CIS131 Lecture Knowledge Check

You are assigning Azure AD roles. Which role will allow the user to manage all the groups in your Teams tenants and be able to assign other administrator roles? Select one.

Global administrator

You are configuring Self-service Password Reset. Which of the following is not a validation method? Select one.

A paging service.

If you delete a user account by mistake, can it be restored? Select one.

The user account can be restored, but only when it’s deleted within the last 30 days.

Your company hires a new IT administrator. She needs to manage a resource group with first-tier web servers including assigning permissions. However, she should not have access to other resource groups inside the subscription. You need to configure role-based access. What should you do? Select one.

Assign her as a Resource Group Owner.

Suppose a team member can’t view resources in a resource group. Where would the administrator go to check the team member’s access? Select one.

Go to the resource group and select Access control (IAM) Role assignments.

A user who had Owner access to a subscription is leaving the company. No one else has access to this subscription. How can you grant another employee access to this subscription? Select one.

Use the Azure portal to elevate your own access.

Your company wants to allow some users to control the virtual machines in each environment. These users should be prevented from modifying networking and other resources in the same resource group or Azure subscription. What should you do? Select one.

Create a role assignment through Azure RBAC

What’s included in a custom Azure role definition? Select one.

Operations allowed for Azure resources and the scope of permission

In a typical project, when would you create your storage account(s)?

At the beginning, during project setup.

Which of the following replicates your data to a secondary region, maintains six copies of your data, and is the default replication option? Select one.

Read-access geo-redundant storage

You are using blob storage. Which of the following is true? Select one.

You can switch between hot and cool performance tiers at any time.

You are planning a delegation model for your Azure storage. The company has issued the following requirement for Azure storage access: -Apps in the non-production environment must have automated time-limited access. You need to configure storage access to meet the requirements. What should you do?

Use shared access signatures for the non-production apps.

You need to provide a contingent staff employee temporary read-only access to the contents of an Azure storage account container named media. It is important that you grant access while adhering to the security principle of least-privilege. What should you do? Select one.

Generate a shared access signature (SAS) token for the container.

What does the term identity mean? Select one.

Something that can be authenticated. It can be a user, application, service, or anything that needs to be identified.

A dedicated and trusted instance of Microsoft Entra ID is referred to as:

An Azure tenant

You would like to add a user who has a Microsoft account to your subscription. Which type of user account is this? Select one.

Guest Use

Which of the following is not true about the Cloud Shell?

Cloud Shell is assigned multiple machines per user account.

You are managing Azure locally using PowerShell. You have launched the app as an Administrator. Which of the following commands would you do first?>

Connect-AzAccount

What do you need to install on your machine so you can execute Azure CLI commands locally? Select one.

Only the Azure CLI

What needs to be installed on your machine to let you execute Azure PowerShell cmdlets locally? Select one.

The base PowerShell product and the AZ module

Which parameter can you add to most CLI commands to get concise, formatted output? Select one.

table

You have a new Azure subscription and need to move resources to that subscription. Which of the following resources cannot be moved? Select one.

Tenant

You are reviewing your virtual machine usage. You notice that you have reached the limit for virtual machines in the US East region. Which of the following provides the easiest solution? Select one.

Request support increase your limit

You are planning to deploy several Linux VMs in Azure. The security team issues a policy that Linux VMs must use an authentication system other than passwords. You need to deploy an authentication method for the Linux VMs to meet the requirement. Which authentication method should you use? Select one.

SSH key pair

You are administering a production web app. The app requires scaling to five instances, 40GB of storage, and a custom domain name. Which App Service Plan should you select? Select one.>

Standard

To configure an autoscale trigger based on average response time, you should select …

Metric-based

What method does Microsoft Azure App Service use to obtain credentials for users attempting to access an app? Select one.

Redirection to a provider endpoint.

Which of the following is not true about App Service backups? Select one.

Incremental backups are the default.

Which of the following is a reason to select virtual machines over containers?

Virtual machines provide complete isolation from the host operating system and other VMs.

You decide to move all your services to Azure Kubernetes service. Which of the following components will contribute to your monthly Azure charge? Select one.

Customer node virtual machines

You are configuring networking for the Azure Kubernetes service. Which of the following maps incoming direct traffic to the pods? Select one.

NodePort

Which of the following is a default inbound security rule? Select one.

Allow inbound coming from any VM to any other VM within the subnet

Your company wants to redirect Internet traffic to your company’s on-premises servers for packet inspection. Which of the following is not used for this? Select one.

System Routes

Why would you use a custom route in a virtual network? Select one.

To control the flow of traffic within your Azure virtual network.

When creating user-defined routes, you can specify any of these next hop types, except? Select one.

Load Balancer

Your company needs to extend their private address space in Azure by providing a direct connection to your Azure resources. They implement which of the following? Select one.>

Virtual network endpoint

What is the main benefit of using a network virtual appliance?

To control incoming traffic from the perimeter network and allow only traffic that meets security requirements to pass through.

Your company provides customers a virtual network in the cloud. You have dozens of Linux virtual machines in another virtual network. You need to install an Azure load balancer to direct traffic between the virtual networks. What should you do? Select one.

Install an internal load balancer.

Which configuration is required to configure an internal load balancer?

Virtual machines should be in the same virtual network.

You need to determine who deleted a network security group through Resource Manager. You are viewing the Activity Log when another Azure Administrator says you should use this event category to narrow your search. Select one.

Administrative