AZ-104

This type of group in Azure is used to secure resources and add users, groups, devices as members ...

Security groups

This type of group in azure is used for shared mailboxes, calendars, SharePoint collections, and other 365 resources...

365 group

Dynamic user or dynamic devices require what type of license?

Azure AD premium P1

This group type has assignment set automatically based on attributes such as department, job title, account attributes, devices, Etc...

Dynamic group

what are the three azure AD device joint types?

Registered, joined, hybrid joined

This azure AD join type allows multiple devices and operating systems (PC, MAC, iOS, Android) to be added to azure AD. The device can be user or org-owned...

Azure registered

This azure AD join type is an org owned device added to azure ad , possibly authenticating to your on prem AD. The only devices that can join this way are Windows 10 /11 devices...

Azure joined

This Azure AD join type is an org device added to azure AD as well as an on Prem AD. The device can authenticate to azure or AD, either or. Older Windows versions such as 7 and 8 .1 can be joined this way...

Azure Hybrid joined

Self service password reset (SSPR) is available for what Azure AD license?

Premium P1

An Azure subscription will only be associated with one and only one....

Entra ID Tenant

Enter ID tenant can be associated with more than one...

Azure subscription

Privileged identity management and identity protection is included with what azure subscription type?

Premium P1

This helps control both access to an app and the access an app has to other resources...

Application identity

True or false: Application identities can be used for both an app inside or outside Azure....

True

In order to use application identities, the app must be....

Registered within an Entra ID tenant.

For app identity with Entra ID, authentication relies on the use of a...

Secret or certificate

(In Entra ID) To register an app you'll be creating for an Entra ID tenant, go to....

App registrations

(In Entra ID) To register an app within an tenant that someone else has developed, go to...

Enterprise applications

(Yes or no) Can I go back to view an apps authentication secret within Entra ID?

No.

(True or False) an app registration account type can be changed after it's created within an Entra ID tenant....

True

These types of identities are similar to Application identities, but there for Azure Resources only...

Managed identities

With managed identities, the authentication is managed by the...

Azure platform

This type of managed identity is assigned for a single resource and exists as long as the resource does ...

System assigned managed identity

This type of managed identity can be used by one or more azure resources...

User assigned managed identity

This type of group simplifies assignment of an Entra ID roles, RBAC roles and licensing...

Security groups

This type of group simplifies administration of collaborative spaces for users projects teams in 365...

Microsoft 365 groups

This simplifies the assignment of Entra ID permissions to objects...

Administrative units

This kind of administrative unit can limit global administrators to specific Entra ID objects...

Restricted administrative unit

Looking at assignments for an administrative unit, you see the scope of an assignment for a particular user reads "directory" and not "This Resource". What does that mean?

The user was inherited to this administrative unit at the tenant level.

What can be used to prevent users from inheriting an newly created administrative unit?

Make it a restrictive administrative unit.

(True or false) I can make an administrative unit restrictive whenever I want...

False

An Entra ID roles, this Is the object we are granting access to something...

Security principal

In Entra id roles, these are the permissions being granted...

Role definition

In Entra ID roles, this is where the role is applied...(Tenant, administrative unit, app)

Scope

When is signing administrative units, best practice is to assign them by using...

Security groups

When creating a custom RBAC Roll in azure, If you don't need to explicitly deny all permissions for a role, what does the "notactions" list do?

Subtract granular permissions within approved actions that you've already specified

What Entra tool is used to sync active directory to an Entra ID tenant?

Entra connect

What are the two types of Entra connect sync service tools?

connect sync and cloud sync

What Entra syncing tool allows cloud based configuration and a lightweight agent installation which replaces the legacy on prem syncing tool?

Entra Connect cloud sync

Entra connect is applying what type of identity?

Hybrid identity

What traditional AD features are not available in Entra ID?

Domain join, group policy, LDAP, Kerberos, Etc.

What Entra ID service allows you to run legacy applications in the cloud that require legacy authentication methods that are available natively within Entra ID?

Entra domain services

Entra domain services provides legacy active directory functionality by using what?

managed domain

A managed domain resides where?

Virtual network within azure

What are the three types of Entra external identities?

B2B Collaboration, B2B direct connect , B2C

This type of external identity allows you to invite users from other identity providers (Google, Facebook, Etc) where they need access to resources within your tenant...

B2B collaboration

This type of external identity provides a mutual connection between two Entra ID tenants, where a guest identity is not required...

B2B Direct connect

This type of external identity provides identity services for your application where end users can log in...

B2C

B2B collaboration allows external identities to be used by creating what within your Entra ID tenant?

Guest identity

Currently, B2B direct connect can already be used for what type of resource?

Shared Microsoft Teams channel

This Entra ID service helps organizations automate identity and access management...

Entra ID governance

This Entra ID governance product enables organizations to manage identity and access lifecycle at scale and automate access request workflows, assignments, reviews, and expiration..

Entitlement management

This Entra ID governance product provides the ability to control, manage, and monitor privileges that people have to crucial resources within a tenant...

Privileged identity management

This Entra ID governance product provides the ability to efficiently manage permissions and provide scheduled checks to make sure only the right users have continued access and no one had more access than they really need ...

Access reviews

This Entra ID governance product automates the management of an Entra ID user based on 3 lifecycle processes..

Lifecycle workflows

What are the three life cycle processes within identity governance?

Joiner, Mover, Leaver

This Entra ID governance product presents users with relevant disclaimers for legal or compliance requirements....

Terms of use

To use Entra ID governance, you will need at least what kind of licensing?

Premium 1

Within Entra ID governance, in order to use Entitlement Management, Privileged Identity Management, and Access Reviews, you will need what kind of licensing?

Premium 2

Within Entra id governance, In order to use the extended features of access reviews and lifecycle workflows, you will need what kind of licensing?

ID governance

With entitlement management in Entra ID, a grouping of resources to be provided for a specific role/purpose is called...

Access package

With entitlement management in entra ID, this is used to organize and manage resources and access packages...

A collection

To use Entra ID entitlement management, you need to have at least what kind of license?

Premium P2

Thor entitlement management, access packages are created where?

Entra ID Admin Portal

With entitlement management user access is managed through where?

myaccess.Microsoft.com

Which administrative roles allow granular permissions to entitlement management?

Access package manager, catalog owner, and others

This Entra ID feature helps organizations detect, investigate, and remediate identity based risks...

Entra ID protection

Why is it recommended not to use Entra ID protection...

Conditional access policies provide more granular options

In azure, what are the two types of public IP addressing?

Basic and standard

Main difference between basic and standard public IP addressing in azure?

Basic allows all incoming traffic, whereas standard only allows what a firewall permits (if present)

What are the three ways Microsoft assigns a public IP address?

From a pool, a public IP prefix, or a custom IP address prefix (aka) BYOIP

What are the three types of outbound connectivity for azure virtual networks?

VM default, VM public IP, public load balancer SNAT, NAT Gateway

Do you have to configure a public IP for a virtual machine in azure?

No, a public IP is already assigned to a VM by default

A group of IP address prefixes that are used to point to Microsoft services for a source / destination...

Service tags

Similar to service tags, this is a way to group vms together for use as source or destination, without the need to manually add IP addresses...

App security groups

Service tags and app security groups are examples of....

Augmented security groups

Once in application security group is created, how do you configure it to a specific virtual machine ?

Going to the NIC settings of the VM

If there is an issue with an Azure VM, what options do you have to recover the machine from a possibly failed state?

Redeploy/reapply

When redeploying in Azure VM, what happens to the data on a temporary drive?

It's lost

Where in your azure subscription can you find your current limits on resources?

Usage and quotas

If you shut down a VM within your Azure subscription, does it still add to your total quota for that resource?

Yes.

What are the three types of disks for VM storage in Azure?

OS , Data, and Temp disk

With Azure VM storage, the OS and data disks are managed by what?

Blog storage - VHDs

Can you manually install an OS for an azure VM?

No.

Can you upload your own VHDS and create an azure VM from that ?

Yes.

True or false: you can add , detach, or resize data disks without downtime...

True

To avoid breaking anything within your azure VM, watch feature can you use to create a current backup before starting your changes?

Snapshot

How can you create a snapshot of an azure VM?

Going directly to the OS disk and selecting create snapshot above.

An Azure VM can have multiple NICs, but they must reside within the same...

Virtual network

This is the configuration of private IPV4/V6 addresses and any associated public IP addresses of a NIC...

IP config

True or false: A NIC can only have 1 ipconfig.....

False

True or false: you cannot change the virtual network of a VM once it's created.

True

Without actually connecting to the virtual machine, where can you Set a static IP address for the vNIC of this virutal machine?

Setting the IP config assignment to static from the IP configuration page on the associated vNIC.

What tool can you use to deploy a VM environment across multiple machines to create redundancy(avoiding having to redeploy this environment manually every time)?

VM images

In some cases, before creating a VM image, the source machine must be cleared of user/machine specific information. What is this action called?

Generalize

In some cases, when creating AVM, you would like to keep specific user/machine information from the source machine. What is this action called?

Specialize

For Azure VMs, What are the two types of images you can create?

Managed image or compute gallery image.

This type of Azure VM image allows you to create version history, expiry time, and deploy images within different regions...

compute image gallery

This azure tool allows you to execute scripts on VMs during or after employment...

Custom script extension

This azure VM tool enables you to define a desired state of your virtual machine and maintain this state, enforcing Microsoft's version of desired state configuration - DSC...

Automation state configuration