1. What is Windows Server?

Answer:

Windows Server is a server operating system developed by Microsoft designed to manage network resources, users, applications, storage, and security in enterprise environments.

Common roles include:

• Active Directory
• DNS
• DHCP
• File Server
• Web Server
• Hyper-V

2. What is a Server?

Answer:

A server is a computer or software system that provides services, resources, or data to other computers called clients over a network.

Examples:

• File Server
• Web Server
• Database Server
• Mail Server

3. What is Active Directory (AD)?

Answer:

Active Directory is Microsoft's directory service used to manage users, computers, groups, and network resources within a domain.

Benefits:

• Centralized authentication
• Authorization
• Security management
• Resource management

4. What is a Domain?

Answer:

A domain is a logical grouping of network resources managed by Active Directory.

Example:

company.local
company.com

Users can log in using a single account across the domain.

5. What is a Domain Controller?

Answer:

A Domain Controller (DC) is a server that stores Active Directory data and authenticates users and computers within the domain.

Functions:

• User authentication
• Group Policy processing
• Directory services

6. What is DNS?

Answer:

DNS (Domain Name System) translates human-readable names into IP addresses.

Example:

www.google.com → 142.250.x.x

Without DNS, users would need to remember IP addresses.

7. What is DHCP?

Answer:

DHCP (Dynamic Host Configuration Protocol) automatically assigns:

• IP addresses
• Subnet masks
• Default gateways
• DNS server addresses

to client devices.

8. What is an IP Address?

Answer:

An IP address uniquely identifies a device on a network.

Examples:

192.168.1.10
10.0.0.15

9. What is a Forest in Active Directory?

Answer:

A forest is the highest-level Active Directory structure containing one or more domains that share a common schema and global catalog.

10. What is an Organizational Unit (OU)?

Answer:

An OU is a container used to organize users, groups, and computers in Active Directory.

Example:

HR
Finance
IT
Sales

OUs simplify administration and policy management.

11. What is Group Policy?

Answer:

Group Policy allows administrators to configure settings for users and computers centrally.

Examples:

• Password policies
• Desktop restrictions
• Software deployment

12. What is a User Account in AD?

Answer:

A user account represents an individual who can authenticate and access resources within the domain.

13. What is a Security Group?

Answer:

A security group is used to assign permissions to multiple users simultaneously.

Example:

HR Users
Database Admins
IT Support

14. What is an AD Schema?

Answer:

The schema defines the structure of Active Directory objects and attributes.

Examples:

• User
• Computer
• Group

15. What is the Global Catalog?

Answer:

The Global Catalog contains partial information about every object in the forest and helps users locate resources quickly.

16. What is a DNS Zone?

Answer:

A DNS zone stores DNS records for a domain.

Example:

company.com

17. What is an A Record?

Answer:

An A Record maps a hostname to an IPv4 address.

Example:

server01.company.com → 192.168.1.10

18. What is a CNAME Record?

Answer:

A CNAME creates an alias for another hostname.

Example:

mail.company.com → server01.company.com

19. What is an MX Record?

Answer:

MX (Mail Exchange) records specify which server receives email for a domain.

20. What is Reverse DNS Lookup?

Answer:

Reverse lookup translates an IP address back to a hostname.

Example:

192.168.1.10 → server01.company.com

21. What is a DHCP Scope?

Answer:

A DHCP scope defines the range of IP addresses that DHCP can assign.

Example:

192.168.1.100 - 192.168.1.200

22. What is a DHCP Reservation?

Answer:

A reservation ensures a device always receives the same IP address.

Typically used for:

• Printers
• Servers
• Network devices

23. What is a DHCP Lease?

Answer:

A lease is the period during which a client can use an assigned IP address.

After expiration, renewal is required.

24. What is Backup?

Answer:

A backup is a copy of data stored separately for recovery purposes.

Purpose:

• Disaster recovery
• Data protection
• Business continuity

25. What is Full Backup?

Answer:

A full backup copies all selected data.

Advantages:

• Simple recovery

Disadvantages:

• Longer backup times
• Higher storage usage

26. What is Incremental Backup?

Answer:

An incremental backup copies only data changed since the previous backup.

Benefits:

• Faster backups
• Less storage

27. What is Differential Backup?

Answer:

A differential backup copies all changes since the last full backup.

Recovery is generally faster than incremental backups.

28. What is FTP?

Answer:

FTP (File Transfer Protocol) is used to transfer files between systems over a network.

Common uses:

• Website uploads
• File sharing
• Data exchange

29. What is the Difference Between FTP and SFTP?

Answer:

Modern organizations typically prefer SFTP.

30. Why is Backup Important?

Answer:

Backup protects organizations from:

• Hardware failures
• Accidental deletion
• Cyberattacks
• Ransomware
• Natural disasters

A strong backup strategy is critical for business continuity.

31. What is the difference between a Workgroup and a Domain?

Answer:

Domains provide centralized authentication and security management.

32. What is FSMO in Active Directory?

Answer:

FSMO (Flexible Single Master Operations) roles are specialized domain controller roles.

Five FSMO Roles:

• Schema Master
• Domain Naming Master
• RID Master
• PDC Emulator
• Infrastructure Master

These roles ensure consistency across Active Directory.

33. What is the PDC Emulator Role?

Answer:

The PDC Emulator:

• Handles password changes
• Processes account lockouts
• Synchronizes time
• Supports legacy systems

It is one of the most critical FSMO roles.

34. What is RID Master?

Answer:

RID (Relative Identifier) Master allocates RID pools to domain controllers for creating unique security identifiers (SIDs).

Without RID allocation, new objects cannot be created.

35. What is Trust Relationship in Active Directory?

Answer:

A trust allows users in one domain to access resources in another domain.

Types:

• Parent-Child Trust
• Tree Root Trust
• External Trust
• Forest Trust

36. What is LDAP?

Answer:

LDAP (Lightweight Directory Access Protocol) is used to query and modify Active Directory information.

Default Ports:

389  - LDAP
636  - LDAPS

37. What is Kerberos Authentication?

Answer:

Kerberos is the default authentication protocol in Active Directory.

Benefits:

• Secure authentication
• Mutual verification
• Ticket-based access

38. What is NTLM?

Answer:

NTLM is an older Microsoft authentication protocol.

Although still supported, Kerberos is preferred due to stronger security.

39. What is Replication in Active Directory?

Answer:

Replication ensures that Active Directory data is synchronized among all Domain Controllers.

Benefits:

• Redundancy
• Fault tolerance
• High availability

40. What is SYSVOL?

Answer:

SYSVOL stores:

• Group Policies
• Logon Scripts
• Domain-wide public files

Location:

C:\Windows\SYSVOL

DNS

41. What is the difference between Forward Lookup and Reverse Lookup Zones?

Answer:

Forward Lookup:

Hostname → IP Address

Reverse Lookup:

IP Address → Hostname

Both are useful for troubleshooting and authentication.

42. What happens when a DNS query is made?

Answer:

The DNS server:

1. Checks local cache.
2. Queries authoritative server.
3. Resolves hostname.
4. Returns IP address.

This process is called DNS Resolution.

43. What is Recursive DNS Query?

Answer:

A recursive query requires the DNS server to provide a final answer or an error.

The client receives only one response.

44. What is Iterative DNS Query?

Answer:

The DNS server provides the best available answer and may refer the client to another DNS server.

45. What is DNS Scavenging?

Answer:

DNS scavenging automatically removes stale DNS records.

Benefits:

• Cleaner DNS database
• Reduced conflicts
• Better performance

46. What is a Secondary DNS Zone?

Answer:

A Secondary Zone is a read-only copy of a primary DNS zone.

Used for:

• Redundancy
• Load distribution

47. What is Zone Transfer?

Answer:

Zone transfer copies DNS records between DNS servers.

Types:

• Full Zone Transfer (AXFR)
• Incremental Zone Transfer (IXFR)

48. What is Split DNS?

Answer:

Split DNS provides different DNS responses internally and externally.

Example:

Internal users → 10.0.0.5
External users → Public IP

49. What is DNS Forwarding?

Answer:

Forwarding sends unresolved DNS requests to another DNS server.

Often used:

• ISP DNS
• Public DNS servers

50. Why is Active Directory dependent on DNS?

Answer:

Active Directory uses DNS to:

• Locate Domain Controllers
• Authenticate users
• Locate services

Without proper DNS, AD functionality fails.

DHCP

51. What is DHCP Failover?

Answer:

DHCP Failover allows two DHCP servers to share lease information.

Benefits:

• High availability
• Redundancy

52. What is DHCP Relay Agent?

Answer:

A relay agent forwards DHCP requests between different subnets.

Without relay agents, DHCP broadcasts cannot cross routers.

53. What are DHCP Options?

Answer:

DHCP options provide additional configuration.

Common options:

• DNS Server
• Gateway
• NTP Server
• Domain Name

54. What is DHCP Authorization?

Answer:

In Active Directory environments, DHCP servers must be authorized before leasing IP addresses.

This prevents rogue DHCP servers.

55. What is DHCP Conflict Detection?

Answer:

Conflict detection verifies whether an IP address is already in use before assignment.

Helps prevent IP conflicts.

56. What is Scope Exclusion?

Answer:

Excluded addresses are not assigned by DHCP.

Example:

Scope:
192.168.1.1 – 192.168.1.254

Excluded:
192.168.1.1 – 192.168.1.20

57. What happens when a DHCP lease expires?

Answer:

The client attempts renewal.

If unsuccessful:

• IP address is released.
• New lease request is generated.

58. Explain DORA Process.

Answer:

DHCP follows:

Discover
Offer
Request
Acknowledge

Known as the DORA process.

Frequently asked in interviews.

59. Why should servers generally have static IP addresses?

Answer:

Servers require predictable connectivity.

Examples:

• DNS Servers
• Domain Controllers
• Database Servers

Static IPs prevent service disruptions.

60. How can you troubleshoot DHCP issues?

Answer:

Common steps:

1. Verify DHCP service.
2. Check scope availability.
3. Review event logs.
4. Test network connectivity.
5. Confirm DHCP authorization.

61. What is the difference between FSMO Role Transfer and FSMO Role Seizure?

Answer:

Transfer

Performed when the current role holder is available and healthy.

Example:

DC01 → DC02

Graceful process with no risk of inconsistency.

Seizure

Performed when the original Domain Controller has permanently failed.

Example:

DC01 crashed permanently
Roles seized by DC02

Seizure should only be used during disaster recovery situations.

62. How do you recover a deleted Active Directory object?

Answer:

Methods:

AD Recycle Bin

Preferred option.

Benefits:

• Restores attributes
• Restores group memberships
• Fast recovery

Authoritative Restore

Used when AD Recycle Bin is unavailable.

Requires:

• System State Backup
• Directory Services Restore Mode (DSRM)

63. What is Active Directory Recycle Bin?

Answer:

Active Directory Recycle Bin allows administrators to restore deleted AD objects without rebooting domain controllers.

Advantages:

• Faster recovery
• Preserves attributes
• No downtime

64. What is Universal Group Membership Caching?

Answer:

UGMC stores universal group memberships locally.

Benefits:

• Faster authentication
• Reduced dependency on Global Catalog servers

Often used in remote sites.

65. What is Tombstone Lifetime in Active Directory?

Answer:

Deleted AD objects remain in a tombstoned state before permanent removal.

Default values vary by Windows Server version.

Purpose:

• Replication consistency
• Recovery opportunities

66. What is Directory Services Restore Mode (DSRM)?

Answer:

DSRM is a special boot mode used for:

• Active Directory recovery
• Authoritative restore
• AD database maintenance

A separate DSRM administrator password is required.

67. What is Lingering Object?

Answer:

A lingering object exists on one Domain Controller but has already been deleted elsewhere.

Causes:

• Replication failures
• Long offline domain controllers

Can create replication issues.

DNS

68. What is DNS Aging and Scavenging?

Answer:

Aging

Marks stale records.

Scavenging

Automatically removes stale records.

Benefits:

• Cleaner DNS database
• Reduced duplicate entries
• Better DNS performance

69. What is DNSSEC?

Answer:

DNSSEC (DNS Security Extensions) protects DNS data from tampering.

Benefits:

• Authentication
• Integrity validation
• Protection against spoofing attacks

70. What is a Stub Zone?

Answer:

A Stub Zone contains:

• SOA Record
• NS Records
• Glue Records

Purpose:

• Faster name resolution
• Reduced administrative overhead

Often used between forests.

71. What is Conditional Forwarding?

Answer:

Conditional forwarding directs DNS queries for specific domains to designated DNS servers.

Example:

companyA.com → DNS Server A
companyB.com → DNS Server B

Useful in multi-domain environments.

72. What is Split-Brain DNS?

Answer:

Split-Brain DNS allows different responses for internal and external users.

Example:

Internal:

mail.company.com → 10.0.0.5

External:

mail.company.com → 203.0.113.5

Frequently used in enterprise environments.

DHCP

73. What is DHCP Failover Load Balance Mode?

Answer:

Two DHCP servers share leases.

Example:

Server A → 50%
Server B → 50%

Benefits:

• Load distribution
• High availability

74. What is DHCP Hot Standby Mode?

Answer:

One DHCP server is active.

Another server remains standby.

Example:

Primary → Active
Secondary → Backup

If primary fails, standby takes over.

75. How would you secure a DHCP environment?

Answer:

Security measures:

• Authorize DHCP servers
• Enable DHCP logging
• Monitor rogue DHCP servers
• Use network access controls
• Implement VLAN segregation

Windows Server

76. What is Failover Clustering?

Answer:

Failover Clustering provides high availability.

If one server fails:

Node A → Failure
Node B → Takes over

Commonly used for:

• SQL Servers
• File Servers
• Hyper-V

77. What is DFS (Distributed File System)?

Answer:

DFS allows centralized file sharing across multiple servers.

Benefits:

• High availability
• Replication
• Simplified access

Example:

\\company.com\shared

78. What is DFS Replication?

Answer:

DFS-R replicates files between servers.

Advantages:

• Bandwidth optimization
• Automatic synchronization
• Fault tolerance

Backup & Recovery

79. What are RPO and RTO?

Answer:

RPO (Recovery Point Objective)

Maximum acceptable data loss.

Example:

RPO = 1 Hour

Maximum 1 hour of data can be lost.

RTO (Recovery Time Objective)

Maximum acceptable downtime.

Example:

RTO = 2 Hours

Services must be restored within 2 hours.

These are very common interview questions.

80. What is the difference between Backup and Disaster Recovery?

Answer:

Disaster Recovery includes:

• Backup
• Recovery procedures
• Infrastructure restoration
• Business continuity planning

81. A user cannot log in to the domain. How would you troubleshoot?

Answer:

I would check:

1. Network connectivity
2. DNS resolution
3. Account lockout
4. Password expiration
5. Domain Controller availability
6. Event Viewer logs

82. Users can log in but cannot access shared folders. What would you investigate?

Answer:

Check:

• NTFS permissions
• Share permissions
• Group memberships
• Network connectivity
• DFS configuration

83. Active Directory replication has stopped. What steps would you take?

Answer:

1. Verify network connectivity.
2. Run:

repadmin /replsummary

3. Check DNS functionality.
4. Review event logs.
5. Resolve replication failures.

84. DNS name resolution suddenly fails across the company. What would you do?

Answer:

I would verify:

• DNS service status
• DNS records
• Forwarders
• Network connectivity
• Firewall rules
• DNS event logs

85. A DHCP server stops assigning IP addresses. How do you troubleshoot?

Answer:

Check:

• DHCP service
• Scope availability
• DHCP authorization
• Event logs
• Network communication

86. Multiple users report IP conflicts. What is the likely cause?

Answer:

Possible causes:

• Static IP overlaps
• Rogue DHCP server
• Incorrect reservations
• DHCP scope misconfiguration

87. A Domain Controller unexpectedly crashes. What actions would you take?

Answer:

1. Assess business impact.
2. Verify remaining DCs.
3. Check FSMO roles.
4. Restore from backup if needed.
5. Seize FSMO roles if recovery is impossible.

88. SYSVOL is not replicating between Domain Controllers. How would you investigate?

Answer:

Check:

• DFS Replication service
• Event Viewer
• Replication health
• Network connectivity
• DFSR backlog

89. A company accidentally deletes an important Organizational Unit. What is your recovery approach?

Answer:

Preferred:

• Restore using AD Recycle Bin

Alternative:

• Perform Authoritative Restore from System State Backup

90. Users report slow login times. What could be causing it?

Answer:

Possible reasons:

• DNS issues
• Group Policy delays
• Domain Controller performance
• Replication problems
• Roaming profile issues

91. A ransomware attack encrypts file shares. What should be your immediate response?

Answer:

1. Isolate affected systems.
2. Disconnect infected hosts.
3. Assess impact.
4. Restore from clean backups.
5. Investigate attack source.

92. A backup job suddenly starts failing. What would you check?

Answer:

Check:

• Backup logs
• Storage availability
• Network connectivity
• Service status
• Backup permissions

93. A backup completed successfully, but restore fails. What does this indicate?

Answer:

Likely causes:

• Corrupt backup
• Incomplete backup validation
• Storage corruption

Best practice:

• Perform regular restore testing.

94. How would you migrate users from an old Domain Controller to a new one?

Answer:

Steps:

1. Promote new DC.
2. Verify replication.
3. Transfer FSMO roles.
4. Update DNS.
5. Demote old DC.

95. A branch office loses WAN connectivity. Users cannot authenticate. How would you prevent this situation?

Answer:

Implement:

• Additional Domain Controller
• Read-Only Domain Controller (RODC)
• Universal Group Membership Caching

96. How would you design highly available DNS infrastructure?

Answer:

Design:

• Multiple DNS servers
• AD-integrated DNS
• Zone replication
• Conditional forwarders
• Monitoring

97. How would you secure Active Directory from unauthorized access?

Answer:

Measures:

• Least privilege access
• Multi-factor authentication
• Tiered administration
• Regular audits
• Privileged access monitoring

98. FTP file transfers are failing intermittently. How would you troubleshoot?

Answer:

Check:

• Network connectivity
• Firewall rules
• Port configuration
• FTP service logs
• Disk space

99. Management requests a Disaster Recovery Plan. What key elements should it contain?

Answer:

Include:

• Critical systems inventory
• Backup strategy
• RPO/RTO targets
• Recovery procedures
• Testing schedule
• Contact information

100. If asked to describe your experience managing Windows infrastructure, what should you highlight?

Answer:

Focus on:

• Active Directory Administration
• DNS & DHCP Management
• Group Policy Management
• Server Maintenance
• Backup & Recovery
• Troubleshooting
• Security Hardening
• Disaster Recovery
• High Availability Solutions

1. What is SCCM?

Answer:
SCCM (System Center Configuration Manager), now known as Microsoft Endpoint Configuration Manager (MECM), is a systems management solution used for deploying operating systems, applications, software updates, compliance policies, and inventory management across enterprise devices.

2. What are the primary functions of SCCM?

Answer:

• Software Deployment
• Patch Management
• Operating System Deployment
• Inventory Collection
• Compliance Management
• Remote Control
• Endpoint Protection

3. What is a SCCM Site?

Answer:
A site is the fundamental administrative unit in SCCM that manages devices, users, and resources.

4. What is a Primary Site?

Answer:
A Primary Site manages clients directly and stores data in its own SQL database.

5. What is a Secondary Site?

Answer:
A Secondary Site extends management to remote locations and reports to a Primary Site.

6. What is a Central Administration Site (CAS)?

Answer:
A CAS is used in large environments to manage multiple primary sites from a central location.

7. What is a SCCM Client?

Answer:
A SCCM Client is an agent installed on managed devices to communicate with SCCM servers.

8. What is a Boundary?

Answer:
A Boundary defines a network location such as:

• IP Subnet
• IP Range
• Active Directory Site

9. What is a Boundary Group?

Answer:
A Boundary Group contains multiple boundaries and associates clients with site systems.

10. What is a Distribution Point (DP)?

Answer:
A Distribution Point stores content such as applications, packages, and operating system images for client download.

11. What is a Management Point (MP)?

Answer:
The Management Point facilitates communication between SCCM clients and the SCCM site.

12. What is a Software Update Point (SUP)?

Answer:
A SUP integrates SCCM with WSUS to manage Windows updates.

13. What is WSUS?

Answer:
Windows Server Update Services is a Microsoft technology used to distribute updates within an organization.

14. What is Discovery in SCCM?

Answer:
Discovery identifies users, computers, groups, and network resources.

15. What are the types of Discovery Methods?

Answer:

• Active Directory System Discovery
• Active Directory User Discovery
• Group Discovery
• Network Discovery
• Heartbeat Discovery

16. What is Heartbeat Discovery?

Answer:
Heartbeat Discovery confirms active SCCM clients and updates client records.

17. What is Hardware Inventory?

Answer:
Hardware Inventory collects information about:

• CPU
• RAM
• Disk Drives
• BIOS
• Network Adapters

18. What is Software Inventory?

Answer:
Software Inventory collects information about installed software and files.

19. What is Client Push Installation?

Answer:
Client Push automatically installs SCCM clients from the server.

20. What is a Collection?

Answer:
A Collection is a logical grouping of devices or users.

Example:

Windows 11 Devices
HR Department Systems

21. What is an Application in SCCM?

Answer:
An Application is a modern deployment object supporting detection methods and requirements.

22. What is a Package?

Answer:
A Package is a traditional SCCM deployment object used for software distribution.

23. Difference between Application and Package?

24. What is Content Distribution?

Answer:
Content Distribution copies deployment content to Distribution Points.

25. What is PXE?

Answer:
PXE (Preboot Execution Environment) allows devices to boot from the network.

26. What is Operating System Deployment (OSD)?

Answer:
OSD automates Windows installation using SCCM task sequences.

27. What is a Task Sequence?

Answer:
A Task Sequence is a series of automated deployment steps.

28. What is Remote Control?

Answer:
Remote Control allows administrators to remotely access client computers for support.

29. What is Endpoint Protection?

Answer:
Endpoint Protection integrates Microsoft Defender management into SCCM.

30. What is SCCM Reporting?

Answer:
Reporting uses SQL Server Reporting Services (SSRS) to generate SCCM reports.

31. What are SCCM Site System Roles?

Answer:
Common roles include:

• Management Point
• Distribution Point
• Software Update Point
• Reporting Services Point
• State Migration Point

32. What is State Migration Point?

Answer:
Stores user state data during operating system deployments.

33. What is Client Policy?

Answer:
Client policies define settings applied to SCCM-managed devices.

34. What is Machine Policy Retrieval?

Answer:
It retrieves deployment and configuration instructions from SCCM.

35. What is User Policy Retrieval?

Answer:
Retrieves user-targeted policies and deployments.

36. What is Application Detection Method?

Answer:
Detection methods verify whether software is already installed.

Example:

• Registry Check
• MSI Product Code
• File Version

37. What is Supersedence?

Answer:
Supersedence allows a new application version to replace an older version.

38. What is Application Dependency?

Answer:
Dependencies ensure prerequisite applications are installed first.

39. What is Maintenance Window?

Answer:
Defines when SCCM can install updates or software.

40. What is Compliance Settings?

Answer:
Compliance Settings ensure systems meet organizational standards.

41. What is Configuration Baseline?

Answer:
A Baseline contains one or more configuration items used to evaluate compliance.

42. What is Desired Configuration Management (DCM)?

Answer:
DCM verifies device configurations against predefined standards.

43. What is Software Metering?

Answer:
Tracks software usage by users and devices.

44. What is Asset Intelligence?

Answer:
Provides enhanced inventory and software asset management capabilities.

45. What is CMPivot?

Answer:
CMPivot provides real-time querying of SCCM clients.

46. What is Co-Management?

Answer:
Co-management allows devices to be managed by both SCCM and Microsoft Intune.

47. What is Cloud Management Gateway (CMG)?

Answer:
CMG allows internet-based SCCM client management without VPN.

48. What is Client Health?

Answer:
Client Health evaluates whether SCCM clients are functioning properly.

49. What is Distribution Point Group?

Answer:
A group of Distribution Points that receive the same content.

50. What is BranchCache?

Answer:
BranchCache reduces WAN traffic by sharing content locally.

51. What is Peer Cache?

Answer:
Clients share SCCM content with neighboring devices.

52. What is Pull Distribution Point?

Answer:
A DP that retrieves content from another DP rather than receiving pushes.

53. What is Wake-on-LAN?

Answer:
Allows SCCM to remotely power on computers.

54. What is Software Center?

Answer:
Software Center is the user interface where users install available applications.

55. What is Client Notification?

Answer:
Allows immediate actions on clients without waiting for policy cycles.

56. What is ADR?

Answer:
Automatic Deployment Rules automate software update deployment.

57. What is Update Classification?

Answer:
Examples:

• Security Updates
• Critical Updates
• Feature Packs
• Service Packs

58. What is Servicing Plan?

Answer:
Automates Windows feature updates.

59. What is a Boot Image?

Answer:
A boot image is used during PXE-based operating system deployment.

60. What is a Driver Package?

Answer:
Contains hardware drivers used during operating system deployment.

61. Explain SCCM Hierarchy Design.

Answer:
Hierarchy design includes:

• CAS
• Primary Sites
• Secondary Sites
• Site System Roles

Used based on scale and geographical distribution.

62. How does SCCM Client Communication Work?

Answer:
Clients communicate with:

• Management Point
• Distribution Point
• Software Update Point

using HTTP or HTTPS.

63. What is Enhanced HTTP?

Answer:
Enhanced HTTP secures client communication without full PKI implementation.

64. What is PKI in SCCM?

Answer:
Public Key Infrastructure provides certificate-based authentication.

65. What is SCCM Database Replication?

Answer:
Replication synchronizes data between SCCM sites using SQL Server.

66. What is Global Data?

Answer:
Data replicated across all sites.

Example:

• Applications
• Collections

67. What is Site Data?

Answer:
Data specific to a site.

Example:

• Client inventory
• Status messages

68. What is Content Library?

Answer:
Stores SCCM content efficiently using single-instance storage.

69. What is Role-Based Administration (RBA)?

Answer:
Provides delegated administration based on permissions.

70. What is SCCM High Availability?

Answer:
Allows site servers to fail over to another server.

71. What are SCCM Status Messages?

Answer:
Status messages provide operational information about SCCM activities.

72. What is BITS?

Answer:
Background Intelligent Transfer Service optimizes content downloads.

73. What is SQL Replication Monitoring?

Answer:
Used to monitor SCCM database replication health.

74. What is Endpoint Analytics?

Answer:
Provides insights into device performance and user experience.

75. What is Tenant Attach?

Answer:
Connects SCCM-managed devices to cloud services through Intune.

76. How does PXE Boot Work?

Answer:

1. Device boots.
2. DHCP provides IP.
3. PXE contacts DP.
4. Boot image loads.
5. Task sequence starts.

77. What is Unknown Computer Support?

Answer:
Allows SCCM to deploy operating systems to unmanaged devices.

78. What is SCCM Site Recovery?

Answer:
Recovery process restoring SCCM functionality after failure.

79. What are SCCM Backup Components?

Answer:

• Site Database
• Content Library
• Custom Reports
• Configuration Files

80. How do you secure SCCM?

Answer:

• HTTPS
• PKI
• Role-Based Access
• Auditing
• Security Updates
• Least Privilege Access

81. SCCM Client is not receiving policies. How do you troubleshoot?

Answer:

• Verify client health
• Check MP connectivity
• Review logs
• Trigger policy retrieval

82. Software deployment shows "Waiting for Content". What could be wrong?

Answer:

• Content not distributed
• DP unavailable
• Boundary issue

83. Clients are assigned incorrect site codes. What would you check?

Answer:

• Boundary Groups
• Site Assignment Settings
• AD Site Configuration

84. Application installation fails despite content availability. What would you investigate?

Answer:

• Detection Method
• Requirements Rules
• Exit Codes
• Client Logs

85. PXE boot fails. What are common causes?

Answer:

• DHCP configuration
• PXE-enabled DP issues
• Missing boot image
• Network problems

86. Windows updates are not deploying. What would you verify?

Answer:

• SUP synchronization
• ADR configuration
• Update deployment status
• Client scan results

87. Content distribution is extremely slow. How would you troubleshoot?

Answer:

• Network bandwidth
• DP health
• Content library issues
• BITS configuration

88. A client is not appearing in SCCM console. What could be the cause?

Answer:

• Discovery issues
• Client installation failure
• Database replication delays

89. Users report Software Center is empty. What would you check?

Answer:

• Collection membership
• Deployments
• Policy retrieval
• User targeting

90. SCCM database size is growing rapidly. What actions would you take?

Answer:

• Review inventory settings
• Enable maintenance tasks
• Archive old data
• Optimize SQL

91. A Distribution Point is out of disk space. What would you do?

Answer:

• Remove unused packages
• Expand storage
• Redistribute content strategically

92. Clients outside the corporate network need management. What solution would you recommend?

Answer:
Implement Cloud Management Gateway (CMG).

93. An operating system deployment fails halfway through. How do you investigate?

Answer:

• Review SMSTS logs
• Verify drivers
• Check task sequence steps
• Validate package access

94. A critical application must be installed on 5,000 devices overnight. How would you plan deployment?

Answer:

• Use phased deployment
• Validate on pilot group
• Distribute content in advance
• Monitor deployment status

95. Management requests compliance reporting. Which SCCM feature would you use?

Answer:
Compliance Settings and Configuration Baselines.

96. Clients are generating duplicate records. What could cause this?

Answer:

• Reimaging
• GUID issues
• Discovery conflicts

97. A branch office has slow WAN links. How can SCCM reduce traffic?

Answer:

• BranchCache
• Peer Cache
• Secondary Site
• Pull DP

98. How would you design SCCM for 50,000 devices across multiple countries?

Answer:

• CAS
• Multiple Primary Sites
• Regional DPs
• High Availability
• CMG

99. A security audit requests proof of patch compliance. What would you provide?

Answer:

• Compliance Reports
• Deployment Status Reports
• Update Compliance Dashboards

100. If asked to summarize your SCCM experience in an interview, what should you highlight?

Answer:
Focus on:

• SCCM Administration
• Software Deployment
• Patch Management
• OSD
• Client Troubleshooting
• Compliance Management
• Intune Co-Management
• CMG
• Reporting
• SCCM Security and High Availability

1. What is Microsoft Intune?

Answer:
Microsoft Intune is a cloud-based Endpoint Management (EMM/MDM/MAM) solution that helps organizations manage and secure devices, applications, and users from a centralized console.

2. What are the primary functions of Intune?

Answer:

• Mobile Device Management (MDM)
• Mobile Application Management (MAM)
• Device Compliance
• Application Deployment
• Endpoint Security
• Conditional Access Integration
• Remote Device Management

3. What is Endpoint Management?

Answer:
Endpoint Management is the process of managing and securing devices such as laptops, desktops, tablets, and smartphones.

4. What is MDM?

Answer:
Mobile Device Management allows administrators to manage device settings, security policies, and compliance requirements.

5. What is MAM?

Answer:
Mobile Application Management secures applications without requiring full device enrollment.

6. What operating systems does Intune support?

Answer:

• Windows
• macOS
• iOS/iPadOS
• Android
• Linux (limited scenarios)

7. What is Device Enrollment?

Answer:
Device Enrollment registers a device with Intune so it can receive policies and management settings.

8. What is Azure AD Join?

Answer:

Azure AD Join (now part of Microsoft Entra ID) allows devices to be joined directly to the cloud directory without on-premises Active Directory.

9. What is Hybrid Azure AD Join?

Answer:
A device is joined to on-premises Active Directory and registered in Microsoft Entra ID simultaneously.

10. What is Compliance Policy?

Answer:
A compliance policy defines rules that devices must meet to be considered secure.

Examples:

• Encryption enabled
• Password configured
• OS version compliant

11. What is Conditional Access?

Answer:
Conditional Access grants or blocks access based on device, user, location, and compliance status.

12. What is Company Portal?

Answer:
Company Portal is the Intune application that allows users to:

• Enroll devices
• Install applications
• View compliance status

13. What is Device Configuration Profile?

Answer:
A configuration profile applies settings such as:

• Wi-Fi
• VPN
• Email
• Security configurations

14. What is Endpoint Security in Intune?

Answer:
Endpoint Security manages:

• Antivirus
• Firewall
• Disk Encryption
• Attack Surface Reduction

15. What is Microsoft Defender Integration?

Answer:
Intune integrates with Microsoft Defender to enforce security policies and monitor threats.

16. What is a Managed Device?

Answer:
A managed device is enrolled in Intune and receives policies from administrators.

17. What is an Unmanaged Device?

Answer:
A device not enrolled in Intune and not centrally managed.

18. What is Device Compliance Status?

Answer:
Indicates whether a device meets organizational security requirements.

19. What is Windows Autopilot?

Answer:
Windows Autopilot automates device deployment and provisioning.

20. What is a Device Group?

Answer:
A collection of devices used for assigning policies and applications.

21. What is a User Group?

Answer:
A collection of users used for targeted deployments.

22. What is Remote Wipe?

Answer:
Remote Wipe removes company data from a managed device.

23. What is Selective Wipe?

Answer:
Removes only corporate data while preserving personal data.

24. What is Device Sync?

Answer:
Sync forces a device to communicate with Intune and retrieve updates.

25. What is Intune Licensing?

Answer:
Licensing determines which Intune features are available to users.

26. What is Assignment in Intune?

Answer:
Assignment determines which users or devices receive a policy or application.

27. What is Enrollment Restriction?

Answer:
Controls which devices and platforms may enroll.

28. What is Device Ownership?

Answer:
Identifies whether a device is:

• Corporate-owned
• Personally-owned (BYOD)

29. What is Compliance Reporting?

Answer:
Provides visibility into device compliance status across the organization.

30. Why do organizations use Intune?

Answer:
Organizations use Intune for:

• Remote device management
• Security enforcement
• Cloud-based administration
• Application deployment
• Compliance monitoring 

31. What is Microsoft Entra ID integration with Intune?

Answer:
Microsoft Entra ID provides identity management and authentication for Intune-managed devices.

32. What is Dynamic Group Membership?

Answer:
Dynamic groups automatically add devices or users based on predefined rules.

33. What is Co-Management?

Answer:
Co-management allows devices to be managed by both Intune and SCCM/MECM.

34. What workloads can be moved from SCCM to Intune?

Answer:

• Compliance Policies
• Device Configuration
• Endpoint Protection
• Windows Updates
• Resource Access

35. What is Windows Update for Business (WUfB)?

Answer:
WUfB allows cloud-based management of Windows updates without WSUS.

36. What are Configuration Profiles?

Answer:
Profiles deploy settings such as:

• Password policies
• Wi-Fi profiles
• Certificates
• VPN configurations

37. What is an Administrative Template?

Answer:
Cloud-based Group Policy management using Intune.

38. What are Settings Catalog Policies?

Answer:
Settings Catalog provides thousands of configurable Windows settings.

39. What is a Compliance Action?

Answer:
An action triggered when a device becomes non-compliant.

Example:

• Send email
• Mark device non-compliant

40. What is Device Filtering?

Answer:
Allows targeting policies based on device attributes.

41. What is App Protection Policy?

Answer:
Protects corporate data within applications without requiring device enrollment.

42. What is App Configuration Policy?

Answer:
Provides predefined settings to managed applications.

43. What is Managed Google Play Integration?

Answer:
Allows deployment of Android applications through Intune.

44. What is Apple Business Manager Integration?

Answer:
Supports automated enrollment and management of Apple devices.

45. What is Android Enterprise?

Answer:
Google's enterprise management framework for Android devices.

46. What is Enrollment Status Page (ESP)?

Answer:
Displays provisioning progress during Windows Autopilot deployments.

47. What is BitLocker Management in Intune?

Answer:
Intune can configure and monitor BitLocker encryption settings.

48. What is Device Health Attestation?

Answer:
Validates device security posture during compliance checks.

49. What is Endpoint Analytics?

Answer:
Provides performance insights and user experience metrics.

50. What is Intune Role-Based Access Control (RBAC)?

Answer:
RBAC provides delegated administration using specific permissions.

51. What is Scope Tag?

Answer:
Scope Tags limit administrator visibility and control.

52. What is a Custom Compliance Policy?

Answer:
Allows organizations to define custom compliance requirements.

53. What is Device Category?

Answer:
A label used to organize enrolled devices.

54. What is Shared Device Mode?

Answer:
Allows multiple users to share a single managed device.

55. What is Kiosk Mode?

Answer:
Restricts devices to specific applications or functions.

56. What is Managed Home Screen?

Answer:
A customized Android Enterprise launcher managed by Intune.

57. What is Certificate Deployment?

Answer:
Intune deploys certificates for authentication and secure access.

58. What is VPN Profile Deployment?

Answer:
Automates VPN configuration across managed devices.

59. What is Wi-Fi Profile Deployment?

Answer:
Automatically configures wireless network settings.

60. What is Device Cleanup Rule?

Answer:
Automatically removes inactive devices from Intune.

61. Explain Intune Architecture.

Answer:
Intune architecture consists of:

• Cloud Service
• Entra ID
• Endpoint Devices
• Compliance Engine
• Security Integrations

62. What is Zero Trust Security in Intune?

Answer:
Zero Trust assumes no user or device is trusted by default and continuously verifies access.

63. How does Conditional Access evaluate access requests?

Answer:
Evaluates:

• User identity
• Device compliance
• Risk level
• Location
• Application

64. What is Certificate Connector?

Answer:
Allows Intune to deploy certificates from on-premises PKI infrastructure.

65. What is SCEP?

Answer:
Simple Certificate Enrollment Protocol automates certificate issuance.

66. What is PKCS Certificate Deployment?

Answer:
Provides certificate deployment using PKCS standards.

67. What is Intune Data Warehouse?

Answer:
Provides reporting and analytics data for advanced reporting.

68. What is Device Compliance Partner Integration?

Answer:
Allows third-party security products to provide compliance information.

69. What is Endpoint Privilege Management?

Answer:
Allows controlled elevation of privileges without granting local admin rights.

70. What is Attack Surface Reduction (ASR)?

Answer:
ASR policies reduce vulnerabilities and block risky behaviors.

71. What is Device Risk Score?

Answer:
A security rating provided through Defender integration.

72. What is Tenant-to-Tenant Migration?

Answer:
Migrating devices and policies between Intune tenants.

73. What is Intune Suite?

Answer:
An advanced set of Intune capabilities including Endpoint Privilege Management and Remote Help.

74. What is Remote Help?

Answer:
Cloud-based remote support integrated with Intune.

75. What is Compliance Partner Integration?

Answer:
Allows security vendors to contribute compliance status.

76. What are Intune Assignment Filters?

Answer:
Filters dynamically target devices without creating new groups.

77. How does Autopilot White Glove Deployment work?

Answer:
IT staff pre-provisions devices before delivery to end users.

78. How does Intune handle Windows Feature Updates?

Answer:
Feature Update Policies control Windows version deployment.

79. What security controls can Intune enforce?

Answer:

• Encryption
• Firewall
• Defender
• Passwords
• Compliance
• Conditional Access

80. How would you secure an enterprise Intune environment?

Answer:

• RBAC
• MFA
• Conditional Access
• Least Privilege
• Compliance Policies
• Defender Integration

81. A device shows as non-compliant. How would you troubleshoot?

Answer:

1. Review compliance policy.
2. Check device sync.
3. Verify security settings.
4. Review compliance reports.

82. Users cannot enroll devices. What would you investigate?

Answer:

• Licensing
• Enrollment restrictions
• User permissions
• Device limits

83. Conditional Access blocks legitimate users. What would you check?

Answer:

• Compliance status
• Access policies
• User risk
• Device registration

84. Application deployment is failing. How do you troubleshoot?

Answer:

• Assignment
• Detection rules
• Installation logs
• Device connectivity

85. Autopilot deployment stops during provisioning. What would you check?

Answer:

• ESP configuration
• Network connectivity
• Device registration
• Assigned profiles

86. Devices are not receiving configuration policies. What could be wrong?

Answer:

• Incorrect assignment
• Sync failures
• Group membership issues

87. A company wants to manage personal devices without controlling the entire device. What solution would you recommend?

Answer:
Use App Protection Policies (MAM).

88. Users report repeated compliance failures after updates. What would you investigate?

Answer:

• Compliance settings
• OS version requirements
• Defender status

89. A security audit requires proof of encryption. How would you provide it?

Answer:
Use Intune compliance and BitLocker reports.

90. A branch office has slow internet. How can you optimize deployments?

Answer:

• Delivery Optimization
• Staged deployments
• Content caching

91. Corporate data must be removed when an employee leaves. What would you do?

Answer:
Perform a Selective Wipe.

92. Devices are missing from Intune inventory. What would you check?

Answer:

• Enrollment status
• Sync status
• Licensing
• Dynamic group rules

93. Management wants automatic deployment of Windows laptops. What would you recommend?

Answer:
Windows Autopilot with Enrollment Status Page.

94. How would you implement Zero Trust using Intune?

Answer:

• MFA
• Compliance Policies
• Conditional Access
• Defender Integration

95. A ransomware outbreak occurs. How can Intune help?

Answer:

• Compliance enforcement
• Defender integration
• Conditional Access
• Device isolation support

96. How would you manage 10,000 remote employees using Intune?

Answer:

• Autopilot
• Conditional Access
• Cloud-native management
• Compliance monitoring

97. Executives require stricter security than standard users. How would you implement it?

Answer:

• Separate groups
• Enhanced compliance policies
• Stronger Conditional Access rules

98. How would you migrate SCCM-managed devices to Intune?

Answer:

• Enable Co-Management
• Move workloads gradually
• Validate compliance
• Transition fully to cloud management

99. How would you prepare for an Intune disaster recovery scenario?

Answer:

• Export configurations
• Document policies
• Maintain RBAC documentation
• Monitor service health

100. If asked to summarize your Intune experience during an interview, what should you highlight?

Answer:
Focus on:

• Device Enrollment
• Compliance Policies
• Conditional Access
• Autopilot
• Application Deployment
• Endpoint Security
• Defender Integration
• Co-Management
• Troubleshooting
• Cloud Endpoint Management

1. What is Microsoft 365?

Answer:
Microsoft 365 is a cloud-based productivity and collaboration platform from Microsoft that combines Office applications, cloud services, security solutions, and device management tools.

Core services include:

• Exchange Online
• SharePoint Online
• OneDrive
• Microsoft Teams
• Microsoft Entra ID
• Intune

2. What is the difference between Office 365 and Microsoft 365?

Answer:

Microsoft 365 is the evolution of Office 365.

3. What is Exchange Online?

Answer:
Exchange Online is Microsoft's cloud-based email and calendaring service.

Features:

• Email Hosting
• Shared Mailboxes
• Calendars
• Contacts
• Anti-Spam Protection

4. What is SharePoint Online?

Answer:
SharePoint Online is a cloud-based collaboration and document management platform.

Uses:

• Intranet Sites
• Document Libraries
• Team Collaboration

5. What is OneDrive for Business?

Answer:
OneDrive provides personal cloud storage for business users.

Benefits:

• File Synchronization
• Cloud Backup
• Secure Sharing

6. What is Microsoft Teams?

Answer:
Teams is a collaboration platform supporting:

• Chat
• Meetings
• Voice Calls
• File Sharing
• Team Collaboration

7. What is Microsoft Entra ID?

Answer:
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud identity and access management service.

8. What is a Tenant?

Answer:
A tenant is an organization's dedicated Microsoft 365 environment.

Example:

company.onmicrosoft.com

9. What is a User License?

Answer:
A license grants access to Microsoft 365 services and applications.

10. What is a Global Administrator?

Answer:
The Global Administrator has full administrative control over the Microsoft 365 tenant.

11. What is Single Sign-On (SSO)?

Answer:
SSO allows users to access multiple applications using one set of credentials.

12. What is Multi-Factor Authentication (MFA)?

Answer:
MFA requires an additional verification method beyond a password.

Examples:

• Mobile App
• SMS
• Security Key

13. What is a Distribution List?

Answer:
A distribution list is a group email address used to send messages to multiple recipients.

14. What is a Shared Mailbox?

Answer:
A mailbox accessed by multiple users without requiring a separate license in many scenarios.

15. What is a Resource Mailbox?

Answer:
A mailbox used for rooms or equipment scheduling.

Examples:

• Conference Room
• Projector

16. What is Outlook on the Web (OWA)?

Answer:
OWA allows users to access email through a web browser.

17. What is Microsoft Defender for Office 365?

Answer:
Provides advanced email and collaboration security against phishing, malware, and malicious links.

18. What is Microsoft Purview?

Answer:
Microsoft Purview provides compliance, governance, and data protection solutions.

19. What is Retention Policy?

Answer:
Retention policies preserve or delete content according to business requirements.

20. What is Litigation Hold?

Answer:
Litigation Hold preserves mailbox content even after deletion.

21. What is Microsoft Planner?

Answer:
Planner is a task management tool integrated with Microsoft 365.

22. What is Microsoft Forms?

Answer:
Forms is used to create surveys, quizzes, and questionnaires.

23. What is Delve?

Answer:
Delve helps users discover relevant content and information.

24. What is Viva Engage?

Answer:
A social collaboration platform formerly known as Yammer.

25. What is Microsoft Stream?

Answer:
A platform for managing and sharing enterprise videos.

26. What is Microsoft Bookings?

Answer:
Bookings enables appointment scheduling with customers or internal teams.

27. What is a Service Health Dashboard?

Answer:
Displays the health and availability of Microsoft 365 services.

28. What is Message Center?

Answer:
Provides announcements about upcoming Microsoft 365 changes.

29. What is Role-Based Access Control (RBAC)?

Answer:
RBAC assigns permissions based on administrative roles.

30. Why do organizations adopt Microsoft 365?

Answer:
Benefits include:

• Cloud Productivity
• Collaboration
• Security
• Mobility
• Scalability

31. What is Hybrid Identity?

Answer:
Hybrid Identity connects on-premises Active Directory with Microsoft Entra ID.

32. What is Entra Connect?

Answer:
Entra Connect synchronizes identities between on-premises AD and Entra ID.

33. What authentication methods are supported in Microsoft 365?

Answer:

• Password Hash Sync
• Pass-Through Authentication
• Federation

34. What is Conditional Access?

Answer:
Conditional Access evaluates user, device, and risk conditions before granting access.

35. What is Password Hash Synchronization?

Answer:
Synchronizes password hashes from on-premises AD to Entra ID.

36. What is Pass-Through Authentication?

Answer:
Validates passwords against on-premises Active Directory in real time.

37. What is Federation?

Answer:
Federation uses identity providers such as Active Directory Federation Services for authentication.

38. What is Exchange Online Protection (EOP)?

Answer:
EOP provides spam, malware, and phishing protection.

39. What is Safe Links?

Answer:
Safe Links scans URLs and protects users from malicious websites.

40. What is Safe Attachments?

Answer:
Safe Attachments analyzes email attachments in a secure environment before delivery.

41. What is Mail Flow?

Answer:
Mail flow refers to how emails travel through Exchange Online.

42. What is a Mail Connector?

Answer:
Connectors route mail between Microsoft 365 and external systems.

43. What is a Transport Rule?

Answer:
Transport rules automatically process emails based on conditions.

44. What is Data Loss Prevention (DLP)?

Answer:
DLP prevents sensitive information from being shared improperly.

45. What is eDiscovery?

Answer:
eDiscovery helps locate and preserve electronic information for investigations.

46. What is Sensitivity Labeling?

Answer:
Labels classify and protect organizational data.

47. What is Information Barrier?

Answer:
Information Barriers restrict communication between specific groups.

48. What is Customer Lockbox?

Answer:
Customer Lockbox requires approval before Microsoft engineers access customer data.

49. What is OneDrive Known Folder Move?

Answer:
Automatically redirects Desktop, Documents, and Pictures to OneDrive.

50. What is Teams Governance?

Answer:
Teams Governance controls creation, access, sharing, and lifecycle management.

51. What is Guest Access in Teams?

Answer:
Allows external users to participate in Teams collaboration.

52. What is External Access in Teams?

Answer:
Allows communication with users from other organizations.

53. What is Teams Policy Management?

Answer:
Policies control meeting, messaging, and calling behavior.

54. What is Microsoft Search?

Answer:
Provides enterprise-wide search across Microsoft 365 services.

55. What is SharePoint Permission Inheritance?

Answer:
Permissions can be inherited from parent sites and libraries.

56. What is Version History in SharePoint?

Answer:
Tracks document changes over time.

57. What is Retention Label?

Answer:
A retention label applies retention settings to specific content.

58. What is Self-Service Password Reset (SSPR)?

Answer:
Allows users to reset passwords without helpdesk assistance.

59. What is Microsoft Defender Integration?

Answer:
Provides security monitoring and threat protection across Microsoft 365.

60. What is Microsoft Secure Score?

Answer:
Measures an organization's security posture and provides improvement recommendations.

61. Explain Microsoft 365 Architecture.

Answer:
Core components:

• Identity Layer
• Exchange Online
• SharePoint Online
• Teams
• Security & Compliance Services

62. What is Zero Trust in Microsoft 365?

Answer:
Zero Trust follows the principle:

Never Trust, Always Verify

63. What is Privileged Identity Management (PIM)?

Answer:
PIM provides just-in-time administrative access.

64. What is Conditional Access Risk-Based Authentication?

Answer:
Access decisions are based on user and sign-in risk levels.

65. What is Defender for Cloud Apps?

Answer:
Provides visibility and control over cloud application usage.

66. What is Insider Risk Management?

Answer:
Detects and manages insider threats.

67. What is Communication Compliance?

Answer:
Monitors communications for policy violations.

68. What is Advanced eDiscovery?

Answer:
Provides enhanced legal investigation capabilities.

69. What is Cross-Tenant Collaboration?

Answer:
Allows secure collaboration between Microsoft 365 tenants.

70. What is Multi-Geo?

Answer:
Stores data in multiple geographic regions.

71. What is Microsoft Graph?

Answer:
A unified API for accessing Microsoft 365 data and services.

72. What is Exchange Hybrid Deployment?

Answer:
Integrates on-premises Exchange with Exchange Online.

73. What is Teams Direct Routing?

Answer:
Connects Teams Phone to external telephony providers.

74. What is Teams Phone?

Answer:
A cloud-based phone system integrated with Teams.

75. What is SharePoint Hub Site?

Answer:
A hub site connects related SharePoint sites.

76. What is Tenant Restriction?

Answer:
Limits access to approved Microsoft 365 tenants.

77. What is Microsoft 365 Backup Strategy?

Answer:
Includes retention, recovery, versioning, and third-party backup solutions.

78. What is Data Residency?

Answer:
Defines where organizational data is stored geographically.

79. What is Service-Level Agreement (SLA) in Microsoft 365?

Answer:
Microsoft provides uptime commitments for cloud services.

80. How would you secure a Microsoft 365 tenant?

Answer:

• MFA
• Conditional Access
• PIM
• DLP
• Defender
• Secure Score Improvements

81. Users cannot access Exchange Online. How would you troubleshoot?

Answer:

1. Check Service Health.
2. Verify licensing.
3. Confirm account status.
4. Review authentication issues.

82. Emails are going to spam. What would you investigate?

Answer:

• SPF
• DKIM
• DMARC
• Mail flow rules
• Sender reputation

83. Users cannot reset passwords. What would you check?

Answer:

• SSPR configuration
• MFA registration
• Licensing

84. Teams meetings fail for all users. What steps would you take?

Answer:

• Check Service Health
• Review network connectivity
• Verify Teams policies

85. A mailbox was accidentally deleted. How would you recover it?

Answer:

• Restore soft-deleted mailbox
• Recover user account
• Restore from retention policies

86. SharePoint users cannot access documents. What would you investigate?

Answer:

• Permissions
• Site access
• Conditional Access policies

87. A user reports missing emails. How would you troubleshoot?

Answer:

• Search mailbox
• Review rules
• Check retention settings
• Examine quarantine

88. External users cannot access Teams. What could be wrong?

Answer:

• Guest access disabled
• External access policies
• Tenant restrictions

89. Management requests stronger security controls. What would you recommend?

Answer:

• MFA
• Conditional Access
• PIM
• Defender
• DLP

90. Multiple users report account lockouts. What would you investigate?

Answer:

• Password synchronization
• Legacy applications
• Repeated authentication attempts

91. A phishing attack targets employees. How would Microsoft 365 help?

Answer:

• Defender for Office 365
• Safe Links
• Safe Attachments
• Anti-Phishing Policies

92. How would you onboard 5,000 new users?

Answer:

• Automated provisioning
• Group-based licensing
• Dynamic groups
• Entra Connect

93. Users complain about OneDrive sync issues. What would you check?

Answer:

• Client health
• Storage quotas
• Connectivity
• Sync conflicts

94. How would you implement Zero Trust?

Answer:

• MFA
• Conditional Access
• Device Compliance
• Least Privilege Access

95. Management wants visibility into sensitive data sharing. What would you implement?

Answer:

• DLP Policies
• Sensitivity Labels
• Audit Logs

96. A merger requires collaboration between two companies. What Microsoft 365 features help?

Answer:

• Cross-Tenant Collaboration
• Guest Access
• Teams Shared Channels

97. How would you prepare for a Microsoft 365 security audit?

Answer:

• Review Secure Score
• Audit Permissions
• Validate Compliance Policies
• Export Reports

98. Users need secure remote access from personal devices. What would you recommend?

Answer:

• Conditional Access
• App Protection Policies
• MFA
• Device Compliance

99. How would you migrate from on-premises Exchange to Exchange Online?

Answer:

1. Assess environment.
2. Configure Entra Connect.
3. Establish Hybrid Deployment.
4. Migrate mailboxes.
5. Validate functionality.

100. If asked to summarize your Microsoft 365 experience during an interview, what should you highlight?

Answer:
Emphasize experience with:

• Exchange Online Administration
• Teams Administration
• SharePoint Online
• OneDrive Management
• Entra ID
• MFA & Conditional Access
• Licensing
• Security & Compliance
• Mail Flow Troubleshooting
• Microsoft 365 Governance

1. What is Microsoft Office?

Answer:
Microsoft Office is a productivity suite developed by Microsoft that includes applications such as Word, Excel, PowerPoint, Outlook, Access, and OneNote.

2. What are the main applications in MS Office?

Answer:

• Microsoft Word
• Microsoft Excel
• Microsoft PowerPoint
• Microsoft Outlook
• Microsoft Access
• Microsoft OneNote
• Microsoft Publisher

3. What is Microsoft Word?

Answer:
Microsoft Word is a word-processing application used to create, edit, format, and print documents.

4. What is Microsoft Excel?

Answer:
Microsoft Excel is a spreadsheet application used for calculations, data analysis, reporting, and visualization.

5. What is Microsoft PowerPoint?

Answer:
PowerPoint is a presentation software used to create slideshows and business presentations.

6. What is Microsoft Outlook?

Answer:
Outlook is an email and personal information management application used for email, calendars, contacts, and tasks.

7. What is Microsoft Access?

Answer:
Access is a relational database management system used to store and manage structured data.

8. What is OneNote?

Answer:
OneNote is a digital note-taking application that allows users to organize notes, images, and documents.

9. What is the Ribbon in MS Office?

Answer:
The Ribbon is the toolbar located at the top of Office applications containing commands grouped into tabs.

10. What are Quick Access Toolbar features?

Answer:
The Quick Access Toolbar provides shortcuts to frequently used commands such as:

• Save
• Undo
• Redo
• Print

11. What is a Template?

Answer:
A template is a pre-designed document format that can be reused.

12. What is Spell Check?

Answer:
Spell Check identifies and suggests corrections for spelling errors.

13. What is AutoCorrect?

Answer:
AutoCorrect automatically fixes common typing mistakes.

14. What is a Header in Word?

Answer:
A header is content displayed at the top of every page.

15. What is a Footer?

Answer:
A footer appears at the bottom of each page and commonly contains page numbers or document information.

16. What is Page Orientation?

Answer:
Page orientation determines document layout:

• Portrait
• Landscape

17. What is Word Wrap?

Answer:
Word Wrap automatically moves text to the next line when it reaches the page margin.

18. What is a Worksheet?

Answer:
A worksheet is a single spreadsheet page within an Excel workbook.

19. What is a Workbook?

Answer:
A workbook is an Excel file containing one or more worksheets.

20. What is a Cell in Excel?

Answer:
A cell is the intersection of a row and column.

Example:

A1
B10
C25

21. What is a Formula in Excel?

Answer:
A formula performs calculations.

Example:

=A1+B1

22. What is a Function in Excel?

Answer:
A function is a predefined formula.

Example:

=SUM(A1:A10)

23. What is a Slide in PowerPoint?

Answer:
A slide is a single page of a PowerPoint presentation.

24. What is Slide Show Mode?

Answer:
Slide Show Mode displays presentations in full-screen format.

25. What is Email Signature?

Answer:
An email signature is automatically added at the end of emails.

26. What is CC in Outlook?

Answer:
CC (Carbon Copy) sends a copy of an email to additional recipients.

27. What is BCC?

Answer:
BCC (Blind Carbon Copy) hides recipient addresses from others.

28. What is an Attachment?

Answer:
An attachment is a file sent along with an email.

29. What is Print Preview?

Answer:
Print Preview displays how a document will appear when printed.

30. Why is MS Office important in business environments?

Answer:
MS Office supports:

• Documentation
• Data Analysis
• Communication
• Reporting
• Collaboration

31. What is Mail Merge in Word?

Answer:
Mail Merge creates personalized documents using a data source.

Examples:

• Offer Letters
• Certificates
• Customer Letters

32. What are Styles in Word?

Answer:
Styles apply consistent formatting throughout a document.

33. What is Track Changes?

Answer:
Track Changes records edits made by users for review.

34. What is a Table of Contents?

Answer:
An automatically generated list of document headings and page numbers.

35. What are Section Breaks?

Answer:
Section Breaks divide documents into independent formatting sections.

36. What is Conditional Formatting in Excel?

Answer:
Automatically formats cells based on conditions.

Example:

• Highlight values above 100
• Color-code deadlines

37. What is Data Validation?

Answer:
Restricts data entry based on rules.

Example:

• Allow only dates
• Allow only numbers

38. What is VLOOKUP?

Answer:
Searches for a value in a table and returns corresponding information.

Example:

=VLOOKUP(A2,Table,2,FALSE)

39. What is HLOOKUP?

Answer:
Searches data horizontally across rows.

40. What is IF Function?

Answer:

=IF(A1>50,"Pass","Fail")

Returns different results based on conditions.

41. What is Pivot Table?

Answer:
A Pivot Table summarizes large datasets quickly.

42. What is Pivot Chart?

Answer:
A graphical representation of Pivot Table data.

43. What is Freeze Panes?

Answer:
Keeps selected rows or columns visible while scrolling.

44. What is Text to Columns?

Answer:
Splits data into multiple columns.

Example:

John,Smith

becomes

John | Smith

45. What is Flash Fill?

Answer:
Automatically fills data based on detected patterns.

46. What is Sort in Excel?

Answer:
Arranges data in ascending or descending order.

47. What is Filter?

Answer:
Displays only records matching specific criteria.

48. What are Themes in PowerPoint?

Answer:
Themes provide consistent slide design and formatting.

49. What is Slide Master?

Answer:
Controls formatting for all slides in a presentation.

50. What is Animation in PowerPoint?

Answer:
Adds movement effects to slide elements.

51. What is Transition?

Answer:
Controls how slides change during presentations.

52. What is Presenter View?

Answer:
Displays speaker notes and presentation controls.

53. What is Calendar Sharing in Outlook?

Answer:
Allows users to share schedules with colleagues.

54. What are Outlook Rules?

Answer:
Automate email processing.

Example:

• Move emails to folders
• Forward messages

55. What is Quick Steps in Outlook?

Answer:
Automates multiple email actions with one click.

56. What is Contact Group?

Answer:
A reusable email distribution list.

57. What is Microsoft Access Table?

Answer:
Stores data in rows and columns.

58. What is a Query in Access?

Answer:
Retrieves specific information from a database.

59. What is a Form in Access?

Answer:
Provides a user-friendly interface for data entry.

60. What is a Report in Access?

Answer:
Formats database information for printing and presentation.

61. What is XLOOKUP?

Answer:
XLOOKUP is a modern replacement for VLOOKUP and HLOOKUP.

Benefits:

• More flexible
• Searches left or right
• Better error handling

62. What is INDEX and MATCH?

Answer:

=INDEX(B:B,MATCH(A2,A:A,0))

Provides more flexible lookups than VLOOKUP.

63. What are Dynamic Arrays?

Answer:
Excel formulas that automatically return multiple values.

64. What is Power Query?

Answer:
A data transformation and import tool in Excel.

65. What is Power Pivot?

Answer:
An advanced data modeling and analysis feature.

66. What are Macros?

Answer:
Macros automate repetitive tasks using VBA.

67. What is VBA?

Answer:
Visual Basic for Applications is Microsoft's scripting language for Office automation.

68. What is Workbook Protection?

Answer:
Prevents unauthorized changes to workbooks.

69. What is Worksheet Protection?

Answer:
Restricts editing of specific worksheet areas.

70. What is Data Modeling in Excel?

Answer:
Creating relationships between multiple data tables.

71. What are Named Ranges?

Answer:
Custom names assigned to cell ranges.

Example:

SalesData
EmployeeList

72. What is Co-Authoring?

Answer:
Allows multiple users to edit a document simultaneously.

73. What is Version History?

Answer:
Tracks document changes and previous versions.

74. What is Document Recovery?

Answer:
Restores unsaved documents after crashes.

75. What is Information Rights Management (IRM)?

Answer:
Protects sensitive documents from unauthorized access.

76. What is Advanced Mail Merge?

Answer:
Uses complex data sources and conditional fields.

77. What are PowerPoint Morph Transitions?

Answer:
Create smooth object movement between slides.

78. What is Outlook Cached Exchange Mode?

Answer:
Stores mailbox data locally for improved performance.

79. What are Database Relationships in Access?

Answer:
Connections between tables.

Examples:

• One-to-One
• One-to-Many
• Many-to-Many

80. How can MS Office be secured?

Answer:

• Password Protection
• Encryption
• IRM
• MFA
• Access Controls

81. A Word document's formatting is inconsistent. How would you fix it?

Answer:

• Use Styles
• Clear formatting
• Apply consistent templates

82. A user accidentally deleted part of a document. What would you do?

Answer:

• Undo changes
• Check Version History
• Recover AutoSave versions

83. Excel formulas display errors. How would you troubleshoot?

Answer:

• Verify references
• Check formula syntax
• Review data types

84. A VLOOKUP formula returns incorrect results. What could be wrong?

Answer:

• Incorrect range
• Approximate match enabled
• Data type mismatch

85. A large Excel workbook is slow. How would you improve performance?

Answer:

• Reduce volatile formulas
• Remove unnecessary formatting
• Use efficient formulas
• Optimize Pivot Tables

86. A manager needs a summary from 100,000 rows of data. What would you use?

Answer:
Pivot Tables and Pivot Charts.

87. A presentation looks different on another computer. Why?

Answer:

• Missing fonts
• Missing media files
• Version compatibility issues

88. Users cannot send large attachments through Outlook. What would you recommend?

Answer:
Use OneDrive sharing links instead of attachments.

89. Outlook is repeatedly crashing. How would you troubleshoot?

Answer:

• Disable add-ins
• Repair Office
• Rebuild Outlook profile

90. Emails are not arriving in Inbox. What would you check?

Answer:

• Rules
• Junk folder
• Mailbox quota
• Connectivity

91. A company wants automated monthly reports. Which Office tools would help?

Answer:

• Excel Macros
• Power Query
• VBA Automation

92. How would you create an employee database?

Answer:
Use Microsoft Access with:

• Tables
• Forms
• Queries
• Reports

93. Multiple employees need to work on the same document. What would you use?

Answer:
Co-Authoring through cloud storage.

94. Sensitive financial data must be protected. What measures would you implement?

Answer:

• Password Protection
• Encryption
• IRM
• Access Controls

95. A manager wants a dashboard for sales reporting. Which Excel features would you use?

Answer:

• Pivot Tables
• Charts
• Slicers
• Power Query

96. How would you automate repetitive formatting tasks?

Answer:
Use Macros and VBA.

97. A user accidentally overwrites an important file. What recovery options exist?

Answer:

• Version History
• Backup Copies
• OneDrive Restore

98. How would you prepare a professional board meeting presentation?

Answer:

• Slide Master
• Consistent Theme
• Charts
• Minimal Text
• Presenter Notes

99. Management wants productivity improvements using MS Office. What would you suggest?

Answer:

• Templates
• Automation
• Macros
• Shared Collaboration
• Standardized Reporting

100. If asked to summarize your MS Office expertise during an interview, what should you highlight?

Answer:
Focus on:

• Microsoft Word Documentation
• Advanced Excel Functions
• Pivot Tables & Dashboards
• PowerPoint Presentations
• Outlook Administration
• Access Databases
• VBA & Automation
• Collaboration Features
• Reporting
• Productivity Optimization

1. What is Microsoft Azure?

Answer:
Azure is a cloud computing platform from Microsoft that provides services for computing, storage, networking, databases, security, analytics, and artificial intelligence.

2. What are the main cloud service models?

Answer:

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)

3. What is IaaS?

Answer:
IaaS provides virtualized infrastructure such as servers, storage, and networking managed by the cloud provider.

Example:

• Azure Virtual Machines

4. What is PaaS?

Answer:
PaaS provides a platform for developing and deploying applications without managing underlying infrastructure.

Example:

• Azure App Service

5. What is SaaS?

Answer:
SaaS delivers software applications over the internet.

Example:

• Microsoft 365

6. What is an Azure Subscription?

Answer:
A subscription is a billing and management boundary that contains Azure resources.

7. What is an Azure Resource?

Answer:
Any deployable service in Azure such as:

• Virtual Machine
• Storage Account
• Database
• Virtual Network

8. What is a Resource Group?

Answer:
A Resource Group is a logical container used to manage related Azure resources.

9. What is an Azure Region?

Answer:
A region is a geographic location containing Azure datacenters.

Examples:

• East US
• West Europe
• Central India

10. What is an Availability Zone?

Answer:
Availability Zones are physically separate datacenters within a region that provide high availability.

11. What is Azure Portal?

Answer:
The Azure Portal is a web-based interface used to manage Azure resources.

12. What is Azure CLI?

Answer:
Azure CLI is a command-line tool used for Azure administration and automation.

13. What is Azure PowerShell?

Answer:
A PowerShell module used to manage Azure resources.

14. What is Azure Virtual Machine (VM)?

Answer:
An Azure VM is a scalable cloud-based server.

15. What is Azure Storage?

Answer:
Azure Storage is a cloud storage solution for structured and unstructured data.

16. What are Azure Storage types?

Answer:

• Blob Storage
• File Storage
• Queue Storage
• Table Storage
• Disk Storage

17. What is Blob Storage?

Answer:
Blob Storage stores large amounts of unstructured data such as images, videos, backups, and logs.

18. What is Azure Virtual Network (VNet)?

Answer:
A VNet allows Azure resources to communicate securely with each other and external networks.

19. What is a Subnet?

Answer:
A subnet is a segmented portion of a Virtual Network.

20. What is Azure Active Directory (Microsoft Entra ID)?

Answer:
Microsoft Entra ID is Azure's identity and access management service.

21. What is Azure App Service?

Answer:
A fully managed platform for hosting web applications and APIs.

22. What is Azure SQL Database?

Answer:
A fully managed relational database service based on SQL Server.

23. What is Azure Functions?

Answer:
Azure Functions is a serverless compute service that executes code on demand.

24. What is Azure Monitor?

Answer:
Azure Monitor collects and analyzes performance and operational data.

25. What is Azure Backup?

Answer:
Azure Backup provides centralized cloud backup services.

26. What is Azure Site Recovery (ASR)?

Answer:
ASR provides disaster recovery and business continuity solutions.

27. What is Azure Load Balancer?

Answer:
Distributes traffic across multiple servers.

28. What is Azure Key Vault?

Answer:
Securely stores:

• Secrets
• Passwords
• Keys
• Certificates

29. What is Azure DNS?

Answer:
Azure DNS hosts DNS domains and records in Azure.

30. Why do organizations use Azure?

Answer:

• Scalability
• High Availability
• Security
• Global Reach
• Cost Optimization

31. What is Azure Availability Set?

Answer:
Availability Sets protect applications from hardware and maintenance failures.

32. What is Azure Availability Zone vs Availability Set?

Answer:

33. What is Azure Managed Disk?

Answer:
Managed Disks simplify storage management for Azure VMs.

34. What is Azure Managed Identity?

Answer:
Provides Azure resources with secure identities without storing credentials.

35. What is Azure RBAC?

Answer:
Role-Based Access Control manages permissions based on roles.

36. What are common Azure RBAC roles?

Answer:

• Owner
• Contributor
• Reader
• User Access Administrator

37. What is Azure Network Security Group (NSG)?

Answer:
NSGs control inbound and outbound network traffic.

38. What is Azure Application Gateway?

Answer:
A Layer-7 load balancer with Web Application Firewall support.

39. What is Azure Firewall?

Answer:
A cloud-native firewall service providing centralized network security.

40. What is Azure Bastion?

Answer:
Provides secure RDP and SSH access without exposing public IPs.

41. What is Azure ExpressRoute?

Answer:
A private connection between on-premises environments and Azure.

42. What is Azure VPN Gateway?

Answer:
Provides encrypted connectivity between Azure and external networks.

43. What is Azure Traffic Manager?

Answer:
A DNS-based traffic distribution service.

44. What is Azure Front Door?

Answer:
A global application delivery and acceleration service.

45. What is Azure Storage Account?

Answer:
A container that stores Azure storage services.

46. What is Lifecycle Management in Azure Storage?

Answer:
Automatically moves or deletes data based on rules.

47. What is Azure Logic Apps?

Answer:
A low-code automation platform for workflows and integrations.

48. What is Azure Automation?

Answer:
Automates repetitive administrative tasks.

49. What is Azure DevOps?

Answer:
A suite of tools supporting software development and CI/CD.

50. What is Azure Container Registry (ACR)?

Answer:
Stores and manages Docker container images.

51. What is Azure Kubernetes Service (AKS)?

Answer:
A managed Kubernetes platform.

52. What is Azure Virtual Desktop (AVD)?

Answer:
A cloud-hosted desktop and application virtualization service.

53. What is Azure Policy?

Answer:
Enforces organizational standards and compliance.

54. What is Azure Blueprint?

Answer:
Provides reusable governance and compliance templates.

55. What is Azure Advisor?

Answer:
Offers recommendations for:

• Cost
• Security
• Reliability
• Performance

56. What is Azure Cost Management?

Answer:
Monitors and optimizes Azure spending.

57. What is Azure Log Analytics?

Answer:
A service used for querying and analyzing logs.

58. What is Azure Sentinel?

Answer:
A cloud-native SIEM and SOAR platform.

59. What is Azure Defender?

Answer:
Provides advanced threat protection for Azure workloads.

60. What is Azure Arc?

Answer:
Extends Azure management to on-premises and multi-cloud environments.

61. Explain Azure Landing Zone.

Answer:
A Landing Zone is a preconfigured Azure environment designed according to best practices for governance, security, and networking.

62. What is Azure Resource Manager (ARM)?

Answer:
ARM is Azure's deployment and management framework.

63. What is an ARM Template?

Answer:
Infrastructure-as-Code (IaC) using JSON templates.

64. What is Bicep?

Answer:
A simplified language for deploying Azure resources.

65. What is Azure Service Bus?

Answer:
A cloud messaging service for application integration.

66. What is Azure Event Hub?

Answer:
A big-data streaming platform capable of ingesting millions of events.

67. What is Azure Event Grid?

Answer:
A serverless event routing service.

68. What is Azure Data Factory?

Answer:
A cloud-based ETL and data integration service.

69. What is Azure Synapse Analytics?

Answer:
A unified analytics platform for data warehousing and big data.

70. What is Azure Cosmos DB?

Answer:
A globally distributed NoSQL database service.

71. What consistency models does Cosmos DB support?

Answer:

• Strong
• Bounded Staleness
• Session
• Consistent Prefix
• Eventual

72. What is Azure Availability SLA?

Answer:
Azure provides service uptime guarantees depending on the deployed architecture.

73. What is Geo-Redundant Storage (GRS)?

Answer:
Replicates data to another geographic region.

74. What is Azure Private Endpoint?

Answer:
Provides private access to Azure services through a private IP address.

75. What is Azure Private Link?

Answer:
Connects Azure services privately without traversing the public internet.

76. What is Azure DDoS Protection?

Answer:
Protects Azure resources against distributed denial-of-service attacks.

77. What is Azure Governance?

Answer:
Governance includes:

• RBAC
• Policy
• Cost Management
• Resource Organization

78. What is Azure Well-Architected Framework?

Answer:
A set of best practices based on:

• Reliability
• Security
• Performance Efficiency
• Cost Optimization
• Operational Excellence

79. What is Azure Backup Vault?

Answer:
A centralized repository for backup management.

80. How would you secure an Azure environment?

Answer:

• RBAC
• MFA
• Conditional Access
• Key Vault
• NSGs
• Private Endpoints
• Defender for Cloud 

81. A VM is inaccessible through RDP. How would you troubleshoot?

Answer:

• Check NSG rules
• Verify VM status
• Review firewall settings
• Use Azure Bastion

82. Users report slow application performance. What would you investigate?

Answer:

• CPU utilization
• Memory consumption
• Network latency
• Application Insights

83. A storage account is nearing capacity. What actions would you take?

Answer:

• Enable lifecycle management
• Archive old data
• Expand storage strategy

84. A company wants disaster recovery for critical workloads. What Azure service would you recommend?

Answer:
Azure Site Recovery.

85. A developer accidentally deletes a VM. How can recovery be improved?

Answer:

• Azure Backup
• Recovery Services Vault
• Resource Locks

86. How would you connect an on-premises datacenter to Azure securely?

Answer:

• VPN Gateway
• ExpressRoute

87. A web application experiences traffic spikes. What Azure services help?

Answer:

• Load Balancer
• Application Gateway
• Autoscaling

88. A company wants passwordless authentication. What would you implement?

Answer:

• Microsoft Authenticator
• FIDO2 Security Keys
• Windows Hello for Business

89. Sensitive secrets are stored in application code. What would you recommend?

Answer:
Store secrets in Azure Key Vault and use Managed Identities.

90. How would you reduce Azure costs?

Answer:

• Reserved Instances
• Rightsizing
• Auto Shutdown
• Cost Management Reports

91. A security audit reveals excessive permissions. What would you do?

Answer:

• Review RBAC assignments
• Implement least privilege
• Use PIM

92. A company requires high availability across regions. How would you design it?

Answer:

• Availability Zones
• Geo-replication
• Traffic Manager
• Front Door

93. Multiple applications need centralized logging. Which services would you use?

Answer:

• Azure Monitor
• Log Analytics
• Application Insights

94. A Kubernetes cluster must be deployed quickly. What Azure service is best?

Answer:
Azure Kubernetes Service (AKS).

95. How would you migrate on-premises servers to Azure?

Answer:

1. Assess environment.
2. Use Azure Migrate.
3. Test migration.
4. Execute migration.
5. Validate workloads.

96. Users are accessing storage accounts over the public internet. How would you secure access?

Answer:

• Private Endpoints
• NSG Controls
• Firewall Restrictions

97. A company wants governance controls across all subscriptions. What Azure features help?

Answer:

• Management Groups
• Azure Policy
• RBAC
• Blueprints

98. A database requires global low-latency access. What service would you choose?

Answer:
Azure Cosmos DB because of its global distribution capabilities.

99. How would you prepare Azure for a compliance audit?

Answer:

• Review Security Center recommendations
• Validate Policies
• Audit RBAC
• Export Compliance Reports

100. If asked to summarize your Azure experience during an interview, what should you highlight?

Answer:
Focus on:

• Azure Virtual Machines
• Networking (VNet, NSG, VPN, ExpressRoute)
• Storage Solutions
• Azure Entra ID
• RBAC & Security
• Backup & Disaster Recovery
• Azure Monitor & Log Analytics
• Azure App Services
• AKS & Containers
• Azure Governance & Cost Optimization