Manage User Authentication

Question 1

Name 3 Passwordless authentication methods for Microsoft 365.

Answer 1

1. Windows Hello
2. Microsoft Authenticator
3. FIDO2 Security Key

Question 2

FIDO2

Answer 2

Fast Identity Online

Question 3

How does FIDO2authentication typically work?

Answer 3

USB device with security key (also Bluethooth or NFC)

Question 4

Benefits of ______________

• unphishable
• passwordless
• external security key

Answer 4

FIDO

Question 5

What is the earliest version of WIndows that supports FIDO?

Answer 5

Windows 10, 1903

Question 6

Problems fixed by ________

• Strong passwords are hard to remember
• Server breaches can expose passwords
• Passwords are subject to replay attacks
• Phishing attacks compromise passwords

Answer 6

Windows Hello

Question 7

What version of TPM is required to generate a key in software?

Answer 7

2.0

Question 8

What two security groups are required to deploy Windows Hello for Business?

Answer 8

1. KeyCredential Admins

2. Windows Hello for Business Users

Question 9

What does the initialism TPM stand for?

Answer 9

Trusted Platform Module

Question 10

What is the primary purpose of a TPM?

Answer 10

Securely stores keys and measures the integrity of a system.

Question 11

What is the weakness of TPM that attackers exploit?

Answer 11

The information in-transit between the CPU and TPM

Question 12

What is the improvement provided by the Pluton architecture?

Answer 12

The TPM is emulated directly on the CPU keeping the information from being in-transit.

Question 13

What are the two biggest benefits of SSPR?

Answer 13

1. Users can reset their own password.

2. No IT intervention

Question 14

What allows you to control access to SaaS cloud applications based on the authenticating Azure AD tenant?

Answer 14

Tenant restrictions

Question 15

What two high level steps are needed to enable tenant restrictions?

Answer 15

1. Ensure clients can connect to addresses.

2. Configure proxy infrastructure

Question 16

What addresses should clients be able to connect to in order to use tenant restrictions?

Answer 16

• login.microsoftonline.com
• login.microsoft.com
• login.windows.net

Question 17

What are 3 prerequisites to using Tenant Restrictions?

Answer 17

1. Proxy must perform TLS interception.
2. Clients must trust certificate chain.
3. Azure AD Premium 1 is required.

Question 18

Define Restrict-Access-To -Tenants in Tenant Restrictions.

Answer 18

A comma separated list of tenants that are accessible.

Question 19

Define Restrict-Access-Context in Tenant Restrictions.

Answer 19

Value of a single directory ID, the tenant used for tenant restrictions.

Question 20

Do Microsoft 365 applications support Tenant Restrictions?

Answer 20

If they,

1. support Modern Authentication
2. Modern Authentication is set as default

Question 21

Which of these authentication methods offers the highest level of security?

• SMS verification
• Microsoft Authenticator App
• Voice call verification

Answer 21

Microsoft Authenticator App

Question 22

Which of the following is a security group used by Hybrid Windows Hello for Business when no Windows Server 2016 or later domain controllers are deployed?

• KeyCredential Admins
• Enterprise Key Admins
• Windows Authorization Access Group

Answer 22

KeyCredential Admins

Question 23

Which is the recommended mode to start with when deploying Azure AD Password Protection?

• Audit mode
• None
• Enforced mode

Answer 23

Audit Mode