AZ-500 Microsoft Azure Security Technologies

Manage Azure AD users

Practice Test

True or False: Azure Active Directory (Azure AD) only manages the users from your organization.

  • True
  • False

Answer: False.

Explanation: Azure AD manages both users from your organization and external users that belong to other Azure ADs.

What are the main roles in Azure Active Directory?

  • A. Global Administrator
  • B. User Administrator
  • C. Group Administrator
  • D. Device Administrator
  • E. All of the above

Answer: E. All of the above

Explanation: Global Administrator, User Administrator, Group Administrator, and Device Administrator are main roles in Azure AD that have different permissions to manage the directory.

True or False: Azure AD Users can have multiple active sessions at the same time.

  • True
  • False

Answer: True.

Explanation: Azure AD does not restrict the number of active sessions a user can have concurrently.

What needs to be installed in order to synchronize on-premise Active Directory to Azure AD?

  • A. Azure AD Connect
  • B. Azure AD Sync
  • C. Azure Powershell Module
  • D. Exchange Server

Answer: A. Azure AD Connect

Explanation: Azure AD Connect is the tool that provides synchronization of on-premises directory objects to Azure AD.

True or False: Guest users can be added to Azure AD.

  • True
  • False

Answer: True.

Explanation: Azure AD allows managing guest users to collaborate with your organization.

Which of the following are ways of managing Azure AD users?

  • A. Azure portal
  • B. Azure AD PowerShell
  • C. Azure AD Graph API
  • D. All of the above

Answer: D. All of the above

Explanation: Managing Azure AD users can be accomplished through Azure portal, PowerShell or Graph API.

True or False: It is possible to change the username of a user in Azure AD.

  • True
  • False

Answer: True.

Explanation: Azure AD allows administrators to change the username of a user.

What is the maximum number of Azure AD objects that an Azure AD free edition support?

  • A. 500
  • B. 1000
  • C. 5000
  • D. No limit

Answer: D. No limit

Explanation: Azure AD free edition includes feature of an unlimited number of directory objects.

True or False: Azure AD supports group-based access management.

  • True
  • False

Answer: True.

Explanation: Azure AD has group-based features for access and identity management.

What Azure AD feature provides automatic password change for cloud apps?

  • A. Self-service password reset
  • B. Password writeback
  • C. Password hash synchronization
  • D. Managed Service Identity

Answer: B. Password writeback

Explanation: Password writeback is an Azure AD feature that, when enabled, allows password changes in the cloud to be written back to an existing on-premises directory in real time.

Which of the following is not a built-in role in Azure AD?

  • A. Global administrator
  • B. Printer administrator
  • C. Billing administrator
  • D. User administrator

Answer: B. Printer administrator

Explanation: There is no “Printer administrator” role.

True or False: Azure AD requires users to update their password every 60 days.

  • True
  • False

Answer: False.

Explanation: While it’s possible to enforce password expiration policies in Azure AD, it’s not a requirement for users to update their passwords every 60 days.

Can Azure AD manage users from multiple domains?

  • A. Yes, if the domains are verified.
  • B. Yes, but only from .com domains.
  • C. No, Azure AD can only manage one domain.
  • D. No, Azure AD cannot manage any domains.

Answer: A. Yes, if the domains are verified.

Explanation: Azure AD can support users from multiple domains but the domains must be verified before they can be added to Azure AD.

True or False: In Azure AD, a user can have multiple roles.

  • True
  • False

Answer: True.

Explanation: It is possible to assign multiple roles to a user in Azure AD.

What does the term ‘RBAC’ stand for in the context of Azure AD?

  • A. Role-Based Availability Control
  • B. Role-Based Access Control
  • C. Resource-Based Access Control
  • D. Rights-Based Access Control

Answer: B. Role-Based Access Control

Explanation: In Azure AD, RBAC is a system that grants access to Azure resources based on the user’s role in the organization.

Interview Questions

What does Azure Active Directory (Azure AD) provide?

Azure Active Directory (Azure AD) provides identity management and access control capabilities for your cloud applications. You can use it to manage user identities, create and manage groups, and control access to your cloud applications.

What is the function of “Guest Users” in Azure AD?

Guest users in Azure AD allows you to provide access to your organization’s resources to individuals outside your organization, such as partners or vendors. This enables them to access resources in your organization, while still maintaining control over their own user accounts.

How can you add a new user to Azure Active Directory?

You can add a new user to Azure Active Directory from the Azure portal. Go to Azure Active Directory > Users > New user. Then fill in the user’s name, username, and other details, and click “Create”.

How can you block a user from signing in to Azure Active Directory?

To block a user from signing in to Azure AD, navigate to the Azure portal. Then, to go Azure Active Directory > Users, select the specific user, and then change the “Block sign in” setting to “Yes”.

How can you assign a license to a user in Azure Active Directory?

To assign a license to a user in Azure AD, navigate to the Azure portal. Go to Azure Active Directory > Users, select the specific user, and then under Licenses, click “Assignments”. Here, you can assign or remove licenses.

How do you delete a user from Azure Active Directory?

To delete a user from Azure AD, navigate to the Azure portal, go to Azure Active Directory > Users > All users. Choose the user you want to delete and click “Delete user”.

How can you configure a user’s settings in Azure Active Directory?

You can configure a user’s settings in Azure AD using the Azure portal. You can do this by navigating to Azure Active Directory > Users, then select the specific user. When you open the user profile, you can configure settings such as Username, Display name, Job title, Department, etc.

What is the purpose of the “Directory role” option in Azure AD?

The “Directory role” option in Azure allows you to manage admin roles for users. Here, you can assign or remove Azure admin roles that grant permissions across your organization’s Azure resources.

What is the function of “Member” and “Guest” user types in Azure AD?

“Member” and “Guest” are two user types in Azure AD. A “Member” is typically an employee, while a “Guest” is usually someone outside the organization, like a partner or a vendor. You can set different access permissions for the two types based on the role they play in your organization.

What does Azure AD Conditional Access provide?

Azure AD Conditional Access provides a way to automatically enforce access controls when needed. It allows you to devise policies that take into account the user’s identity, location, device, and behavior to make real-time access decisions.

How can you reset a password for a user in Azure Active Directory?

To reset a password for a user in Azure AD, navigate to the Azure portal. Go to Azure Active Directory > Users, select the specific user, and then reset the password under Manage.

How can you manage multi-factor authentication settings for users in Azure AD?

You can manage multi-factor authentication settings for users in Azure AD in the Azure portal. Go to Azure Active Directory > Users > Multi-factor authentication. Here, you can manage settings for each user or bulk update for multiple users.

What is the use of the Azure AD Identity Protection tool?

Azure AD Identity Protection is a tool used for automating the detection and remediation of identity-based risks. It helps in investigating risky users and risky sign-ins, and provides custom policies for conditional access.

How can you configure password expiration policy for a user in Azure AD?

You can configure password expiration policy for a user in Azure AD in the Azure portal. Go to Azure Active Directory > Password protection. Here, you can define how often passwords expire and other related settings.

Can you restore a deleted user in Azure AD and how is it done?

Yes, you can restore a deleted user in Azure AD within 30 days of deletion. This can be done by navigating to Azure Active Directory > Users > Deleted users. Here, you can select the user and click on “Restore user”.

Related Post

AZ-500 Microsoft Azure Security Technologies

Configure security for container services

extutorials.com
AZ-500 Microsoft Azure Security Technologies

Configure backup and recovery of certificates, secrets, and keys

extutorials.com
AZ-500 Microsoft Azure Security Technologies

Configure Azure role permissions for management groups, subscriptions, resource groups, and resources

extutorials.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

AZ-900 Microsoft Azure Fundamentals

Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

AZ-900 Microsoft Azure Fundamentals

Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Arc

AZ-900 Microsoft Azure Fundamentals

Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)