AZ-104: Manage identities and governance in Azure Microsoft Quiz Answers

Get AZ-104: Manage identities and governance in Azure Microsoft Quiz Answers

Learn how to manage Azure Active Directory objects, role-based access control (RBAC), subscriptions, and governance in Azure.

Here are the learning paths in the AZ-104 Azure Administrator series:

• AZ-104: Prerequisites for Azure administrators
• AZ-104: Manage identities and governance in Azure
• AZ-104: Implement and manage storage in Azure
• AZ-104: Deploy and manage Azure compute resources
• AZ-104: Configure and manage virtual networks for Azure administrators
• AZ-104: Monitor and back up Azure resources

This learning path helps prepare you for Exam AZ-104: Microsoft Azure Administrator.

Prerequisites:

• Azure Fundamentals Part 1: Describe core Azure concepts
• Azure Fundamentals Part 2: Describe core Azure services
• Azure Fundamentals Part 3: Describe core solutions and management tools on Azure
• Azure Fundamentals Part 4: Describe general security and network security features
• Azure Fundamentals Part 5: Describe identity, governance, privacy, and compliance features
• Azure Fundamentals Part 6: Describe Microsoft Cost Management and service level agreements
• AZ-104: Prerequisites for Azure administrators

Enroll on Microsoft

Module 1: Configure Azure Active Directory

You will learn how to configure Azure Active Directory including features like AD Join and Self-Service Password Reset.

Learning objectives:

After completing this module, you will be able to:

• Identify the features and uses of Azure Active Directory.
• Define the main Azure Active Directory components such as identity, account, and tenant.
• Compare Azure Active Directory to Azure Directory Domain Services.
• Identify features of Azure Active Directory editions.
• Identify features and usage cases for Azure AD Join.
• Identify features and usage cases for Self-Service Password Reset.

Prerequisites:

None

Quiz 1: Knowledge check

Q1. Which of the following correctly describes Azure Active Directory?

• Azure AD can be queried through LDAP.
• Azure AD is primarily an identity solution
• Azure AD uses Organizational Units (OUs) and Group Policy Objects (GPOs).

Q2. A dedicated and trusted instance of Azure Active Directory is often referred to as?

• An Azure tenant
• An Azure identity
• An Azure Active Directory account

Q3. Your users want to sign-in to devices, apps, and services from anywhere. Users want to sign-in using an organizational work or school account instead of a personal account. What should you do first?

• Enable the device in Azure AD.
• Join the device to Azure AD.
• Register the device with Azure AD.

Module 2: Configure user and group accounts

Learn how to configure user and group accounts.

Learning objectives:

In this module, you learn how to:

• Configure users accounts and user account properties.
• Create new user accounts.
• Import bulk user accounts with a template.
• Configure group accounts and assignment types.

Prerequisites:

None

Quiz 1: Knowledge check

Q1. What type of user account allows an external organization to access your resources?

• A Contributor user account for each member of the team.
• An administrator account for each member of the team.
• A guest user account for each member of the external team.

Q2. What kind of group account can you create so you can apply the same permissions to all group members?

• Security group
• Azure AD bulk group
• Microsoft 365 group

Q3. Which Azure AD role enables a user to manage all groups in your Teams tenants, and also assign other admin roles?

• Global administrator
• Security administrator
• User administrator

Module 3: Configure subscriptions

Learn how to configure Azure subscriptions, including how to obtain a subscription, implement cost management, and apply Azure resource tags.

Learning objectives:

In this module, you learn how to:

• Determine the correct region to locate Azure services.
• Review features and use cases for Azure subscriptions.
• Obtain an Azure subscription.
• Understand billing and features for different Azure subscriptions.
• Use Microsoft Cost Management for cost analysis.
• Discover when to use Azure resource tagging.
• Identify ways to reduce costs.

Prerequisites:

None

Quiz 1: Knowledge check

Q1. The company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. Which approach supports this request?

• Create an Azure reservation.
• Create a budget and a spending threshold.
• Create a management group.

Q2. The company financial controller wants to identify which billing department each Azure resource belongs to. Which approach enables this requirement?

• Track resource usage in a spreadsheet.
• Place the resources in different regions.
• Apply a tag to each resource that includes the associated billing department.

Q3. Which option preserves data residency, and offers comprehensive compliance and resiliency options?

• Azure Active Directory (Azure AD) Account
• Regions
• Subscriptions

Module 4: Configure Azure Policy

Learn how to configure Azure Policy to implement compliance requirements.

Learning objectives:

In this module, you learn how to:

• Create management groups to target policies and spending budgets.
• Implement Azure Policy with policy and initiative definitions.
• Scope Azure policies and determine compliance.

Prerequisites:

None

Quiz 1: Knowledge check

Q1. There are several Azure policies that need to be applied to a new branch office. What’s the best approach?

• Create a management group
• Create a policy initiative
• Create a policy definition

Q2. To satisfy the finance team’s request for billing by department, multiple resource groups have been created and the resource tags applied. What’s the next step?

• Create a management group
• Create an Azure policy
• Review the Azure Policy compliance page

Q3. How can you ensure that only cost-effective virtual machine SKU sizes are deployed?

• Periodically inspect the deployment to see which SKU sizes are used
• Create an Azure RBAC role that defines the allowed virtual machine SKU sizes
• Create a policy in Azure Policy that specifies the allowed SKU sizes

Q4. Which option can you use to manage governance across multiple Azure subscriptions?

• Azure initiatives
• Resource groups
• Management groups

Module 5: Configure role-based access control

You will learn how to use role-based access control to ensure resources are protected, but users can still access the resources they need.

Learning objectives:

After completing this module, you will be able to:

• Identify the features and usage cases for role-based access control.
• List and create role definitions.
• Create role assignments.
• Identify the differences between Azure role-based access control and Azure Active Directory roles.
• Manage access to subscriptions using role-based access control.
• Review the built-in Azure role-based access control roles.

Prerequisites:

None

Quiz 1: Knowledge check

Q1. There are three virtual machines (VM1, VM2, and VM3) in a resource group. The Helpdesk hires a new employee. The new employee must be able to modify the settings on VM3. The employee must not be able to make changes on VM1 and VM2. Which of following meets the requirements and minimizes administrative overhead?

• Assign the user to the Contributor role on the resource group.
• Assign the user to the Contributor role on VM3.
• Move VM3 to a new resource group and assign the user to the Owner role on VM3.

Q2. What’s the main difference between Azure roles and Azure Active Directory roles?

• Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains.
• Azure roles can be assigned at the root level.
• Azure AD roles are used to manage access to Azure resources.

Q3. What is included in a custom Azure role definition?

• Operations allowed for Azure resources and the scope of permissions
• The assignment of a custom role
• Actions and DataActions operations scoped to the tenant level

Module 6: Create Azure users and groups in Azure Active Directory

Create users in Azure Active Directory. Understand different types of groups. Create a group and add members. Manage business-to-business guest accounts.

Learning objectives:

In this module, you will:

• Add users to Azure Active Directory.
• Manage app and resource access by using Azure Active Directory groups.
• Give guest users access in Azure Active Directory business to business (B2B).

Prerequisites:

• None

Quiz 1: What are user accounts in Azure Active Directory?

Q1. If you delete a user account by mistake, can it be restored?

• When a user account is deleted, it’s gone forever and can’t be restored.
• The user account can be restored, but only if it was created within the last 30 days.
• The user account can be restored, but only if it was deleted within the last 30 days.

Q2. What kind of account would you create to allow an external organization easy access?

• A guest user account for each member of the external team.
• An external account for each member of the external team.
• An administrator account for each member of the external team.

Module 7: Secure your Azure resources with Azure role-based access control (Azure RBAC)

Learn how to use Azure RBAC to manage access to resources in Azure.

Learning objectives:

In this module, you will:

• Verify access to resources for yourself and others
• Grant access to resources
• View activity logs of Azure RBAC changes

Prerequisites:

• Knowledge of basic Azure concepts, such as the Azure portal and resource groups

Quiz 1: Knowledge check – What is Azure RBAC?

Q1. What is a role definition in Azure?

• A collection of permissions with a name that is assignable to a user, group, or application
• The collection of users, groups, or applications that have permissions to a role
• The binding of a role to a security principal at a specific scope, to grant access

Q2. Suppose an administrator wants to assign a role to allow a user to create and manage Azure resources but not be able to grant access to others. Which of the following built-in roles would support this?

• Owner
• Contributor
• Reader
• User Access Administrator

Q3. What is the inheritance order for scope in Azure?

• Management group, Resource group, Subscription, Resource
• Management group, Subscription, Resource group, Resource
• Subscription, Management group, Resource group, Resource
• Subscription, Resource group, Management group, Resource

Quiz 2: Knowledge check – Using Azure RBAC

Q1. Suppose a team member can’t view resources in a resource group. Where would the administrator go to check the team member’s access?

• Check the team member’s permissions by going to their Azure profile > My permissions.
• Go to the resource group and select Access control (IAM) > Check Access.
• Go to one of the resources in the resource group and select Role assignments.

Q2. Suppose an administrator in another department needs access to a virtual machine managed by your department. What’s the best way to grant them access to just that resource?

• At the resource scope, create a role for them with the appropriate access.
• At the resource group scope, assign the role with the appropriate access.
• At the resource scope, assign the role with the appropriate access.

Q3. Suppose a developer needs full access to a resource group. If you are following least-privilege best practices, what scope should you specify?

• Resource
• Resource group
• Subscription

Q4. Suppose an administrator needs to generate a report of the role assignments for the last week. Where in the Azure portal would they generate that report?

• Search for Activity log and filter on the Create role assignment (roleAssignments) operation.
• At the appropriate scope, go to Access control (IAM) > Download role assignments.
• At the appropriate scope, go to Access control (IAM) > Role assignments.

Module 8: Allow users to reset their password with Azure Active Directory self-service password reset

Evaluate self-service password reset to allow users in your organization to reset their passwords or unlock their accounts. Set up, configure, and test self-service password reset.

Learning objectives:

In this module, you will:

• Decide whether to implement self-service password reset.
• Implement self-service password reset to meet your requirements.
• Configure self-service password reset to customize the experience.

Prerequisites:

• Basic understanding of Azure Active Directory

Quiz 1: What is self-service password reset in Azure Active Directory?

Q1. When is a user considered registered for SSPR?

• When they’ve registered at least one of the permitted authentication methods
• When they’ve registered at least the number of methods that you’ve required to reset a password
• When they’ve set up the minimum number of security questions

Q2. When you enable SSPR for your Azure AD organization…

• Users can only change their password when they’re signed in
• Admins can reset their password by using one authentication method
• Users can reset their passwords when they can’t sign in

Conclusion:

I hope this AZ-104: Manage identities and governance in Azure Microsoft Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions