AZ-104 Topic 2 - Question Set 2 Flashcards
You have an Azure subscription named Subscription1 that contains a resource group named RG1.
In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.
You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
To Add a Backend Pool to LB1
To Add a health probe to LB2
Network Contributor on LB1
Network Contributor on LB2
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
From contoso.com, create an OAuth 2.0 authorization endpoint.
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Microsoft 365 group that uses the Assigned membership type
Microsoft 365 group that uses the Dynamic User membership type
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table:
User3 is the owner of Group1.
Group2 is a member of Group1.
You configure an access review named Review1 as shown in the following exhibit:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
In order
User3 can perform an access review of User1 = No
User1 is a Member and not a Guest Account, Access Review specified Guests only.
User3 can perform an access review of UserA = No
User1 is a Member and not a Guest Account, Access Review specified Guests only.
User3 can perform an access review of UserB = Yes
HOTSPOT -
You have the Azure management groups shown in the following table:
You add Azure subscriptions to the management groups as shown in the following table:
You create the Azure policies shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
No - Tenant Root not allowed
No - Azure policy is a Strict Deny system, Any deny policy on top level is not overridden by lower level allows. Since you are not allowed to create a VNet you can’t create a VM without a VNet.
No- you don’t add a subscription group which is already assigned to other .
You have an Azure policy as shown in the following exhibit:
What is the effect of the policy?
You can create Azure SQL servers in ContosoRG1 only
