1

If you delete a user account by mistake, can it be restored?
- A user account can be restored when it's deleted within the last 30 days. Go to the deleted user list to see the list of all of the deleted users.

2

What kind of account would you create to allow an external organization easy access?
- A guest user account restricts users to just the access they need.

3

What are user accounts in Azure Active Directory?
- In Azure Active Directory (Azure AD), all user accounts are granted a set of default permissions. A user's account access consists of the type of user, their role assignments, and their ownership of individual objects.

- There are different types of user accounts in Azure AD. Each type has a level of access specific to the scope of work expected to be done under each type of user account. Administrators have the highest level of access, followed by the member user accounts in the Azure AD organization. Guest users have the most restricted level of access.

4

Permissions and roles
- Azure AD uses permissions to help you control the access rights a user or group is granted. This is done through roles. Azure AD has many roles with different permissions attached to them. When a user is assigned a specific role, they inherit permissions from that role. For example, a user assigned to the User Administrator role can create and delete user accounts.

- Understanding when to assign the correct type of role to the right user is a fundamental and crucial step in maintaining privacy and security compliance. If the wrong role is assigned to the wrong user, the permissions that come with that role can allow the user to cause serious damage to an organization.

5

Administrator roles
- Administrator roles in Azure AD allow users elevated access to control who is allowed to do what. You assign these roles to a limited group of users to manage identity tasks in an Azure AD organization. You can assign administrator roles that allow a user to create or edit users, assign administrative roles to others, reset user passwords, manage user licenses, and more.

- If your user account has the User Administrator or Global Administrator role, you can create a new user in Azure AD by using either the Azure portal, the Azure CLI, or PowerShell. In PowerShell, run the cmdlet New-AzureADUser. In the Azure CLI, use az ad user create.

6

Member users
- A member user account is a native member of the Azure AD organization that has a set of default permissions like being able to manage their profile information. When someone new joins your organization, they typically have this type of account created for them.

- Anyone who isn't a guest user or isn't assigned an administrator role falls into this type. A member user is meant for users who are considered internal to an organization and are members of the Azure AD organization. However, these users shouldn't be able to manage other users by, for example, creating and deleting users. Member users don't have the same restrictions that are typically placed on guest users.

7

Guest users
- Guest users have restricted Azure AD organization permissions. When you invite someone to collaborate with your organization, you add them to your Azure AD organization as a guest user. Then you can either send an invitation email that contains a redemption link or send a direct link to an app you want to share. Guest users sign in with their own work, school, or social identities. By default, Azure AD member users can invite guest users. This default can be disabled by someone who has the User Administrator role.

- Your organization might need to work with an external partner. To collaborate with your organization, these partners often need to have a certain level of access to specific resources. For this sort of situation, it's a good idea to use guest user accounts. You'll then make sure partners have the right level of access to do their work, without having a higher level of access than they need.

8

Azure subscription
- An Azure subscription is abilling entity and security boundary.

- Azure subscriptions manage resources, limits, and provide the charges billed to the account owner.

- An Azure AD directory can be associated with multiple subscriptions, but a subscription is always tied to a single directory.

- True or False, an organization can have more than one Azure AD directory? True: While a single directory is created for the organization initially, more can be created to divide the security across boundaries.

9

When is a user considered registered for SSPR?
- When they've registered at least the number of methods that you've required to reset a password.

- A user is considered registered for SSPR when they've registered at least the number of methods that you've required to reset a password. You can set this number in the Azure portal.

10

Which Azure Service preserves data residency and offers comprehensive compliance and resiliency options?
- Regions preserve data residency and offer comprehensive compliance and resiliency options for customers.

11

The company financial comptroller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. Which is the best approach to meeting this requirement?
- Create a budget and a spending threshold. Billing Alerts will help monitor and manage billing activity for your Azure accounts. Budget thresholds can be evaluated and will be reset automatically at the end of a period.

12

How to design applications to handle connection failure in Windows Azure?
The Transient Fault Handling Application Block supports various standard ways of generating the retry delay time interval, including fixed interval, incremental interval (the interval increases by a standard amount), and exponential back-off (the interval doubles with some random variation).

13

What is Windows Azure Diagnostics?
Windows Azure Diagnostics enables you to collect diagnostic data from an application running in Windows Azure. You can use diagnostic data for debugging and troubleshooting, measuring performance, monitoring resource usage, traffic analysis and capacity planning, and auditing.

14

What is the difference between Windows Azure Queues and Windows Azure Service Bus Queues?
- Windows Azure supports two types of queue mechanisms: Windows Azure Queues and Service Bus Queues.

- Windows Azure Queues, which are part of the Windows Azure storage infrastructure, feature a simple REST-based Get/Put/Peek interface, providing reliable, persistent messaging within and between services.

- Service Bus Queues are part of a broader Windows Azure messaging infrastructure dead-letters queuing as well as publish/subscribe, Web service remoting, and integration patterns.

15

What is the use of Azure Active Directory?
Azure Active Directory is an identify and access management system. It is very much similar to the active directories. It allows you to grant your employee in accessing specific products and services within the network.

16

You are beginning to extend your on-premises data center into Azure. You have created a new Azure subscription and resource group called RG-One. You deploy two virtual machines into RG-One with the intent of promoting these to Active Directory domain controllers. What kind of cloud service would this be considered?
- Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet. Deploying virtual machines into an Azure subscription would be considered an IaaS service.

- Reference:IAAS

17

A company has set up an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Role-Based access control. Does this fulfill the requirement?
- Role-based access control can be used to restrict access to resources. But RBAC does not put any governance on what type of resources to create. If you need to limit the resource creation, like provision VM only of a particular SKU, you need to implement Azure policies.

-

- Reference:Role based access

18

ou are planning on purchasing Azure AD Premium for your Azure subscription. What is the SLA for this product?
- Per the Azure documentation: We guarantee at least 99.9% availability of the Azure Active Directory Basic and Premium services.

-

- Reference:Azure AD SLA

19

You currently have two Azure Pay-As-You-Go subscriptions. You would like to transfer billing ownership of the subscriptions to another account while moving the subscriptions into the other accounts Azure AD tenant. How can you accomplish this?
- In the Azure Portal, under Cost Management + Billing under Azure Subscriptions

- It is here that we can transfer billing ownership by clicking on the context menu for the subscription. We then select "Transfer billing ownership" and as part of the process, we can provide the email associated with the other account, and can also choose to move the subscription into the Azure AD tenant of the other account. This will move the subscription into the default Azure AD tenant of the destination account.

- Reference:Aure Billing

20

We want to be provide an Azure AD B2B guest user the ability to manage all resources inside of our DevRG resource group. We want to give them these abilities over managing all resources inside of this resource group and nothing more. What role would we assign to the user to accomplish this goal? Assume we are assigning the role to the DevRG scope.
- Contributor

- This role will allow us to give this guest user the ability to manage all resources inside of the DevRG resource group, and nothing more like manage role assignments. This is exactly what we need for our scenario. When assigning permissions we need to think the principle of least privilege.

21

A company has set up an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure locks. Does this fulfill the requirement?
- No

- Azure locks are used to prevent users from accidentally deleting or modifying critical resources. If you need to limit the resource creation, like provision VM only of a particular SKU, you need to implement Azure policies.

- Reference: Azure Lock Resources

22

-

-

- Reference: Azure

23

A company has set up an Azure subscription and a tenant. They want to ensure that only Virtual Machines of a particular SKU size can be launched in their Azure account. They decide to implement Azure policies. Does this fulfill the requirement?
- Yes, this can be done with Azure policies. There is also already an in-built policy which can implement this policy

-

- Reference: Azure Storage policies

24

A company is planning to use the Azure Import/Export service to move data out of its Azure Storage account. Which of the following service could be used when defining the Azure Export job?
- Only the BLOB service is supported by the Export job feature. This is also given in the Microsoft documentation.

- Reference: Azure Blob Storage

25

A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure policies to separate the bills department wise. Would this fulfill the requirement?
- No

- Azure policies are used from a governance perspective and can’t be used to create bills department wise.

- Reference: Azure Gov policies

26

A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure rolebased access control to separate the bills department wise. Would this fulfill the requirement?
- No

- This is used to control access to resources and can’t be used for billing purposes.

- Reference: Azure Role Based Access Control

27

A company is planning to use Azure for the various services they offer. They want to ensure that they can bill each department for the resources they consume. They decide to use Azure resource tags to separate the bills department wise. Would this fulfill the requirement?
- Yes

- Yes, you can use resource tags to organize your Azure resources and also apply billing techniques department wise. The Microsoft documentation mentions the following.

- Reference: Azure resource tags

1

Manage Azure Active Directory (Azure AD) objects
- create users and groups

- manage user and group properties

- manage device settings

- perform bulk user updates

- manage guest accounts

- configure Azure AD join

- configure self-service password reset

2

Manage role-based access control (RBAC)
- create a custom role

- provide access to Azure resources by assigning roles at different scopes

- interpret access assignments

3

Manage subscriptions and governance
- configure Azure policies

- configure resource locks

- apply and manage tags on resources

- manage resource groups

- manage subscriptions

- manage costs

- configure management groups