40 Questions
What is the effect of inheriting a deny policy?
It overrides any allowed permissions
Where can virtual networks be created?
At any management group level
What is required to create Virtual Machines on a Management Group?
The required RBAC permissions
Can subscriptions be moved between Management Groups?
Yes, provided the user has the required RBAC permissions
What is the effect of the policy in Exhibit?
You are prevented from creating Azure SQL servers anywhere in Subscription 1
What is the purpose of Management Groups?
To organize subscriptions
What is required to move a subscription between Management Groups?
The required RBAC permissions
What is the effect of inheriting an allow policy?
It overrides any deny policies
What is the purpose of verifying your custom domain name on the Fabrikam - Custom domain names page?
To ensure your custom domain is properly registered and valid for Azure AD
Which of the following record types can be used to verify a custom domain name for Azure AD?
Both TXT and MX
What role should you assign to the Developers group to provide them with the ability to create Azure logic apps?
Logic App Contributor role
What is the primary function of the DevTest Labs User role?
Connect, start, restart, and shutdown virtual machines
What is the purpose of the Azure AD tenant named Adatum?
To contain a group named Developers
What is the name of the resource group in Subscription1 that you need to provide the Developers group with access to?
Dev
What is the correct sequence of steps to verify a custom domain name for Azure AD?
Select the custom domain name, then select Verify
What is the primary goal of providing the Developers group with the ability to create Azure logic apps?
To manage Azure logic apps
What is the first step in an import job?
Attach an external disk to Server1 and then run waimportexport.exe
What is the purpose of the WAImportExport tool?
To copy data to disk drives.
What is required to be provided during job creation?
Return address and carrier account number for shipping the drives back.
What happens to the drives after they are received at the Azure data center?
They are processed and the data is imported to Azure storage.
What is the purpose of the drive journal files?
To track the delivery of the drives.
What is the purpose of Server1 and Server2 in Azure File Sync?
To register as a server endpoint.
What is the cloud endpoint of Group1 in Azure File Sync?
Share1
What is the server endpoint of Group1 in Azure File Sync?
D:\Folder1
Where can a Log Analytics workspace be created in relation to the location and subscription of your vaults?
In a different location and subscription than your vaults
What type of storage account is used to host premium file shares?
FileStorage account
Which storage accounts can be used to host premium file shares?
contoso101, contoso102, and contoso103 only
What is the purpose of the net use command in relation to file shares?
To connect to file shares
What access does the IP 193.77.134.1 have on the SAS?
Will have no access
What is the purpose of a shared access signature (SAS)?
To grant temporary access to a file share
Which storage accounts can be used to host standard file shares?
Any of the above
What is the purpose of a Log Analytics workspace?
To analyze and report on data from Azure resources
What is a requirement for a sync group in Azure File Sync?
It must contain one cloud endpoint and one or more server endpoints.
What is the purpose of a cloud endpoint in Azure File Sync?
To represent an Azure file share.
What is the name of the Azure Storage account in the given scenario?
contosostorage
What is the UNC path for accessing files from the data file share?
\contosostorage\file.core.windows.net\data
What command should you run to create a container named vmimages?
az storage container create vmimages
What is the purpose of a server endpoint in Azure File Sync?
To represent a server or a cluster of servers.
What is required to create a sync group in Azure File Sync?
One cloud endpoint and one or more server endpoints.
What is the name of the file share in the given scenario?
data
Study Notes
Azure Management Groups
- Management groups are used to organize Azure subscriptions and resources
- A subscription can be moved between management groups if the user has the required RBAC permissions
- Virtual networks are not allowed at the root and are inherited, deny overrides are allowed
Azure Policies
- Azure policies can be created to manage Azure resources
- Policies can be used to allow or deny specific actions on Azure resources
- For example, a policy can be created to prevent the creation of Azure SQL servers in a specific subscription or resource group
Azure Logic Apps
- Logic App Contributor role is required to manage logic apps, but not to access them
- Developers group needs the Logic App Contributor role to create logic apps in the Dev resource group
Azure Data Import/Export
- Import job involves attaching an external disk to a server, copying data to disk drives, encrypting the disk drives, and shipping the drives to an Azure data center
- The WAImportExport tool is used to copy data to disk drives
- The import job is created in the Azure portal, and the drives are shipped to the Azure data center for processing
Azure File Sync
- Azure File Sync is used to sync files between on-premises servers and Azure file shares
- A sync group must contain one cloud endpoint, which represents an Azure file share, and one or more server endpoints
- Server endpoints can be added to the sync group, and files can be synced between the servers and the Azure file share
Azure Storage Accounts
- An Azure storage account can contain multiple file shares
- A UNC path is used to reference files in a file share, in the format \.file.core.windows.net\
- A container can be created in a storage account using the Azure CLI
Shared Access Signatures (SAS)
- A SAS is a URI that grants limited access to a resource in a storage account
- A SAS can be created with specific permissions and a specific duration
- A SAS can be used to grant access to a file share or container in a storage account
Test your knowledge of Azure management groups and policies. Learn how to add subscriptions and create policies in Azure.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free