-
web.groovymark@gmail.com
- December 1, 2024
Question 01
Which role can invite guest users into an Azure AD tenant by default?
a) Global Administrator
b) User Administrator
c) Security Administrator
d) Guest User
Correct Answer: a) Global Administrator
Explanation: The Global Administrator role can invite guest users into the Azure AD tenant.
Question 02
What type of Azure AD object should be used to manage delegation of permissions within an Azure AD administrative unit?
a) Security group
b) User
c) Custom role
d) Built-in role
Correct Answer: d) Built-in role
Explanation: Built-in roles facilitate the delegation of permissions in Azure AD administrative units.
Question 03
Which tool can be used to update Azure AD groups to meet new security requirements?
a) Azure CLI
b) Azure PowerShell
c) Azure Portal
d) Azure Resource Manager
Correct Answer: a) Azure CLI
Explanation: Azure CLI provides command-line access to manage Azure resources, including AD groups.
Question 04
Which piece of information should be specified for each new guest account in Azure AD?
a) Full name
b) User Principal Name (UPN)
c) Email address
d) Phone number
Correct Answer: c) Email address
Explanation: The email address is necessary to create a guest user account in Azure AD.
Question 05
What should be created to apply security permissions to a new IT group managing virtual machines?
a) Custom role
b) Security group
c) Management group
d) Azure Policy
Correct Answer: a) Custom role
Explanation: A custom role allows the definition of specific security permissions tailored to the IT group.
Question 06
What determines the effective permissions when assigning multiple roles to a user?
a) The highest privilege role
b) The lowest privilege role
c) The least permissive role
d) The most permissive role
Correct Answer: d) The most permissive role
Explanation: The effective permissions are derived from the highest privilege across assigned roles.
Question 07
What should be configured to resolve the issue of “No more role assignments can be created” when assigning an Azure role?
a) Increase the number of roles
b) Clone an existing role
c) Add users to groups and assign roles to the groups
d) Change the role assignment scope
Correct Answer: c) Add users to groups and assign roles to the groups
Explanation: This approach allows managing role assignments more effectively by grouping users.
Question 08
What should be used to enforce standardized tagging rules to Azure resources?
a) Azure Policy
b) RBAC
c) Tags
d) Resource Locks
Correct Answer: a) Azure Policy
Explanation: Azure Policy enables enforcement of tagging standards on Azure resources.
Question 09
What can be implemented to identify the environment purpose for virtual machines categorized by business areas?
a) Tags
b) Management groups
c) Resource groups
d) Policies
Correct Answer: a) Tags
Explanation: Tags can provide metadata to identify the environment purpose of each VM.
Question 10
What should be used to grant a user access to multiple Enterprise Agreement (EA) subscriptions through a single role assignment?
a) Resource groups
b) Management groups
c) Azure AD groups
d) Custom roles
Correct Answer: b) Management groups
Explanation: Management groups enable consolidated access management across multiple subscriptions.
Question 11
Where are the backup policies associated with a virtual machine backed up by Azure Backup stored?
a) Resource group
b) Azure Recovery Services vault
c) Azure Storage account
d) Azure Active Directory
Correct Answer: b) Azure Recovery Services vault
Explanation: Backup policies are stored within the Azure Recovery Services vault.
Question 12
Which Azure resource should be created to store the Azure Backup reporting data?
a) Recovery Services vault
b) Azure Log Analytics workspace
c) Azure Storage account
d) Azure Monitor
Correct Answer: b) Azure Log Analytics workspace
Explanation: The Log Analytics workspace is used for storing reporting data from Azure Backup.
Question 13
Which service should be used for continuous replication of an on-premises VMware virtual machine to an Azure virtual machine?
a) Azure Backup
b) Azure Site Recovery
c) Azure Migrate
d) Azure Monitor
Correct Answer: b) Azure Site Recovery
Explanation: Azure Site Recovery facilitates continuous replication and disaster recovery for VMs.
Question 14
Which two types of Azure Storage objects are supported by Azure Backup vaults?
a) Disks and Tables
b) Blobs and Files
c) Blobs and Disks
d) Files and Queues
Correct Answer: c) Blobs and Disks
Explanation: Azure Backup vaults support backups for both blobs and managed disks.
Question 15
Which additional property requires a value when creating an Azure Active Directory user?
a) Phone number
b) Security group
c) Full name
d) Job title
Correct Answer: c) Full name
Explanation: The full name is a mandatory property when creating an Azure AD user.
Question 16
Which group and membership types should be used to set permissions on Azure resources when creating a group in Azure Active Directory Free edition?
a) Security group with Assigned membership
b) Dynamic group
c) Distribution group
d) Role-based group
Correct Answer: a) Security group with Assigned membership
Explanation: Assigned membership security groups allow for manual addition and removal of members.
Question 17
Which Azure Active Directory user property specifies the type of user as a cloud or Microsoft Account user?
a) Source
b) User Principal Name
c) Object ID
d) Display Name
Correct Answer: a) Source
Explanation: The 'Source' property indicates whether the user is from a cloud or Microsoft account.
Question 18
Which type of file should the administrator create to bulk create Azure Active Directory users?
a) TXT file
b) XML file
c) CSV file
d) JSON file
Correct Answer: c) CSV file
Explanation: CSV files are used to import multiple users into Azure Active Directory.
Question 19
What is the least privileged role that includes Microsoft.Authorization/roleAssignment/ permissions?
a) Reader
b) Contributor
c) User Access Administrator
d) Owner
Correct Answer: c) User Access Administrator
Explanation: The User Access Administrator role provides the necessary permissions for managing role assignments.
Question 20
What type of assignment should be used to deny the user permissions to modify resources within an individual resource group in the subscription?
a) Azure Policy
b) Resource Lock
c) Azure RBAC
d) Management group
Correct Answer: b) Resource Lock
Explanation: Applying a resource lock can prevent modifications to resources in a specified resource group.
