2.4. Describe Azure identity, access, and security
The skill “2.4. Describe Azure Identity, Access, and Security” focuses on the Azure services related to identity and access management, as well as security. These services enable users to manage access to Azure resources and applications, as well as to secure their data and applications in the cloud.
Azure Identity and Access Management (IAM) Services:
- Azure Active Directory (Azure AD): Azure AD is a cloud-based identity and access management service that provides users with a single sign-on to access multiple applications and services. It enables users to manage identities, secure access to resources, and integrate with other cloud-based services.
- Azure Role-Based Access Control (RBAC): Azure RBAC enables users to grant permissions to users, groups, and applications, based on their roles or job functions. It enables users to assign roles to resources and control access to resources at a granular level.
- Azure Multi-Factor Authentication (MFA): Azure MFA provides an additional layer of security for users accessing applications and services in Azure. It requires users to provide a second form of authentication, such as a phone call, text message, or mobile app, in addition to a password.
Azure Security Services:
- Azure Security Center: Azure Security Center is a unified security management solution that enables users to monitor and protect their Azure resources and applications. It provides advanced threat protection, security assessments, and security recommendations to help users improve their security posture.
- Azure Firewall: Azure Firewall is a managed, cloud-based network security service that provides advanced threat protection for inbound and outbound traffic. It enables users to create, enforce, and log application and network connectivity policies.
- Azure Key Vault: Azure Key Vault is a cloud-based service that enables users to securely store and manage cryptographic keys, certificates, and secrets. It provides a secure and centralized location for managing keys and secrets, enabling users to control access to sensitive data.
Understanding Azure Identity, Access, and Security services is essential for anyone working with Azure infrastructure and services. These services provide a range of tools and capabilities that enable users to manage access to resources, secure their data, and protect their applications from threats.
Skill Exam Summary
0 of 82 Questions completed
Questions:
Information
You have already completed the skill exam before. Hence you can not start it again.
Skill Exam is loading…
You must sign in or sign up to start the skill exam.
You must first complete the following:
Results
Results
0 of 82 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- AZ-900 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 82
1. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You can change the Azure AD tenant to which an Azure subscription is associated.
CorrectIncorrect -
Question 2 of 82
2. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Identities stored in on-premises AD can be synchronized to AAD.
CorrectIncorrect -
Question 3 of 82
3. Question
To complete the sentence, select the appropriate option in the answer area.
Your company implements xxxxxxx automatically add a watermark to Microsoft Word documents that contain credit card information.
CorrectIncorrect -
Question 4 of 82
4. Question
A company that has numerous divisions is planning to deploy an Azure environment. The company would like each division’s option to pay for the Azure services it utilizes, not be the same. You have been asked to recommend a solution to meet the requirements.
Solution: You recommend that an Azure policy be created for each division.
Does the solution meet the goal?CorrectIncorrect -
Question 5 of 82
5. Question
You sign up for Azure Active Directory (Azure AD) Premium. You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD?CorrectIncorrect -
Question 6 of 82
6. Question
Your company plans to automate the deployment of servers to Azure. Your manager is concerned that you may expose administrative credentials during the deployment. You need to recommend an Azure solution that encrypts the administrative credentials during the deployment. What should you include in the recommendation?
CorrectIncorrect -
Question 7 of 82
7. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Identities stored in aad, third-party cloud services and on-premises AD can be used to access Azure resources.
CorrectIncorrect -
Question 8 of 82
8. Question
To complete the sentence, select the appropriate option in the answer area.
You have an Azure virtual network named VNET1 in a resource group called RG1. You assign the Azure policy definition of Not Allowed Resource type and specify that virtual networks are not an allowed resource type in RG1.
VNET1 xxxx
CorrectIncorrect -
Question 9 of 82
9. Question
A company that has numerous divisions is planning to deploy an Azure environment. The company would like each division’s option to pay for the Azure services it utilizes, not be the same. You have been asked to recommend a solution to meet the requirements.
Solution: You recommend that a subscription be created for each division.
Does the solution meet the goal?CorrectIncorrect -
Question 10 of 82
10. Question
Your company has an Azure subscription that contains resources in several regions. You need to ensure that administrators can only create resources in those regions.
What should you use?CorrectIncorrect -
Question 11 of 82
11. Question
Which Azure service should you use to store certificates?
CorrectIncorrect -
Question 12 of 82
12. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure has built-in authentication and authorization services that provide secure access to Azure resources.
CorrectIncorrect -
Question 13 of 82
13. Question
Your company has an Azure subscription that contains resources in several regions. A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located. You need to create the Azure resource that must be used to meet the policy requirement.
What should you create?
CorrectIncorrect -
Question 14 of 82
14. Question
From Access Control (IAM), you can view which user turned off a specific virtual machine during the last 14 days.
Review the text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
CorrectIncorrect -
Question 15 of 82
15. Question
Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.CorrectIncorrect -
Question 16 of 82
16. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure firewall will encrypt all the network traffic sent from Azure to the internet.
CorrectIncorrect -
Question 17 of 82
17. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure AD requires the implementation of domain controllers on Azure virtual machines.
CorrectIncorrect -
Question 18 of 82
18. Question
From Azure Cloud Shell, you can track your company’s regulatory standards and regulations, such as ISO 27001.
Review the text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that makes the statement correct.
CorrectIncorrect -
Question 19 of 82
19. Question
Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information.
Review the text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
CorrectIncorrect -
Question 20 of 82
20. Question
Your company uses management groups to manage resources in your Azure tenant more efficiently. User1 should be able to assign access and assign policies to management groups. You need to determine to which role-based access control (RBAC) role User1 should be added. Your solution should follow the principle of least privilege. To which role should you add User1?
CorrectIncorrect -
Question 21 of 82
21. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
A network security group (NSG) will encrypt all the network traffic sent from Azure to the internet.
CorrectIncorrect -
Question 22 of 82
22. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure AD provides authentication services for resources hosted in Azure and Microsoft 365.
CorrectIncorrect -
Question 23 of 82
23. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You can create group policies in Azure AD.
CorrectIncorrect -
Question 24 of 82
24. Question
From Azure Monitor, you can view which user turned off a specific virtual machine during the last 14 days.
Review the text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
CorrectIncorrect -
Question 25 of 82
25. Question
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the user1@outlook.com sign-in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message:
“Unable to invite user user1@outlook.com” Generic authorization exception.”
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?CorrectIncorrect -
Question 26 of 82
26. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure VMs that run Windows server 2016 can encrypt network traffic sent to the internet.
CorrectIncorrect -
Question 27 of 82
27. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Each user account in Azure AD can be assigned only one license.
CorrectIncorrect -
Question 28 of 82
28. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You can join Windows 10 devices to Azure AD.
CorrectIncorrect -
Question 29 of 82
29. Question
Authorization is the process of verifying a user’s credentials.
Review the text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
CorrectIncorrect -
Question 30 of 82
30. Question
You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?CorrectIncorrect -
Question 31 of 82
31. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure Security Center can monitor Azure Resources and on-Prem resources.
CorrectIncorrect -
Question 32 of 82
32. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
To implement an Azure MFA solution, you must sync on-premises identities to the cloud.
CorrectIncorrect -
Question 33 of 82
33. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You can join Android devices to Azure AD.
CorrectIncorrect -
Question 34 of 82
34. Question
An Azure service is available to all Azure customers when it is in public preview.
Review the text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
CorrectIncorrect -
Question 35 of 82
35. Question
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?CorrectIncorrect -
Question 36 of 82
36. Question
Match the services on the left to the correct descriptions on the right.
Sort elements
- Grants the proper access to a legitimate user
- Confirms the identity of a person who wants access
-
Authorization
-
Authentication
CorrectIncorrect -
Question 37 of 82
37. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
All Azure Security Center features are free.
CorrectIncorrect -
Question 38 of 82
38. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Two valid methods for Azure MFA are picture identification and a passport number.
CorrectIncorrect -
Question 39 of 82
39. Question
To complete the sentence, select the appropriate option in the answer area.
XXXXXX is the process of verifying a user’s credentials.
CorrectIncorrect -
Question 40 of 82
40. Question
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password? (Select two.)
CorrectIncorrect -
Question 41 of 82
41. Question
Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings.
Does the solution meet the goal?CorrectIncorrect -
Question 42 of 82
42. Question
Which defense in depth layer uses distributed denial of service (DDoS) protection?
CorrectIncorrect -
Question 43 of 82
43. Question
You need to configure an Azure solution that meets the following requirements:
– Secures websites from attacks
– Generates reports that contain details of attempted attacks
What should you include in the solution?
CorrectIncorrect -
Question 44 of 82
44. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure MFA can be required for administrative and non-administrative user accounts.
CorrectIncorrect -
Question 45 of 82
45. Question
To complete the sentence, select the appropriate option in the answer area.
An Azzure policy initiavite is a xxxxxxx
CorrectIncorrect -
Question 46 of 82
46. Question
Your company has an Azure subscription. You enable multi-factor authentication (MFA) for all users. The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office. You need to prevent the users from receiving MFA requests when they sign in from the main office.
What should you do?CorrectIncorrect -
Question 47 of 82
47. Question
Your company has an Azure Active Directory (Azure AD) subscription. You want to implement an Azure AD conditional access policy. The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
Does the solution meet the goal?CorrectIncorrect -
Question 48 of 82
48. Question
“Select the answer that correctly completes the sentence.
Single sign-on (SSO) is __________ method that enables users to sign in the first time and access various applications and resource by using same password.”
CorrectIncorrect -
Question 49 of 82
49. Question
You plan to implement several security services for an Azure environment. You need to identify which Azure services must be used to meet the following security requirements:
– Monitor threats by using sensors
– Enforce Azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement? (To answer, select the appropriate options in the answer area.)
Monitor threats by using sensors:
CorrectIncorrect -
Question 50 of 82
50. Question
You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password.
Which Azure service should you use?
CorrectIncorrect -
Question 51 of 82
51. Question
To complete the sentence, select the appropriate option in the answer area.
Xxxxxxx provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
CorrectIncorrect -
Question 52 of 82
52. Question
Your company network includes users in multiple directories. You plan to publish a software-as-a-service application named SaasApp1 to Azure Active Directory. You need to ensure that all users can access SaasApp1.
What should you do?CorrectIncorrect -
Question 53 of 82
53. Question
Which Azure Active Directory (Azure AD) feature is used to provide access to resources based on organizational policies?
CorrectIncorrect -
Question 54 of 82
54. Question
You plan to implement several security services for an Azure environment. You need to identify which Azure services must be used to meet the following security requirements:
– Monitor threats by using sensors
– Enforce Azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement? (To answer, select the appropriate options in the answer area.)
Enforce Azure MFA based on a condition:
CorrectIncorrect -
Question 55 of 82
55. Question
To what should an application connect to retrieve security tokens?
CorrectIncorrect -
Question 56 of 82
56. Question
You have been informed by your superiors of the company’s intentions to automate server deployment to Azure. There is, however, some concern that administrative credentials could be uncovered during this process. You are required to make sure that during the deployment, the administrative credentials are encrypted using a suitable Azure solution.
Solution: You recommend the use of Azure Information Protection.
Does the solution meet the goal?CorrectIncorrect -
Question 57 of 82
57. Question
You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully.
What should you do?CorrectIncorrect -
Question 58 of 82
58. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
In the public cloud model, only guest users at your company can access the resources in the cloud.
CorrectIncorrect -
Question 59 of 82
59. Question
Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
What is a possible solution?
CorrectIncorrect -
Question 60 of 82
60. Question
Your network contains an Active Directory forest. The forest contains 5,000 user accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. You need to recommend a solution to minimize the impact on users after the planned migration.
What should you recommend?
CorrectIncorrect -
Question 61 of 82
61. Question
Your company’s Active Directory forest includes thousands of user accounts. You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data center will be retired. You are required to employ a strategy that reduces the effect on users, once the planned migration has been completed.
Solution: You plan to require Azure Multi-Factor Authentication (MFA).
Does the solution meet the goal?CorrectIncorrect -
Question 62 of 82
62. Question
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts. You purchase 10 Azure AD Premium P2 licenses for the tenant. You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do?
CorrectIncorrect -
Question 63 of 82
63. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
In a public cloud model, only guest users at your company can access the resources in the cloud.
CorrectIncorrect -
Question 64 of 82
64. Question
To complete the sentence, select the appropriate option in the answer area.
You can enable just-in-time (JIT) VM access by using
CorrectIncorrect -
Question 65 of 82
65. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You can configure the Azure AD activity logs to appear in Azure monitor.
CorrectIncorrect -
Question 66 of 82
66. Question
Your company’s Active Directory forest includes thousands of user accounts. You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data center will be retired. You are required to employ a strategy that reduces the effect on users, once the planned migration has been completed.
Solution: You plan to sync all the Active Directory user accounts to Azure Active Directory (Azure AD).
Does the solution meet the goal?CorrectIncorrect -
Question 67 of 82
67. Question
You have an Azure Active Directory (Azure AD) domain that contains 5,000 user accounts. You create a new user account named AdminUser1. You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?CorrectIncorrect -
Question 68 of 82
68. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
An Azure subscription can be associated to multiple Azure Active Directory tenants.
CorrectIncorrect -
Question 69 of 82
69. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Authorization to access Azure resources can be provided only to Azure Active Directory (AAD) users.
CorrectIncorrect -
Question 70 of 82
70. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
From Azure monitor, you can monitor resources across multiple Azure subscriptions.
CorrectIncorrect -
Question 71 of 82
71. Question
Your company’s Active Directory forest includes thousands of user accounts. You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data center will be retired. You are required to employ a strategy that reduces the effect on users, once the planned migration has been completed.
Solution: You plan to enforce password change.
Does the solution meet the goal?CorrectIncorrect -
Question 72 of 82
72. Question
You have an Azure virtual machine named VM1. You plan to encrypt VM1 by using Azure Disk Encryption.
Which Azure resource must you create first?
CorrectIncorrect -
Question 73 of 82
73. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
When an Azure subscription expires, the associated Azure AD tenant is deleted automatically.
CorrectIncorrect -
Question 74 of 82
74. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Identities stored in aad, third-party cloud services and on-premises AD can be used to access Azure resources.
CorrectIncorrect -
Question 75 of 82
75. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
From Azure Monitor, you can create alerts
CorrectIncorrect -
Question 76 of 82
76. Question
You are planning to migrate a company to Azure. Each of the company’s numerous divisions will have an administrator in place to manage the Azure resources used by their respective division. You want to make sure that the Azure deployment you employ allows for Azure to be segmented for the divisions while keeping administrative effort to a minimum.
Solution: You plan to make use of several Azure Active Directory (Azure AD) directories.
Does the solution meet the goal?CorrectIncorrect -
Question 77 of 82
77. Question
A new policy has been implemented in your organization that limits access to resource groups and resource scopes in a detailed, granular way. Various groups and users will be provided access.
What would you choose to use if you want to implement the new policy?CorrectIncorrect -
Question 78 of 82
78. Question
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments? (Select two.)
CorrectIncorrect -
Question 79 of 82
79. Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Azure has built-in authentication and authorization services that provide secure access to Azure resources.
CorrectIncorrect -
Question 80 of 82
80. Question
What can Azure Information Protection encrypt?
CorrectIncorrect -
Question 81 of 82
81. Question
A company that has numerous divisions is planning to deploy an Azure environment. The company would like each division’s option to pay for the Azure services it utilizes, not be the same. You have been asked to recommend a solution to meet the requirements.
Solution: You recommend that an Azure role be created for each division.
Does the solution meet the goal?CorrectIncorrect -
Question 82 of 82
82. Question
An organization wants to develop and deploy web apps, for which it subscribes to Azure as a platform. It is desired to keep the expenses to a minimum before the app is finally released. You have to identify the features available in Azure Active Directory (AD) Free edition.
Select options from below that are available in the Azure Active Directory (AD) Free edition.CorrectIncorrect