- web.groovymark@gmail.com
- December 2, 2024
Question 01
Which role can invite guest users into an Azure AD tenant by default?
a) Global Administrator
b) User Administrator
c) Privileged Role Administrator
d) Service Support
Correct Answer: a) Global Administrator
Explanation: The Global Administrator role has the permissions required to invite guest users into Azure AD.
Question 02
What type of Azure AD object should be used to manage delegation of permissions within an Azure AD administrative unit?
a) Security Group
b) User
c) Custom Role
d) Built-in Role
Correct Answer: d) Built-in Role
Explanation: Built-in roles are used for managing permissions in Azure AD administrative units.
Question 03
Which tool can be used to update Microsoft Azure AD groups?
a) Azure CLI
b) Azure PowerShell
c) Azure Portal
d) Azure Storage Explorer
Correct Answer: a) Azure CLI
Explanation: Azure CLI provides command-line capabilities to manage Azure AD groups.
Question 04
What piece of information is required for each new guest account in Azure AD?
a) User’s full name
b) User’s email address
c) User’s phone number
d) User’s organization
Correct Answer: b) User's email address
Explanation: The email address is essential for inviting new guest accounts to Azure AD.
Question 05
What should be created to apply specific security permissions to a new IT group managing virtual machines?
a) Built-in Role
b) Custom Role
c) Security Group
d) Management Group
Correct Answer: b) Custom Role
Explanation: A custom role allows specific permissions to be tailored for the IT group.
Question 06
What determines the effective permissions when assigning multiple roles to a user?
a) Role hierarchy
b) Role types
c) Role scopes
d) Most permissive role
Correct Answer: d) Most permissive role
Explanation: The effective permissions are based on the most permissive role assigned to the user.
Question 07
. What should be configured to resolve the error: “No more role assignments can be created”?
a) Increase the role assignment limit
b) Remove existing role assignments
c) Change the user’s role
d) Assign roles to groups instead
Correct Answer: b) Remove existing role assignments
Explanation: To resolve the issue, the administrator must remove some existing role assignments.
Question 08
How can standardized tagging rules be enforced on Azure resources?
a) Azure Policy
b) Resource Tags
c) RBAC
d) Azure Blueprints
Correct Answer: a) Azure Policy
Explanation: Azure Policy is used to enforce rules and standards on resources, including tagging.
Question 09
What can be implemented to identify the environment purpose of virtual machines in a management group hierarchy?
a) Tags
b) Resource Groups
c) Subscriptions
d) Azure Policies
Correct Answer: a) Tags
Explanation: Tags can help categorize and identify the purpose of virtual machines.
Question 10
What should be used to grant a user access to multiple Enterprise Agreement subscriptions through a single role assignment?
a) Azure AD
b) Management Groups
c) Resource Groups
d) Role-Based Access Control
Correct Answer: b) Management Groups
Explanation: Management groups allow for centralized management of role assignments across multiple subscriptions.
Question 11
Where are the backup policies associated with an Azure VM stored?
a) Recovery Services Vault
b) Azure Blob Storage
c) Resource Group
d) Azure AD
Correct Answer: a) Recovery Services Vault
Explanation: Backup policies for VMs are stored in the associated Recovery Services Vault.
Question 12
Which Azure resource should be created to store Azure Backup reporting data?
a) Azure SQL Database
b) Azure Storage Account
c) Azure Log Analytics workspace
d) Recovery Services Vault
Correct Answer: c) Azure Log Analytics workspace
Explanation: The Log Analytics workspace is used for storing and analyzing backup reporting data.
Question 13
Which service should be used for continuous replication of an on-premises VMware VM to an Azure VM?
a) Azure Backup
b) Azure Site Recovery
c) Azure Migrate
d) Azure File Sync
Correct Answer: b) Azure Site Recovery
Explanation: Azure Site Recovery enables continuous replication of on-premises VMs to Azure.
Question 14
Which two types of Azure Storage objects are supported by Azure Backup vaults?
a) Tables and Queues
b) Files and Disks
c) Blobs and Disks
d) Queues and Blobs
Correct Answer: c) Blobs and Disks
Explanation: Azure Backup vaults support both blobs and disk storage types.
Question 15
What additional property requires a value when creating an Azure Active Directory user?
a) User role
b) Full name
c) Phone number
d) Job title
Correct Answer: b) Full name
Explanation: The full name is an essential property when creating a new user in Azure AD.
Question 16
Which group and membership types should be used to set permissions on Azure resources in Azure Active Directory Free edition?
a) Security group with Assigned membership
b) Office 365 group
c) Distribution group
d) Security group with Dynamic membership
Correct Answer: a) Security group with Assigned membership
Explanation: Assigned membership in a security group allows for setting permissions.
Question 17
Which property specifies the type of user as a cloud or Microsoft Account user?
a) Source
b) User Type
c) Email
d) Role
Correct Answer: a) Source
Explanation: The 'Source' property defines whether the user is a cloud or Microsoft Account user.
Question 18
Which type of file should be created to bulk create Azure Active Directory users?
a) JSON
b) XML
c) CSV
d) TXT
Correct Answer: c) CSV
Explanation: A CSV file is required for bulk user creation in Azure AD.
Question 19
What is the least privileged role that includes Microsoft.Authorization/roleAssignment/ permissions?*
a) Reader
b) Contributor
c) User Access Administrator
d) Owner
Correct Answer: c) User Access Administrator
Explanation: The User Access Administrator role provides minimal permissions for role assignments.
Question 20
Which type of assignment should be used to deny a user permissions to modify resources within an individual resource group in a subscription?
a) Azure Policy assignment
b) Role assignment
c) Azure Blueprint assignment
d) Resource lock
Correct Answer: a) Azure Policy assignment
Explanation: Azure Policy can be used to deny modifications in specified resource groups.