You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- content: "Of the authentication methods listed below, Which one represents the most secure authentication method?"
19
-
choices:
20
-
- content: "Windows Hello."
21
-
isCorrect: true
22
-
explanation: "Correct. Of the methods listed below, Windows Hello, as a passwordless method of authentication, is the most secure."
23
-
- content: "Passwords."
24
-
isCorrect: false
25
-
explanation: "Incorrect. Passwords are considered among the most insecure methods of authentication."
26
-
- content: "Short message service (SMS)"
27
-
isCorrect: false
28
-
explanation: "Incorrect. A passwordless authentication method, such as Windows Hello, is more secure than an SMS method of authentication, regardless of whether it's used as a primary or secondary form of authentication."
29
-
- content: "Which of the following additional forms of verification can be used with Microsoft Entra multifactor authentication?"
30
-
choices:
31
-
- content: "Microsoft Authenticator app, SMS, Voice call, FIDO2, and Windows Hello for Business"
32
-
isCorrect: true
33
-
explanation: "Correct. These are all valid forms of verification with multifactor authentication."
34
-
- content: "Security questions, SMS, Voice call, FIDO2, and Windows Hello for Business"
35
-
isCorrect: false
36
-
explanation: "Incorrect. Security questions aren't a valid form of verification with multifactor authentication."
37
-
- content: "Password spray, SMS, Voice call, FIDO2, and Windows Hello for Business"
38
-
isCorrect: false
39
-
explanation: "Correct. Password spray isn't a form of verification, it's an identity based attack."
40
-
- content: "A company's IT organization has been asked to find ways to reduce IT costs, without compromising security. Which feature should they consider implementing?"
41
-
choices:
42
-
- content: "Self-service password reset."
43
-
isCorrect: true
44
-
explanation: "Correct. Self-service password reset allows users to change or reset their own passwords, thereby reducing the cost of providing administrators and help desk personnel."
45
-
- content: "Biometric sign-in on all devices."
46
-
isCorrect: false
47
-
explanation: "Incorrect. Biometric sign-in is secure but may involve upgrading hardware."
48
-
- content: "FIDO2."
49
-
isCorrect: false
50
-
explanation: "Incorrect. FIDO2 may require the purchase of external keys such as a USB device, which might involve additional expense."
- content: "Which of the following is classified as a phishing-resistant authentication method in Microsoft Entra ID?"
19
+
choices:
20
+
- content: "Passkeys (FIDO2)"
21
+
isCorrect: true
22
+
explanation: "Correct. Passkeys (FIDO2) use origin-bound public key cryptography, making them phishing resistant. Credentials can't be replayed or shared with malicious actors."
23
+
- content: "SMS-based authentication"
24
+
isCorrect: false
25
+
explanation: "Incorrect. SMS-based authentication is vulnerable to remote phishing attacks where attackers can intercept verification codes."
26
+
- content: "Voice call verification"
27
+
isCorrect: false
28
+
explanation: "Incorrect. Voice call verification is not considered a phishing-resistant authentication method."
29
+
- content: "Which of the following forms of verification can be used with Microsoft Entra multifactor authentication?"
30
+
choices:
31
+
- content: "Microsoft Authenticator, SMS, Voice call, passkey (FIDO2), and Windows Hello for Business"
32
+
isCorrect: true
33
+
explanation: "Correct. These are all valid forms of verification with Microsoft Entra multifactor authentication."
34
+
- content: "Security questions, SMS, Voice call, passkey (FIDO2), and Windows Hello for Business"
35
+
isCorrect: false
36
+
explanation: "Incorrect. Security questions aren't a valid form of verification with multifactor authentication."
37
+
- content: "Password spray, SMS, Voice call, passkey (FIDO2), and Windows Hello for Business"
38
+
isCorrect: false
39
+
explanation: "Incorrect. Password spray isn't a form of verification, it's an identity-based attack."
40
+
- content: "A company's IT organization is asked to find ways to reduce IT costs, without compromising security. Which feature should they consider implementing?"
41
+
choices:
42
+
- content: "Self-service password reset"
43
+
isCorrect: true
44
+
explanation: "Correct. Self-service password reset allows users to change or reset their own passwords, reducing help desk calls, and the associated IT costs."
45
+
- content: "Biometric sign-in on all devices"
46
+
isCorrect: false
47
+
explanation: "Incorrect. Biometric sign-in is secure but may involve upgrading hardware, which could increase costs."
48
+
- content: "FIDO2 security keys"
49
+
isCorrect: false
50
+
explanation: "Incorrect. FIDO2 security keys may require purchasing physical hardware such as USB devices, which could involve extra expense."
51
+
- content: "What technique does Microsoft Entra password protection use to detect variations of banned passwords?"
52
+
choices:
53
+
- content: "Normalization and fuzzy matching"
54
+
isCorrect: true
55
+
explanation: "Correct. Microsoft Entra password protection normalizes passwords by converting to lowercase and applying character substitutions, then uses fuzzy matching to detect passwords within an edit distance of one from banned passwords."
56
+
- content: "Exact string comparison only"
57
+
isCorrect: false
58
+
explanation: "Incorrect. Microsoft Entra password protection goes beyond exact matching. It uses normalization and fuzzy matching to detect variations of banned passwords."
59
+
- content: "User-reported weak passwords"
60
+
isCorrect: false
61
+
explanation: "Incorrect. The banned password list is maintained by analyzing security telemetry data, not user reports."
62
+
- content: "What does Microsoft Entra ID account recovery use to verify a user's identity when they've lost access to all authentication methods?"
63
+
choices:
64
+
- content: "AI-powered identity verification with government-issued ID"
65
+
isCorrect: true
66
+
explanation: "Correct. Account recovery uses Microsoft Entra Verified ID with Face Check, powered by Azure AI services, to match a user's real-time selfie to the photo on their government-issued ID."
67
+
- content: "Security questions"
68
+
isCorrect: false
69
+
explanation: "Incorrect. Account recovery is designed for total lockout scenarios where traditional methods are unavailable. It uses AI-powered identity verification, not security questions."
70
+
- content: "An email sent to the user's personal address"
71
+
isCorrect: false
72
+
explanation: "Incorrect. Account recovery uses robust identity verification through trusted identity verification providers and AI-powered biometric matching, not email."
Authentication is the process of verifying an identity to be legitimate. Passwords are commonly used to authenticate users, but there are better and more secure ways to authenticate. With the rise of AI-driven cyberattacks, organizations need authentication methods that go beyond passwords to protect their users and resources.
1
2
2
-
Authentication is the process of verifying an identity to be legitimate. Passwords are commonly used to authenticate users, but there are better and more secure ways to authenticate.
3
-
4
-
In this module, you'll learn about the authentication capabilities of Microsoft Entra ID, multifactor authentication, and how it improves security. You'll also find out about the password protection and management capabilities of Microsoft Entra ID.
3
+
In this module, you learn about the authentication capabilities of Microsoft Entra ID, including the range of authentication methods available, from passwords and phone-based options to passwordless and phishing-resistant methods. You learn about multifactor authentication and how it improves security by requiring multiple verification factors. You also learn about self-service password reset (SSPR) and account recovery, and how Microsoft Entra password protection helps prevent weak passwords.
5
4
6
5
After completing this module, you'll be able to:
7
6
8
7
- Describe the authentication methods of Microsoft Entra ID.
9
-
- Describe multifactor authentication in Microsoft Entra ID
8
+
- Describe multifactor authentication (MFA) in Microsoft Entra ID.
9
+
- Describe self-service password reset (SSPR) in Microsoft Entra ID.
10
10
- Describe the password protection and management capabilities of Microsoft Entra ID.
0 commit comments