AZ‐500 Microsoft Azure Security Technologies Study Guide_5 - itnett/FTD02H-N GitHub Wiki

Certainly! Below is the content formatted in CSV with | as the delimiter. You can directly copy and paste this into a .csv file for Anki import.

Front|Back|Tags
Which user can transfer the ownership of an Azure subscription and which tool should be used?|User: Global Administrator, Tool: Azure Account Center|Ownership, Transfer, Azure Portal, Admin
How do you register a web app to Azure AD and generate a password for it?|Register the app in Azure AD under App registrations. Generate a password by creating a new client secret.|Azure, App Registration, Client Secret
How do you ensure App12345678 is registered to Azure AD and generate a password for it?|Register the app in Azure AD, then navigate to Certificates & Secrets to generate a new client secret.|Azure, App Registration, Secret
How can you create a new Azure AD directory named 12345678.onmicrosoft.com and a user in the new directory?|Use the Azure portal to create a new Azure AD directory, and then add a user through the "Users" option in the directory.|Azure AD, Directory, User Creation
Which Azure AD role allows a user to grant admin consent for published apps?|Assign the Cloud application administrator or Application administrator role to the user.|Azure AD, Admin Consent, Roles
Which Azure policy effect requires a managed identity?|The DeployIfNotExist effect requires a managed identity.|Azure Policy, Managed Identity, DeployIfNotExist
Which two parameters must be used to retain deleted objects in a Key Vault for 90 days?|EnableSoftDelete and EnablePurgeProtection must be used together.|Key Vault, Soft Delete, Purge Protection
What happens if you change the Azure AD tenant associated with a subscription?|Role assignments at the subscription level are lost, and virtual machine managed identities are lost.|Azure Subscription, AD Tenant, Role Assignment
How do you revoke all access to a storage account using shared access signatures (SAS)?|To revoke all access, you must regenerate the shared access signature (SAS) tokens.|SAS, Storage Account, Revoke Access
How can you connect to a VM with Just-in-Time (JIT) VM access enabled?|In the Azure portal, select the VM, click Connect, and then select Request Access.|JIT, VM, Remote Access

Here’s a more comprehensive AZ-500 Exam deck covering various topics from the AZ-500 syllabus in CSV format with | as the delimiter. It includes self-explanatory questions and answers with relevant tags, helping you recognize correct answers in the exam:

Deck: AZ-500 Full Coverage

Front|Back|Tags
Which user can transfer the ownership of an Azure subscription and which tool should be used?|User: Global Administrator, Tool: Azure Account Center|Ownership, Transfer, Azure Portal, Admin
How do you revoke all access to a storage account using shared access signatures (SAS)?|To revoke all access, regenerate the shared access signature (SAS) tokens.|SAS, Storage Account, Revoke Access
Which Azure policy effect requires a managed identity?|DeployIfNotExist requires a managed identity.|Azure Policy, Managed Identity, DeployIfNotExist
Which two parameters must be used to retain deleted objects in a Key Vault for 90 days?|EnableSoftDelete and EnablePurgeProtection must be used.|Key Vault, Soft Delete, Purge Protection
What happens if you change the Azure AD tenant associated with a subscription?|Role assignments and VM managed identities are lost.|Azure Subscription, AD Tenant, Role Assignment
How do you connect to a VM with Just-in-Time (JIT) VM access enabled?|From the Azure portal, select the VM, click Connect, and then Request Access.|JIT, VM, Remote Access
How do you register a web app to Azure AD and generate a password for it?|Register the app in Azure AD, and generate a password by creating a new client secret.|Azure, App Registration, Client Secret
How can you create a new Azure AD directory and user in the new directory?|Use the Azure portal to create a new directory and add a user under the "Users" option.|Azure AD, Directory, User Creation
Which Azure AD role allows a user to grant admin consent for published apps?|Assign the Cloud application administrator or Application administrator role to the user.|Azure AD, Admin Consent, Roles
Which signal type allows for dimensional alert rules in Log Analytics?|Metric signal type allows dimensions in alert rules.|Log Analytics, Alerts, Metrics
Which PIM alert should you modify to minimize alerts about admins not changing passwords within 90 days?|Modify the Potential stale accounts in privileged roles alert.|PIM, Alerts, Password Policy
How can you configure conditional access for users with leaked credentials?|Create a conditional access policy and set the risk condition to High for users with leaked credentials.|Conditional Access, Risk, MFA
How do you configure an Azure AD MFA registration policy?|Create a policy and assign it to a group. Set the condition to require MFA registration.|Azure AD, MFA, Registration Policy
How do you configure a sign-in risk policy in Azure AD Identity Protection?|Create a policy, set the risk level to Medium and above, and require MFA for access.|Azure AD, Identity Protection, Risk Policy
What is the least privilege role to assign for managing Azure AD app registrations?|Application Developer role allows managing app registrations with least privilege.|Azure AD, Roles, App Registration
Which Azure tool allows consistent role assignments across subscriptions?|Azure Blueprints can replicate role assignments across multiple subscriptions.|Azure Blueprints, Role Assignments, Governance
How can you restrict users from syncing specific accounts to Azure AD in a hybrid environment?|Use the Synchronization Rules Editor to create a custom rule.|Azure AD, Hybrid, Sync, Synchronization Rules
How do you allow an Azure VM to access a Key Vault securely?|Grant the VM system-assigned managed identity permission to the Key Vault.|Azure VM, Key Vault, Managed Identity
What is the role of Azure AD Privileged Identity Management (PIM)?|PIM manages just-in-time role activation and temporary privileged access.|Azure AD, PIM, Roles
How can you deploy a web app with a custom domain and HTTPS in Azure?|Add a hostname to the app, upload a PFX certificate, and configure HTTPS binding.|Web App, Custom Domain, HTTPS
Which two roles can manage Azure AD administrative units?|Global Administrator and User Administrator can manage Azure AD administrative units.|Azure AD, Admin Units, Roles
How do you configure Azure AD Connect for seamless single sign-on (SSO)?|Enable password hash synchronization with SSO in the Azure AD Connect setup.|Azure AD Connect, SSO, Password Sync
How do you configure Just-in-Time (JIT) VM access for security purposes?|Enable JIT access in Azure Security Center and configure rules for VM ports.|JIT, Security Center, VM Access
What happens when you enable Azure Disk Encryption on a VM?|The disks are encrypted using BitLocker for Windows or DM-Crypt for Linux.|Azure VM, Disk Encryption, BitLocker
How do you enable a user to invite external users in Azure AD B2B?|Modify the external collaboration settings to allow invitations by non-admin users.|Azure AD, B2B, External Users
What are the prerequisites for enabling Azure AD DS (Domain Services) in an Azure AD tenant?|The tenant must have a virtual network and synchronized user identities.|Azure AD DS, Domain Services, VNet
How do you revoke a stored access policy in Azure Storage?|Update or delete the stored access policy to revoke access for shared access signatures (SAS).|Azure Storage, SAS, Revoke Access
What is required to implement Privileged Identity Management (PIM) for Azure AD roles?|Assign users eligible for roles and configure activation settings in PIM.|PIM, Azure AD, Role Activation
Which Azure AD feature detects and prevents identity-based risks such as sign-in attempts from unfamiliar locations?|Azure AD Identity Protection monitors sign-in risks and can trigger conditional access policies.|Azure AD, Identity Protection, Risk Detection
How do you enforce MFA for high-risk sign-ins in Azure AD?|Create a conditional access policy targeting high-risk users and require MFA for access.|Azure AD, MFA, Risk-based Access
What happens if you enable Purge Protection in an Azure Key Vault?|Deleted items are retained for a mandatory period, preventing immediate deletion.|Key Vault, Purge Protection, Retention
How do you configure automatic remediation of security misconfigurations in Azure?|Use Azure Policy with the DeployIfNotExists effect to enforce compliance.|Azure Policy, Compliance, DeployIfNotExists
How can you configure secure access to an Azure SQL database using Azure AD authentication?|Enable Azure AD authentication and assign appropriate roles to users or groups.|Azure SQL, AD Authentication, Secure Access

Instructions for Import:

  1. Copy the CSV content.
  2. Paste it into a .csv file using a text editor (e.g., Notepad) and save it.
  3. In Anki, go to File > Import.
  4. Select your .csv file and choose the pipe | as the delimiter.
  5. Assign tags and review.

This deck covers essential topics, exam-relevant scenarios, and focuses on self-explanatory answers, helping you with critical thinking during the AZ-500 exam.

This CSV can be imported into Anki by selecting the pipe | as the delimiter during the import process. Each card is tagged for better organization, allowing you to focus on specific areas like Azure AD, Key Vault, or Azure Policies.