Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
SC-300 Exam Prep
SC-300 Microsoft Identity and Access Administrator
| Question | Answer |
|---|---|
| _______ is how identity objects are managed over the lifetime of the identity’s existence. This can be manual or automated. However, it has to be done. | Identity administration |
| The following code is an example of: az ad user create --display-name "New User" --password "Password" --user-principal-name NewUser@contoso.com | Azure CLI command to create a new user |
| The following code is an example of: New-MgUser -DisplayName "New User" -PasswordProfile Password -UserPrincipalName "NewUser@contoso.com" -AccountEnabled $true -MailNickName "Newuser“ | Microsoft Graph Powershell command to create a new user |
| The MS Graph API offers a single endpoint, ____, to access rich, people-centric data and insights in the MS cloud, including M365, Win10, and Enterprise Mobility + Security. You can use ___ or ___ to access the endpoint and build appM365 scenarios. | or SDKs |
| MS Graph ___ work in the incoming direction, delivering data into Microsoft Graph services and apps, to enhance M365 experiences such as Microsoft Search. ___ exist for many commonly used data sources such as Box, Google Drive, Jira, and Salesforce. | Connectors |
| MS Graph _____ provides a set of tools to streamline secure and scalable delivery of Microsoft Graph data to popular Azure data stores. The cached data serves as data sources for Azure development tools that you can use to build intelligent applications. | Data Connect |
| ____ is a single identity tool where credentials are stored and managed, to provide authentication and authorization capabilities. The system is centrally managed by an identity authority or administrator. | Centralized Identity Tool or Central Identity System |
| A _______ approach helps people, organizations, and things interact with each other transparently and securely, in an identity trust fabric. People control their own digital identity and credentials. | decentralized identity |
| ____________ refers to all the ways you can securely interact with users outside of your org, collaborate with partners, share your resources and define how your internal users can access external organzations. | Microsoft Entra External Identities |
| With _______ users can "bring their own" identities such as a corporate or government issued digital identity or an unmanaged social identity, Facebook or Google. The users external IdP manages their identity and you manage access with Entra ID or B2C. | External Identites |
| Type of B2B. Collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise applications. These users are typically represented as guest users in your org. | B2B collaboration |
| Establish a mutual, two-way trust with another Microsoft Entra organization for seamless collaboration. Supports Teams shared channels. Users aren't represented in your directory but can be monitored in Teams Admin Center. | B2B direct connect |
| ______ provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs | Microsoft Entra B2C |
| Microsoft Entra B2C is a ______ solution capable of supporting millions of users and billions of authentications per day. Handles scaling, platform safety, monitoring and auto hardening against threats like DoS, password spray and brute force attacks. | customer identity access management (CIAM) |
| _____ is a separate service from Microsoft Entra ID. It's built on the same technology as Entra ID but for a different purpose. Allows building customer facing apps that anyone can sign up with no user account restrictions. | Microsoft Entra B2C |
| While the capabilities and features of identity providers can vary, the three most common components of an identity provider are ________ | Repository of user identites Authentication system Security protocols to defend against intrusion |
| Microsoft IdPs: Provides managed domain services with a subset of fully compatible traditional AD DS features such as domain join, group policy, LDAP, and Kerberos / NTLM authentication. | Microsoft Entra Domain Services |
| Microsoft IdPs: Cloud-based identity and mobile device management that provides user account and authentication services for resources such as Microsoft 365, the Azure portal, or SaaS applications. | Microsoft Entra ID |
| Microsoft IdPs: Enterprise-ready lightweight directory access protocol (LDAP) server that provides key features such as identity and authentication, computer object management, group policy, and trusts. | Active Directory Domain Services (ADDS) |
| Identity Licensing: This license allows you to purchase access to the more features in Microsoft Entra ID. | Microsoft Entra ID P1 or P2 license |
| Identity Licensing: You need a ____ license if you want to use Privileged Identity Management (PIM) capability in Entra ID. Any user that assigns or manages assignments in PIM ____ a license. A user within a privileged role ___ a license. | Entra ID P2 license needs a license doesn't need a license |
| Identity Licensing: These licenses are assigned to a Microsoft Entra user or group to grant them access to use Office or Windows products. You need one license for each user who needs access to Windows and / or office. | Microsoft 365 license Office 365 license Windows license |
| Identity Licensing: This license is used with Microsoft Entra External Identities. A monthly report is pulled for billing purposes, looking for external users logging in during the month. | Monthly Active User (MAU) license |
| A _____ is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption. | Subscription |
| Microsoft's Software as a Service (SaaS)-based cloud offerings (Microsoft 365 and Dynamics 365) charge _____ fees. | Per-user license fees |
| Microsoft's Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge based on cloud _________. | Resource consumption |
| Name three common communication protocols in identity. | SAML WS-Fed OpenID Connect |
| OpenID Connect: The Userinfo endpoint is introduced in the _____. | ID Token |
| In OpenID Connect, the set of claims you get are controlled by the _____ parameter of the authentication request. | scope |
| Microsoft Entra ID issues a limited set of claims through OpenID Connect via a security token; primarily using ________. If you want more information about the user, you need to use the ____ with Microsoft Entra ID. | JSON web tokens Graph API |
| A ____ is a package of data, usually in for form of token that share the identity and security information about a user or account across security domains. | Assertion |
| _______ refers to the process of adding other claims to the user token to provide extra detail about the user. This could include data from human resource (HR) systems, from an application like SharePoint, or other systems. | Augmentation |
| An ______ is a value pair of data within a token. | Attribute |
| ____ is used to set permissions to evaluate access to resources or functionality and can include specifying what functionality (or resources) an entity is allowed to access, what data that entity can access and/or, what they can do with that data. | Authorization (AuthZ) |
| Name the 4 common types of authorization approaches | Access control lists (ACLs) Role-based access control (RBAC) Attribute-based access control (ABAC) Policy-based access control (PBAC) |
| An explicit list of specific entities who do or don't have access to a resource or functionality. Offers, fine control over resources, but often difficult to maintain with large groups of users and resources. | Access control lists (ACLs) |
| The most common approach to enforcing authorization. Roles are defined to describe the kinds of activities an entity can perform. Grant access to roles rather than to individual entities. | Role-based access control (RBAC) |
| Rules are applied to attributes of the entity, the resources being accessed, and the current environment to determine whether access to some resources or functionality is permitted. | Attribute-based access control (ABAC) |
| A strategy for managing user access to one or more systems, where the business-role of the user is combined with policies to determine what access the user has. | Policy-based access control (PBAC) |
| Healthy auditing practices keep your identities safe, which in turn keep your data and solutions safe. Name 4 different logs you should be familiar with for auditing. | Microsoft Entra: - activity logs - sign-in logs - provisioning logs - audit logs |
| Azure Monitor, Application Insights, Azure Service Health, Azure Resource Health, Azure Resource Manager and Azure Policy are all examples of _____. | monitoring tools |
| Name the 3 tenants of Zero Trust. | Verify explicitly Least privilege Assume breach |
| Name the 3 types of roles in Azure. | Classic subscription administrator roles Azure roles Microsoft Entra roles |
| ______ roles are used to manage Microsoft Entra resources in a directory. Actions such as create or edit users are the most common. | Microsoft Entra Roles |
| This microsoft entra role allows: create and manage all users and groups, manage support tickets, monitor service health, change passwords for users, helpdesk admins and user administrators. | (Entra) User Administrator |
| This microsoft entra role allows: Making purchases, managing subscriptions, managing support tickets and monitoring of service health. | (Entra) Billing Administrator |
| This microsoft entra role allows: Managing access to all administrative features in Entra ID, and services that federate to Entra. Assigning administrator roles to others and resetting passwords for any user and all other administrators. | (Entra) Global Administrator |
| In the Azure portal, you can see the list of Microsoft Entra roles on the ________ blade. | Entra ID > Roles and Administrators blade |
| True/False: Both Azure and Entra (admin) roles support the creation of custom roles? | True |
| The scope of an Azure role can be specified at multiple levels including _____ group, ________, ___________ group, __________. | management group subscription resource group resource |
| Entra ID roles can be scoped to the _________ or can be applied to an _________. | tenant level administrative unit |
| True/False: By default Azure roles and Microsoft Entra roles don't span Azure and Entra ID. | True. Several Entra ID roles span across M365 (global admin, user admin) but not Azure by default. |
| An Entra ID or M365 Global admin can elevate their Access to Azure by choosing the ___________ switch in the Azure portal, granting them the ______ role to all Azure subscriptions. | Access management for Azure resources User access administrator role |
| Name 5 methods of assigning a role in Entra ID. | Assign role to user or group (from Roles and Administration) Assign a user to or group to a role (from Users or Groups) Assign a role to a broad scope like a subscription, RG, or MG (via Access Control IAM in each section) Powershell or Graph API PIM |
| True/False: You can select and assign multiple roles to a user all at once using Privileged Identity Management (PIM). | False. Only one role can be assigned at a time. |
| Microsoft Entra roles control access to Microsoft Entra resources such as users, groups, and applications using the __________. | Microsoft Graph API |
| Azure roles control access to Azure resources such as virtual machines or storage using _____________. | Azure Resource Manager (ARM) |
| Granting permission using custom Microsoft Entra roles is a two-step process that includes:____________________ and __________________. | Creating a custom role definition Creating a role assignment |
| True/False: The same Entra role can be assigned to one user over all applications in the organization and then to another user with a scope of only a single app (user, group, device or service principal) | True |
| Using built-in roles in Microsoft Entra ID is free, but using custom roles require a Microsoft Entra ID ____ license for every user with a custom role assignment. | P1 |
| Administrative units are Microsoft Entra ID resources that can be containers for other Microsoft Entra resources. An administrative unit can contain only ________, _________ and ________. | users, groups, devices |
| True/False: By default in Microsoft Entra ID, all users can register application registrations and manage all aspects of applications they create. | True |
| A simple way to grant someone the ability to manage all aspects of Microsoft Entra ID configuration for a specific application, is to assign them as the application __________. | owner |
| The ________ role grants all the abilities of the Application Administrator, except it doesn't grant access to Application Proxy settings. | Cloud Application Administrator role |
| The ______ role grants the ability to manage all apps in the directory, including registrations, SSO settings, user & group assignments, licensing, app proxy settings and consent. It doesn't grant the ability to manage __________. | Application Administrator Conditional Access |
| By default, all users can create application registrations. To selectively grant the ability to create application registrations, set _________ to No in User settings, then assign the user to the _________ role. | Users can register applications (set to no) Application Developer role |
| To selectively grant the ability to consent to allow an application to access data set ________ to no, then assign the user to the ________ role. | Users can consent to applications accessing company data on their behalf (set to no in User settings under Enterprise Apps) Application Developer role |
| The ___ role grants the ability to manage the ‘enterprise applications that the user owns, including SSO settings, user and group assignments, and adding more owners. It doesn't grant the ability to manage Application Proxy settings or Conditional Access. | Enterprise Application Owner |
| The ______ role grants the ability to manage application registrations for app that the user owns, including the application manifest and adding other owners. | Application Registration Owner |
| by default ________ users can register applications, manage their own profile photo and mobile phone number, change their own password, and invite B2B guests. These users can also read all directory information (with a few exceptions). | Member users |
| By deault ________ users can manage their own profile, change their own password, and retrieve some information about other users, groups, and apps and invite guests. However, they can't read all directory information. | Guest users |
| You can use the _________ inside of Microsoft Entra ID – Manage menu to restrict or control the default permissions of the default users. | User settings |
| In user settings you can restrict the user's ability to perform these 4 operations. | Register applications Access Azure Portal Block LinkedIn connections Manage settings for external collaboration |
| Only the ______ role can manage domains in Entra ID. | Global Administrator |
| True/False: You can set a federated domain as the default domain name for your Microsoft Entra organization. | False |
| ______ can be used to remove a domain name in the Microsoft Entra admin center or MS Graph API. This option uses an asynchronous operation to update all references from the custom domain back to the intial domain. | ForceDelete |
| ForceDelete returns an error of the number of objects to be renamed is greater than _______ and/or if one of the applications to be reamed is a _______ app. | 1000+ objects multitenant app |
| This tenant wide option is where you give the name of your directory and set values like the primary contact | Tenant Properties (Identity - Overview Page - Properties) |
| This tenant wide option is where you define what global rights your users have, like registering applications. | User Settings (Identity - Users - User Settings) |
| This tenant wide option is where you define what task an external guest user can perform like inviting more guest users. | External Collaboration Settings (Identity - External Identites - User Settings - External Collaboration Settings) |
| Managing security can be difficult with common identity-related attacks like password spray, replay, and phishing becoming more popular. _______ make it easier to help protect your organization from these attacks with preconfigured security settings. | Security Defaults |
| List 5 of the preconfigured security settings associated with security defaults. | Require all users to register for MFA Require admins to perform MFA Block legacy authentication protocols Require users to MFA when necessary Protecting privileged activites (access to Azure portal) |
| From this Entra ID blade you can: Change tenant display name, find country, region or location associated with your tenant, find the tenant ID, change technical or privacy contacts, privacy statement URL. | Entra ID, Manage, Properties |
| In the event of a data breach, Microsoft will contact your _______. If you have not set that contact, Microsoft will instead contact your _________. | Global privacy contact Global Administrators |
| Entra ID user identities: These users exist only in Microsoft Entra ID. Their source is Microsoft Entra ID or External Microsoft Entra directory if the user is defined in another Microsoft Entra instance. | Cloud identities |
| Entra ID user identities: These users exist in an on-premises Active Directory. A synchronization activity that occurs via Microsoft Entra Connect brings these users in to Azure. Their source is Windows Server AD. | Directory-synchronized identites |
| Entra ID user identities: These users exist outside Azure. Examples are accounts from other cloud providers and Microsoft accounts ( Xbox LIVE). Their source is Invited user. Useful for external vendors or contractors. | Guest users |
| After you delete an Entra ID user, the account remains in a suspended state for _____ days. During this window the user account can be ________ with all it's properties. | 30 days restored |
| Permanently deleting, or restoring a deleted user requires one of these 4 roles. | Global Administrator Partner Tier-1 Support Partner Tier -2 Support User administrator |
| Microsoft Entra ID allows you to create two different types of groups: _____ and ______. | Security groups Microsoft 365 groups |
| Groups: the most common type of group. Used to manage member and computer access to shared resources for a group of users. This option requires a Microsoft Entra ID administrator. | Security groups |
| Windows Hello For Business (WHFB) requires __________ to function in Hybrid and Federated scenarios. | device writeback |
| The goal of _________ is to provide your users with support for the BYOD or mobile device scenarios. In these scenarios, a user can access your organization’s Microsoft Entra ID controlled resources using a personal device. | Microsoft Entra registered devices |
| Microsoft Entra registered devices are signed in to using a _____ account like a Microsoft account on a Windows 10 device, but additionally have a ______ account attached for access to organizational resources. | local account Microsoft Entra account |
| Company owned devices are joined only to Microsoft Entra ID requiring organizational account to sign in to the device. Suitable for both cloud-only and hybrid organizations. | Microsoft Entra joined devices |
| If your environment has an on-premises AD footprint and you also want benefit from the capabilities provided by Microsoft Entra ID, you can implement ______. These devices are joined to your on-prem AD and registered with your Microsoft Entra directory. | hybrid Microsoft Entra joined devices |
| ______ helps you to keep a track of devices registered with Microsoft Entra ID in AD. You will have a copy of the device objects in the container "Registered Devices". | Device writeback |
| Groups: provides collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more. Also lets you give people outside of your organization access to the group. Available to users as well as admins. | Microsoft 365 groups |
| If you want to provide users on Entra ID joined devices, access to on-prem ADFS federated applications only if their device is being managed by your org, you can use _________. | Device writeback |
| True/False. Microsoft Entra ID allows license assignment to individual users or groups. | True |
| If an individual user with no usage location is assigned an M365 product license via group membership, they will inherit the location of the ________. | directory (Azure tenant) |
| This powershell cmdlet is used to assign licensing to an Entra ID user. | Set-MgUserLicense |
| True/False. If an error is encountered when assigning an M365 license directly to and individual user, the problem is immediately reported back to you. | True |
| True/False. If an error is encountered when assigning an M365 license to a group, the problem is immediately reported back to you. | False. Errors are recorded on the user object and reported via the administrative portal. |
| To find users in a group licensing error state, browse to ____. Then select the notification to open a list of all affected users. | Browse to the Entra ID group, then Manage, Licenses. |
| To see how many licenses are available in Entra ID, from the Entra ID Admin portal, browse to __________. | Identity, Billing, Licenses, then All Products |
| Name 5 common reasons for license assignment errors. | Not enough licenses Conflicting service plans (Sharepoint Online Plan 1 + Plan 2) Other Product License Dependencies Usage location not allowed Duplicate proxy address |
| Powershell cmdlets will report "not enough licenses" assignment errors as _____. | CountViolation |
| Powershell cmdlets will report "service plans that conflict" assignment errors as _____. | MutuallyExclusiveViolation |
| Powershell cmdlets will report "other products depend on this license" assignment errors as _____. | DependencyViolation |
| Powershell cmdlets will report "usage location not allowed" assignment errors as _____. | ProhibitedInUsageLocationViolation |
| What is the most common cause of the User has LicenseAssignmentAttributeConcurrencyException for license assignment in audit logs? And how should an admin fix this issue? | This typically happens when a user is a member of more than one group with same assigned license. Microsoft Entra ID will retry processing the user license and will resolve the issue. There is no action required from the customer. |
| T/F? You can assign more than one product license to a group. Entra ID will attempt to assign the licenses to all users in the group. If it can't assign one of the products because of business logic problems, it won't assign the other licenses either. | True |
| T/F? When deleting a group, you do not need to delete license assignments as Entra ID will automatically remove the licenses from each user once the group is deleted. | False. You need to remove license assignments before deleting a group. |
| T/F? If a user has a license that is dependent on a license which is being removed due to group deletion, the license assignment to the user is converted from inherited to direct. | True |
| T/F? Managing licenses for products with prerequisites. With group-based licensing, prerequisite and add-on service plans can be assigned via different groups. | False. With group-based licensing, the system requires that both the prerequisite and add-on service plans be present in the same group. |
| After resolving the issue preventing license assignment to users or groups, you need to trigger a ______ to ensure licenses are applied. This can be performed from _____ under the users or groups pane. | reprocess licenses |
| T/F? If a user is assigned the same license directly and via a group membership, removing the user from the group will remove their license. | False. Only the group assigned (inherited) license will be removed. You must also remove the individually (direct) assigned license. |
| Name the 5 step process recommended to migrate from user assigned licenses to group assigned licenses. | Leave existing automation running. Create licensing group + add members. Assign licenses to groups. Verify licenses have been applied (direct + inherited) Verify no license assignments failed. (remove direct assigned automation) |
| T/F? When you update license assignments for a user or group, the license assignment removals and new assignments are made simultaneously so that users do not lose access to their services during license changes or see license conflicts between plans. | True |
| __ in Entra ID are business-specific attributes (key-value pairs) that you can define and assign to Entra objects. These attributes can be used to store information, categorize objects, or enforce fine-grained access control over specific Azure resources. | Custom security attributes |
| Custom security attributes can be set on ____. | users, applications, entra resources, azure resources |
| Applications and technologies that support and automate HR processes throughout the employee lifecycle | HCM system (Human Capital Management) |
| Uses the SCIM 2.0 protocol for automatic provisioning. The service connects to the SCIM endpoint for the application, and uses the SCIM user object schema and REST APIs to automate provisioning and de-provisioning of users and groups. | Microsoft Entra Provisioning Service |
| Application or system that has SCIM endpoint and works with the Microsoft Entra provisioning to enable automatic provisioning of users and groups. | target system |
| _______ is an open standard protocol for automating the exchange of user identity information between identity domains and IT systems | System for Cross-Domain Identity Management (SCIM) |
| List two ways guest users can join your Microsoft Entra tenant. | By invitation redemption Self-service sign-up flow |
| B2B collaboration user objects are typically given a user type of ______ and can be identified by the ____ in their UPN. | guest #EXT# |
| T/F? By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. | True |
| By default, guest users are blocked from listing users, groups, or other directory resources, but the guests can see membership of _________. | non-hidden groups |
| With Microsoft B2B collaboration, a tenant admin can set these 4 invitation policies. | Turn off invitations Only admins and guest inviter role Admins, guest inviter role and members All users including guests (default) |
| You can configure external collaboration settings in the Entra ID admin center under ______. | Identity, External Identities, External Collaboration Settings |
| Collaboration restrictions allow you to _____ or _____ guest invitations to one or more domains or all domains. | allow deny |
| T/F? A guest invitation expires if not redeemed within 30 days. | False. Guest invitations do not expire. |
| Self-service app management for gallery and SAML-based apps requires some initial setup from an admin which can be summarized in these 3 steps. | Enable self-service group management Create a group to assign to the app and make user an owner Configure the app for self-service and assign the group to the app |
| When bulk inviting guest users via CSV upload, the first ____ rows of the template cannot be removed or modified. | 2 |
| T/F? If you add new columns to the guest user invite CSV template, the import will populate those attributes on the new guest accounts. | False. Added columns are ignored. |
| The bulk guest invite template has two rows pre populated with ____ and ____. | verison number column headings |
Created by:
douros05
Popular Computers sets