced Entra ID objects

Answer 24

False

Question 25

True or false: not all on-prem AD attributes sync with Entra ID

Answer 25

True

Question 26

True or false: existing user, group and contact objects that are deleted from on-prem AD are deleted from Entra ID

Answer 26

True

Question 27

True or false: existing user objects that are disabled on-prem are disabled in Azure

Answer 27

True (but licenses aren't automatically unassigned).