Azure Identity and Access Management Quiz - Cloud IAM

on

Microsoft Entra ID (formerly Azure Active Directory or Azure AD) is an Identity and Access Management (IAM) solution that offers a range of security features such as Identity Management, Access Management, Single Sign-on, Self-service Password reset, Microsoft Entra Conditional Access, Microsoft Entra ID Protection, Azure Security Center, Identity Secure Score, Named locations, Authentication methods and Multi-factor authentication (MFA). These features help protect IT organization’s resources and data from unauthorized access.

Azure Identity and Access Management Quiz Question and Answers:

Azure AD provides which type of authentication?

  • Access management
  • Privileged access management
  • Governance
  • All the options

Azure AD provides __________________.

  • Basic Authentication
  • Federated Authentication
  • Synced Authentication
  • All the options

Identity and Access Management is divided into which of the following categories?

  • Access management
  • Privileged access management
  • Governance
  • All the options

RBAC can be used ________.

  • For controlling application access permission
  • For controlling application access permission and administration
  • Only for administration
  • None of the options

If you create a user in Azure AD, It is called as __________________ Identity.

  • Domain
  • Synchronized
  • Federated
  • Cloud

You plan to implement self-service group management in Microsoft Azure. Who is responsible for approving requests from users to join a group?

  • A co-administrator
  • A Domain Administrator
  • A group Owner
  • A service administrator

What are the three types of Role Basic Access (RBAC) controls in Microsoft Azure

  • Owner Role
  • Contributor Role
  • Reader Role
  • All the options

Who can assign any Azure role to other users to manage root management group?

  • Global Administrator
  • Global Contributor
  • Application Administrator
  • None of the options

Who can manage access to Azure subscriptions and management groups in tenant.

  • Global Administrator and Owner
  • Global Administrator and Contributor
  • Global Reader and Contributor
  • Application Administrator

Who can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.

  • Global Reader
  • Global Administrator
  • Group Owner
  • Application Administrator

___________ roles are used for granting access for privileged actions in Azure AD.

  • Administrative
  • RBAC
  • User
  • Member

To create custom role, your organization need Azure AD Premium ______.

  • P1
  • P2
  • Either P1 or P2
  • Both P1 and P2

Which of the following is used to ensure that the users are who they claim to be?

  • Administration
  • Authentication
  • Identity management
  • Authorization

Which of the following aims to manage the user identities in the multiple directories and identity stores across an organization?

  • Authentication
  • Identity Management
  • Authorization
  • None of the options

________ is a solution that provides a mechanism to manage the authentication of users and implement business rules determining user access to applications and data.

  • Identity management
  • Authorization
  • Access management
  • None of the options

Which property of access management aims to protect data from unauthorized eyes?

  • Integrity
  • Authentication
  • Confidentiality
  • Audit Logging

Which of the following is used to grant users access to resources?

  • Identity management
  • Authentication
  • Administration
  • Authorization

If on-premises account is disabled, then how long it takes to access the cloud account?

  • 300 minutes
  • 500 minutes
  • 100 minutes
  • None of the options

Managing Groups includes __________________.

  • Creating Group
  • Adding Users to the group
  • Assigning group owner
  • All the options

What is the maximum number of role assignments for subscription in Azure?

  • 100 role assignments per subscription
  • 1000 role assignments per subscription
  • 2000 role assignments per subscription
  • 4000 role assignments per subscription

How many cloud apps can be associated with one Azure AD conditional access policy?

  • 10,000 Objects
  • 50,000 Objects
  • 500 Objects
  • 5000 Objects

What is the significant user benefit achieved by implementing SaaS application integration?

  • Single sign-on to SaaS applications
  • Anonymous access to SaaS applications
  • Multi-account access to SaaS applications
  • Multi-level access to SaaS applications

A domain name is an important part of the identifier for _________.

  • User name or email address
  • Address for a group
  • App ID URI for an application
  • All the options

What types of accounts does password writeback work for?

  • Synced IDs
  • Domain IDs
  • Cloud IDs
  • All the options

Which of the following has the the highest level of access in Azure Portal?

  • Global Administrator
  • Application Administrator
  • User Administrator
  • Limited Administrator
  • Subscription Owner
  • Subscription Contributor

What are the two basic user types in Azure AD?

  • Member and User
  • Member
  • User and Invite User
  • Access Admin

The basic domain name is primarily intended to be used as a bootstrapping mechanism until a custom domain name is verified`.

  • True
  • False

What is a benefit of Role Basic Access Control (RBAC) in Microsoft Azure?

  • group/role management
  • broad permissions assignments
  • granular management permissions assignment
  • service/subscription management

The basic domain of Azure AD is in the form of ___________.

  • sample01.onmicrosoft.com
  • samplexyz.domain.onmicrosoft.com
  • abc123.azure.microsoft.com
  • None of the options

Contoso.com is your verified custom domain, then the UPN of the user1 will be ________________.

  • user1@contoso.com
  • user1@contoso.microsoft.com
  • user1@contoso.onmicrosoft.com

To manage the Azure Ad, the required privilege is _________.

  • Global administrator
  • Service administrator
  • Enterprise administrator
  • AD administrator

What type of SaaS gallery applications support Microsoft Azure Active Directory automatic provisioning?

  • Windows apps
  • Published apps
  • Featured apps
  • Integrated apps

What is the full form of Azure?

  • Auroral Zone Upwelling Release Experiment
  • Auroral Zero Upwelling Release Experiment

Azure AD is not available in Azure Free Edition. True or False

  • True
  • False

Identity and access management (IAM) is the discipline that enables the right individuals to access the right resources at the right times for the right reasons. True or False?

  • True
  • False

You are deciding between using an on-prem Multi-factor Authentication (MFA) service, and a cloud-based service hosted in Azure. Which of the following features are available only in the on-prem MFA service?

  • Trusted IPs
  • Securing SaaS apps in the app gallery
  • Fraud alerts
  • Two-way SMS

You are the Global Administrator for your company’s Windows Azure tenant. You enable the self-service password reset feature. You create a new Azure Active Directory (Azure AD) account for a user and give the user the temporary password. Later from his home PC, the user attempts to log in to his O365 email but can’t find the temporary password. He clicks ”Can’t access your account” but is not prompted to reset his password. Other users successfully reset their passwords during this same timeframe. You need to explain to his manager why the user was not able to reset his password when other users were able to reset their passwords. What explanation should you give the user’s manager?

  • Before a user can use this feature, he must first be added to the Password Administrators role in the subscription.
  • Before a user can use this feature, he must first define an authentication method, such as a mobile number. This will be requested at the first successful login.
  • The corporate firewall blocks connection attempts to https://ssprsbprodncu-sb.accesscontrol.windows.net/
  • To use this feature, the user must log in from a corporate

Your company is using O365. The tenant administrator signs up for a free Azure membership and creates an Azure Active Directory (Azure AD) tenant. He then associates the Azure AD tenant with the Azure subscription. Multi-factor authentication (MFA) is not enabled. You wish to enable the self-service password reset feature for your cloud users. Which of the statements below is true regarding your tenant and the self-service password reset feature?

  • You cannot enable this feature until you upgrade to a Premium Azure subscription.
  • You cannot enable this feature until you upgrade to a Basic Azure subscription.
  • The self-service password reset feature is available, as it is part of your paid O365 license
  • You cannot enable this feature until you configure MFA.

Your company uses Windows Azure and has published several applications. Your network team has informed you that there is much traffic coming from a specific subnet. You believe one of the most commonly used apps may be to blamed. You need to check which apps are being used the most, and where the traffic is originating. From which blade in the Azure portal should you start your search?

  • Azure Active Directory
  • Users and Groups
  • Enterprise Applications (ans)
  • App Services

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com and an Azure Active Directory (Azure AD) domain named contoso.onmicrosoft.com. You are using Role-Based Access Control (RBAC) policies to control who has rights within the Azure subscription. You are a Global Administrator and have the “owner” built-in role. A member of your team named Mary should be allowed to create and manage all objects in the subscription, but should not be able to add or remove role assignments. You need to give Mary only the rights that she needs. This must be accomplished with the least amount of administrative effort. What should you do?

  • Add Mary to the Owner role
  • Create a custom RBAC role for Mary
  • Add Mary to the Contributor role
  • Add Mary to the Reader role

You are the administrator of your company’s Azure subscription, and Azure Active Directory (Azure AD) tenant. Your company has an on-prem Active Directory. Your boss asks you to research, allowing the company users to access the Line-of-business (LOB) Software as a Service (SaaS) applications using Conditional Access rules. You need to make sure your tenant meets the pre-requisites for Conditional Access to SaaS apps. What is the lowest Azure subscription level required to enable Conditional Access to SaaS apps?

  • Azure Free subscription
  • Azure Premium subscription
  • Paid O365 licenses
  • Azure Basic subscription

Your company has one Azure subscription. You create 5 Resource Groups within the subscription: RG1, RG2, RG3, RG4, and RG5. You want to give a partner named John the right to manage all of the resources within RG3 fully. John’s Live ID is john@outlook.com. John should not be able to manage the resources in any other resource group. What should you do?

  • Log in to the Azure portal, browse to RG3 and add John’s Live ID as an Owner.
  • Add John to your Azure Active Directory. Click the Subscription and Add John’s Azure login as an Owner.
  • Log in to the Azure portal, click the Subscription and Add John’s Live ID as an Owner.
  • Add John to your Azure Active Directory. Browse to RG3 and add John’s Azure login as an Owner.

How many subscriptions can be associated with a single Azure AD?

  • 100 Subscriptions
  • 50 Subscriptions
  • 1000 Subscriptions
  • Unlimited

Azure supports up to __________ role assignments per subscription.

  • 100
  • 500
  • 2000
  • 4000
  • Unlimited

Contoso.com is your verified custom domain, then the UPN of the user1 will be _______.

  • user1@contoso.onmicrosoft.com
  • user1@contoso.com
  • user1@contoso.microsoft.com

What feature of Privileged Identity Management allows you to define extended permissions for a user over a limited period?

  • Time-limited Activation
  • Restriction
  • Assignment
  • Discovery

You are the administrator of your company’s Azure subscription and Azure Active Directory (Azure AD) tenant. Many Software as a Service (SaaS) apps have been published and are available to the users. Users use these apps only when connected to the corporate network. A vendor who comes in with his laptop and air card need access to the application. You create a user account for the vendor in the Azure AD tenant, assign access to the app for the vendor, and give the vendor a link to the application. The vendor is unable to access the application. You need to ensure the vendor can access the application. What should you do?

  • Change the SaaS app to a multi-tenant app.
  • Have the user connect his laptop to the organization’s network
  • Create a federation between your organization and the vendor’s company
  • Create an account for the vendor in the Azure subscription

How long does password writeback take to work?

  • Immediately
  • 10 Seconds
  • 15 Seconds
  • 5 Seconds

You are the administrator for your company’s Azure Active Directory (Azure AD) tenant, and on-prem Active Directory domain. A partner published a multi-tenant Software as a Service (SaaS) application, and gave your company access to the SaaS app. You configure access to several HR users in your company.

Later, a team member in HR moves to a new department and no longer needs access to the partner’s app. You need to remove access to the app for this user, without affecting access for other users. The user must still be able to access other Line-of-Business (LOB) SaaS apps. What should you do?

  • Delete the team member from the Azure AD tenant (ans)
  • Delete the team member from the on-prem Active Directory domain
  • Delete the team member’s assignment to the app in the Azure portal
  • Delete the partner’s webapp from the “Apps my company uses” section of the Azure portal

You are the Global Administrator for your company’s Windows Azure tenant. You assign two of your coworkers as Global Administrators. You click the Azure AD Privileged Identity Management link and walk through the security wizard. You add one of the coworkers to the role of Privileged Role Administrator Later, the coworker attempts to access the Azure AD Privileged Identity Management service and cannot access it. You need to ensure that your coworker has access to this service. What should you do?

  • Add your coworker as a Service Administrator
  • Add your coworker to the role of Security Administrator
  • Instruct the user to activate the role

You have a corporate website with Anonymous access enabled. Later you configure Azure Multi-factor Authentication (MFA) and configure it to Enable IIS authentication. A user logs into the web page and is immediately presented the webpage, with no authentication requests or prompts. You need to ensure that users are prompted for MFA when accessing the webpage. What should you do?

  • In the IIS console, on the web page properties, enable Basic authentication and disable Anonymous authentication
  • In the MFA console, select “Use cookies to cache successful authentications (minutes)”
  • In the IIS console, on the Default Web Site properties, enable Basic authentication and disable Anonymous authentication
  • In the MFA console, enable MultiFactorAuthWebServiceSdk

Which of the following options is offered by Identity as a Service?

  • Risk and event
  • Identity governance
  • Provisioning
  • All the options

Check Azure Related Cloud Computing Quiz Questions and Answer: