Practice 5

Question 1

True or False: In Microsoft Entra, workload identities are applications, service principals, and managed identities.

Answer 1

answer: True

In the Microsoft Entra system, workload identities refer to non-human identities that require access to resources. These workload identities primarily encompass applications, service principals, and managed identities. Applications are software programs that need to access services or resources in the Microsoft Entra environment. Service principals represent the local instance, or application object, as it’s used within a specific tenant and grants specific permissions

Question 2

Which roles in Microsoft Entra provide permissions across various services, such as those that grant access to multiple security services within Microsoft 365 or manage Compliance-related settings across different platforms?

A. Microsfot Entra
B. Service Specific Roles
C. Cross Service Roles
D. MS 365 User Roles

Answer 2

Answer: Cross-service roles

Cross-service roles in Microsoft Entra are roles that grant permissions spanning multiple services. Roles like Security Administrator or Compliance Administrator exemplify cross-service roles as they provide access across a range of security services or compliance settings within Microsoft 365, respectively.

Question 3

Which RBAC system is designed specifically to manage access to Microsoft Entra resources like users, groups, and applications?

A. Azure RBAC
B. MS Entra RBAC
C. Azure AD Roles
D. MS Resource RBAC

Answer 3

Answer: Microsoft Entra RBAC

Microsoft Entra RBAC (Role-Based Access Control) is tailored to control access to Microsoft Entra resources. This includes managing permissions related to users, groups, and applications within the Microsoft Entra ecosystem.

Question 4

What term describes the real-time evaluation determining that a particular authentication request might not be authorized by the actual identity owner?

A. Identity Validation
B. Sign-In Risk
C. User Verifcation
D. Autentication Threat

Answer 4

Answer: Sign-in Risk

Sign-in Risk refers to the real-time assessment or calculation made during an authentication request, evaluating the likelihood that the request isn’t genuinely authorized by the identity owner. This is a crucial component in detecting potential unauthorized or malicious access attempts.

Question 5

Which enterprise defense suite natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to offer comprehensive protection against advanced threats?

A. Azure Active Directory Guard
B. MS 365 Advanced Threat Protection
C. MS 365 Defender
D. Windows Security Suite

Answer 5

Answer: Microsoft 365 Defender

Microsoft 365 Defender is designed as a unified pre- and post-breach enterprise defense suite. It integrates and coordinates various security functions across multiple domains, such as endpoints, identities, email, and applications. Its main goal is to provide robust protection against sophisticated attacks, ensuring that potential threats are detected, prevented, investigated, and responded to in a seamless and integrated manner.

Question 6

What function does Microsoft Defender Vulnerability Management primarily serve?

A. Safegaurding aginst email threats
B. Identifying and investgating compromised ID’s
C. Delvierying Continious Asset visibility and remediation tools for Vulnerabiliities and misconfiguaations
D. Providing deep visibility and threat protection for cloud apps

Answer 6

Answer: Delivering continuous asset visibility and remediation tools for vulnerabilities and misconfigurations

In an ever-evolving cyber threat landscape, ensuring that an organization’s digital assets remain secure is paramount. Microsoft Defender Vulnerability Management serves this critical need by offering continuous visibility into the assets within an organization. Beyond just visibility, it provides intelligent, risk-based assessments that determine the potential impact and likelihood of vulnerabilities being exploited. To aid IT and security teams, built-in remediation tools are included, making it easier to address the most critical vulnerabilities and misconfigurations, thereby reinforcing an organization’s security posture.

Question 7

Which of the following best describes the core protections offered by Exchange Online Protection (EOP) that serves as a foundation for Microsoft Defender for Office 365?

A. It adds post breach investigation, hunting and resposne automation
B. EOP Primarily focuses on traning sims to education users
C. It helds prevent broad, volume based, known attacks and is present in subscritions with Exchagne online
D. It focuses on zero day malware and phish protection

Answer 7

Answer: It helps prevent broad, volume-based, known attacks and is present in subscriptions with Exchange Online mailboxes.

Exchange Online Protection, or EOP, serves as the foundational layer of security for Microsoft Defender for Office 365. Its primary role is to counteract broad, volume-driven attacks that are already known to security services. Examples of such attacks might include widespread phishing campaigns or widely recognized malware. EOP is designed to be omnipresent across any subscription that features Exchange Online mailboxes, making it a fundamental protection mechanism for businesses and organizations using Microsoft services. Given its nature, EOP acts as the first line of defense, intercepting and mitigating threats before they reach more specialized filters and protections present in the Microsoft Defender for Office 365 suite.

Question 8

Which feature is unique to Microsoft Defender for Office 365 Plan 2 when compared to Plan 1?

A. Core protections offered by exchange online protection
B. Protection from zero day malware, phish and business email compromise
C. Post breach investigation, hunting, response automation and traning simulation
D. The basic security structure found in every Office365 plan

Answer 8

Answer: Post-breach investigation, hunting, response, automation, and training simulation.

Microsoft Defender for Office 365 offers two distinct subscription plans: Plan 1 (P1) and Plan 2 (P2). While both plans are built on the foundational protections provided by Exchange Online Protection (EOP) – which counteracts broad and well-known attacks – they cater to different levels of security needs. Plan 1 goes beyond EOP’s capabilities by providing protection against sophisticated, targeted threats such as zero-day malware, phish, and business email compromise.

Question 9

Which subscription level of Microsoft Defender for Office 365 offers protection against zero-day malware, phish, and business email compromise, and is built upon the foundational security provided by Exchange Online Protection?

A. Microsoft 365 Basic
B. Microsoft Defendr for office 365 Plan1
C. Microsoft defender for office 365 plan2
D. Excahgne onilne protection plus

Answer 9

Answer: Microsoft Defender for Office 365 Plan 1.

Microsoft Defender for Office 365 Plan 1 is specifically designed to enhance the core security services offered by Exchange Online Protection (EOP). While EOP helps prevent broad, volume-based, known attacks, Defender for Office 365 Plan 1 goes a step further by protecting against advanced threats like zero-day malware, phishing, and business email compromise. It’s a robust solution tailored for those who require a higher level of security for their email and collaboration tools without the necessity for advanced post-breach investigation tools.

Question 10

Which component of Microsoft Defender for Endpoint is designed to proactively search for threats, offering prioritization, context, and insights to aid Security operation centers (SOCs) in rapid and accurate threat response?

A. MS Secure score
B. Endpoint detection and response
C. Microsoft threat Experts
D. Core Defender Vulnerabilty Management

Answer 10

Answer: Microsoft Threat Experts.

Explanation: Microsoft Threat Experts serves as a managed threat hunting service within Microsoft Defender for Endpoint. It is tailored to provide proactive hunting capabilities, giving Security operation centers (SOCs) the ability to effectively prioritize threats. Additionally, this service delivers enhanced context and insights, equipping SOCs with the necessary information to swiftly and accurately respond to potential threats.

Question 11

Which feature of Microsoft Defender for Endpoint focuses on making sure configuration settings are aptly set and exploit mitigation techniques are applied, in addition to providing network and web protection that regulates access to malicious IP addresses, domains, and URLs?

A. Endpoint Detetion and response
B. Attack Surface Reduction
C. Microsfot Theat Experts
D. Core Defender Vulnerability Management

Answer 11

Answer: Attack surface reduction.

Attack surface reduction is a pivotal capability within Microsoft Defender for Endpoint. Its primary function is to safeguard devices by making sure that configuration settings are properly aligned and that exploit mitigation techniques are systematically applied. Furthermore, this set of capabilities encompasses network and web protection tools, which play a critical role in restricting access to potentially harmful IP addresses, domains, and URLs, ensuring that endpoints remain secure from these threats.

Question 12

Which functionality within Microsoft Defender for Endpoint is responsible for offering real-time, behavior-based, heuristic antivirus protection, coupled with cloud-delivered protection that ensures almost immediate detection and blocking of newly emerging threats?

A. Next Gen Protection
B. Endpoint Detection and Response
C. Microsfot Secure score for Devices
D. Management and API’s

Answer 12

Answer: Next generation protection.

Next generation protection in Microsoft Defender for Endpoint is architected to handle a diverse array of emerging threats. Its foundation lies in providing behavior-based and heuristic antivirus protection in real time. To complement this, the feature is also fortified with cloud-delivered protection mechanisms. This cloud integration means that the system can detect and block new and emerging threats almost instantly. In addition to this, dedicated protection and product updates ensure that the antivirus component remains updated and effective against evolving threats.

Question 13

Which functionality of Microsoft Defender for Cloud Apps serves as a mediator to provide real-time access between enterprise users and their cloud resources, offering capabilities like discovering cloud app usage, protecting against app-based threats, ensuring information protection, and maintaining compliance?

A. Cloud Application Security Managment
B. Information Protection Suite
C. Fundamental CLoud Access Security broker (CASB)
D. Cloud Compliance Manager

Answer 13

Answer: Fundamental cloud access security broker (CASB) functionality.

The Fundamental cloud access security broker (CASB) functionality is an integral part of Microsoft Defender for Cloud Apps. It operates as a gatekeeper, bridging the gap and providing real-time access between enterprise users and the cloud resources they engage with. One of its primary roles is to offer visibility and discovery into the usage of cloud apps, shedding light on potential shadow IT scenarios. Beyond discovery, the CASB functionality also provides robust protection against threats emanating from any part of the cloud. Additionally, it ensures that information remains secure and that organizations maintain compliance with various standards and regulations.

Question 14

Which authentication method allows third-party services to access a user’s account information without exposing the user’s password and might be susceptible to compromise due to its extensive permissions?

A. OpenAuth
B. Two-Factor Autehntication
C. OAuth
D. Passwordless Autehntication

Answer 14

Answer: OAuth

OAuth is an open standard for token-based authentication and authorization. It permits third-party services to utilize a user’s account data without revealing the user’s password. Due to the broad permissions that apps using OAuth might possess, there’s a potential vulnerability for compromise, making option C the correct choice.

Question 15

Which Microsoft solution offers asset visibility, intelligent assessments, and remediation tools across multiple platforms, and uses threat intelligence to prioritize vulnerabilities on critical assets?

A. Microsfot Threat Protection
B. Azure Security Center
C. Defender Vulnerabilty Management
D. Microsoft Info protection

Answer 15

Explanation
Answer: Defender Vulnerability Management

Question 16

Which platform centralizes the protection, detection, investigation, and response across devices, identities, endpoints, email & collaboration, and cloud apps, and is tailored to the needs of security teams with a focus on quick access and simpler layouts?

A. Microsoft Security Hub
B. Azure Security Center
C. Microsfot 365 Defender Portal
D. Windows Security Dashboard

Answer 16

Answer: Microsoft 365 Defender portal

The Microsoft 365 Defender portal is an all-encompassing platform that merges protection, detection, investigation, and response capabilities for a wide array of assets including devices, identities, endpoints, email & collaboration, and cloud apps. Designed specifically for the requirements of security teams, it places a high premium on ensuring rapid access to critical information and offers a user-friendly layout. This portal also provides users the ability to assess the security health of their organization. Among the choices provided, option C directly correlates with the information given.

Question 17

Which tool integrated with Microsoft Sentinel allows SOC engineers and analysts to visualize data, providing a canvas for data analysis and the creation of rich visual reports within the Azure portal?

A. Azure Data Sheets
B. Azure Monitor Workbooks
C. Sentinel Data Canvas
D. Azure Visual Reports

Answer 17

Answer: Azure Monitor Workbooks

Azure Monitor Workbooks is the integrated tool in Microsoft Sentinel that enables the visualization of data. Once data sources are connected to Microsoft Sentinel, these workbooks provide a platform for SOC engineers and analysts to create and view rich visual reports within the Azure portal. This is especially useful for making sense of large amounts of data and presenting it in a manner that’s easy to understand and analyze. The main intent behind Azure Monitor Workbooks is to aid in data analysis, making it a valuable tool for security operations centers.

Question 18

Which AI-powered security tool, exclusive to Microsoft, provides rapid risk exposure assessments and allows analysts to process signals at machine speed, facilitating quick responses to threats?

A. Azure Rapid Defender
B. Microsoft Threat Analyzer
C. MS Security Copilot
D. AT Shield for Microsoft

Answer 18

Answer: Microsoft Security Copilot

Microsoft Security Copilot stands out as the premier generative AI security product from Microsoft designed to bolster defenses against threats at both machine speed and scale. It’s crafted to assist security analysts in swiftly addressing potential threats by processing signals at an unparalleled speed. By utilizing this tool, risk exposure assessments can be executed within minutes, emphasizing its capability to act quickly and efficiently in the realm of security analysis.

Question 19

Which of the following is an identity created in each Microsoft Entra ID tenant for an application to delegate its identity and access functions, enabling features such as authentication and authorization to resources secured by the tenant?

A. Managed Identiy
B. Application Registration
C. Service Principal
D. Resource Delegate

Answer 19

Answer: Service Principal

A Service Principal represents the identity that an application assumes when it needs to interact with resources in a Microsoft Entra ID tenant. It is created when an application is registered with Microsoft Entra ID, enabling its integration. This service principal facilitates core functionalities, such as authenticating the application and authorizing it to access specific resources secured by the tenant. While application developers are tasked with managing the credentials for service principals to ensure they can access these resources, this responsibility can also be offloaded using managed identities to prevent potential security vulnerabilities.

Question 20

Which type of managed identity is directly tied to the lifecycle of an Azure resource and gets automatically deleted when the resource is removed?

A. User Assigned ID
B. Azure Assigned ID
C. System Assigned ID
D. Resource assigned ID

Answer 20

Answer: System-assigned identity

A system-assigned managed identity is directly linked to an Azure resource, such as a virtual machine. When this identity is enabled on an Azure resource, Microsoft Entra ID creates an identity that shares the lifecycle of that specific Azure resource. This ensures that when the resource is deleted, Azure will automatically handle the deletion of the identity as well. A typical scenario where one might use a system-assigned identity is when a specific task or workload is wholly contained within a single Azure resource.

Question 21

Which type of managed identity is created as a standalone Azure resource, can be assigned to multiple Azure service instances such as VMs, and exists independently of the resources it’s assigned to, requiring explicit deletion?

A. System Assigned Identity
B. User Assigned Identity
C. Resource Assigned Identity
D. Group Assigned Identity

Answer 21

Answer: User-assigned Identity

A user-assigned managed identity is created as a separate Azure resource. This type of identity can be assigned to one or more Azure service instances. Unlike system-assigned managed identities, user-assigned identities are not tied to a specific resource’s lifecycle, which means they persist even after the resources they are attached to are deleted. They have to be deleted explicitly. This structure is particularly beneficial when dealing with scenarios where multiple Azure resources, like VMs, require the same permissions but may frequently change or get recycled.

Question 22

Which device registration type in Microsoft Entra ID best supports the “bring your own device” (BYOD) scenario where users can access organizational resources using personal devices without needing an organizational account to sign in?

A. Microsoft Entra ID Registered Devices
B. Microsfot Entra ID Joined devices
C. Hybird Microsoft Entra ID joined devices
D. None of the Above

Answer 22

Answer: Microsoft Entra ID registered devices

Question 23

Which type of group in Microsoft Entra ID is tailored for collaboration and can grant members access to shared resources like mailboxes, calendars, and SharePoint sites?

A. Access Group
B. Security Group
C. M365 Group
D. Collaboration Group

Answer 23

Answer: Microsoft 365 Group

A Microsoft 365 group, often known as a distribution group, is specifically designed for the purpose of grouping users in line with their collaboration requirements. This group type allows members to have access to shared resources such as mailboxes, calendars, files, SharePoint sites, and more. As Microsoft 365 groups prioritize collaboration, users are typically permitted by default to create these groups, eliminating the need for an administrator role.

Question 24

Which of the following best describes the primary function of a security group in Microsoft Entra ID?

A. Grouping users for email distributions
B. Managing Users adn device access to shared resources
C. Prioritizing system updates for devices
D. Allocating storage space for applications

Answer 24

Answer: Managing user and device access to shared resources

In Microsoft Entra ID, a security group is predominantly used to control user and device access to shared resources. Instead of assigning permissions individually, security groups allow for collective assignment, streamlining access management. Members within a security group can encompass users (including external ones), devices, other groups, and service principals. For functions like creating security groups, a Microsoft Entra ID administrator role is typically required.

Question 25

Which tool is utilized by Microsoft Entra ID Connect cloud sync to bridge the gap between Microsoft Entra ID and Active Directory for the provisioning and synchronization of users, groups, and contacts?

A. Microsoft Entra ID Cloud Firewall
B. Microsfot Entra ID Cloud provisioning Agent
C. Microsoft Entra ID Cloud Directory Manager
D. Microsoft Entra ID Cloud Security Scanner

Answer 25

Answer: Microsoft Entra ID Cloud Provisioning Agent

Microsoft Entra ID Connect cloud sync leverages the Microsoft Entra ID Cloud Provisioning Agent to ensure seamless provisioning and synchronization of users, groups, and contacts between Microsoft Entra ID and Active Directory. This agent acts as an intermediary between the two, facilitating a lightweight provisioning experience. By deploying this agent in either an on-premises or IaaS-hosted environment, an organization can effectively manage and synchronize their directory data. The provisioning configurations are stored directly in Microsoft Entra ID, making it an integral component of the service.

Question 26

Which of the following is Microsoft’s CIAM solution designed specifically to allow businesses to offer applications to their customers using the Microsoft Entra platform for identity and access?

A. Microsoft Entra Business Access
B. Microsfot Entra External ID
C. Microsoft Entra External ID for Customers
D. Microsfot Entra Application Integration

Answer 26

Answer: Microsoft Entra External ID for Customers

Microsoft Entra External ID for customers is the designated solution by Microsoft for customer identity and access management (CIAM). This platform is purpose-built for enterprises that aspire to avail their applications to their customers utilizing the Microsoft Entra system for both identity and access management. The unique feature of this solution is the creation of a distinct tenant that, while adhering to the conventional Microsoft Entra ID tenant model, is specially configured to accommodate customer-focused scenarios. This allows businesses to maintain a separate and secure environment tailored for customer interactions.

Question 27

True or False: Microsoft Entra External ID for Customers allows customer organizations to single sign-on (SSO) with social and enterprise identities.

Answer 27

Microsoft Entra External ID for Customers is designed to provide a customer identity and access management (CIAM) solution, which means it’s tailored to manage identities for end-users, commonly known as “customers” in this context. One of the essential features of modern CIAM solutions is to provide customers with the ease of Single Sign-On (SSO) using identities they already have and frequently use. This includes both social identities (like Facebook, Google, etc.) and enterprise identities from other identity providers. By enabling SSO with these existing identities, businesses can offer a frictionless user experience, reducing barriers for users to access their applications or platforms.

Question 28

Microsoft Entra External ID for Customers offers a plethora of benefits and seamless user experience. Which of the following are native offerings provided by this solution?

A SSO with social and enterprise ID’s
B. Signup and signin pages to your apps
C. Add your company branding to the signup page
D. Provide self-service account management
E. All of The Above

Answer 28

Answer: All of the Above

Microsoft Entra External ID for Customers is Microsoft’s solution for customer identity and access management (CIAM). It is geared toward businesses wanting to leverage the Microsoft Entra platform for identity and access for their customers. This solution offers:

Question 29

What service does multi-tenant organizations use in Microsoft Entra ID to facilitate seamless collaboration across their multiple instances, thereby enhancing user experience and allowing users to access resources without the need for separate invitation emails and consent prompts in each tenant?

A.Multi Instance Integration
B. Cross Tenant Collboration
C. Cloud Tenant Service
D. Cross- Tenant Synchronization

Answer 29

Answer: Cross-Tenant Synchronization

In multi-tenant organizations, where there are multiple instances of Microsoft Entra ID, ensuring seamless collaboration and a unified user experience across these instances is crucial. To achieve this, these organizations utilize a feature called cross-tenant synchronization. This service in Microsoft Entra ID is specifically designed for one-way synchronization between the various tenants of an organization.

Question 30

Which feature of Microsoft Entra operates on the principle of if-then statements, where, for instance, a user from a specific group might be mandated to use multi-factor authentication before gaining access to an application?

A. Device Management Policies
B. Application Access Rules
C. Conditional Access policies
D. User Authentication Protocols

Answer 30

Answer: Conditional Access policies.

Conditional Access policies in Microsoft Entra are essentially structured as if-then statements designed to enforce specified access conditions under determined circumstances. When these conditions are met, the corresponding action is enforced. In the example provided, the policy might stipulate that if a user is a member of a particular group, then they must undergo multi-factor authentication (MFA) prior to accessing a designated application.

Question 31

Which Microsoft Entra role is automatically assigned to the person who signs up for a new Microsoft Entra tenant?

A. User Administrator
B. Billing Administrator
C. Global Administrator
D. Support Administrator

Answer 31

Answer: Global administrator

When a person signs up for a Microsoft Entra tenant, they are automatically granted the Global administrator role. This role provides access to all administrative features within Microsoft Entra, ensuring that the initial user has the capabilities to set up and configure the tenant according to their organization’s needs.

Question 32

Which feature in Microsoft Entra allows administrators to create a role definition by selecting from a preset list of permissions, offering a more tailored approach than built-in admin roles?

A. Role Templates
B. Access Lists
C. Custom Roles
D. Permission Sets

Answer 32

Answer: Custom Roles

Custom Roles in Microsoft Entra provide organizations with the flexibility to define their own roles based on specific requirements, without being confined to the default permissions of built-in roles. They allow administrators to select from a preset list of permissions and combine them to create a unique role that aligns with the organization’s needs. This tailored approach ensures that individuals are granted only the specific permissions they require for their tasks.