Describe Identity, Governance, Privacy, and Compliance Features Flashcards
(128 cards)
______________ is the process of establishing the identity of a person or service that wants to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control. It establishes whether the user is who they say they are.
Authentication
______________ is the process of establishing what level of access an authenticated person or service has. It specifies what data they’re allowed to access and what they can do with it.
authorization
Compare Authentication and Authorization
True or false: Once authenticated, access rules define what kinds of applications, resources, and data that user can access.
False. Once authenticated, authorization defines what kinds of applications, resources, and data that user can access.
For on-premises environments, Active Directory running on Windows Server provides an identity and access management service that’s managed by your own organization. __________ is Microsoft’s cloud-based identity and access management service.
Azure AD
_____________ is Azure’s cloud-based identity and access management service.
Azure Active Directory
True or false: When you secure identities on-premises with Active Directory, Microsoft doesn’t monitor sign-in attempts. In contrast when you connect Active Directory with Azure AD, Microsoft can help protect you by detecting suspicious sign-in attempts at no extra cost.
True
True or false: With Azure AD, Microsoft controls the identity accounts and ensures that the service is available globally.
False. With Azure AD, you control the identity accounts, but Microsoft ensures that the service is available globally.
True or false: Azure Active Directory cannot be used for your on premise needs.
False.
What service provides identify and access management for all of the following in Azure?
- Authentication
- Single Sign On
- Application management
- Business to Business
- Business to Customer
- Device management
Azure Active Directory
IT Administrators can use ______ to control access to applications and resources based on their business requirements.
Azure AD
Developers can use ____________ to provide a standards-based approach for adding functionality to applications that they build, such as adding SSO functionality to an app or enabling an app to work with a user’s existing credentials.
Azure AD
True or false: Self-service password reset for Azure users to change or reset their password with no involvement from an IT administrator or help desk is not available through Azure AD.
False. self-service password reset enables users to change or reset their password with no involvement from an IT administrator or help desk.
Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM Online subscribers are already using Azure AD using _______, which is a representation of an organization and is typically separated from other organizations and has its own identity.
tenant
True or false: Your Microsoft 365, Office 365, Azure, and Dynamics CRM Online will need special set up and is not automatically an Azure AD tenant.
False. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant s automatically an Azure AD tenant.
What feature in Azure Active Directory enables an IT administrator to be managed through tools like Microsoft Intune. It also allows for device-based Conditional Access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.
Device management
True or false: Azure AD helps users access both external and internal resources.
True. External resources might include Microsoft Office 365, the Azure portal, and thousands of other software as a service (SaaS) applications.
Internal resources might include apps on your corporate network and intranet, along with any cloud applications developed within your organization.
______________ enables a user to sign in one time and use that credential to access multiple resources and applications from different providers.
Single sign-on
True or false. Azure implements strict controls and doesn’t support connecting Active Directory with Azure AD.
False. Connecting Active Directory with Azure AD enables you to provide a consistent identity experience to your users.
____________ synchronizes user identities between on-premises Active Directory and Azure AD. With this, you can synchronize changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems.
Azure AD Connect
What would you use to prevent users from using known compromised passwords?
Self-service password reset
What technique can IT Administrators use to create a consistent access model across its organization? Doing so greatly simplifies its ability to sign in to different applications, manage changes to user identities and control, and monitor and block unusual access attempts.
integrates its existing Active Directory instance with Azure AD
What would you use if you wanted to allow your employees to use their own mobile devices to access your applications?
Multifactor Authentication and Conditional Access
________________ is a process where a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.
Multifactor authentication