About This Flashcard Deck
This flashcard deck contains 5 cards covering key Identity & Network Security concepts for the AZ-500 exam. Review identity and network security concepts for AZ-500. Use active recall by attempting to answer each question before revealing the answer. Research shows that flashcard-based active recall is one of the most effective study techniques for certification exams.
Question
What are the three zero trust principles?
Click to reveal answer
Answer
Verify explicitly (always authenticate and authorize), Least privilege access (limit access with JIT/JEA), Assume breach (minimize blast radius and segment access).
Click to flip back
All Identity & Network Security Flashcards
Q: What are the three zero trust principles?
A: Verify explicitly (always authenticate and authorize), Least privilege access (limit access with JIT/JEA), Assume breach (minimize blast radius and segment access).
Q: What is the difference between Private Endpoint and Service Endpoint?
A: Private Endpoint assigns a private IP in your VNet for the PaaS resource. Service Endpoint routes traffic over Azure backbone but the service retains its public IP.
Q: What does PIM require?
A: Entra ID P2 license. Provides just-in-time role activation with time limits, approval workflows, MFA verification, and full audit trails.
Q: How does Azure Firewall differ from NSG?
A: Azure Firewall is a centralized, stateful service with FQDN filtering, threat intelligence, and TLS inspection. NSGs are distributed L3/L4 filters at NIC/subnet level.
Q: What is JIT VM Access?
A: Just-In-Time access (Defender for Cloud) blocks management ports by default. Users request temporary access for a defined time, reducing attack surface.
Effective Azure Flashcard Study Method
For Azure certifications, we recommend the spaced repetition approach: review these flashcards daily for the first week, then every other day for two weeks, then weekly until your exam date. Focus extra time on cards related to Azure service comparisons — understanding when to choose between similar services (e.g., App Service vs. AKS vs. Container Instances) is a common exam pattern.