Privileged Identity Management Flashcards

1
Q

What is Azure Active Directory Privileged Identity Management?

A. a central network security policy and route management for globally distributed, software-defined perimeters
B. an Azure offering that puts cloud-native SIEM and intelligent security analytics to work to help protect your enterprise
C. an Azure offering that allows you to manage and control access to resources within Azure and Azure AD as well as within other services such as Intune and Office 365
D. a scalable, security-enhanced delivery point for global, microservice-based web applications
E. I don’t know

A

C. an Azure offering that allows you to manage and control access to resources within Azure and Azure AD as well as within other services such as Intune and Office 365

Explanation:
Azure AD Privileged Identity Management, otherwise known as PIM, is an Azure offering that allows you to manage and control access to resources within Azure and Azure AD as well as within other services such as Intune and Office365

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

INCORRECT

Which of the following statements about assignment types in PIM for Azure resources is false?

A. The two assignment types available in PIM for Azure resources are eligible and active.
B. The eligible assignment type requires members of a particular role to perform an action before using the role.
C. Essentially, users that are assigned as eligible will have their assigned privileges at all times.
D. The active assignment type does not require members to perform any sort of action to use the role.
E. I don’t know

A

C. Essentially, users that are assigned as eligible will have their assigned privileges at all times.

Explanation:
The two assignment types available in PIM for Azure resources are eligible and active
The eligible assignment type requires members of a particular role to perform an action before using the role
The active assignment type does not require members to perform any sort of action to use the role.
Essentially, users that are assigned as active will have their assign privileges at all times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is not a group that can view assignments to Azure AD roles in Azure AD PIM?

A. Security Readers
B. Global Administrators
C. Security Administrators
D. Global Readers/Writers
E. I don’t know

A

D. Global Readers/Writers

Explanation:
There are three groups that can view assignments to Azure AD roles in Azure AD PIM.
These groups are Global Administrators, Security Administrators and Security Readers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a delegated approver in Azure PIM?

A. a user within Azure AD who is responsible for approving requests to activate eligible roles
B. a user that needs some sort of privileged or admin-level access all the time
C. a user that needs some sort of privileged or admin-level access every now and again, but not all the time
D. a user that’s been assigned as eligible to any Azure AD role
E. I don’t know

A

A. a user within Azure AD who is responsible for approving requests to activate eligible roles

Explanation:
A delegated approver is a user, or maybe even multiple users or groups, within Azure AD whole is responsible for approving requests to activate eligible roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following statements about Azure Active Directory Privileged Identity Management is false?

A. The PIM settings that are configured for a resource are not inherited.
B. A Microsoft account is necessary to enable PIM for a directory.
C. PIM settings, unlike assignments, are configured for each role of a resource.
D. It is recommended that Azure Active Directory be configured to enforce Multi-Factor Authentication for the user when they log in.
E. I don’t know

A

B. A Microsoft account is necessary to enable PIM for a directory.

Explanation:
An organizational account is necessary to enable PIM for a directory.
As such, a Microsoft account, such as an Outlook.com account, will not work. You must use a global administration with an organizational account to enable PIM for a directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly