AZ-104: Microsoft Azure Administrator Practice Tests 2023 1 (Cloud Concepts) Flashcards
You have an Azure virtual machine (VM) that has a single data disk. You have been tasked with attaching this data disk to another Azure VM.
You need to make sure that your strategy allows for the virtual machines to be offline for the least amount of time possible.
Which of the following is the action you should take FIRST?
A. Stop the VM that includes the data disk
B. Stop the VM that the data disk must be attached to
C. Detach the data disk
D. Delete the VM that includes the data disk
C. Detach the data disk
Explanation:
Correct Answer: Detach the data disk
You can simply detach a data disk from one VM and attach it to the other VM without stopping either of the VMs.
You can only attach a data disk to a VM that is running
Detach a data disk using PowerShell
You can hot remove a data disk using PowerShell, but make sure nothing is actively using the disk before detaching it from the VM.
In this example, we remove the disk named myDisk from the VM myVM in the myResourceGroup resource group. First you remove the disk using the Remove-AzVMDataDisk cmdlet. Then, you update the state of the virtual machine, using the Update-AzVM cmdlet, to complete the process of removing the data disk.
$VirtualMachine = Get-AzVM ` -ResourceGroupName "myResourceGroup" ` -Name "myVM" Remove-AzVMDataDisk ` -VM $VirtualMachine ` -Name "myDisk" Update-AzVM ` -ResourceGroupName "myResourceGroup" ` -VM $VirtualMachine
Note: If you detach a disk it is not automatically deleted. If you have subscribed to Premium storage, you will continue to incur storage charges for the disk. For more information
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/detach-disk
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-attach-detach-data-disk
Quick Preview:
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties?
A. From the Licenses blade, assign a new license
B. From the Directory role blade, modify the directory role
C. From the Groups Blade, invite the user account to a new group
B. From the Directory role blade, modify the directory role
Explanation:
Correct Answer: From the Directory role blade, modify the directory role
Assign a role to a user -
Sign in to the Azure portal with an account that's a global admin or privileged role admin for the directory. Select Azure Active Directory, select Users, and then select a specific user from the list. For the selected user, select Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator. Press Select to save.
Note: The ability to manage Azure resources is granted by assigning roles that provide the required permissions. Roles can be assigned to individual users or groups. To align with the Zero Trust guiding principles, use Just-In-Time and Just-Enough-Access policies when assigning roles.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal?
A. Yes
N. No
B. No
Explanation:
DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
The Logic App Contributor role lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
Note: Azure DevTest Labs uses Azure role-based access control (Azure RBAC) to define roles that have only the access necessary to do specific lab tasks. DevTest Labs has three built-in roles: Owner, Contributor, and DevTest Labs User.
Azure Logic Apps relies on Azure Storage to store and automatically encrypt data at rest. This encryption protects your data and helps you meet your organizational security and compliance commitments. By default, Azure Storage uses Microsoft-managed keys to encrypt your data.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
A. Yes
B. No
B. No
Explanation:
You would need the Logic App Contributor role.
Logic App Contributor: Lets you manage logic apps, but not change access to them.
Note: For Consumption logic apps only, before you can create or manage logic apps and their connections, you need specific permissions, which are provided through roles using Azure role-based access control (Azure RBAC). You can also set up permissions so that only specific users or groups can run specific tasks, such as managing, editing, and viewing logic apps. To control their permissions, you can assign built-in or customized roles to members who have access to your Azure subscription. Azure Logic Apps has the following specific roles:
Logic App Contributor: Lets you manage logic apps, but you can't change access to them. Logic App Operator: Lets you read, enable, and disable logic apps, but you can't edit or update them. Contributor: Grants full access to manage all resources, but doesn't allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
Does this meet the goal?
A. Yes
B. No
A. Yes
Explanation:
The Contributor role can manage all resources (and add resources) in a Resource Group. Contributor role can create logic apps.
Alternatively, we can use the Logic App Contributor role, which lets you manage logic app, but not access to them. It provides access to view, edit, and update a logic app.
Note: Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
For Consumption logic apps only, before you can create or manage logic apps and their connections, you need specific permissions, which are provided through roles using Azure role-based access control (Azure RBAC). You can also set up permissions so that only specific users or groups can run specific tasks, such as managing, editing, and viewing logic apps. To control their permissions, you can assign built-in or customized roles to members who have access to your Azure subscription. Azure Logic Apps has the following specific roles:
Logic App Contributor: Lets you manage logic apps, but you can't change access to them. Logic App Operator: Lets you read, enable, and disable logic apps, but you can't edit or update them. Contributor: Grants full access to manage all resources, but doesn't allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
