|
2 | 2 | uid: learn.wwl.explore-basic-services-identity-types-of-azure-active-directory-azure-ad.knowledge-check |
3 | 3 | title: Module assessment |
4 | 4 | metadata: |
5 | | - hidden_question_numbers: ["D9AC37ED_22","D9AC37ED_100","D9AC37ED_108","D9AC37ED_120","D9AC37ED_132","D9AC37ED_140"] |
6 | | - ai_generated_module_assessment: true |
7 | 5 | title: Module assessment |
8 | 6 | description: "Knowledge check" |
9 | | - ms.date: 08/01/2024 |
| 7 | + ms.date: 03/23/2026 |
10 | 8 | author: wwlpublish |
11 | 9 | ms.author: ceperezb |
12 | 10 | ms.topic: unit |
13 | | - module_assessment: true |
| 11 | + module_assessment: false |
14 | 12 | durationInMinutes: 3 |
15 | 13 | content: | |
16 | 14 | [!include[](includes/6-knowledge-check.md)] |
|
27 | 25 | explanation: "Correct. A Microsoft 365 group is used for grouping users according to collaboration needs. You can give members of the group access to a shared mailbox, calendar, files SharePoint sites, and more. Because Microsoft 365 groups are intended for collaboration, the default is to allow users to create Microsoft 365 groups, so you don’t need an administrator role." |
28 | 26 | - content: "A security group" |
29 | 27 | isCorrect: false |
30 | | - explanation: "Incorrect. Although a security group is the most common type of group and is used to manage user and device access to shared resources, it is best suited to create a security group for a security policy and requires an administrator role to configure." |
31 | | - - content: "An organization has completed a full migration to the cloud and has purchased devices for all its employees. All employees sign in to the device through an organizational account configured in Microsoft Entra ID. Select the option that best describes how these devices are set up in Microsoft Entra ID." |
32 | | - choices: |
33 | | - - content: "These devices are set up as Microsoft Entra registered." |
34 | | - isCorrect: false |
35 | | - explanation: "Incorrect. This customer scenario explicitly states that all employees sign in to the device through an organization account and because devices are purchased by the organization, there's no requirement for bring your own device (BYOD). The goal of Microsoft Entra registered devices is to provide users with support for BYOD or mobile device scenarios. Microsoft Entra registered devices register to Microsoft Entra ID without requiring an organizational account to sign in to the device." |
36 | | - - content: "These devices are set up as Microsoft Entra joined." |
37 | | - isCorrect: true |
38 | | - explanation: "Correct. A Microsoft Entra joined device is a device joined to Microsoft Entra ID through an organizational account, which is then used to sign in to the device. Microsoft Entra joined devices are generally owned by the organization." |
39 | | - - content: "These devices are set up as Microsoft Entra hybrid joined." |
40 | | - isCorrect: false |
41 | | - explanation: "Incorrect. This customer scenario has completed a full migration to the cloud and therefore has no on-premises Active Directory. There is no requirement for devices to be Microsoft Entra hybrid joined." |
| 28 | + explanation: "Incorrect. Although a security group is the most common type of group and is used to manage user and device access to shared resources, it's best suited to create a security group for a security policy and requires an administrator role to configure." |
42 | 29 | - content: "A developer wants an application to connect to Azure resources that support Microsoft Entra authentication, without having to manage any credentials and without incurring any extra cost. Which option best describes the identity type of the application?" |
43 | 30 | choices: |
44 | 31 | - content: "Service principal" |
|
50 | 37 | - content: "Hybrid identity" |
51 | 38 | isCorrect: false |
52 | 39 | explanation: "Incorrect. A hybrid identity refers to a common user identity for authentication and authorization to all resources, regardless of location." |
| 40 | + - content: "An organization needs to synchronize identities between its on-premises Active Directory and Microsoft Entra ID. Which synchronization tool does Microsoft recommend for new deployments?" |
| 41 | + choices: |
| 42 | + - content: "Microsoft Entra Connect Sync" |
| 43 | + isCorrect: false |
| 44 | + explanation: "Incorrect. Microsoft Entra Connect Sync is an earlier on-premises synchronization tool that's being replaced by Cloud Sync. New identity and synchronization features are being developed primarily on the Cloud Sync platform." |
| 45 | + - content: "Microsoft Entra Cloud Sync" |
| 46 | + isCorrect: true |
| 47 | + explanation: "Correct. Microsoft Entra Cloud Sync is Microsoft's recommended synchronization tool for hybrid identity. It uses a lightweight cloud provisioning agent, offers simplified deployment, high availability through multiple agents, and support for disconnected multi-forest environments." |
| 48 | + - content: "Active Directory Federation Services (AD FS)" |
| 49 | + isCorrect: false |
| 50 | + explanation: "Incorrect. AD FS is a federation service, not a synchronization tool. Microsoft Entra Cloud Sync is the recommended tool for synchronizing identities between on-premises Active Directory and Microsoft Entra ID." |
| 51 | + - content: "A company wants to collaborate with a partner organization and give partner employees access to specific applications. Partner employees should authenticate using their own organization's credentials. Which Microsoft Entra External ID feature should the company use?" |
| 52 | + choices: |
| 53 | + - content: "B2B collaboration" |
| 54 | + isCorrect: true |
| 55 | + explanation: "Correct. External ID B2B collaboration allows your workforce to collaborate with external business partners. You can invite anyone to sign in to your Microsoft Entra organization using their own credentials so they can access the apps and resources you want to share with them." |
| 56 | + - content: "Customer identity and access management (CIAM)" |
| 57 | + isCorrect: false |
| 58 | + explanation: "Incorrect. CIAM is used when an organization or developer creates consumer-facing apps and needs to add authentication and customer identity management. It's not designed for business partner collaboration." |
| 59 | + - content: "B2B direct connect" |
| 60 | + isCorrect: false |
| 61 | + explanation: "Incorrect. B2B direct connect creates a mutual trust relationship between two Microsoft Entra organizations and currently enables only the Teams Connect shared channels feature, not broad application access." |
| 62 | + - content: "An organization is deploying AI agents that need to securely authenticate and access resources in Microsoft Entra ID. The organization wants to enforce conditional access policies based on agent risk and govern agent lifecycles. Which Microsoft Entra capability should the organization use?" |
| 63 | + choices: |
| 64 | + - content: "Microsoft Entra Workload ID" |
| 65 | + isCorrect: false |
| 66 | + explanation: "Incorrect. Microsoft Entra Workload ID is designed for software workloads such as applications, service principals, and managed identities. It does not provide the purpose-built agent identity capabilities needed for AI agents." |
| 67 | + - content: "Managed identities" |
| 68 | + isCorrect: false |
| 69 | + explanation: "Incorrect. Managed identities eliminate the need for developers to manage credentials for applications connecting to Azure resources, but are not designed for AI agent identity management, lifecycle governance, or agent-specific conditional access." |
| 70 | + - content: "Microsoft Entra Agent ID" |
| 71 | + isCorrect: true |
| 72 | + explanation: "Correct. Microsoft Entra Agent ID extends identity and access management capabilities to AI agents by providing purpose-built agent identities. It enables organizations to enforce conditional access policies based on agent risk and govern agent lifecycles with designated owners and sponsors." |
0 commit comments