For each of the following statements, select Yes if the statement is true. Otherwise, select No. - All Azure Active Directory (Azure AD) license editions include the same features - You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal - You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant

- All Azure Active Directory (Azure AD) license editions include the same features → No - You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal → Yes - You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant → No

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Applying system updates increases an organization's secure score in Microsoft Defender for Cloud - The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions - Enabling multi-factor authentication (MFA) increases an organization's secure score in Microsoft Defender for Cloud

- Applying system updates increases an organization's secure score in Microsoft Defender for Cloud → Yes - The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions → Yes - Enabling multi-factor authentication (MFA) increases an organization's secure score in Microsoft Defender for Cloud → Yes

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Verify explicitly is one of the guiding principles of Zero Trust - Assume breach is one of the guiding principles of Zero Trust - The Zero Trust security model assumes that a firewall secures the internal network from external threats

- Verify explicitly is one of the guiding principles of Zero Trust → Yes - Assume breach is one of the guiding principles of Zero Trust → Yes - The Zero Trust security model assumes that a firewall secures the internal network from external threats → No

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Control is a key privacy principle of Microsoft - Transparency is a key privacy principle of Microsoft - Shared responsibility is a key privacy principle of Microsoft

- Control is a key privacy principle of Microsoft → Yes - Transparency is a key privacy principle of Microsoft → Yes - Shared responsibility is a key privacy principle of Microsoft → No

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Digitally signing a document requires a private key - Verifying the authenticity of a digitally signed document requires the public key of the signer - Verifying the authenticity of a digitally signed document requires the private key of the signer

- Digitally signing a document requires a private key → Yes - Verifying the authenticity of a digitally signed document requires the public key of the signer → Yes - Verifying the authenticity of a digitally signed document requires the private key of the signer → No

Topic 1 Flashcards by Mauro Di Grazia

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

All Azure Active Directory (Azure AD) license editions include the same features
You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal
You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant

All Azure Active Directory (Azure AD) license editions include the same features → No
You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal → Yes
You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant → No

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Azure Blueprints
Azure Policy
The Microsoft Cloud Adoption Framework for Azure
A resource lock
↘
provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment.

The Microsoft Cloud Adoption Framework for Azure
↘
provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment.

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Customer Lockbox
Data loss prevention (DLP)
eDiscovery
A resource lock
↘
is used to identify, hold, and export electronic information that might be used in an investigation.

eDiscovery
↘
is used to identify, hold, and export electronic information that might be used in an investigation.

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

You can manage Microsoft Intune by using the
↘
- Azure Active Directory admin center
- Microsoft 365 compliance center
- Microsoft 365 Defender portal
- Microsoft Endpoint Manager admin center

You can manage Microsoft Intune by using the
↘
Microsoft Endpoint Manager admin center

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Federation is used to establish ______ between organizations.
↘
- multi-factor authentication (MFA)
- a trust relationship
- user account synchronization
- a VPN connection

a trust relationship

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Applying system updates increases an organization’s secure score in Microsoft Defender for Cloud
The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions
Enabling multi-factor authentication (MFA) increases an organization’s secure score in Microsoft Defender for Cloud

Applying system updates increases an organization’s secure score in Microsoft Defender for Cloud → Yes
The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions → Yes
Enabling multi-factor authentication (MFA) increases an organization’s secure score in Microsoft Defender for Cloud → Yes

How well did you know this?

Not at all

Perfectly

Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?

A. Microsoft Secure Score
B. Productivity Score
C. Secure score in Azure Security Center
D. Compliance score

D. Compliance score

How well did you know this?

Not at all

Perfectly

What do you use to provide real-time integration between Azure Sentinel and another security source?

A. Azure AD Connect
B. a Log Analytics workspace
C. Azure Information Protection
D. a connector

D. a connector

How well did you know this?

Not at all

Perfectly

Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for
Standardization (ISO)?

A. the Microsoft Endpoint Manager admin center
B. Azure Cost Management + Billing
C. Microsoft Service Trust Portal
D. the Azure Active Directory admin center

C. Microsoft Service Trust Portal

How well did you know this?

Not at all

Perfectly

In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?

A. the management of mobile devices
B. the permissions for the user data stored in Azure
C. the creation and management of user accounts
D. the management of the physical hardware

D. the management of the physical hardware

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Verify explicitly is one of the guiding principles of Zero Trust
Assume breach is one of the guiding principles of Zero Trust
The Zero Trust security model assumes that a firewall secures the internal network from external threats

Verify explicitly is one of the guiding principles of Zero Trust → Yes
Assume breach is one of the guiding principles of Zero Trust → Yes
The Zero Trust security model assumes that a firewall secures the internal network from external threats → No

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Control is a key privacy principle of Microsoft
Transparency is a key privacy principle of Microsoft
Shared responsibility is a key privacy principle of Microsoft

Control is a key privacy principle of Microsoft → Yes
Transparency is a key privacy principle of Microsoft → Yes
Shared responsibility is a key privacy principle of Microsoft → No

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Archiving
Compressing
Deduplicating
Encrypting
↘
a file makes the data in the file readable and usable to viewers that have the appropriate key.

Encrypting

How well did you know this?

Not at all

Perfectly

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Digitally signing a document requires a private key
Verifying the authenticity of a digitally signed document requires the public key of the signer
Verifying the authenticity of a digitally signed document requires the private key of the signer

Digitally signing a document requires a private key → Yes
Verifying the authenticity of a digitally signed document requires the public key of the signer → Yes
Verifying the authenticity of a digitally signed document requires the private key of the signer → No

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

When users sign in to the Azure portal, they are first
↘
- assigned permissions
- authenticated
- authorized
- resolved

authenticated

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Authentication
Authorization
Federation
Single sign-on (SSO)
↘
is the process of identifying whether a signed-in user can access a specific resource.

Authorization

How well did you know this?

Not at all

Perfectly

Select the answer that correctly completes the sentence.

Active Directory Domain Services (AD DS)
Active Directory forest trusts
Azure Active Directory (Azure AD) business-to-business (B2B)
Azure Active Directory business-to-consumer B2C (Azure AD B2C)
↘
enables collaboration with business partners from external organizations such as suppliers, partners, and vendors. External users appear as guest users in the directory.

Azure Active Directory (Azure AD) business-to-business (B2B)

How well did you know this?

Not at all

Perfectly

In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?

A. Plan
B. Manage
C. Adopt
D. Govern
E. Define Strategy

A. Plan
E. Define Strategy

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

In software as a service (SaaS), applying service packs to applications is the responsibility of the organization
In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider
In all Azure cloud deployment types, managing the security of information and data is the responsibility of the organization

In software as a service (SaaS), applying service packs to applications is the responsibility of the organization → No
In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider → Yes
In all Azure cloud deployment types, managing the security of information and data is the responsibility of the organization → Yes

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Azure AD Connect can be used to implement hybrid identity
Hybrid identity requires the implementation of two Microsoft 365 tenants
Authentication of hybrid identifies requires the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)

Azure AD Connect can be used to implement hybrid identity → Yes
Hybrid identity requires the implementation of two Microsoft 365 tenants → No
Authentication of hybrid identifies requires the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD) → Yes

Select the answer that correctly completes the sentence.

Azure Application Insights
Azure Network Watcher
Log Analytics workspaces
Security baselines for Azure
↘
provides benchmark recommendations and guidance for protecting Azure services

Security baselines for Azure

What is an example of encryption at rest?

A. encrypting communications by using a site-to-site VPN
B. encrypting a virtual machine disk
C. accessing a website by using an encrypted HTTPS connection
D. sending an encrypted email

B. encrypting a virtual machine disk

Which three statements accurately describe the guiding principles of Zero Trust?

A. Define the perimeter by physical locations.
B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.
E. Use the network as the primary security boundary.

B. Use identity as the primary security boundary.
C. Always verify the permissions of a user explicitly.
D. Always assume that the user system can be breached.

Which service should you use to view your Azure secure score? To answer, select the appropriate service in the answer area.

Alerts
Application Insights
Subscriptions
Policy
Azure AD Connect Health
Security Center
Advisor
Monitor

Security Center

You are evaluating the compliance score in Compliance Manager. Match the compliance score action subcategories to the appropriate actions. Action Subcategories - Corrective - Detective - Preventative Answer Area - Encrypt data at rest - Perform a system access audit - Make configuration changes in response to a security incident

- Preventative → Encrypt data at rest - Detective → Perform a system access audit - Corrective → Make configuration changes in response to a security incident

Select the answer that correctly completes the sentence. Compliance Manager can be directly accessed from the ↘ - Microsoft 365 admin center - Microsoft 365 Defender portal - Microsoft 365 Compliance Center (Microsoft Purview) - Microsoft Support portal

Microsoft 365 Compliance Center (Microsoft Purview)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Enabling multi-factor authentication (MFA) increases the Microsoft Secure Score - A higher Microsoft Secure Score means a lower identified risk level in the Microsoft 365 - Microsoft Secure Score measures progress in completing actions based on controls that include key regulations and standards for data protection and governance

- Enabling multi-factor authentication (MFA) increases the Microsoft Secure Score → Yes - A higher Microsoft Secure Score means a lower identified risk level in the Microsoft 365 → Yes - Microsoft Secure Score measures progress in completing actions based on controls that include key regulations and standards for data protection and governance → No

What can you use to provide a user with a two-hour window to complete an administrative task in Azure? A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) B. Azure Multi-Factor Authentication (MFA) C. Azure Active Directory (Azure AD) Identity Protection D. conditional access policies

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)? A. Active Directory Federation Services (AD FS) B. Microsoft Sentinel C. Azure AD Connect D. Azure AD Privileged Identity Management (PIM)

C. Azure AD Connect

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - You can create custom roles in Azure Active Directory (Azure AD) - Global administrator is a role in Azure Active Directory (Azure AD) - An Azure Active Directory (Azure AD) user can be assigned only one role

- You can create custom roles in Azure Active Directory (Azure AD) → Yes - Global administrator is a role in Azure Active Directory (Azure AD) → Yes - An Azure Active Directory (Azure AD) user can be assigned only one role → No

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Azure Active Directory (Azure AD) is deployed to an on-premises environment - Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription - Azure Active Directory (Azure AD) is an identity and access management service

- Azure Active Directory (Azure AD) is deployed to an on-premises environment → No - Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription → Yes - Azure Active Directory (Azure AD) is an identity and access management service → Yes

Select the answer that correctly completes the sentence. With Windows Hello for Business, a user's biometric data used for authentication ↘ - is stored on an external device. - is stored on a local device only. - is stored in Azure Active Directory (Azure AD). - is replicated to all the devices designated by the user.

With Windows Hello for Business, a user's biometric data used for authentication ↘ is stored on a local device only.

What is the purpose of Azure Active Directory (Azure AD) Password Protection? A. to control how often users must change their passwords B. to identify devices to which users can sign in without using multi-factor authentication (MFA) C. to encrypt a password by using globally recognized encryption standards D. to prevent users from using specific words in their passwords

D. to prevent users from using specific words in their passwords

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group? A. access reviews B. managed identities C. conditional access policies D. Azure AD Identity Protection

A. access reviews

Select the answer that correctly completes the sentence. - Multi-factor authentication (MFA) - Pass-through authentication - Password writeback - Single sign-on (SSO) ↘ requires additional verification, such as a verification code sent to a mobile phone.

Multi-factor authentication (MFA) ↘ requires additional verification, such as a verification code sent to a mobile phone.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Conditional access policies can use the device state as a signal - Conditional access policies apply before first-factor authentication is complete - Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application

- Conditional access policies can use the device state as a signal → Yes - Conditional access policies apply before first-factor authentication is complete → No - Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application → Yes

Select the answer that correctly completes the sentence. - Microsoft Defender for Cloud Apps - Microsoft Defender for Endpoint - Microsoft Defender for Identity - Microsoft Defender for Office 365 ↘ is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats.

Microsoft Defender for Identity

Select the answer that correctly completes the sentence. Microsoft Defender for Identity can identify advanced threats from ________ signals. ↘ - Azure Active Directory (Azure AD) - Azure AD Connect - on-premises Active Directory Domain Services (AD DS)

on-premises Active Directory Domain Services (AD DS)

Select the answer that correctly completes the sentence. Azure Active Directory (Azure AD) is _________ used for authentication and authorization. ↘ - an extended detection and response (XDR) system - an identity provider - a management group - a security information and event management (SIEM) system

an identity provider

Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources? A. conditional access policies B. Azure AD Identity Protection C. Azure AD Privileged Identity Management (PIM) D. authentication method policies

C. Azure AD Privileged Identity Management (PIM)

Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)? Each correct answer presents a complete solution. A. text message (SMS) B. Microsoft Authenticator app C. email verification D. phone call E. security question

A. text message (SMS) B. Microsoft Authenticator app D. phone call

Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization? A. sensitivity label policies B. Customer Lockbox C. information barriers D. Privileged Access Management (PAM)

C. information barriers

-è uscita da poco- For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Conditional access policies always enforce the use of multi-factor authentication (MFA) - Conditional access policies can be used to block access to an application based on the location of the user - Conditional access policies only affect users who have Azure Active Directory (Azure AD)-joined devices

- Conditional access policies always enforce the use of multi-factor authentication (MFA) → No - Conditional access policies can be used to block access to an application based on the location of the user → Yes - Conditional access policies only affect users who have Azure Active Directory (Azure AD)-joined devices → No

For each of the following statements, select Yes if the statement is true. Otherwise, select No. - Conditional access policies can be applied to global administrators - Conditional access policies are evaluated before a user is authenticated - Conditional access policies can use a device platform, such as Android or iOS, as a signal

- Conditional access policies can be applied to global administrators → Yes - Conditional access policies are evaluated before a user is authenticated → No - Conditional access policies can use a device platform, such as Android or iOS, as a signal → Yes