(1) AZ-500 Manage identity and access in Azure Active Directory

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Built-in Roles for Azure Resources (USES POWERSHELL) (3)

- Owner (full access to all resources, including the right to delegate access) - Contributor (create and manage all types of Azure resources but can't grant access to others) - Reader (can view existing Azure resources)

Some data operations that can be specified in DataActions and NotDataActions (3)

- Read a list of blobs in a container - Write a storage blob in a container - Delete a message in a queue

Azure AD allows you to define two different types of groups (2)

- Security groups (manage member and computer access to shared resources for a group of users) - Office 365 groups (lets you give people outside of your organization access to the group)

What is included in Azure AD Connect? (5)

- Sync services (makes sure that identity information for your on-premises users and groups matches that in the cloud) - Health monitoring (supplies robust monitoring and a central location in the Azure portal for viewing this activity) - AD FS (use to configure a hybrid environment via an on-premises AD FS infrastructure) - Password hash synchronization (sign-in method that synchronizes a hash of a user's on-premises Active Directory password with Azure AD) - Pass-through authentication ( sign in to both on-premises and cloud-based applications using the same passwords)

Add cloud identities to Azure AD in multiple ways (3)

- Syncing an on-premises Windows Server Active Directory (Azure AD Connect) - Use the Azure portal (manually add new users through the Azure portal, as User Administrator) - Use the command line (New-AzureADUser)

Azure AD Connect Benefits (3)

- Users can use a single identity to access both on-premises applications and cloud services - single tool provides an easy deployment experience for synchronization and sign-in - Integration provides the newest capabilities

Subscriptions in Azure are both (2)

- billing entity - security boundary

Which of the following sets the scope of a role to be the resource group myResourceGroup? - /subscriptions/de324015-0284-4582-9d9c-6f1e52a30471 - /subscriptions/{ef67bd4f-d0f2-4845-b6dd-6cba225b4f10}/resourceGroups/myResourceGroup/backupvm1 - /subscriptions/{ef67bd4f-d0f2-4845-b6dd-6cba225b4f10}/resourceGroups/myResourceGroup

/subscriptions/{ef67bd4f-d0f2-4845-b6dd-6cba225b4f10}/resourceGroups/myResourceGroup

What is a role definition?

A role definition is a collection of permissions

Creating a new role can be done through several mechanisms (3)

- Azure portal. (You can use the Azure portal to create a custom role - Azure Active Directory > Roles and administrators > New custom role) - Azure PowerShell. (You can use the New-AzureADMSRoleDefinition cmdlet to define a new role) - Azure Graph API. (You can use a REST call to the Graph API to programmatically create a new role.)

Typically, Azure AD defines users in three ways (3)

- Cloud identities (These users exist only in Azure AD - When these accounts are removed from the primary directory, they are deleted) - Directory-synchronized identities (These users exist in an on-premises Active Directory, source is Windows Server AD) - Guest users (These users exist outside Azure, Their source is Invited user)

What information does an Action provide in a role definition? - An Action provides the allowed management capabilities for the role. - An Action determines what data the role can manipulate. - An Action decides what resource the role is applied to.

An Action provides the allowed management capabilities for the role.

Which of the following best describes the relationship between a subscription and an Azure AD directory? - An Azure AD directory has a 1:1 relationship with a subscription. - An Azure AD directory can be associated with multiple subscriptions, but a subscription is always tied to a single directory. - An Azure AD directory is associated with a single subscription, but a subscription can trust multiple directories.

An Azure AD directory can be associated with multiple subscriptions, but a subscription is always tied to a single directory.

Companies that use an on-premise Windows Server Active Directory solution can integrate their existing users and groups with Azure Active Directory with

Azure AD Connect

What is Azure Active Directory (Azure AD)?

Azure AD is Microsoft's cloud-based identity and access management service which provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.

To create a new Azure AD go to this in the Azure Portal

Create a resource / Identity / Azure Active Directory

Data operations are specified in the

DataActions and NotDataActions properties

If you belong to multiple directories, you can switch the current directory you are working in through

Directory + subscription button in the Azure portal header

Users and groups can be added to one subscription (true/false)

False (Users and groups can be added to multiple subscriptions)

How are NotActions used in a role definition? - NotActions are subtracted from the Actions to define the list of permissible operations. - NotActions are consulted after Actions to deny access to a specific operation. - NotActions allow you to specify a single operation that is not allowed.

NotActions are subtracted from the Actions to define the list of permissible operations.

An organization can also be known as this in the Azure AD

Tenant

An organization can have more than one Azure AD directory. (true/false)

True

With Azure AD Connect, you can provide your users with a common identity for Office 365, Azure, and SaaS applications integrated with Azure AD in a hybrid identity environment. (true/false)

True

You can connect a Windows AD server to Azure AD to extend your directory into Azure. (true/false)

True

Azure AD is not

a cloud version of Windows Server Active Directory (also not intended as a complete replacement for an on-premises Active Directory)

A given subscription in Azure is associated with

a single Azure AD directory

Multiple subscriptions can trust the same directory, but

a subscription can only trust one directory

Once a user is authenticated, Azure AD builds

an access token to authorize the user and determine what resources they can access and what they can do with those resources

An Azure subscription is a _______________. - billing entity and security boundary - container that holds users - monthly charge for Azure services

billing entity and security boundary


संबंधित स्टडी सेट्स

Ch 15: Nursing Care of a Family During Labor and Birth

View Set

International Finance Chapter 16

View Set

CAASPP Testing 8th Grade Math Practice Scoring Guide Answers

View Set