Bird
Raised Fist0
Azurecloud~20 mins

Azure Container Registry (ACR) - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Azure Container Registry Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
How does Azure Container Registry handle image versioning?

Azure Container Registry (ACR) stores container images with tags. What happens when you push a new image with the same tag as an existing image?

AThe push operation fails with an error about duplicate tags.
BThe registry keeps both images and automatically creates a new unique tag for the new image.
CThe registry archives the old image and disables the tag until manually restored.
DThe new image overwrites the existing image with that tag in the registry.
Attempts:
2 left
💡 Hint

Think about how tags work in container registries as pointers to images.

Architecture
intermediate
2:00remaining
Which Azure service is best to securely build container images integrated with Azure Container Registry?

You want to automate building container images and push them to Azure Container Registry securely without managing build servers. Which Azure service should you use?

AAzure Container Registry Tasks
BAzure DevOps Pipelines
CAzure Container Instances
DAzure Kubernetes Service
Attempts:
2 left
💡 Hint

Look for a service that integrates directly with ACR for building images.

security
advanced
2:00remaining
What is the effect of enabling Azure Defender for Container Registries on your ACR?

After enabling Azure Defender for Container Registries on your Azure Container Registry, what security feature is added?

AEncryption of container images at rest using customer-managed keys only.
BAutomatic vulnerability scanning of container images pushed to the registry.
CBlocking all anonymous pull requests to the registry.
DAutomatic rollback of images detected with vulnerabilities.
Attempts:
2 left
💡 Hint

Think about what Azure Defender adds to container registries.

Best Practice
advanced
2:00remaining
Which is the recommended way to restrict access to an Azure Container Registry from specific Azure Virtual Networks?

You want to limit access to your Azure Container Registry so only resources inside certain Azure Virtual Networks can pull or push images. What is the best practice to achieve this?

AUse Azure Private Link to create private endpoints for the registry inside the allowed Virtual Networks.
BUse Azure Role-Based Access Control (RBAC) to restrict access to the registry.
CConfigure network security groups (NSGs) on the ACR subnet to allow only specific IPs.
DEnable the firewall on the ACR and add the allowed Virtual Network subnets to the firewall rules.
Attempts:
2 left
💡 Hint

Consider how to securely connect PaaS services privately inside your network.

🧠 Conceptual
expert
2:00remaining
What happens if you delete an Azure Container Registry resource in Azure Portal?

You delete your Azure Container Registry resource from the Azure Portal. What is the immediate effect on the container images stored inside?

AThe registry is disabled but images remain stored and accessible until manually purged.
BThe registry is soft-deleted and images remain accessible for 30 days before permanent deletion.
CAll container images and metadata stored in the registry are permanently deleted immediately.
DThe registry is archived and images become read-only until restored.
Attempts:
2 left
💡 Hint

Think about resource deletion behavior in Azure for PaaS services like ACR.

Practice

(1/5)
1. What is the main purpose of Azure Container Registry (ACR)?
easy
A. To securely store and manage container images in Azure
B. To create virtual machines in Azure
C. To monitor network traffic in Azure
D. To manage Azure user permissions

Solution

  1. Step 1: Understand what ACR is designed for

    Azure Container Registry is a service to store container images securely in Azure.

  2. Step 2: Compare options with ACR's purpose

    Only To securely store and manage container images in Azure describes storing and managing container images, which matches ACR's main use.

  3. Final Answer:

    To securely store and manage container images in Azure -> Option A

  4. Quick Check:

    ACR purpose = store container images [OK]
Hint: ACR is for container images, not VMs or users [OK]
Common Mistakes:
  • Confusing ACR with Azure VM services
  • Thinking ACR manages user permissions
  • Assuming ACR monitors network traffic
2. Which of the following is the correct Azure CLI command to create an Azure Container Registry named myRegistry in resource group myGroup with the Basic SKU?
easy
A. az acr new --group myGroup --registry myRegistry --tier Basic
B. az acr create --resource-group myGroup --registry-name myRegistry --sku Basic
C. az container registry create --group myGroup --name myRegistry --sku Basic
D. az acr create --resource-group myGroup --name myRegistry --sku Basic

Solution

  1. Step 1: Recall the correct Azure CLI syntax for ACR creation

    The correct command uses az acr create with parameters --resource-group, --name, and --sku.

  2. Step 2: Match options to correct syntax

    az acr create --resource-group myGroup --name myRegistry --sku Basic matches the exact syntax. Options A, C, and D use incorrect commands or parameter names.

  3. Final Answer:

    az acr create --resource-group myGroup --name myRegistry --sku Basic -> Option D

  4. Quick Check:

    Correct CLI syntax = az acr create --resource-group myGroup --name myRegistry --sku Basic [OK]
Hint: Use 'az acr create' with --resource-group and --name [OK]
Common Mistakes:
  • Using wrong command like 'az acr new'
  • Incorrect parameter names like --registry-name
  • Confusing 'az container registry' with 'az acr'
3. Given this Azure CLI command sequence, what will be the output of the last command?
az acr create --resource-group myGroup --name myRegistry --sku Standard
az acr login --name myRegistry
az acr repository list --name myRegistry --output json
medium
A. A JSON list of repositories stored in myRegistry, initially empty
B. An error saying the registry does not exist
C. A list of running containers in myRegistry
D. A JSON list of all Azure resource groups

Solution

  1. Step 1: Understand the commands run

    The first command creates the registry. The second logs into it. The third lists repositories in JSON format.

  2. Step 2: Predict output of repository list on new registry

    Since the registry is new, it has no repositories yet, so the output is an empty JSON list.

  3. Final Answer:

    A JSON list of repositories stored in myRegistry, initially empty -> Option A

  4. Quick Check:

    New registry repo list = empty JSON list [OK]
Hint: New ACR has empty repo list JSON output [OK]
Common Mistakes:
  • Expecting error when registry exists
  • Confusing repositories with running containers
  • Thinking it lists resource groups
4. You run this command but get an error:
az acr create --resource-group myGroup --name myRegistry --sku Basic --location eastus

What is the most likely cause of the error?
medium
A. The command syntax is incorrect
B. The SKU Basic is not supported in eastus
C. The resource group myGroup does not exist
D. The registry name myRegistry is already in use globally

Solution

  1. Step 1: Check command syntax and parameters

    The syntax is correct and Basic SKU is supported in eastus.

  2. Step 2: Identify common causes of creation errors

    If the resource group does not exist, creation fails with an error.

  3. Final Answer:

    The resource group myGroup does not exist -> Option C

  4. Quick Check:

    Missing resource group causes create error [OK]
Hint: Ensure resource group exists before creating ACR [OK]
Common Mistakes:
  • Assuming SKU is unsupported without checking
  • Ignoring resource group existence
  • Thinking registry name conflict causes this error
5. You want to speed up your app deployment by sharing container images across multiple Azure regions. Which ACR feature should you enable to replicate your registry automatically to other regions?
hard
A. Configure Azure Traffic Manager for your registry
B. Enable geo-replication on your Azure Container Registry
C. Use Azure Blob Storage replication instead
D. Create multiple separate registries manually in each region

Solution

  1. Step 1: Understand the need for multi-region image availability

    To share images across regions and speed deployment, the registry must replicate images automatically.

  2. Step 2: Identify ACR feature for automatic replication

    Geo-replication is the ACR feature that replicates container images across regions automatically.

  3. Step 3: Evaluate other options

    Creating registries manually is manual and error-prone. Blob Storage replication is unrelated to container images. Traffic Manager manages traffic, not image replication.

  4. Final Answer:

    Enable geo-replication on your Azure Container Registry -> Option B

  5. Quick Check:

    Multi-region image sharing = geo-replication [OK]
Hint: Use geo-replication to sync images across regions [OK]
Common Mistakes:
  • Manually creating registries instead of replicating
  • Confusing storage replication with ACR replication
  • Using Traffic Manager for image replication