Plan, Implement, Administer Conditional Access

Question 1

What switch is provided to for default protection settings in Azure?

Answer 1

“Enable Security Defaults”

Question 2

3 scenarios where security defaults should not be used.

Answer 2

1. Using Conditional Access Policies
2. Azure AD Premium
3. Complex Security Requirements

Question 3

Using Security Defaults to enable user authentication MFA, how long does a user have to register?

Answer 3

14 days

Question 4

Can you configure legacy authentication to use MFA?

Answer 4

No

Question 5

List 5 benefits of Conditional Access

Answer 5

1. Increase Productivity
2. Manage Risk
3. Address Compliance and Governance
4. Manage Cost
5. Zero Trust

Question 6

In terms of a Conditional Access Policies, what are “assignments”?

Answer 6

Conditions

Question 7

What license is required to combine Conditional Access with Azure AD Identity Protection?

Answer 7

Azure AD Premium 2

Question 8

What 2 types of accounts should be excluded from Block Policies?

Answer 8

• Break-glass Accounts

- Service Accounts

Question 9

What 3 types of Administrators can set up a Conditional Access policy?

Answer 9

1. Global Administrator
2. Security Administrator
3. Conditional Access Administrator

Question 10

What set of rules ensure an organization’s data remains safe or contained in a managed app?

Answer 10

App Protection Policies (APP)

Question 11

What solution provides app protection for BYOD devices?

Answer 11

Mobile Application Management without enrollment (MAM-WE)

Question 12

What solution protects app data on a mobile device?

Answer 12

Mobile Application Management

Question 13

What is the purpose of report-only mode?

Answer 13

Allow Administrators an evaluation time.

Question 14

How many bad password attempts does Smart lockout cache?

Answer 14

3

Question 15

What license is required to customize Smart lockout settings?

Answer 15

Azure AD Premium 1

Question 16

What two mechanisms exist to keep Smart lockout from locking out a genuine user?

Answer 16

1. Data centers track lockouts independently.

2. Tracks location

Question 17

Can Smart Lockout protect on-premises AD?

Answer 17

Yes. Integrated with password hash sync or pass-through authentication.

Question 18

Which lockout timer should be higher when using Smart Lockout with PTA?

Answer 18

The Azure AD should be less than the AD DS.

Question 19

What does Conditional Access do?

Answer 19

It analyzes signals such as user, device, and location to enforce organizational access policies.

Question 20

When would you use Mobile Application Management (MAM) without enrollment to protect sensitive data in a work or school-related app?

Answer 20

Bring-your-own-device (BYOD) scenarios

Question 21

What is user sign-in frequency?

Answer 21

User sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource.