Describe Azure identity, access, and security

Questions and Answers

Which of the following statements about Azure Active Directory (Azure AD) is true?

Azure AD is a cloud-based identity and access management service

What is the main purpose of Azure AD for IT administrators?

To control access to applications and resources based on business requirements

What benefit does connecting Active Directory with Azure AD provide?

Detecting suspicious sign-in attempts

Which authentication method simplifies the security model by granting access across applications to a single identity?

Single sign-on (SSO)

What is the purpose of multifactor authentication (MFA)?

To protect against a password compromise

Which authentication method requires the user to provide two or more elements to fully authenticate?

Multifactor authentication (MFA)

What does Azure AD Multi-Factor Authentication provide?

Multifactor authentication (MFA)

Which of the following is NOT a passwordless authentication method offered by Microsoft Azure?

Azure AD External Identities

Which of the following is a feature of Windows Hello for Business?

Ability to use a PIN for authentication

What is the main advantage of using FIDO2 security keys for passwordless authentication?

Increased security with no exposed or guessed passwords

What can external identities in Azure AD be used for?

Collaborating with partners and vendors

What is one of the services provided by Azure AD?

Authentication

What is the purpose of single sign-on (SSO)?

To simplify the security model

How can you connect your on-premises AD with Azure AD?

By using Azure AD Connect

What are the benefits of using Azure AD DS?

Enables legacy applications to use modern authentication methods

Which of the following best describes Azure AD B2B collaboration?

Collaborating with external users using their preferred identity to sign in to Microsoft applications and other enterprise applications.

Which of the following is NOT a capability of Azure External Identities?

Azure AD B2B

Conditional Access in Azure Active Directory allows access to resources based on which of the following signals?

User's role, location, and network

What is the purpose of Conditional Access in Azure Active Directory?

To allow or deny access to resources based on identity signals

Which of the following is true about Azure role-based access control (Azure RBAC)?

Azure RBAC allows you to control access to cloud resources based on the principle of least privilege.

What is the purpose of Azure role-based access control (Azure RBAC)?

To manage access permissions for multiple IT and engineering teams in a cloud environment.

Which of the following is a scope to which Azure role-based access control (Azure RBAC) can be applied?

A management group

How does Azure RBAC enforce access permissions?

Azure RBAC enforces access permissions on actions initiated against an Azure resource through Azure Resource Manager.

Which of the following best describes Azure Active Directory (Azure AD)?

A directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop.

Which of the following is NOT a user of Azure AD?

Online service subscribers

What benefit does connecting Active Directory with Azure AD provide?

Detecting suspicious sign-in attempts for on-premises Active Directory.

Which of the following is NOT a passwordless authentication method offered by Microsoft Azure?

Azure AD Multi-Factor Authentication

What is the main advantage of using FIDO2 security keys for passwordless authentication?

They eliminate the need for a username and password

Which of the following is NOT a capability of Azure External Identities?

Enabling single sign-on for external users

What is the purpose of Conditional Access in Azure Active Directory?

To enforce access permissions based on certain signals

Which of the following is a service provided by Azure AD DS?

Domain join

What is the purpose of Azure AD Connect?

To synchronize user identities between on-premises Active Directory and Azure AD

How does Azure AD DS handle domain controllers in the managed domain?

They are deployed as a replica set in the selected Azure region

Is information synchronized between Azure AD and Azure AD DS in both directions?

No, information is only synchronized from Azure AD DS to Azure AD

Which of the following is NOT an authentication method supported by Azure?

Single sign-on (SSO)

What is the purpose of single sign-on (SSO)?

To enable a user to sign in one time and use that credential to access multiple resources and applications from different providers

What elements fall into the category of 'Something the user knows' in multifactor authentication?

A challenge question

What is the purpose of Azure AD Multi-Factor Authentication?

To provide multifactor authentication capabilities

Which of the following best describes the purpose of Azure AD B2C?

To publish modern SaaS apps or custom-developed apps to consumers and customers

What is the purpose of Azure conditional access?

To allow (or deny) access to resources based on identity signals

When can Conditional Access be useful?

When you need to require multifactor authentication depending on the requester's role, location, or network

What is the purpose of enforcement in Azure conditional access?

To carry out the decision made based on the signals

Which of the following best describes Azure role-based access control (Azure RBAC)?

A. Azure RBAC allows you to control access to your cloud resources based on the principle of least privilege.

When is role-based access control applied to resources in Azure?

D. When a user is assigned a role at the resource level.

How does Azure RBAC enforce access permissions?

C. Azure RBAC uses an allow model, allowing users to perform actions within the scope of their assigned role.

What is the hierarchy of Azure RBAC?

A. Management group > Subscription > Resource group > Resource

Which of the following is a guiding principle of the Zero Trust security model?

Authenticate and authorize based on all available data points

According to the text, how does the Zero Trust model differ from traditional corporate networks?

It requires everyone to authenticate

What is the main goal of the Zero Trust security model?

To protect resources based on the assumption of breach

Which layer of defense-in-depth is responsible for securing access to virtual machines?

Compute

What is the purpose of the network layer in defense-in-depth?

To limit communication between resources

Which layer of defense-in-depth focuses on physically securing access to buildings and controlling access to computing hardware?

Physical security

What is the main objective of defense-in-depth?

To protect information and prevent unauthorized access

Which of the following is NOT a feature provided by Microsoft Defender for Servers?

Vulnerability assessment

What is the purpose of Defender for Cloud?

To continuously assess the security posture of your environment

What is the role of Azure Security Benchmark in Defender for Cloud?

To provide guidelines for security and compliance best practices

What does Defender for Cloud's secure score indicate?

The overall health of your security posture

Which of the following best describes the purpose of Microsoft Defender for Cloud?

It is a monitoring tool for security posture management and threat protection

What does Defender for Cloud help you detect threats across?

Azure PaaS services, Azure data services, and networks

How can you extend Defender for Cloud's protection to on-premises servers?

Deploy Azure Arc and enable enhanced security features

Which of the following is NOT a capability of Defender for Cloud in protecting resources in other clouds?

Container threat detection for Amazon EKS Linux clusters