Azure Question and Answer Part -14
1.You have an Azure subscription named Subscription1 that contains a resource group named RG1.
In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.
You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the
principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
•To add a backend pool to LB1: Contributor on LB1
•To add a health probe to LB2: Contributor on LB2
2.You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and
an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?
A. From contoso.com, modify the Organization relationships settings.
B. From contoso.com, create an OAuth 2.0 authorization endpoint. Most Voted
C. Recreate AKS1.
D. From AKS1, create a namespace.
B. From contoso.com, create an OAuth 2.0 authorization endpoint. Most Voted
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document
library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after
180 days.
Which two groups should you create? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a Microsoft 365 group that uses the Assigned membership type Most Voted
B. a Security group that uses the Assigned membership type
C. a Microsoft 365 group that uses the Dynamic User membership type Most Voted
D. a Security group that uses the Dynamic User membership type
E. a Security group that uses the Dynamic Device membership type
A. a Microsoft 365 group that uses the Assigned membership type Most Voted
C. a Microsoft 365 group that uses the Dynamic User membership type Most Voted
4.
Box 1: No –
Virtual networks are not allowed at the root and is inherited. Deny overrides allowed.
Box 2: Yes –
Virtual Machines can be created on a Management Group provided the user has the required RBAC permissions.
Box 3: Yes –
Subscriptions can be moved between Management Groups provided the user has the required RBAC permissions.
Reference:
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/manage#moving-management-groups-
and-subscriptions
5.
Tags applied to the resource group or subscription are not inherited by the resources.
Note: Azure Policy allows you to use either built-in or custom-defined policy definitions and assign them to either a
specific resource group or across a whole
Azure subscription.
VNET2: Label:Value1 only.
Incorrect Answers:
RGROUP: RG6 –
Tags applied to the resource group or subscription are not inherited by the resources.