Understand Microsoft Entra ID

Question 1

What type of service is Entra ID?

Answer 1

Platform as a Service (PaaS)

Question 2

True or false: an Azure subscription must be associated with one, and only one, Microsoft Entra tenant

Answer 2

True

Question 3

True or false: one Entra tenant cannot be associated with multiple Azure subscriptions

Answer 3

False

Question 4

What is the default DNS domain name that each Entra tenant is assigned?

Answer 4

.onmicrosoft.com

Question 5

Does the Microsoft Entra schema contain more or fewer object types than that of AD-DS?

Answer 5

Fewer

Question 6

For which notable class does the Entra schema NOT include a definition?

Answer 6

Computer class

Question 7

True or false: Entra ID includes the organisational unit class

Answer 7

False

Therefore you can’t organise its units into a hierarchy of custom containers as is common in on-prem AD-DS deployments

Question 8

How could you define an app in one tenant and use it across multiple?

Answer 8

Create a Service Principle object for the app in each tenant. Entra ID creates the object when you register the corresponding app in that Entra tenant.

Question 9

What networking standard is used by AD-DS?

Answer 9

x.500

Question 10

What does AD-DS use to locate resources such as domain controllers?

Answer 10

DNS

Question 11

What type of calls can be used to query AD-DS?

Answer 11

LDAP (Lightweight Directory Access Protocol)

Question 12

What does LDAP stand for?

Answer 12

Lightweight Directory Access Protocol

Question 13

What protocol does AD-DS primarily use for authentication?

Answer 13

Kerberos

Question 14

True or false: AD-DS can be deployed on an Azure VM

Answer 14

True - although it won’t make any use of Entra

Question 15

What is the HTTP port?

Answer 15

80

Question 16

What is the HTTPS port?

Answer 16

443

Question 17

True or false: Entra is a multi-tenant directory service

Answer 17

True

Question 18

True or false: Entra uses a hierarchy structure

Answer 18

False - users & groups are created in a flat structure

Question 19

What protocol does Entra use for authorisation?

Answer 19

OAuth

Question 20

Does Entra use Kerberos authentication?

Answer 20

No

Question 21

Name HTTP & HTTPS protocols used by Entra for authentication

Answer 21

SAML
WS-Federation
OpenID Connect

Question 22

Define Authentication

Answer 22

Verifying identity (e.g. username+password)

Question 23

Define Authorization

Answer 23

determining & granting the level of access

Question 24

Define Federation

Answer 24

extending SSO to apps & systems outside the corporate firewall

Question 25

What is the difference between Authorization and Authentication?

Answer 25

Authorization = determining and granting a level of access
Authentication = verifying identity (username & password)

Question 26

True or false: Entra does not support custom apps for SSO

Answer 26

False

Question 27

Where can you enable the Entra Authentication for Web Apps feature?

Answer 27

Azure portal

Question 28

What is the Enterprise SLA for Entra?

Answer 28

99.9%

Question 29

What is password reset with writeback?

Answer 29

Self-service password reset which follows the AD on-prem policy and writes password changes back to on-prem AD.

Question 30

Which Entra plan is the lowest to offer Entra Connect Health?

Answer 30

P1

Question 31

Which Entra plan is the lowest to offer Entra ID protection?

Answer 31

P2

Question 32

What is the difference between Entra Connect Health and Entra ID Protection?

Answer 32

Entra Connect Health - gives insights into usage patterns, alerts etc

Entra ID Protection - extra monitoring of user accounts. Define risk policies, sign-in policies, and review user behaviour.

Question 33

What Entra plan would you need in order to define a policy workflow that activates whenever someone wants to use admin privileges?

What feature is this part of?

Answer 33

P2

Privileged Identity Management

Question 34

True or false: Entra Domain Services requires domain controllers

Answer 34

False

Question 35

What do you need to implement to integrate Entra ID with your local AD-DS?

Answer 35

Entra Connect

Question 36

How is billing calculated for Microsoft Entra Domain Services?

Answer 36

Per hour depending on the size of the directory

Question 37

How can you organise objects in on-prem AD-DS deployments?

Answer 37

Based on attribute values or group membership