Module 11 Flashcards

1
Q

Resource groups are a fundamental element of Azure, what do they do

A

Logically contain all your resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of resources must be in a resource group

A

All resources must be part of a resource group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can resources be moved between resource groups

A

Many resources can be moved between resources groups however some have limitations of requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Can resource groups be nested

A

No - Resource groups cannot be nested

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Resource groups exist to manage and organise resource - what are some of the ways you can use them to provide order/organisations

A

By placing resources of similar; Usage, Type or location in the groups together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When and why is it useful to organise resource groups by life cycle

A

Deleting a resource group deletes all resources contained within

Organising by life cycles can be useful for dev and test environments where you might experiment then dispose of when done

RGs make it easy to remove a set of resources in one go.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When and why is it useful to to organise resource groups by Authorization

A

RGS are also a scope for applying RBAC permissions

RBAC permissions allow you to easily admini and limit access to allow only what is needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you create a resource group

A

Via Portal, PowerShell, CLI, Templates or SDKs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If you use a resource group to organise for billing, how might this be helpful

A

Putting resources in the same RG is a way to group for usage in billing reports

To understand how costs are distributedin Azure, group them by resource is a way to filter and sort data to better understand where costs are allocated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What method could you use to organise a resource with multiple purposes.
What method allows for good search and filter or resources

A

Tagging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are tags

A

Name/Value Pairs of data you can apply to resources and Resource Group, to associate custom details about your resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How many tags can a resource have

A

A resource can have 50 tags

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the name of a tag limited to

A

The name of a tag is limited to 512 characters, (except storage accounts where limited to 128 characters)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the value or a tag limited to

A

Tag values limited to 256 characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True Or False, All resources support tags and they are inherited

A

FALSE: Tags are not inherited AND Not all resource types support tags (i.e. classic resources cannot have tags applied)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can you manipulate tags

A

Portal, CLI, PowerShell, Resource Manager Templates, RestAPI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What can enforce tags and what sort of rule might you want to enforce

A

Azure Policy can enforce tags and a good example would be requiring a value for a dept tag when deploying a resource to a certain RG

18
Q

Can tags be added to existing resources

A

Yes, tags can be added to existing resources or added at the point of creation

19
Q

How can you use tags to filter your resources

A

Go to all resources, Select add filter, In tags select the tag name then the tag value

20
Q

What does the Azure Policy Service allow you to do

A

Allows you to create, assign and manage polices, to enforce rules your resources need to follow

21
Q

When/What are polices evaluated/enforced against

A

Polices can enforce when resources are created and be evaluated against existing resources

22
Q

What are some common things a policy might enforce

A

Polices can enforce things like -specific types of resource being created or only creating resources in certain regions. Can enforce naming conventions or specific tags to be applied to resources

23
Q

What is the process for creating a policy

A

Define a policy through the Policy authoring menu
Set the definition location and name the policy.
Use JSON to define policy rules

24
Q

How do you enforce a policy you have created

A

To enforce policy you need to create an assignment.

In assign policy pane, assign policy to your desired scope

25
Q

Azure Policy ensures employees with Azure access follow standards, what service aims to solve how to protect those resources once deployed

A

RBAC (Role Based Access Control)

26
Q

How much does the RBAC service cost

A

RBAC is considered a core service and is included in all subscriptions at No Cost

27
Q

What does RBAC provide

A

RBAC provides fine grained access management enabling you to grant users specific rights required to perform there job

28
Q

Where can you view permissions for a resource as well as GRANT or REMOVE access

A

Via the Access Control (IAM) panel for the resource in question

29
Q

How does RBAC define access

A

RBAC defines access using an allow model,

When you are assigned a role, RBAC allows you to perform specific actions (Read/Write/Delete etc)

N.B. If one role grants read and another grants write you will have both read and write

30
Q

What are the best practices for using RBAC

A
  • Segregate duties, grant only amount of access required for each users to perform their job
  • Do not give everyone unrestricted access, only allow specific actions at a specific scope
  • Grant lowest privellige required to user to do there work
  • Use Resource locks to ensure critical resources are not deleted or modifed
31
Q

What can you user to prevent accidents of users with good intentions of clearing up resources resulting in accidental deletion of resources critical to other systems

A

Resource Locks

32
Q

What is a resource lock

A

Setting applied to any resource to block modification or deleteion

33
Q

What are the two options for resource locks

A

Resource locks can be set to DELETE or READ ONLY

34
Q

What does the delete setting of a resource lock do

A
  • Delete allows all operations against resources but prohibits deletion
35
Q

What does the read only setting or a resource lock do

A

Read only will only allow read activity to be performed

36
Q

At what scopes can resource locks be applied, and do they inherit when applied at higher levels

A

Can be applied to subscriptions, RGs, or resources and are inherited when applied at higher levels

37
Q

What is something to be aware of when using a resource lock, if you start seeing odd effects

A

A read only resource lock can have unexpected results as operators that appear to be read only sometimes do additional actions. E.G. Read only on storage account prevents all users listing keys as this operation is handled by a post request as returned keys are available for write operations.

38
Q

What needs to happen before you can do the denied activity by a resource lock

A

Remove the resource lock

39
Q

Which RBAC permissions do resource locks not apply to

A
  • Resource locks apply regardless of any RBAC permissions

- Even an owner must remove the lock before performing locked activity

40
Q

Where do you create a resource lock

A

At the scope you wish to apply it within Settings and Locks

41
Q

In practice where should you apply resource locks

A
  • Use resource locks to protect key pieces of azure that would have large impact if removed (e.g. Express Route Circuits, vNets, Critical DBs, Domain Controllers
  • Evaluate Resources + Apply locks where you would like extra protection.