9

Question 1

How many custom roles can be created per Azure AD directory?

Answer 1

5,000 custom roles per directory.

Question 2

What is the custom role limit for Azure Germany and Azure China 21Vianet?

Answer 2

2,000 custom roles per directory.

Question 3

What is the concept of RBAC inheritance in Azure?

Answer 3

Granting a user access to the Owner role at the management group scope grants Owner rights to all subscriptions under that management group, including all resource groups and resources.

Question 4

What is the role assignment limit for each subscription in Azure?

Answer 4

2,000 role assignments per subscription.

Question 5

What is the role assignment limit for each management group in Azure?

Answer 5

500 role assignments per management group.

Question 6

Can role assignments be revoked at a child scope in Azure RBAC?

Answer 6

No, role assignments inherited from the parent scope cannot be revoked at a child scope.

Question 7

What is a deny assignment in Azure?

Answer 7

A deny assignment is used to exclude service principals from accessing child scopes and is evaluated before role assignments.

Question 8

What permissions are required to create a custom role in Azure?

Answer 8

Microsoft.Authorization/roleDefinitions/write permission on all AssignableScopes.

Question 9

How are deny assignments controlled in Azure?

Answer 9

Deny assignments are set and controlled by applying a Resource lock for resources created through Azure Blueprints.

Question 10

What happens to resources during a move operation in Azure?

Answer 10

Resources are locked, and both write and delete operations are blocked, but the underlying service continues to function.

Question 11

How long can a move operation take to complete in Azure?

Answer 11

Up to four hours.

Question 12

What does Azure Key Vault safeguard?

Answer 12

Cryptographic keys, storage account keys, data encryption keys, and certificate private keys.

Question 13

What is BYOK in Azure Key Vault?

Answer 13

Bring Your Own Key, referring to importing keys into the Key Vault.

Question 14

What does the AzCopy command do?

Answer 14

Copies data between storage accounts using SAS tokens.

Question 15

How can you synchronize blobs between two Azure storage accounts?

Answer 15

Using the azcopy sync command.

Question 16

What is the maximum retention period for soft delete in Azure Blob Storage?

Answer 16

365 days.

Question 17

What are the three types of blobs in Azure Blob Storage?

Answer 17

Page Blobs, Block Blobs, and Append Blobs.

Question 18

What is the maximum size of a Page Blob in Azure?

Answer 18

8 TB.

Question 19

What is the maximum size of a Block Blob in Azure?

Answer 19

4.75 TB.

Question 20

What is the maximum size of an Append Blob in Azure?

Answer 20

195 GB.

Question 21

What are the three kinds of storage accounts in Azure?

Answer 21

General-Purpose v1, General-Purpose v2, and Blob Storage.

Question 22

What tools can manage Azure Storage directly from Microsoft?

Answer 22

Azure portal, PowerShell, CLI, Storage Explorer, and AzCopy.

Question 23

What access control methods are available for Azure Storage accounts?

Answer 23

Azure AD authentication, storage account name and key, SAS, SAS with access policy, storage firewall, and virtual network service endpoints.

Question 24

What is the purpose of Azure Storage lifecycle management?

Answer 24

Automatically transition data to lower-access tiers or delete data based on preconfigured rules.

Question 25

What are User-Defined Routes (UDRs) in Azure?

Answer 25

Change the default behavior of subnets, typically to direct outbound traffic to other locations.

Question 26

What is forced tunneling in Azure networking?

Answer 26

Routing outbound Internet traffic via a VPN connection to a network security device.

Question 27

What are Azure Activity Logs?

Answer 27

Logs that surface data at the subscription level, separate from diagnostic logs.

Question 28

How long are Azure Activity Log events retained?

Answer 28

90 days.

Question 29

What is Azure Monitor for Containers?

Answer 29

A service that provides monitoring capabilities for AKS and Azure Container Instances.

Question 30

What is the retention period for logs in Azure Monitor?

Answer 30

Logs can be retained for up to 730 days depending on the pricing tier.

Question 31

What is the function of Azure Storage Explorer?

Answer 31

Provides a graphical interface to manage and access Azure Storage resources.

Question 32

What are the replication options for Azure Storage accounts?

Answer 32

LRS, ZRS, GRS, RA-GRS, GZRS, and RA-GZRS.

Question 33

What is Locally Redundant Storage (LRS)?

Answer 33

Replicates data within a single datacenter in a region.

Question 34

What is Zone-Redundant Storage (ZRS)?

Answer 34

Replicates data across multiple availability zones in a region.

Question 35

What is Geo-Redundant Storage (GRS)?

Answer 35

Replicates data to a secondary region hundreds of miles away.

Question 36

What is Read-Access Geo-Redundant Storage (RA-GRS)?

Answer 36

Provides read access to the replicated data in the secondary region.

Question 37

What is the maximum size of a file share in Azure Files?

Answer 37

100 TiB for premium file shares.

Question 38

What is the maximum number of sync groups per storage account in Azure File Sync?

Answer 38

200 sync groups.

Question 39

What is the purpose of Azure Resource Manager (ARM) templates?

Answer 39

Enable infrastructure as code for deploying and managing Azure resources.

Question 40

What permissions are required to deploy ARM templates?

Answer 40

Contributor or Owner role on the resource group.

Question 41

What is the purpose of Azure Blueprints?

Answer 41

Enables deployment of a repeatable set of Azure resources and policies to ensure compliance and governance.

Question 42

What is the maximum number of disks supported by a VM in Azure?

Answer 42

256 disks per VM, depending on the VM size.

Question 43

What are the two allocation methods for private IP addresses in Azure?

Answer 43

Dynamic and static.

Question 44

What is the purpose of Azure Bastion?

Answer 44

Provides secure RDP and SSH connectivity to VMs without a public IP.

Question 45

What is the purpose of DNS zones in Azure?

Answer 45

To host DNS records for a domain in Azure DNS.

Question 46

What are NSG rules in Azure?

Answer 46

Network Security Group rules that can be applied to subnets and NICs to control traffic flow.

Question 47

What is the function of Azure Traffic Manager?

Answer 47

Uses DNS to distribute traffic to different endpoints globally.

Question 48

What is Azure Application Gateway used for?

Answer 48

Provides application-level routing and load balancing.

Question 49

What are the two types of public IP address SKUs in Azure?

Answer 49

Basic and Standard.

Question 50

What is Azure AD Connect?

Answer 50

A tool to synchronize on-premises Active Directory with Azure AD.

Question 51

What are the components of Azure AD Connect?

Answer 51

Azure AD Connect sync, Azure AD Connect Health, and Azure AD Connect wizard.

Question 52

What are Managed Identities in Azure?

Answer 52

Provide Azure services with an automatically managed identity in Azure AD.

Question 53

What is the purpose of Azure Policy?

Answer 53

Enforces rules and effects over resources to ensure compliance.

Question 54

What is the default retention period for Azure VM backups?

Answer 54

30 days.

Question 55

What is the maximum retention period for logs in Azure Monitor?

Answer 55

730 days.

Question 56

What is the purpose of Azure Site Recovery?

Answer 56

Supports site-to-site recovery for Azure VMs, on-premises VMs, and physical servers.

Question 57

What is required for cross-region replication in Azure Site Recovery?

Answer 57

Both the primary and secondary regions must support the resource being replicated.

Question 58

What are the benefits of Azure Proximity Placement Groups?

Answer 58

Reduce latency by ensuring VMs are physically located close to each other.

Question 59

What is the maximum number of custom roles per directory in Azure?

Answer 59

5,000 custom roles.

Question 60

What permissions are required to create a custom role in Azure?

Answer 60

Microsoft.Authorization/roleDefinitions/write permission on all AssignableScopes.

Question 61

What is the maximum number of role assignments per management group?

Answer 61

500 role assignments.

Question 62

What is the maximum number of role assignments per subscription?

Answer 62

2,000 role assignments.

Question 63

What is the maximum number of custom roles in Azure Germany and Azure China 21Vianet?

Answer 63

2,000 custom roles per directory.

Question 64

What is a deny assignment in Azure?

Answer 64

A way to exclude service principals from accessing child scopes and is evaluated before role assignments.

Question 65

What are the different types of blobs in Azure Blob Storage?

Answer 65

Block Blobs, Page Blobs, and Append Blobs.

Question 66

What is the maximum size of a Block Blob in Azure?

Answer 66

4.75 TB.

Question 67

What is the maximum size of an Append Blob in Azure?

Answer 67

195 GB.

Question 68

What is the default retention period for Azure Blob Storage soft delete?

Answer 68

365 days.

Question 69

What is the function of Azure Key Vault?

Answer 69

Safeguards cryptographic keys and secrets used by cloud applications and services.

Question 70

What is the purpose of Azure AD Conditional Access?

Answer 70

Enforces access controls based on conditions such as user location, device state, and risk level.

Question 71

What is Azure Policy compliance evaluation cycle?

Answer 71

Evaluates resource compliance every 24 hours and triggers on resource changes.

Question 72

What is the purpose of Azure Cost Management and Billing?

Answer 72

Provides tools to monitor, allocate, and optimize cloud spending, and set budgets and alerts.

Question 73

What is Azure Reservations?

Answer 73

Allows pre-purchasing of resources at a discounted rate for a one- or three-year term.

Question 74

What is the purpose of Azure DevTest Labs?

Answer 74

Provides environments for testing and development with features to control costs and manage environments efficiently.

Question 75

What is Azure Sentinel?

Answer 75

Provides cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solutions.

Question 76

What is Azure AD Privileged Identity Management (PIM)?

Answer 76

Helps manage, control, and monitor access to important resources in Azure AD, Azure, and other Microsoft Online Services.

Question 77

What is the purpose of Azure Migrate?

Answer 77

A service that helps discover, assess, and migrate on-premises workloads to Azure.

Question 78

What is the maximum size of an ARM template?

Answer 78

4 MB.

Question 79

What is Azure Hybrid Use Benefit?

Answer 79

Allows you to use on-premises licenses for Azure VMs.

Question 80

What is the maximum number of disks supported by a VM in Azure?

Answer 80

256 disks per VM.

Question 81

What is Azure Bastion?

Answer 81

Provides secure RDP and SSH connectivity to VMs without a public IP.

Question 82

What is Azure DNS?

Answer 82

A hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure.

Question 83

What are the benefits of using Azure Automation?

Answer 83

Enables automation of frequent, time-consuming tasks.