Describe Azure identity, access, and security

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson
Download our mobile app to listen on the go
Get App

Questions and Answers

Which of the following statements about Azure Active Directory (Azure AD) is true?

  • Azure AD is only used for accessing Microsoft cloud applications
  • Azure AD is a cloud-based identity and access management service (correct)
  • Azure AD can only be used for on-premises Active Directory deployments
  • Azure AD does not provide any security features

What is the main purpose of Azure AD for IT administrators?

  • To control access to applications and resources based on business requirements (correct)
  • To authenticate into Microsoft 365 and Microsoft Office 365
  • To provide a standards-based approach for adding functionality to applications
  • To manage user identities and perform maintenance actions

What benefit does connecting Active Directory with Azure AD provide?

  • Enabling self-service password reset
  • Detecting suspicious sign-in attempts (correct)
  • Adding SSO functionality to applications
  • Monitoring sign-in attempts

Which authentication method simplifies the security model by granting access across applications to a single identity?

<p>Single sign-on (SSO) (C)</p> Signup and view all the answers

What is the purpose of multifactor authentication (MFA)?

<p>To protect against a password compromise (D)</p> Signup and view all the answers

Which authentication method requires the user to provide two or more elements to fully authenticate?

<p>Multifactor authentication (MFA) (A)</p> Signup and view all the answers

What does Azure AD Multi-Factor Authentication provide?

<p>Multifactor authentication (MFA) (A)</p> Signup and view all the answers

Which of the following is NOT a passwordless authentication method offered by Microsoft Azure?

<p>Azure AD External Identities (B)</p> Signup and view all the answers

Which of the following is a feature of Windows Hello for Business?

<p>Ability to use a PIN for authentication (B)</p> Signup and view all the answers

What is the main advantage of using FIDO2 security keys for passwordless authentication?

<p>Increased security with no exposed or guessed passwords (D)</p> Signup and view all the answers

What can external identities in Azure AD be used for?

<p>Collaborating with partners and vendors (A)</p> Signup and view all the answers

What is one of the services provided by Azure AD?

<p>Authentication (C)</p> Signup and view all the answers

What is the purpose of single sign-on (SSO)?

<p>To simplify the security model (D)</p> Signup and view all the answers

How can you connect your on-premises AD with Azure AD?

<p>By using Azure AD Connect (C)</p> Signup and view all the answers

What are the benefits of using Azure AD DS?

<p>Enables legacy applications to use modern authentication methods (B)</p> Signup and view all the answers

Which of the following best describes Azure AD B2B collaboration?

<p>Collaborating with external users using their preferred identity to sign in to Microsoft applications and other enterprise applications. (B)</p> Signup and view all the answers

Which of the following is NOT a capability of Azure External Identities?

<p>Azure AD B2B (C)</p> Signup and view all the answers

Conditional Access in Azure Active Directory allows access to resources based on which of the following signals?

<p>User's role, location, and network (A)</p> Signup and view all the answers

What is the purpose of Conditional Access in Azure Active Directory?

<p>To allow or deny access to resources based on identity signals (C)</p> Signup and view all the answers

Which of the following is true about Azure role-based access control (Azure RBAC)?

<p>Azure RBAC allows you to control access to cloud resources based on the principle of least privilege. (C)</p> Signup and view all the answers

What is the purpose of Azure role-based access control (Azure RBAC)?

<p>To manage access permissions for multiple IT and engineering teams in a cloud environment. (B)</p> Signup and view all the answers

Which of the following is a scope to which Azure role-based access control (Azure RBAC) can be applied?

<p>A management group (A)</p> Signup and view all the answers

How does Azure RBAC enforce access permissions?

<p>Azure RBAC enforces access permissions on actions initiated against an Azure resource through Azure Resource Manager. (C)</p> Signup and view all the answers

Which of the following best describes Azure Active Directory (Azure AD)?

<p>A directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop. (C)</p> Signup and view all the answers

Which of the following is NOT a user of Azure AD?

<p>Online service subscribers (A)</p> Signup and view all the answers

What benefit does connecting Active Directory with Azure AD provide?

<p>Detecting suspicious sign-in attempts for on-premises Active Directory. (D)</p> Signup and view all the answers

Which of the following is NOT a passwordless authentication method offered by Microsoft Azure?

<p>Azure AD Multi-Factor Authentication (D)</p> Signup and view all the answers

What is the main advantage of using FIDO2 security keys for passwordless authentication?

<p>They eliminate the need for a username and password (A)</p> Signup and view all the answers

Which of the following is NOT a capability of Azure External Identities?

<p>Enabling single sign-on for external users (C)</p> Signup and view all the answers

What is the purpose of Conditional Access in Azure Active Directory?

<p>To enforce access permissions based on certain signals (C)</p> Signup and view all the answers

Which of the following is a service provided by Azure AD DS?

<p>Domain join (D)</p> Signup and view all the answers

What is the purpose of Azure AD Connect?

<p>To synchronize user identities between on-premises Active Directory and Azure AD (D)</p> Signup and view all the answers

How does Azure AD DS handle domain controllers in the managed domain?

<p>They are deployed as a replica set in the selected Azure region (D)</p> Signup and view all the answers

Is information synchronized between Azure AD and Azure AD DS in both directions?

<p>No, information is only synchronized from Azure AD DS to Azure AD (B)</p> Signup and view all the answers

Which of the following is NOT an authentication method supported by Azure?

<p>Single sign-on (SSO) (D)</p> Signup and view all the answers

What is the purpose of single sign-on (SSO)?

<p>To enable a user to sign in one time and use that credential to access multiple resources and applications from different providers (B)</p> Signup and view all the answers

What elements fall into the category of 'Something the user knows' in multifactor authentication?

<p>A challenge question (D)</p> Signup and view all the answers

What is the purpose of Azure AD Multi-Factor Authentication?

<p>To provide multifactor authentication capabilities (B)</p> Signup and view all the answers

Which of the following best describes the purpose of Azure AD B2C?

<p>To publish modern SaaS apps or custom-developed apps to consumers and customers (C)</p> Signup and view all the answers

What is the purpose of Azure conditional access?

<p>To allow (or deny) access to resources based on identity signals (B)</p> Signup and view all the answers

When can Conditional Access be useful?

<p>When you need to require multifactor authentication depending on the requester's role, location, or network (A)</p> Signup and view all the answers

What is the purpose of enforcement in Azure conditional access?

<p>To carry out the decision made based on the signals (A)</p> Signup and view all the answers

Which of the following best describes Azure role-based access control (Azure RBAC)?

<p>A. Azure RBAC allows you to control access to your cloud resources based on the principle of least privilege. (B)</p> Signup and view all the answers

When is role-based access control applied to resources in Azure?

<p>D. When a user is assigned a role at the resource level. (D)</p> Signup and view all the answers

How does Azure RBAC enforce access permissions?

<p>C. Azure RBAC uses an allow model, allowing users to perform actions within the scope of their assigned role. (A)</p> Signup and view all the answers

What is the hierarchy of Azure RBAC?

<p>A. Management group &gt; Subscription &gt; Resource group &gt; Resource (B)</p> Signup and view all the answers

Which of the following is a guiding principle of the Zero Trust security model?

<p>Authenticate and authorize based on all available data points (B)</p> Signup and view all the answers

According to the text, how does the Zero Trust model differ from traditional corporate networks?

<p>It requires everyone to authenticate (C)</p> Signup and view all the answers

What is the main goal of the Zero Trust security model?

<p>To protect resources based on the assumption of breach (C)</p> Signup and view all the answers

Which layer of defense-in-depth is responsible for securing access to virtual machines?

<p>Compute (A)</p> Signup and view all the answers

What is the purpose of the network layer in defense-in-depth?

<p>To limit communication between resources (A)</p> Signup and view all the answers

Which layer of defense-in-depth focuses on physically securing access to buildings and controlling access to computing hardware?

<p>Physical security (D)</p> Signup and view all the answers

What is the main objective of defense-in-depth?

<p>To protect information and prevent unauthorized access (A)</p> Signup and view all the answers

Which of the following is NOT a feature provided by Microsoft Defender for Servers?

<p>Vulnerability assessment (B)</p> Signup and view all the answers

What is the purpose of Defender for Cloud?

<p>To continuously assess the security posture of your environment (C)</p> Signup and view all the answers

What is the role of Azure Security Benchmark in Defender for Cloud?

<p>To provide guidelines for security and compliance best practices (A)</p> Signup and view all the answers

What does Defender for Cloud's secure score indicate?

<p>The overall health of your security posture (A)</p> Signup and view all the answers

Which of the following best describes the purpose of Microsoft Defender for Cloud?

<p>It is a monitoring tool for security posture management and threat protection (B)</p> Signup and view all the answers

What does Defender for Cloud help you detect threats across?

<p>Azure PaaS services, Azure data services, and networks (D)</p> Signup and view all the answers

How can you extend Defender for Cloud's protection to on-premises servers?

<p>Deploy Azure Arc and enable enhanced security features (A)</p> Signup and view all the answers

Which of the following is NOT a capability of Defender for Cloud in protecting resources in other clouds?

<p>Container threat detection for Amazon EKS Linux clusters (D)</p> Signup and view all the answers

Flashcards

Azure Active Directory (Azure AD)

A cloud-based identity and access management service.

Purpose of Azure AD for IT

To control and manage access to applications and resources based on specific business requirements.

Connecting AD with Azure AD

Detecting potentially harmful or unusual sign-in attempts.

Single sign-on (SSO)

Authentication process that permits a user to enter one name and password in order to access multiple applications.

Signup and view all the flashcards

Multifactor authentication (MFA)

When two or more elements or factors are necessary to grant access.

Signup and view all the flashcards

Purpose of MFA

Protects against password compromise by requiring multiple forms of verification.

Signup and view all the flashcards

Azure AD External Identities Use

External Identities offer features like collaborating with partners and vendors.

Signup and view all the flashcards

Authentication (Azure AD)

A service that verifies the identify of a user or device.

Signup and view all the flashcards

Purpose of single sign-on (SSO)

To simplify the security model by allowing users to access multiple applications with one set of credentials.

Signup and view all the flashcards

Azure AD Connect

Synchronizing user identities for authentication.

Signup and view all the flashcards

Benefits of Azure AD DS

Enables legacy applications to use modern authentication methods by providing domain services.

Signup and view all the flashcards

Azure AD B2B collaboration

Collaborating with external users using their preferred identity to sign in to Microsoft applications and other enterprise applications.

Signup and view all the flashcards

Purpose of Conditional Access

To decide to allow or deny access to resources based on identity signals.

Signup and view all the flashcards

Purpose of Azure RBAC

To manage permissions for multiple IT and engineering teams in a cloud environment.

Signup and view all the flashcards

How Azure RBAC Enforces Access

Azure RBAC enforces access permissions on actions initiated against an Azure resource through Azure Resource Manager.

Signup and view all the flashcards

Azure Active Directory (Azure AD)

A directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop.

Signup and view all the flashcards

Connecting AD with Azure AD

Detecting suspicious sign-in attempts for on-premises Active Directory.

Signup and view all the flashcards

Advantage of FIDO2 keys

They eliminate the need for a username and password, increasing security.

Signup and view all the flashcards

Conditional Access

To enforce access permissions based on certain signals.

Signup and view all the flashcards

Service of Azure AD DS

Provides domain join, group policy, LDAP, and Kerberos authentication

Signup and view all the flashcards

Function of Azure AD Connect

To synchronize user identities between on-premises Active Directory and Azure AD.

Signup and view all the flashcards

How AD DS Handles Domain Controllers

They are deployed as a replica set in the selected Azure region.

Signup and view all the flashcards

Purpose of SSO

To enable a user to sign in one time and use that credential to access multiple resources and applications from different providers.

Signup and view all the flashcards

'Something you know' Authentication

A challenge question

Signup and view all the flashcards

Purpose of Azure AD Multi-Factor Authentication

To provide multifactor authentication capabilities.

Signup and view all the flashcards

Purpose of Azure AD B2C

To publish modern SaaS apps or custom-developed apps to consumers and customers.

Signup and view all the flashcards

Azure conditional access

To allow (or deny) access to resources based on identity signals.

Signup and view all the flashcards

When is Conditional Access Useful?

When you need to require multifactor authentication depending on the requester's role, location, or network.

Signup and view all the flashcards

Azure Conditional Access Enforcement

To carry out the decision made based on the signals.

Signup and view all the flashcards

Azure role-based access control (Azure RBAC)

Azure RBAC allows you to control access to your cloud resources based on the principle of least privilege.

Signup and view all the flashcards

More Like This

Use Quizgecko on...
Browser
Browser