AZ-500 Notes while reading
From "Mastering Azure Security" :
If you use imperative scripting languages such as PowerShell to deploy resources, you need to explicitly describe what needs to be done IN ORDER. With declarative languages such as ARM templates or Terraform, you only have to describe what resources have to be deployed.
I can see this as a piece of a question. They could give you a PowerShell script with something out of order and ask if it will produce the intended results. Or they could describe using Terraform and list the things out of order and ask if it would produce the intended results.
One thing about reading material when you're studying for a test. Look for things like this that could be turned into questions (and then review practice questions).
Something random... Built-in roles that can create or delete management locks -- Owner and User Access Administrator are the only ones granted that permission. Of course, you can create a custom role and give it appropriate permissions. But out of the BUILT-IN roles... Owner makes sense. In my mind it equates to "superuser" or root. These are "management locks" and can be Delete or Read Only. Delete means no one can delete resources (until the lock is removed). Read only locks make sure that only authorized users can read a resource, but cannot modify nor delete it (until the lock is removed). I'll have to think on this for a while and find a way to relate the name of the role to the function (so it makes sense).
