Azure Terms and Features

Question 1

System-assigned managed identity

Answer 1

1. Created as part of an Azure resource
2. Shared life cycle with Azure resource
3. Cannot be shared
4. Can only be associated with a single Azure resource

Example- Workloads that are contained within a single Azure resource, or for workloads you need a independent identity

Question 2

User-assigned managed identity

Answer 2

1. Created as a stand alone Azure resource
2. Can be shared
3. Can be associated with more than one Azure resource

Example 1– Workloads that run on multiple resources and which share a single identity

Example 2- Workloads where resources are recycled often, but permissions should stay consistent

Question 3

Private Link

Answer 3

Used to secure communication over the Microsoft backbone network. Used between a service and a resource

Question 4

Azure Managed identity

Answer 4

Used to provide authentication to Azure resources against Azure AD— not used to authenticate users in Azure AD

Question 5

Azure Identity Protection

Answer 5

Azure Active Directory Identity Protection is a security tool that detects identity-based risks like compromised identities, mitigates security threats, provides conditional access policies, and provides information on security events for conducting investigations.

Question 6

Azure Policy for Blobs

Answer 6

Used to restrict access to modify data for a specific period of time

Question 7

Azure AD Privileged Identity Management (PIM)

Answer 7

Used to manage identities created in a tenant. You can create access review. It DOES NOT help with assigning access to internal apps

Question 8

Azure Synapse Link for Azure Cosmos DB

Answer 8

Access Azure Cosmos DB with no separate connectors. You can performance analytics without impacting performance on the Azure Cosmos DB

Question 9

Application Registration in Azure AD

Answer 9

App Registrations enable custom-built or third-party applications to use Microsoft Entra ID (formally Azure AD) security features

Question 10

Microsoft Defender for identities

Answer 10

Security solution to protect your infrastructure from compromised identities. Cloud based security solution that uses your on-prem AD signals, detects and identify, investigates advanced threats, compromised ids and malicious insider actions

Question 11

What is the difference between user assigned managed identity and service principal?

Answer 11

Service Principal is great for apps that need specific access and control. Whereas Managed Identity is good when you want Azure to handle the login details automatically.

Question 12

Azure Traffic Manager Different Policies

Answer 12

1. Priority- when you have a primary endpoint for all traffic, you can provide backup endpoints in the event the primary is down
2. Weighted- distribute traffic across different endpoints based on their weight
3. Performance- closet endpoint with the lowest latency
4. Geographic- use the closet endpoint

Question 13

App 1 (ASP.NET) requires read permissions to access the calendar of the signed in user. You need to recommend an authentication solution for app1.

Tthe solution must minimize admin effort and provide least privilege

Answer 13

Application registration in Azure AD