Describe Azure identity, access, and security

Questions and Answers

Which of the following statements about Azure Active Directory (Azure AD) is true?

• Azure AD is only used for accessing Microsoft cloud applications
• Azure AD is a cloud-based identity and access management service (correct)
• Azure AD can only be used for on-premises Active Directory deployments
• Azure AD does not provide any security features

What is the main purpose of Azure AD for IT administrators?

• To control access to applications and resources based on business requirements (correct)
• To authenticate into Microsoft 365 and Microsoft Office 365
• To provide a standards-based approach for adding functionality to applications
• To manage user identities and perform maintenance actions

What benefit does connecting Active Directory with Azure AD provide?

• Enabling self-service password reset
• Detecting suspicious sign-in attempts (correct)
• Adding SSO functionality to applications
• Monitoring sign-in attempts

Which authentication method simplifies the security model by granting access across applications to a single identity?

Single sign-on (SSO) (C)

What is the purpose of multifactor authentication (MFA)?

To protect against a password compromise (D)

Which authentication method requires the user to provide two or more elements to fully authenticate?

Multifactor authentication (MFA) (A)

What does Azure AD Multi-Factor Authentication provide?

Multifactor authentication (MFA) (A)

Which of the following is NOT a passwordless authentication method offered by Microsoft Azure?

Azure AD External Identities (B)

Which of the following is a feature of Windows Hello for Business?

Ability to use a PIN for authentication (B)

What is the main advantage of using FIDO2 security keys for passwordless authentication?

Increased security with no exposed or guessed passwords (D)

What can external identities in Azure AD be used for?

Collaborating with partners and vendors (A)

What is one of the services provided by Azure AD?

Authentication (C)

What is the purpose of single sign-on (SSO)?

To simplify the security model (D)

How can you connect your on-premises AD with Azure AD?

By using Azure AD Connect (C)

What are the benefits of using Azure AD DS?

Enables legacy applications to use modern authentication methods (B)

Which of the following best describes Azure AD B2B collaboration?

Collaborating with external users using their preferred identity to sign in to Microsoft applications and other enterprise applications. (B)

Which of the following is NOT a capability of Azure External Identities?

Azure AD B2B (C)

Conditional Access in Azure Active Directory allows access to resources based on which of the following signals?

User's role, location, and network (A)

What is the purpose of Conditional Access in Azure Active Directory?

To allow or deny access to resources based on identity signals (C)

Which of the following is true about Azure role-based access control (Azure RBAC)?

Azure RBAC allows you to control access to cloud resources based on the principle of least privilege. (C)

What is the purpose of Azure role-based access control (Azure RBAC)?

To manage access permissions for multiple IT and engineering teams in a cloud environment. (B)

Which of the following is a scope to which Azure role-based access control (Azure RBAC) can be applied?

A management group (A)

How does Azure RBAC enforce access permissions?

Azure RBAC enforces access permissions on actions initiated against an Azure resource through Azure Resource Manager. (C)

Which of the following best describes Azure Active Directory (Azure AD)?

A directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop. (C)

Which of the following is NOT a user of Azure AD?

Online service subscribers (A)

What benefit does connecting Active Directory with Azure AD provide?

Detecting suspicious sign-in attempts for on-premises Active Directory. (D)

Which of the following is NOT a passwordless authentication method offered by Microsoft Azure?

Azure AD Multi-Factor Authentication (D)

What is the main advantage of using FIDO2 security keys for passwordless authentication?

They eliminate the need for a username and password (A)

Which of the following is NOT a capability of Azure External Identities?

Enabling single sign-on for external users (C)

What is the purpose of Conditional Access in Azure Active Directory?

To enforce access permissions based on certain signals (C)

Which of the following is a service provided by Azure AD DS?

Domain join (D)

What is the purpose of Azure AD Connect?

To synchronize user identities between on-premises Active Directory and Azure AD (D)

How does Azure AD DS handle domain controllers in the managed domain?

They are deployed as a replica set in the selected Azure region (D)

Is information synchronized between Azure AD and Azure AD DS in both directions?

No, information is only synchronized from Azure AD DS to Azure AD (B)

Which of the following is NOT an authentication method supported by Azure?

Single sign-on (SSO) (D)

What is the purpose of single sign-on (SSO)?

To enable a user to sign in one time and use that credential to access multiple resources and applications from different providers (B)

What elements fall into the category of 'Something the user knows' in multifactor authentication?

A challenge question (D)

What is the purpose of Azure AD Multi-Factor Authentication?

To provide multifactor authentication capabilities (B)

Which of the following best describes the purpose of Azure AD B2C?

To publish modern SaaS apps or custom-developed apps to consumers and customers (C)

What is the purpose of Azure conditional access?

To allow (or deny) access to resources based on identity signals (B)

When can Conditional Access be useful?

When you need to require multifactor authentication depending on the requester's role, location, or network (A)

What is the purpose of enforcement in Azure conditional access?

To carry out the decision made based on the signals (A)

Which of the following best describes Azure role-based access control (Azure RBAC)?

A. Azure RBAC allows you to control access to your cloud resources based on the principle of least privilege. (B)

When is role-based access control applied to resources in Azure?

D. When a user is assigned a role at the resource level. (D)

How does Azure RBAC enforce access permissions?

C. Azure RBAC uses an allow model, allowing users to perform actions within the scope of their assigned role. (A)

What is the hierarchy of Azure RBAC?

A. Management group > Subscription > Resource group > Resource (B)

Which of the following is a guiding principle of the Zero Trust security model?

Authenticate and authorize based on all available data points (B)

According to the text, how does the Zero Trust model differ from traditional corporate networks?

It requires everyone to authenticate (C)

What is the main goal of the Zero Trust security model?

To protect resources based on the assumption of breach (C)

Which layer of defense-in-depth is responsible for securing access to virtual machines?

Compute (A)

What is the purpose of the network layer in defense-in-depth?

To limit communication between resources (A)

Which layer of defense-in-depth focuses on physically securing access to buildings and controlling access to computing hardware?

Physical security (D)

What is the main objective of defense-in-depth?

To protect information and prevent unauthorized access (A)

Which of the following is NOT a feature provided by Microsoft Defender for Servers?

Vulnerability assessment (B)

What is the purpose of Defender for Cloud?

To continuously assess the security posture of your environment (C)

What is the role of Azure Security Benchmark in Defender for Cloud?

To provide guidelines for security and compliance best practices (A)

What does Defender for Cloud's secure score indicate?

The overall health of your security posture (A)

Which of the following best describes the purpose of Microsoft Defender for Cloud?

It is a monitoring tool for security posture management and threat protection (B)

What does Defender for Cloud help you detect threats across?

Azure PaaS services, Azure data services, and networks (D)

How can you extend Defender for Cloud's protection to on-premises servers?

Deploy Azure Arc and enable enhanced security features (A)

Which of the following is NOT a capability of Defender for Cloud in protecting resources in other clouds?

Container threat detection for Amazon EKS Linux clusters (D)

Flashcards

Azure Active Directory (Azure AD)

A cloud-based identity and access management service.

Purpose of Azure AD for IT

To control and manage access to applications and resources based on specific business requirements.

Connecting AD with Azure AD

Detecting potentially harmful or unusual sign-in attempts.

Single sign-on (SSO)

Authentication process that permits a user to enter one name and password in order to access multiple applications.

Multifactor authentication (MFA)

When two or more elements or factors are necessary to grant access.

Purpose of MFA

Protects against password compromise by requiring multiple forms of verification.

Azure AD External Identities Use

External Identities offer features like collaborating with partners and vendors.

Authentication (Azure AD)

A service that verifies the identify of a user or device.

Purpose of single sign-on (SSO)

To simplify the security model by allowing users to access multiple applications with one set of credentials.

Azure AD Connect

Synchronizing user identities for authentication.

Benefits of Azure AD DS

Enables legacy applications to use modern authentication methods by providing domain services.

Azure AD B2B collaboration

Collaborating with external users using their preferred identity to sign in to Microsoft applications and other enterprise applications.

Purpose of Conditional Access

To decide to allow or deny access to resources based on identity signals.

Purpose of Azure RBAC

To manage permissions for multiple IT and engineering teams in a cloud environment.

How Azure RBAC Enforces Access

Azure RBAC enforces access permissions on actions initiated against an Azure resource through Azure Resource Manager.

Azure Active Directory (Azure AD)

A directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop.

Connecting AD with Azure AD

Detecting suspicious sign-in attempts for on-premises Active Directory.

Advantage of FIDO2 keys

They eliminate the need for a username and password, increasing security.

Conditional Access

To enforce access permissions based on certain signals.

Service of Azure AD DS

Provides domain join, group policy, LDAP, and Kerberos authentication

Function of Azure AD Connect

To synchronize user identities between on-premises Active Directory and Azure AD.

How AD DS Handles Domain Controllers

They are deployed as a replica set in the selected Azure region.

Purpose of SSO

To enable a user to sign in one time and use that credential to access multiple resources and applications from different providers.

'Something you know' Authentication

A challenge question

Purpose of Azure AD Multi-Factor Authentication

To provide multifactor authentication capabilities.

Purpose of Azure AD B2C

To publish modern SaaS apps or custom-developed apps to consumers and customers.

Azure conditional access

To allow (or deny) access to resources based on identity signals.

When is Conditional Access Useful?

When you need to require multifactor authentication depending on the requester's role, location, or network.

Azure Conditional Access Enforcement

To carry out the decision made based on the signals.

Azure role-based access control (Azure RBAC)

Azure RBAC allows you to control access to your cloud resources based on the principle of least privilege.