✅ Correct Answers + Explanations

---

1. Key function of Microsoft Entra ID

❌ Securing physical data centers
❌ Providing hardware reports
✅ Managing identities and governing access to resources
❌ Replacing faulty devices

Explanation:
Microsoft Entra ID is primarily an identity and access management (IAM) system.

---

2. Tool for securing & managing devices

❌ Microsoft Teams
❌ Azure Monitor
✅ Microsoft Intune
❌ Task Manager

Explanation:
Intune provides device management & security.

---

3. Feature in Entra ID P1 vs Free

✅ Dynamic groups for automatic user management
❌ Basic authentication
❌ Simple SSO
❌ Group-based licensing

Explanation:
P1 includes dynamic groups, a premium automation feature.

---

4. How Entra Connect simplifies identity

❌ Creates temporary accounts
❌ Encrypts credentials
❌ Manages roles
✅ Syncs on-prem directory changes automatically

Explanation:
Entra Connect syncs AD → Microsoft Entra.

---

5. Stage where access changes due to promotion

❌ Employment
❌ Onboarding
❌ Offboarding
✅ Role change

Explanation:
Job promotion → permissions updated during role change.

---

6. Difference between B2C and B2B

❌ Org use only
❌ Only Microsoft accounts
✅ B2C is customer-facing
❌ Replaces Entra ID

Explanation:
B2C = consumer identity; B2B = partner/guest collaboration.

---

7. Key feature of dynamic groups

❌ Bypass compliance
❌ Restricted to locations
❌ Manual assignment
✅ Automatic membership based on attributes

Explanation:
Dynamic groups auto-update.

---

8. Managed identity reusable across resources

❌ System-assigned
❌ Temporary-assigned
❌ Multi-assigned
✅ User-assigned

Explanation:
User-assigned identities are reusable.

---

9. Protocol for SSO

❌ OAuth2
✅ SAML
❌ WS-FED
❌ OIDC

Explanation:
SAML is widely used for SSO with enterprise apps.

---

10. Role of tenant scope

❌ App permissions only
✅ Governs all resources within the tenant
❌ Restrict resource groups
❌ Single subscription

Explanation:
Tenant = top-level boundary for identity.

---

11. Final step migrating from on-prem AD

❌ Set up MFA
❌ Force password reset
❌ Remove on-prem AD
✅ Migrate applications and services

Explanation:
Apps must be migrated last so users can authenticate.

---

12. Benefit of biometric authentication

❌ Easy patterns
❌ Shared data
❌ Universal repository
✅ Adds layer of security using physical traits

Explanation:
Biometrics verify something you are.

---

13. How SSO simplifies access

✅ Login once → access many apps
❌ Eliminates risk
❌ Removes passwords
❌ Auto logout

Explanation:
SSO reduces repeated logins.

---

14. Why RBA is adaptive

❌ Blocks all untrusted devices
❌ Applies strict rules always
✅ Uses context (location/device) to adjust authentication
❌ Requires biometrics every time

Explanation:
RBA adapts security per risk level.

---

15. Why choose hybrid identity

❌ No authentication
❌ Reduce security tool cost
✅ Use on-prem directories + cloud services together
❌ No cloud breaches

Explanation:
Hybrid identity bridges AD + Entra ID.

---

16. Challenge solved by SSPR

❌ Sync passwords across devices
❌ Replace password policy
✅ Reduces support tickets for password resets
❌ Prevent forgetting passwords

Explanation:
SSPR lowers IT helpdesk load.

---

17. How Azure Key Vault helps security

❌ Biometric storage
❌ Share keys easily
❌ No password policy
✅ Encrypts & stores keys/credentials securely

Explanation:
Key Vault protects secrets, keys, certs.

---

18. How MFA protects access

❌ Admin approval needed
❌ No authentication
❌ Remove password validation
✅ Adds additional verification factor

Explanation:
Even if passwords are stolen, MFA blocks attacks.

---

19. Conditional Access security vs usability

❌ No password policy
❌ No risk evaluation
❌ Enforce 2FA always
✅ Triggers MFA only for high-risk attempts

Explanation:
Adaptive enforcement reduces user friction.

---

20. Step that enforces Conditional Access

✅ Enable the Policy
❌ Access Controls
❌ Assignments
❌ Conditions

Explanation:
A policy does nothing unless enabled.

---

21. Benefit of phased Conditional Access rollout

❌ Avoid high-risk users
❌ No testing
✅ Allows testing and reduces disruptions
❌ Apply org-wide immediately

Explanation:
Gradual rollout avoids breaking user access.

---

22. How CA templates save time

❌ Remove need for CA
❌ Enforce automatically
✅ Provide pre-configured policies
❌ Skip user assignments

Explanation:
Templates accelerate deployment.

---

23. Role of “scope” in role assignment

❌ Assigns roles
✅ Defines where permissions apply
❌ Determines directory role
❌ Specifies permissions granted

Explanation:
Scope = resource boundary.

---

24. CA alignment with Zero Trust

❌ Broad guest access
🥇 It enforces identity-based access controls
❌ Unrestricted trusted networks
❌ Disable MFA internally

Explanation:
Zero Trust = never trust, always verify.

---

25. Purpose of privileged access lifecycle mgmt

❌ Remove guests
❌ Password resets
✅ Secure access to sensitive resources
❌ Automate account creation

Explanation:
Manages privileged access end-to-end.

---

26. How identity lifecycle mgmt enhances security

❌ SSPR
✅ Auto-deactivation of terminated users
❌ Assign privileged roles
❌ View permissions

Explanation:
It ensures access is removed automatically.

---

27. Practical MFA example

❌ Block untrusted devices
❌ Passwordless login
❌ Secure network
✅ Password + mobile app code

Explanation:
MFA = two or more authentication factors.

---

28. Example of risk signal

❌ Unpatched software
✅ Atypical travel
❌ Weak password
❌ Email frequency

Explanation:
Identity Protection detects suspicious sign-in behavior.

---

29. Benefit of automated user provisioning

❌ No password resets
❌ Unrestricted guest access
❌ Give everyone global admin
✅ Reduces errors in account creation & removal

Explanation:
Automation increases accuracy + security.

---

30. Why MFA is essential

✅ Adds a second verification step
❌ Blocks unfamiliar locations
❌ Replaces passwords
❌ Removes Conditional Access needs

Explanation:
MFA drastically reduces compromised accounts.

---

🧾 Summary Table