Skill 1.3 Manage Subscriptions and Governance

Question 1

What is a resource in Azure

Answer 1

A single service instance, which can be a virtual machine, a virtual network, a storage account or any other Azure Service

Question 2

What are resource groups

Answer 2

logical groupings of resource or those single-service instances

Question 3

How many resource groups can a resource exist in

Answer 3

one resource group that cannot be renamed

Question 4

What is Azure Policy

Answer 4

Azure Service that can be used to create, assign, and manage policies that enforce governance in your Azure Environment

Question 5

What does Azure Policy include

Answer 5

application of rules that allow or deny a given resource type,
apply tags automatically, and
even enforce data sovereignty

Question 6

What provides a mechanism to express how the environment is governed for all users at a specified scope regardless of RBAC assignments

Answer 6

Azure Policy

Question 7

What does Azure RBAC default to for access

Answer 7

default deny with an explicit allow mechanism, whearas Policy is default allow mechanism with an explicit deny system

Question 8

What does azure policy definition do

Answer 8

describes your desired behavior for Azure resources at the time resources are created or updated.

Question 9

What do you declare though a policy definition

Answer 9

what resources and resource features are considered compliant within your Azure environment and what should happen when a resource is non-compliant

Question 10

What are the four Azure Policy Scope

Answer 10

Management Groups
Subscriptions
Resource Groups
Resource

Question 11

What do excluded scopes do

Answer 11

Allow you to model your environment with rich devalrations in the form of Policy definitions that are applied exactly as required by your organizations governance needs.

Question 12

What are Azure Resource Locks

Answer 12

They are used to prevent the accidental deletion or modification of resources.

Question 13

What are the two resource lock types

Answer 13

CanNotDelete
ReadOnly

Question 14

What does the CanNotDelete Resource Lock do

Answer 14

Prevents the deletion of a resource. it only prevents deletion but not the modification

Question 15

What does a ReadOnly Resource lock do

Answer 15

Prevents users from modifying a resource including updating or deleting

Question 16

What can resource locks be applied to

Answer 16

A subscription, resource group, and resource scopes

Question 17

What do resource tags do?

Answer 17

allow you to apply custom metadata to your Azure resources to logically organize them and to build out custom taxonomies.

Question 18

What is a resource tag

Answer 18

A name and a value

Question 19

What are some common tag types

Answer 19

environment with which a resource is associated, a cost center or billing code, and resource owner

Question 20

Where must tags be applied

Answer 20

At the resource scope to be visible in detailed usage exports. Tags applied the resource group scope are not inherited by child resources

Question 21

What access is needed to apply tags to a subscription, resource group, or resource

Answer 21

Write Access (Contributor Role or higher)

Question 22

Can tags be applied in both a imperative and declarative manner

Answer 22

yes

Question 23

What is required for tags to be applied to all resources

Answer 23

Because tags do not have inheritance you have to individually tag all resources in a resource group

Question 24

What values can be used with the Update-AzTag Command

Answer 24

Replace – replaces the specified tags in the listed resources
Merge – Merges the newly specified tags with the existing ones and overrides the conflicts for the listed resources
Delete – Deletes the specified tags from the listed resources

Question 25

Are resources locked when moving from one resource group to another

Answer 25

yes

Question 26

What requirements must be met to move resources between subscriptions

Answer 26

The subscriptions must be associated with the same resource tenant

Question 27

How many resources can be moved with a single move operation

Answer 27

800

Question 28

Where can a resource group be deleted from

Answer 28

Azure Portal, Azure Powershell, the Azure CLI, or the REST API

Question 29

What controls do Azure Subscriptions have available to govern access to resources

Answer 29

Quotas and Tagging for Costs,
Azure Policy to govern the resources allowed in an environment

Question 30

What access to Classic Subscription Administrators have access to

Answer 30

Full Access to an Azure Subscription with the ability to manage resources through the Azure Portal, Resource Manage API’s

Question 31

The account that is signed up for an Azure Subscription is automatically set at what

Answer 31

Account Administrator and Service Administrator

Question 32

Who can create a new Azure subscription and make billing changes

Answer 32

The account administrator

Question 33

How many account administrators can there be per account

Answer 33

one

Question 34

How many service administrators can there be per subscription

Answer 34

one

Question 35

What is the difference between a co-administrator and a service administrator

Answer 35

There can be 200 co-administrators but they cannot change the association of subscriptions

Question 36

What role does a Service Administrator and a Co-Administrator have equivelant access to

Answer 36

Owner

Question 37

What are the Azure RBAC roles

Answer 37

Owner
Contributor
Reader

Question 38

What access does a Azure RBAC owner have access to

Answer 38

Fulll access to all resources and can delegate access to others. The service administrator and Co-Administrators are assigned the owner role at the subscription scope. Applies to all resource types

Question 39

What does an Azure RBAC owner have permissions to do

Answer 39

Full access to all resources. Delegate access to others. The service administrator and Co-Administrators are assigned the Owner role at the subscription scope. Applies to all resource types

Question 40

What does the Aure RBAC Contributer have access to do

Answer 40

Create and Manage all types of Azure resources. Cannot grant access to others. Applies to all resource types

Question 41

What does Azure RBAC reader role have access to

Answer 41

View Azure resources

Question 42

What does the Azure RBAC User Access Administrator have access to do?

Answer 42

Manage User Access to all resources

Question 43

What do management groups allow

Answer 43

they allow you to apply governance across subscriptions, including the application of common RBAC controls and the application of Azure policy

Question 44

What are the benefits of Azure management groups

Answer 44

Reduce Overhead
Enforcement
Reporting

Question 45

Who inherits RBAC applied at the management group

Answer 45

All child resources within the scope of the management group

Question 46

What are Azure Resource Quotas

Answer 46

Used to view the consumption and usage of resources within an Azure subscription and understand how that consumption can be affected by azure resource limits

Question 47

What are Azure Spending Quotas

Answer 47

allow administrators to set alerts within an Azure subscription by configuring budgets to inform the business when there azure spending has hit a certain threshold. It does not stop resources from being created or consumed.

Question 48

What are resource limits

Answer 48

They can be used to stop a resource from being created.

Question 49

What is submitting a request to increase a quota

Answer 49

Submitting a request to Microsoft

Question 50

How can you view resource consumption within a subscription against a resource quota

Answer 50

With powershell

Question 51

What are Azure Cost Management budgets

Answer 51

Provide Azure Customer subscriptions under many offer types with the ability to proactively manage cost and monitor azure spend over time at a subscription level.

Question 52

What rights must a user have to view Azure Budgets

Answer 52

Reader rights (Read Access) to the subscription

Question 53

What rights must a user have to create and manage budgets

Answer 53

Contributor or higher

Question 54

What are two specialized roles that can be used to grant principals access to data

Answer 54

Cost Management Contributor
Cost Management Reader

Question 55

What Scopes can budgets be created at

Answer 55

Subscription
Management Group
Resource Group SCope

Question 56

What are Action Groups

Answer 56

A collection of notification preferences

Question 57

What is Cost Management

Answer 57

Includes features for performing cost analysis,
setting per-subscription budgets and alerts,
setting recommendations for optimization
Exporting cost management data to performs deeper analysis

Question 58

What is cost management service dictated by

Answer 58

Scopes

Question 59

What is required to view cost management

Answer 59

Read Access

Question 60

What are the two ways to export a template

Answer 60

Export from a resource group or resource
Save from history