Save
Busy. Please wait.
Log in with Clever
or

show password
Forgot Password?

Don't have an account?  Sign up 
Sign up using Clever
or

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

AZ900 - Part II

Azure Fundamentals - Authentication & Authorization, Security

QuestionAnswer
Every Azure account will have an ____ for managing users and permissions. Azure Active Directory Service (AAD)
All resources within a ______ are billed together. subscription
A tenant is a dedicated instance of ______ that represents your organization in Azure. AAD
An AAD user can be a member or guest of up to ______ tenants. 500
A _____ is a billing entity. All resources belong to a single _______. subscription
You can have multiple subscriptions within a ________ to separate costs. tenant
Defines a trust boundary for secure access. Corporate network is an example. Trusted Perimeter
List 2 challenges with the trusted perimeter model. Must be on corporate network to access resources. Rogue user/malware inside trusted perimeter can cause havoc.
All users are assumed untrustworthy unless proven otherwise. Trust is based on identity, regardless of location, principle of least privilege applied. Offers simplified, centralized management. Zero Trust
Accessing M365 email, documents, and resources from anywhere based on identity, not VPN , centrally controlling access with conditional access policies and allowing mobile access from approved managed devices only are examples of. Zero Trust In Action
MFA is enabled in _____. Azure AD
Passwordless authentication removes the password requirement for user login and replaces it with ______, _______, and/or _____. Something you have (Phone/Key fob) Something you know (PIN) Something you are (biometric)
List the 3 passwordless authentication methods supported by Azure. Microsoft Authenticator App Windows Hello FIDO2 Security Key
Microsoft's MFA mobile app. Configured in Azure AD. Can authenticate in app with biometrics/pin. Microsoft Authenticator App
Passwordless authentication methods: Facial recognition on Windows 10/11. Windows Hello
_________ Provides authentication protections beyond username/password, uses if/then policies to grant access and is often paired with MFA. Conditional Access
Enforcing MFA for all admins or all users, blocking sign-in with legacy authentication protocols, granting access only to specific locations and requiring sign-in from organization managed devices are all examples of.. Conditional Access Scenarios
Name two options for providing an external user access to an Azure organization. Create a separate organization account for external user.(User maintains 2 accounts) Invite guest user to Azure tenant (Uses existing account, B2B collaboration)
Name some of the IdPs supported when adding a guest user to an Azure organization. Microsoft, Google, Facebook and others.
Name the 3 steps needed to setup guest access. Configure IdP (If non-Microsoft) Invite External Party After guest accepts invite, assign permissions (optionally: assign apps, apply conditional access policy)
Describe a limitation related to migration of legacy apps to Azure AD. Apps must be able to support OAuth2.0. Legacy apps requiring GPO, LDAP, NTLM and Kerberos are not supported.
Legacy applications that don't provide support for OAuth 2.0 cannot be migrated to Azure AD. Describe three possible solutions to this challenge. 1. Continue using on-prem AD + Azure AD Connect 2. Configure DC on Azure VM (self managed AD) 3. Implement Azure AD DS (AADDS), Azure's Managed Directory service.
Azure AD DS is a _______ meaning there is no need to configure or manage server OSes. Behind the scenes Azure provides ____ Windows domain controllers for HA. managed service 2
True or False. Azure AD DS can be used to extend your on-prem domain/domain name into the Azure cloud. False. Azure AD DS requiresa unique namespace/domain. This is a standalone domain, not an extension of the on-prem AD domain.
Your organization wants to migrate legacy on-prem applications to the Azure cloud with a few requirements. Which service and options would you choose? - Must be a managed service - Will utilize users & groups from Azure AD Azure AD DS with one-way sync from Azure AD
This Azure service provides Single Sign-On capabilities to your applications in the Azure cloud. Azure Active Directory Seamless Single Sign-On
The first service created with every new Azure account. You can't use Azure without it! AAD
A single instance of AAD is called a/an _______. tenant
Billing entity that controls the cost of resources and services associated with it. Subscription
This Azure service offers a managed instance of Active Directory that integrates with classic features such as Kerberos, LDAP, NTLM and Group Policy, allows a one way sync of users and groups from azure AD and requires a separate unique domain. Azure Active Directory Domain Services (AADDS)
This Azure service protects against DDoS attacks by detecting and deflecting and provides various levels of protection depending on the service. There is no interruption to your service and Azure will mitigate the attack globally DDoS Protection Service
A personal resource firewall that can be attached to a VNet, subnet or network interface. Determines who can access the resources attached to it using rules for inbound and outbound traffic. Network Security Group (NSG)
This type of firewall is focused on the security of the application rather than the IP endpoint. You can group VMs and VNets into logical application groups and apply. Application Security Group
By default Azure managed PaaS services are reachable over the _________. public internet (By default, traffic from VNET to PaaS will also traverse the public internet.)
Your organziation needs to limit/remove public access to all managed storage and database services. Name two possible Azure soltions to solve this challenge. Service endpoints (good) Private endpoints (better)
This service allows an organziation to enable a direct connection between an Azure subnet to Azure PaaS services via Microsoft's private backbone. This option allows secure access from Azure VNETs only, on-prem traffic via public internet. Service Endpoints (provide access to the entire managed service, not a specific instance of a managed service)
This service allows an org to to enable a private connection to a specific instance of a managed service via a managed nw int on an Azure VNet. Also allows private connectivity from on-prem using VPN, ExpressRoute and access to other VNets via Peering. Private Endpoint
Name the most important benefit of using private endpoints vs serivce endpoints. With private endpoints you can completely disable public access/internet exposure to a connected service.
Name the best service based on the following requirements: End users need access to a managed SQL database from home office, connected to on-prem network with VPN. Public access to SQL must be blocked. Private endpoint
This Azure service provides threat alerts, policy and compliance metrics, a secure score, integrates with on-prem and other cloud providers and alerts for resources that aren't secure. Microsoft Defender for Cloud (Requires Azure Arc for Google/AWS intergration) (Requires VM agent installation)
Name the three step process to utilize Microsoft Defender for Cloud. 1. Define Policies - Set of rules to evaluate a resource (use predefined or CYO) 2. Protect Resources - Actively protect through monitoring 3. Respond - Respond/Investigate all threats then go back to step 1 to define new policies for the alert.
Microsoft Defender for Cloud helps to streamline the process for meeting regulatory compliance requirements using the _______. Regulatory Compliance Dashboard
This Defender for Cloud Dashboard helps you track your resources configuration in relation to security best practices (Resource Hygiene) Recommendations
You need multiple layers of defense for your infrastructure. Azure has physical, identity, permieter, network, compute, gateways and firewalls and data as protection layers. This is an example of ________. Defense in depth
This tool allows you to monitor security hygiene for VMs. Define policies to protect your resources better and respond to incidents. Microsoft Defender for Cloud (formerly Azure Security Center)
A secure way to share access to applications and resources with third parties without ever revealing credentials. Azure Key Vault
Share files and data inside and outside of Azure and still maintain control that data. You can control who views, edits, prints and more. Azure Information Protection
Azure SIEM tool. Allows you to collect, aggergate, analyze, and present security issues automatically for you to take action. Azure Sentinel
Your own dedicated Azure hardware to install Windows, Linux or SQL server VMs on. Gives your control without losing cloud benefits like scaling, scale sets, fault isolation and AZs. Azure Dedicated Hosts
You secure and manage users of your organizaiton. Monitor users' behavior, create a baseline of this behavior and report on any anomolies from it. Microsoft Defender for Identity
Describe the two steps to configure a conditional access policy. Assign signals / conditions (users/groups, applications, location (IP), approved devices) Access decisions (grant/block access, prompt for MFA)
The objective of _______ is to increase the convenience of logging into a system while still staying secure. Passwordless Authentication
With passwordless authentication the password requirement is replaced with _____, ______. Something you have (phone/fob) Something you know/are (fingerprint/face/PIN)
Created by: douros05
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards