AZ-104 Microsoft Azure Administrator

Configure management groups

Practice Test

True/False: Management groups in Azure are used for managing access, policies, and compliance across multiple Azure subscriptions.

  • True
  • False

Answer: True

Explanation: Management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups.

True/False: We cannot move subscriptions from one management group to another.

  • True
  • False

Answer: False

Explanation: You can move subscriptions from one management group to another. This provides the flexibility to adjust your management group tree structure as your business needs change.

How many levels of management groups can be created in an Azure tenant?

  • a) 5
  • b) 6
  • c) 7
  • d) 8

Answer: b) 6

Explanation: You can have up to six levels of management groups in Azure to implement a flexible structure for your business needs.

True/False: A single Azure Management Group can have multiple parent groups.

  • True
  • False

Answer: False

Explanation: A single Azure Management Group can only have one parent group to maintain a clear hierarchy of control.

What type of conditions can you apply to Azure management groups?

  • a) Access management
  • b) Policy assignments
  • c) Compliance details
  • d) All of the above

Answer: d) All of the above

Explanation: Azure management groups allow the management of access, policy, and compliance across multiple Azure subscriptions.

True/False: Management groups must have a Subscription as a child.

  • True
  • False

Answer: False

Explanation: A Management group can have another Management group or a Subscription as a child. It is not mandatory to have a Subscription as a child.

Is there a limit on how many subscriptions can be created in an individual management group?

  • a) Yes
  • b) No

Answer: b) No

Explanation: Azure does not specify a limit on how many subscriptions can exist within one management group.

True/False: A ‘Root’ management group is automatically created in each directory.

  • True
  • False

Answer: True

Explanation: A ‘Root’ management group is automatically created in each directory for all the direct child management groups to inherit.

Can the same Group ID be reused once it has been deleted?

  • a) Yes
  • b) No

Answer: b) No

Explanation: The Group ID of a deleted management group cannot be reused for 30 days after deletion.

True/False: Azure Management Group capabilities are available for free.

  • True
  • False

Answer: True

Explanation: Azure management group capabilities are not billed. They are available at no additional cost.

Which of the following is not a role for an Azure management group?

  • a) Owner
  • b) Contributor
  • c) Reader
  • d) Manager

Answer: d) Manager

Explanation: Owner, contributor, and reader are roles for an Azure management group, but manager is not.

True/False: You can assign Azure roles and Azure policies to a management group.

  • True
  • False

Answer: True

Explanation: You can assign Azure roles at the subscription, resource group, and resource levels. You can also assign Azure policies at the management group level to enforce organization standards.

In Azure Management Groups, how long does it take for permissions to propagate?

  • a) 1 hour
  • b) 2 hours
  • c) 14-16 hours
  • d) It’s instantaneous

Answer: c) 14-16 hours

Explanation: Permissions in Azure Management Groups can take from 14 up to 16 hours to propagate.

True/False: Management groups can manage applications in Azure Active Directory.

  • True
  • False

Answer: False

Explanation: Management groups only provide management capabilities at Azure subscription level. They cannot manage applications in Azure Active Directory.

What maximum number of management groups can be created in a single directory?

  • a) 5,000
  • b) 10,000
  • c) 15,000
  • d) 20,000

Answer: d) 20,000

Explanation: In a single directory, you can create up to 20,000 management groups.

Interview Questions

What is a management group in Azure?

Management groups in Azure are containers that help you manage access, policy, and compliance across multiple subscriptions.

How many levels of depth can you have in your management group tree structure?

You can have up to six levels of depth in your management group tree structure not including the Root level or the subscription level.

What is the maximum number of management groups that can be created in a single directory?

A single directory can support up to 10,000 management groups.

What is the purpose of Azure Policy in the context of management groups?

Azure Policy helps in applying and enforcing rules on your resources at the management group level, which makes it easier to govern your resources within your organization.

What is the purpose of the ‘Root’ management group in Azure?

The ‘Root’ management group is the top-level management group in the hierarchy. Every directory gets a single Root group that is built in the hierarchy to have all groups and subscriptions fold up to it. This Root group allows global policies and Azure role assignments to be applied at the directory level.

Which Azure service is used to provide access control (IAM) in management groups?

Azure Active Directory (Azure AD) is used to provide access control (IAM) in management groups.

Can the Management Group ID and Name be different?

Yes, the Management Group ID and Name can be different. The Management Group ID is the permanent, immutable identifier, whereas the Name can be changed.

Can you move a subscription from one management group to another?

Yes, a subscription can be moved from one management group to another. However, you need to have the appropriate permissions to perform this operation.

Can each subscription in Azure be assigned to only one management group?

Yes, each subscription in Azure can only be assigned to a single management group at a time.

How are Azure role assignments propagated through a hierarchy in management groups?

Provisioned Azure role assignments automatically flow down the hierarchy through inheritance. A role assignment on a parent management group means that all child subscriptions inherit that role assignment.

How to create a new management group in Azure?

A new management group in Azure can be created using Azure portal, Azure CLI, or PowerShell. The specific command or action may vary depending on the tool you are using.

How can you remove a management group?

Management groups can be deleted using Azure portal, Azure CLI, or PowerShell. However, the group must have no children (sub-groups or subscriptions) before it can be deleted.

How can you rename a management group?

To rename a management group, you can use the Azure portal, Azure CLI, or PowerShell. The specific command or action may vary depending on the tool you are using.

Are there any costs associated with using Management Groups in Azure?

No, there are no additional fees for using Management Groups in Azure.

Are Management Groups region-specific in Azure?

No, Management Groups are not region-specific, so they can manage subscriptions globally from any region.

Related Post

AZ-104 Microsoft Azure Administrator

Configure and use Azure Monitor for networks

extutorials.com
AZ-104 Microsoft Azure Administrator

Configure and review backup reports

extutorials.com
AZ-104 Microsoft Azure Administrator

Configure VM network settings

extutorials.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

AZ-900 Microsoft Azure Fundamentals

Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

AZ-900 Microsoft Azure Fundamentals

Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Arc

AZ-900 Microsoft Azure Fundamentals

Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)