Manage User Authentication Flashcards

1
Q

Name 3 Passwordless authentication methods for Microsoft 365.

A
  1. Windows Hello
  2. Microsoft Authenticator
  3. FIDO2 Security Key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

FIDO2

A

Fast Identity Online

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does FIDO2authentication typically work?

A

USB device with security key (also Bluethooth or NFC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Benefits of ______________

  • unphishable
  • passwordless
  • external security key
A

FIDO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the earliest version of WIndows that supports FIDO?

A

Windows 10, 1903

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Problems fixed by ________

  • Strong passwords are hard to remember
  • Server breaches can expose passwords
  • Passwords are subject to replay attacks
  • Phishing attacks compromise passwords
A

Windows Hello

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What version of TPM is required to generate a key in software?

A

2.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What two security groups are required to deploy Windows Hello for Business?

A
  1. KeyCredential Admins

2. Windows Hello for Business Users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the initialism TPM stand for?

A

Trusted Platform Module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the primary purpose of a TPM?

A

Securely stores keys and measures the integrity of a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the weakness of TPM that attackers exploit?

A

The information in-transit between the CPU and TPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the improvement provided by the Pluton architecture?

A

The TPM is emulated directly on the CPU keeping the information from being in-transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the two biggest benefits of SSPR?

A
  1. Users can reset their own password.

2. No IT intervention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What allows you to control access to SaaS cloud applications based on the authenticating Azure AD tenant?

A

Tenant restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What two high level steps are needed to enable tenant restrictions?

A
  1. Ensure clients can connect to addresses.

2. Configure proxy infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What addresses should clients be able to connect to in order to use tenant restrictions?

A
  • login.microsoftonline.com
  • login.microsoft.com
  • login.windows.net
17
Q

What are 3 prerequisites to using Tenant Restrictions?

A
  1. Proxy must perform TLS interception.
  2. Clients must trust certificate chain.
  3. Azure AD Premium 1 is required.
18
Q

Define Restrict-Access-To -Tenants in Tenant Restrictions.

A

A comma separated list of tenants that are accessible.

19
Q

Define Restrict-Access-Context in Tenant Restrictions.

A

Value of a single directory ID, the tenant used for tenant restrictions.

20
Q

Do Microsoft 365 applications support Tenant Restrictions?

A

If they,

  1. support Modern Authentication
  2. Modern Authentication is set as default
21
Q

Which of these authentication methods offers the highest level of security?

  • SMS verification
  • Microsoft Authenticator App
  • Voice call verification
A

Microsoft Authenticator App

22
Q

Which of the following is a security group used by Hybrid Windows Hello for Business when no Windows Server 2016 or later domain controllers are deployed?

  • KeyCredential Admins
  • Enterprise Key Admins
  • Windows Authorization Access Group
A

KeyCredential Admins

23
Q

Which is the recommended mode to start with when deploying Azure AD Password Protection?

  • Audit mode
  • None
  • Enforced mode
A

Audit Mode