Implement Azure AD Identity Protection

Practice Test

True/False: Azure AD Identity Protection uses adaptive AI and heuristics to detect suspicious actions that are related to your identities.

• True
• False

Answer: True.

Explanation: Azure AD Identity Protection leverages adaptive machine learning algorithms and heuristics to detect anomalies in patterns of usage, granting the admin the ability to set up risk-based policies.

Single Select: What is the primary function of Azure AD Identity Protection?

• a) Monitoring and protecting against hardware failures.
• b) Monitoring and detecting potential identity-based threats.
• c) Monitoring and protecting against software bugs.
• d) Monitoring and detecting potential network-based threats.

Answer: b) Monitoring and detecting potential identity-based threats.

Explanation: The main function of Azure AD Identity Protection is to detect and mitigate potential identity-based threats.

Multiple Select: Which of the following are ways Azure AD Identity Protection can classify risks?

• a) User Risk
• b) Sign-in Risk
• c) Network Risk
• d) Software Risk

Answer: a) User Risk, b) Sign-in Risk

Explanation: Azure AD Identity Protection classifies risks into two main types: User Risk and Sign-in Risk.

True/False: Azure AD Identity Protection uses algorithms developed solely by Microsoft.

• True
• False

Answer: True.

Explanation: Azure uses proprietary machine-learning algorithms developed by Microsoft to assess irregular sign-in activities.

Single Select: Azure AD Identity Protection is only available with which Azure AD edition?

• a) Free
• b) Premium P1
• c) Premium P2
• d) Basic

Answer: c) Premium P2

Explanation: Azure AD Identity Protection is only available in the Azure AD Premium P2 edition.

True/False: Azure AD Identity Protection can provide custom recommendations to fix vulnerabilities and suspicious incidents.

• True
• False

Answer: True.

Explanation: One of the features of Azure AD Identity Protection is providing custom recommendations for addressing vulnerabilities and suspicious incidents.

Multiple Select: Which of the following reports can Azure AD Identity Protection provide?

• a) Risky users
• b) Risky sign-ins
• c) Network performance
• d) Data usage

Answer: a) Risky users, b) Risky sign-ins

Explanation: Azure AD Identity Protection can generate reports on risky users and sign-ins related to identity threats.

Single Select: Which policy is not available in Azure AD Identity Protection?

• a) User risk policy
• b) Sign-in risk policy
• c) Password protection policy
• d) MFA policy

Answer: c) Password protection policy.

Explanation: Azure AD Identity Protection includes User risk policies, Sign-in risk policies, and MFA registration policies.

True/False: Azure AD Identity Protection cannot help set automatic responses on identified risky users.

• True
• False

Answer: False.

Explanation: Azure AD Identity Protection allows users to set up risk-based policies which can automatically respond to identified risks.

Single Select: What can Azure AD Identity Protection do when a risky sign-in is detected?

• a) Block access
• b) Allow access
• c) Require password change
• d) All of the above

Answer: d) All of the above

Explanation: Depending on the policies set, Azure AD Identity Protection can either block access, allow access, or require a password change when a risky sign-in is detected.

Multiple Select: Azure AD Identity Protection can be integrated with which services?

• a) Conditional Access
• b) Microsoft Defender
• c) Microsoft Exchange
• d) Microsoft Teams

Answer: a) Conditional Access, b) Microsoft Defender

Explanation: Azure AD Identity Protection can be integrated with Conditional Access and Microsoft Defender for holistic protection.

True/False: Azure AD Identity Protection can detect consistent sign-in activity from unknown sources.

• True
• False

Answer: True.

Explanation: Azure AD Identity Protection uses machine learning to detect consistent sign-in activity from unknown sources and mark the activity as risky.

Single Select: What is one of the additional capabilities you get from Azure AD Premium P2 with respect to identity protection?

• a) Consultation on organizational risks
• b) Tracking sign-in activities
• c) Risk event investigation access
• d) Setting up firewalls

Answer: c) Risk event investigation access.

Explanation: Azure AD Premium P2 provides additional capabilities in risk event investigation.

True/False: Azure AD Identity Protection can provide recommended actions in response to detected risks.

• True
• False

Answer: True.

Explanation: One of the key features of Azure AD Identity Protection is its ability to offer recommended actions in response to detected identity risks.

Multiple Select: How does Azure AD Identity Protection identify risky users?

• a) Rapid increase in data usage
• b) Multiple device failures
• c) Anomalies during sign-ins
• d) Irregular sign-in activities

Answer: c) Anomalies during sign-ins, d) Irregular sign-in activities

Explanation: Azure AD Identity Protection identifies risky users based on anomalies during sign-in attempts and other irregular sign-in activities.

Interview Questions

What is Azure Active Directory (AD) Identity Protection?

Azure AD Identity Protection is a tool that allows organizations to automate the detection and remediation of identity-based threats, such as risky sign-in activities and vulnerability assessments.

What are the two types of risk detection types in Azure AD Identity Protection?

The two types of risk detections are user risk and sign-in risk.

What is a User Risk?

User Risk represents the probability that a given identity or user account is compromised by an attacker.

What does the Sign-in Risk imply in Azure AD identity protection?

Sign-in risk represents the probability of a given authentication request not being made by the rightful user.

What is Risk-based remediation policy in Azure Identity Protection?

Risk-based remediation refers to an automated response to detected risky behavior. This could include blocking the user or requiring them to re-authenticate.

Which tool is used for reviewing and responding to risky users and risk detections in Azure AD Identity Protection?

The Identity Protection Risky users report tool is used to review and respond to risky users and risk detections.

How are risk levels categorized in Azure AD Identity Protection?

Risk levels in Azure AD Identity Protection are categorized as low, medium, high and none.

Can Azure AD Identity Protection be integrated with Microsoft Cloud App Security?

Yes, Azure AD Identity Protection can be integrated with Microsoft Cloud App Security for advanced threat protection capabilities.

What can be done if Azure AD Identity Protection detects unusual activity on a user account?

If Azure AD Identity Protection detects unusual activity on a user account, it can enforce a user risk policy, which may require the user to change their password.

Can Azure AD Identity Protection respond automatically to detected risks?

Yes, Azure AD Identity Protection can automatically respond to detected risks based on predefined policies set by the administrator.

How often does Azure AD Identity Protection evaluate sign-in risk?

Azure AD Identity Protection evaluates sign-in risk every time an attempt to sign in occurs.

What is the role of MFA (Multi-Factor Authentication) registration policy in Azure AD Identity protection?

The MFA registration policy helps to have users registered for multi-factor authentication, which is an essential part of conditional access policies to protect organizational resources.

What happens when a risk event gets detected for a risky user in Azure AD identity protection?

When a risk event is detected, the risky user will be blocked from access to any resources, or the user might be prompted for multi-factor authentication depending on the assigned risk level.

Can Azure AD Identity Protection detect compromised accounts?

Yes, Azure AD Identity protection can detect compromised accounts. It uses signal data from various Microsoft services and can highlight accounts that show signs they may have been compromised.

Does Azure AD Identity Protection support password protection and smart lockouts?

Yes, Azure AD Identity Protection supports password protection and smart lockouts to protect users from brute force password attacks.