Mod 13 - Describe Azure identity, access, and security Flashcards

1
Q

What are the 4 things Azure AD does

A
  • Authentication
  • Single sign-on
  • Application management
  • Device management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

replica set

A

Two Windows Server domain controllers are then deployed into your selected Azure region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is information synchronized between AZ AD and AZ AD DS?

A

A managed domain is configured to perform a one-way synchronization from Azure AD to Azure AD DS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Single sign-on (SSO)

A

enables a user to sign in one time and use that credential to access multiple resources and applications from different providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is the security of SSO dependent on?

A

Single sign-on is only as secure as the initial authenticator because the subsequent connections are all based on the security of the initial authenticator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are the 3 cats of MFA

A
  • Something the user knows – this might be a challenge question.
  • Something the user has – this might be a code that’s sent to the user’s mobile phone.
  • Something the user is – this is typically some sort of biometric property, such as a fingerprint or face scan.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s passwordless authentication?

A

Azure auth method that enrolls a trusted device and enables you to enter in something you know or are. Ex. something you have, plus something you are, or something you know.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

three passwordless authentication options that integrate with Azure Active Directory (Azure AD):

A
  • Windows Hello for Business: ideal for information workers that have their own designated Windows PC. The biometric and PIN credentials are directly tied to the user’s PC, which prevents access from anyone other than the owner
  • Microsoft Authenticator app: allow your employee’s phone to become a passwordless authentication method
  • FIDO2 security keys: are an unphishable standards-based passwordless authentication method that can come in any form factor. These FIDO2 security keys are typically USB devices, but could also use Bluetooth or NFC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is Azure external identities

A

Azure AD External Identities refers to all the ways you can securely interact with users outside of your organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what are the 3 capabilities of external identities

A
  • Business to business (B2B) collaboration - Collaborate with external users by letting them use their preferred identity to sign-in to your Microsoft applications or other enterprise applications (SaaS apps, custom-developed apps, etc.). Shows users as guests in AD
  • B2B direct connect - Establish a mutual, two-way trust with another Azure AD organization for seamless collaboration. B2B direct connect currently supports Teams shared channels, enabling external users to access your resources from within their home instances of Teams. B2B direct connect users aren’t represented in your directory, but they’re visible from within the Teams shared channel and can be monitored in Teams admin center reports.
  • Azure AD business to customer (B2C) - Publish modern SaaS apps or custom-developed apps (excluding Microsoft apps) to consumers and customers, while using Azure AD B2C for identity and access management.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Conditional Access is useful in 4 ways

A
  • Require multifactor authentication (MFA) to access an application depending on the requester’s role, location, or network
  • Require access to services only through approved client applications
  • Require users to access your application only from managed devices
  • Block access from untrusted sources, such as access from unknown or unexpected locations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is role-based access control applied to resources?

A

Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what 4 things do AZ scopes include

A
  • A management group (a collection of multiple subscriptions).
  • A single subscription.
  • A resource group.
  • A single resource.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How is Azure RBAC enforced?

A

Azure RBAC is enforced on any action that’s initiated against an Azure resource that passes through Azure Resource Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

describe the allow model RBAC uses

A

Role-based access control, using an allow model, grants all of the permissions assigned in all of the assigned roles. Ex. user with The role permissions: Role 1 - read || Role 2 - write || Role 3 - read and write. They would have read and write

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe zero trust model

A

Zero Trust is a security model that assumes the worst case scenario and protects resources with that expectation.

Zero Trust assumes breach at the outset, and then verifies each request as though it originated from an uncontrolled network

17
Q

Describe defense-in-depth

A

A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.

18
Q

object of defense in depth

A

Protect information and prevent it from being stolen by those who aren’t authorized to access it.

19
Q

what are the 7 layers of defense in depth

A
  • The physical security layer is the first line of defense to protect computing hardware in the datacenter.
  • The identity and access layer controls access to infrastructure and change control.
  • The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users.
  • The network layer limits communication between resources through segmentation and access controls.
  • The compute layer secures access to virtual machines.
  • The application layer helps ensure that applications are secure and free of security vulnerabilities.
  • The data layer controls access to business and customer data that you need to protect
20
Q

what is Defender for Cloud

A

a monitoring tool for security posture management and threat protection. It monitors your cloud, on-premises, hybrid, and multicloud environments to provide guidance and notifications aimed at strengthening your security posture.

21
Q

Defender for Cloud fills three vital needs

A
  • Continuously assess – Know your security posture. Identify and track vulnerabilities.
  • Secure – Harden resources and services with Azure Security Benchmark.
  • Defend – Detect and resolve threats to resources, workloads, and services
22
Q

how does AZ AD fit in MS Entra

A

Microsoft Entra is not a replacement or rebranding of Azure AD. Azure AD remains Microsoft’s key identity solution, and is a part of Microsoft Entra

23
Q

what is MS entra

A

Microsoft Entra is the name for the family of identity and access technologies brought into one place, and under one portal.