Identity and Governance Flashcards
What role is required to create new cloud-only users in Azure AD using the CLI?
Global Administrator or User Administrator.
Can a group in Azure AD contain service principals?
Yes.
What license is required to create a dynamic group in Azure AD?
Premium AD license.
What role must you be assigned to enable or disable devices in Azure AD?
Global Administrator.
What happens when a device is disabled in Azure AD?
It prevents the device from accessing Azure AD resources.
Who can invite guests to Azure AD by default?
All users and admins.
Which option should be used for personal devices in Azure AD?
Device registration.
Which option should be used for corporate-owned devices in Azure AD?
Device joining.
Which option should be used for devices that are joined to on-premises Active Directory and Azure AD?
Hybrid AD joined.
What editions of Azure AD include password change for cloud-only users?
All editions.
What editions of Azure AD support password reset for cloud-only users?
Microsoft 365 Business Standard, Microsoft 365 Business Premium, Azure AD Premium P1, Azure AD Premium P2.
What editions of Azure AD support password change/unlock/reset for hybrid users?
Microsoft 365 Business Premium, Azure AD Premium P1, Azure AD Premium P2.
What is the difference between RBAC roles and Azure AD administrative roles?
RBAC roles manage access to Azure resources; Azure AD roles manage identity tasks.
What permission is required to create a custom role in Azure?
Microsoft.Authorization/roleDefinitions/write permission.
How are deny assignments created in Azure IAM blades?
By applying a resource lock through Azure Blueprints.
What is the purpose of a CanNotDelete lock in Azure?
It prevents the deletion of a resource.
What is the purpose of a ReadOnly lock in Azure?
It prevents users from modifying a resource.
Can resource locks be applied to a subscription?
Yes.
Are resource locks inherited by child resources in Azure?
Yes.
What is required for tags to be visible in detailed usage exports in Azure?
Tags must be applied at the resource scope.
Can a resource group be nested within another resource group in Azure?
No.
Can a resource be moved from one resource group to another in Azure?
Yes.
What must be true for subscriptions to move resources between them?
Both subscriptions must be associated with the same Azure AD tenant.
What happens to resources during a move operation in Azure?
They are locked, blocking write and delete operations, but the underlying service continues to function.
What is required to move a subscription to a new Azure AD tenant?
Transfer ownership of the subscription to another account.
What is the maximum number of custom roles per directory in Azure AD?
5,000 custom roles.
What is the maximum number of role assignments per subscription in Azure AD?
2,000 role assignments.
What is the maximum number of role assignments per management group in Azure AD?
500 role assignments.
What is the limit for the maximum number of objects synchronized using Azure AD Connect?
50,000 objects by default.
How many NSG rules can you have per NSG in Azure?
1,000 NSG rules.
What is the maximum number of private endpoints per VNet in Azure?
1,000 private endpoints.
What is the maximum number of storage accounts per region per subscription in Azure?
250 storage accounts.
What is the maximum size of a file in Azure Files?
1 TiB.
What is the maximum number of keys per Azure Key Vault?
4,096 keys.
What is the maximum number of secrets per Azure Key Vault?
10,000 secrets.
What is the maximum number of certificates per Azure Key Vault?
2,000 certificates.