Practice Test
True or False: Azure Active Directory (Azure AD) only has one built-in role for resource management.
- Answer: False
Explanation: Azure AD has multiple built-in roles for resource management like the Global Administrator, User Administrator, and others.
Which of the following Azure roles allows the user to manage user groups?
- A. Contributor
- B. Owner
- C. User Access Administrator
- D. Reader
Answer: C. User Access Administrator
Explanation: The User Access Administrator role allows the user to manage access to Azure resources, which includes managing user groups.
True or False: Custom roles can only be assigned at the subscription level in Azure.
- Answer: False
Explanation: Custom roles in Azure can be assigned at multiple levels, such as the management group, subscription, or resource group level.
In Azure roles, which of the following can be performed by the ‘Owner’?
- a) Read Resources
- b) Write Resources
- c) Delete Resources
- d) Assign Roles
Answer: a) Read Resources, b) Write Resources, c) Delete Resources, d) Assign Roles.
Explanation: ‘Owner’ has full access to all resources including the right to delegate access to others.
True or False: Azure AD roles can be assigned to users, groups, service principals, and managed identities.
- Answer: True
Explanation: Azure AD roles can indeed be assigned to users, groups, service principals, and managed identities to provide access rights.
Can the ‘Reader’ role in Azure AD create or delete resources?
- A. Yes
- B. No
Answer: B. No
Explanation: The ‘Reader’ role can view existing resources but cannot create, delete, or modify resources.
Which of the following Azure roles allows the user to view all resources, but not make any changes?
- A. Reader
- B. Contributor
- C. Owner
- D. User Access Administrator
Answer: A. Reader
Explanation: The ‘Reader’ role provides read-only access to Azure resources; it does not allow for any modifications.
True or False: It’s possible to modify built-in roles in Azure.
- Answer: False
Explanation: Built-in roles in Azure cannot be modified. However, you can create and manage custom roles.
The ‘___’ Azure role has full access to Azure resources.
- A. Reader
- B. User Access Administrator
- C. Contributor
- D. Owner
Answer: D. Owner
Explanation: The ‘Owner’ role has full access to Azure resources, including rights to delegate access to others.
Which Azure built-in role grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC?
- A. Owner
- B. User Access Administrator
- C. Contributor
- D. Global Administrator
Answer: C. Contributor
Explanation: The ‘Contributor’ role in Azure has full permissions to manage all resources, but does not allow you to assign roles in Azure RBAC.
Interview Questions
Q1: What is Azure RBAC?
A1: Azure Role-Based Access Control (RBAC) is a feature provided by Azure to manage and restrict access to resources in Azure.
Q2: What are Azure AD roles?
A2: Azure AD roles are used to manage Azure Active Directory resources. This helps to assign privileges to users, groups, and applications to manage AD resources.
Q3: How can we create a custom role in Azure?
A3: We can create a custom role in Azure by navigating to the “Roles and Administrators” in Azure AD, choosing “New custom role”, and then defining the permissions for the role.
Q4: What is the purpose of assigning roles in Azure?
A4: Assigning roles in Azure helps to provide specific access to users, groups, or services on specific resources. This helps in better control and management of resources.
Q5: How can we assign roles in Azure AD?
A5: We can assign roles in Azure AD by first navigating to the “Roles and Administrator” tab in Azure AD, then selecting the role, and adding the users or groups to that role.
Q6: What are the different types of roles in Azure AD?
A6: Some of the different types of roles in Azure AD are: Global administrator, User administrator, Billing administrator, Service administrator, and Password administrator.
Q7: What is the maximum number of custom roles that you can create in Azure AD?
A7: The maximum number of custom roles you can create in Azure AD is 500.
Q8: Can we assign a custom role to a group in Azure?
A8: Yes, we can assign a custom role to a group in Azure.
Q9: How often are changes to role assignments applied in Azure AD?
A9: Changes to role assignments are applied immediately in Azure AD.
Q10: What is the JSON file used for in creating a custom role in Azure?
A10: The JSON file is used to define the actions, notactions, assignable scopes, and description properties for the custom role in Azure.
Q11: What are the types of Azure roles?
A11: Some types of Azure roles are: Owner, Contributor, Reader, and User Access Administrator.
Q12: What are some common uses of custom roles in Azure?
A12: Some common uses of custom roles in Azure are: to provide specific access to manage resources, to delegate access to users or services, and to limit access to certain actions or resources.
Q13: Can we modify a built-in role in Azure AD?
A13: No, we cannot modify a built-in role in Azure AD. We can only create custom roles.
Q14: What is the Azure Policy built-in role used for?
A14: The Azure Policy built-in role is used to manage all policy related resources in Azure.
Q15: Can we delete custom roles in Azure AD?
A15: Yes, we can delete custom roles in Azure AD, but we cannot delete built-in roles.
extutorials.com