Secure identity and access Questions
Practice questions for Secure identity and access topic in Microsoft Certified: Azure Security Engineer Associate. 36 questions covering this domain.
You are registering an internal business application that should be usable only by employees in your own tenant. Which supported account type should y...
A workload currently uses a system-assigned managed identity. The virtual machine is deleted and recreated with the same name. What happens to the ori...
A user has the Reader role on a resource group and the Contributor role at the subscription scope. What are the user's effective permissions in that r...
A security team wants to stop sign-ins that use legacy authentication protocols while keeping modern authentication available. What should they config...
A user is marked as eligible for the User Access Administrator role in Microsoft Entra Privileged Identity Management. What must the user do before us...
An organization wants to require multifactor authentication only when users access cloud apps from unmanaged devices or from outside the corporate net...
When are Microsoft Entra Conditional Access policies enforced during sign-in?
An administrator wants an automation account to read secrets from only one Azure Key Vault and nowhere else. At what scope should the role assignment ...
Several Azure resources must share the same identity so they can all access the same downstream service without storing secrets. Which managed identit...
An app registration must call Microsoft Graph to read mail in any user's mailbox without an interactive user. Which permission type should be granted?
A break-glass strategy requires two emergency-access accounts that can sign in even when normal Conditional Access fails. What is Microsoft's document...
Microsoft Entra Identity Protection flags a user as high risk after credential leak detection. The Conditional Access policy requires secure password ...
A security architect needs guests from partner organizations to use their own credentials to sign in to a SharePoint site, while remaining managed in ...
Which Microsoft Entra license is required to use Privileged Identity Management?
Which Microsoft Entra feature evaluates real-time and offline sign-in and user risk and can feed risk signals into Conditional Access?
An administrator needs Microsoft Entra users to be required to register security info (MFA and SSPR) within a defined period using a single combined e...
A team wants on-prem AD passwords to be checked against Microsoft's banned password list before they are accepted. Which capability provides this?
Which Microsoft Entra Conditional Access control requires a successful authentication attempt against an allowed combination of methods (e.g., FIDO2, ...
A security team wants to ensure that any user who requests the Global Administrator role must provide a written justification and have a second admini...
Which Microsoft Entra feature allows an administrator to review and certify that users still require their current group memberships or application as...
Sign in to see all 36 questions
Create a free account to browse all questions — completely free during our launch phase.