Az-104

Question 1

This expresses what to evaluate and what action to take.

Answer 1

Policy Definition

Question 2

What tool allows you to capture packet data from the Azure services you use, help you understand the flow of data in network traffic patterns, and troubleshoot network-related problems?

Answer 2

Azure Network Watcher

Question 3

Which service is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters, hosted on Azure Kubernetes Service (AKS)? It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected.

Answer 3

Azure Monitor for Containers

Question 4

A a set or group of policy definitions to help track your compliance state for a larger goal.

Answer 4

Initiative Definition

Question 5

What records when resources are created or modified and has metrics to tell you how the resource is performing and the resources that it’s consuming?

Answer 5

Activity Logs

Question 6

What is the cloud-based identity management solution that helps your company’s internal users to access internal and external resources while keeping your user identities and applications safe?

Answer 6

Azure AD

Question 7

What represents an organization, and is where Azure AD stores your users?

Answer 7

Tenant

Question 8

What is the PowerShell Command to create New Azure VMs?

Answer 8

New-AzVM

Question 9

What reports on service problems that affect a broad set of Azure customers, and gives up to the minute information on service availability?

Answer 9

Azure Status

Question 10

What provides you with a customizable dashboard that tracks the state of your Azure services in the regions where you use them and can be used to create and manage service health alerts?

Answer 10

Service Health

Question 11

What is the score that reveals how effective your security is and gives an overall value between 1 and 223 that represents how well you match the recommendations and best practices that Microsoft suggests for tenant security?

Answer 11

Identity secure score in Azure AD

Question 12

What allows users to have the same credentials to access resources and applications both on-premises and in the cloud because the user’s password is hashed twice and synchronized between the on-premises Active Directory and Azure AD?

Answer 12

Azure AD password hash synchronization (PHS)

Question 13

What does PHS stand for?

Answer 13

Password Hash Synchronization

Question 14

What is Windows default authentication protocol that can be used across different operating systems?

Answer 14

Kerberos

Question 15

What allows an Azure AD user account to authenticate to on-premsies servers and Active Directory by way of an installed agent?

Answer 15

Azure AD pass-through authentication (PTA)

Question 16

What does PTA stand for?

Answer 16

Pass-Through Authentication

Question 17

What authentication method allows you to use advanced measures like smart card-based authentication for users?

Answer 17

Federated Authentication

Question 18

What does AD FS stand for?

Answer 18

Active Directory Federation Services

Question 19

What allows federates authentication?

Answer 19

The authentication process is performed by an on-premises Active Directory Federation Services (AD FS) server that validates users’ passwords.

Question 20

This is a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Microsoft 365, Dynamics 365, and Azure

Answer 20

Compliance Manager

Question 21

What does Azure Active Directory Premium P1 give you in addition to the features of the free tier?

Answer 21

• Users can access on-prem and cloud-based services and resources
• Use of self-service group management or dynamic groups, which adds and removes users automatically based on your criteria
• Supports on-prem identity management suites like Microsoft Identity Manager
• Self-service password reset is also supported to on-prem users

Question 22

What does Azure Active Directory Premium P2 give you in addition to the features of the free and P1 tiers?

Answer 22

• Active Directory Identity Protection

- Privileged Identity Management

Question 23

This feature helps you configure risk-based conditional access to protect applications from identity risks. You can also monitor and put detailed restrictions on administrators.

Answer 23

Active Directory Identity Protection

Question 24

Something that has to be identified and authenticated.

Answer 24

Identity

Question 25

These are containers for managing access, policies, and compliance across multiple Azure subscriptions.

They provide a further level of classification that is above the level of subscriptions by allowing you to order your Azure resources hierarchically into collections. They give you enterprise-grade management at a large scale.

Answer 25

Azure Management Groups

Question 26

What lets you monitor and put detailed restrictions on administrators?

Answer 26

Privileged Identity Management

Question 27

What helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on?

Answer 27

Azure Monitor

Question 28

What do you use to securely authenticate the user through their preferred identity provider, as well as to manage your customers’ identities and access?

Answer 28

Azure AD B2C

Question 29

What lets you add virtual machines to a domain without needing domain controllers?

Answer 29

Azure AD DS

Question 30

What require users to pass additional authentication challenges before they access an app?

Answer 30

Conditional-Access Policies

Question 31

What expresses what to evaluate and what action to take?

Answer 31

Policy Definition

Question 32

What service monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes)

Answer 32

Azure Monitor for VMs

Question 33

What is the logical feature used to ensure that a group of related VMs are deployed so that they aren’t all subject to a single point of failure and not all upgraded at the same time during a host operating system upgrade in the datacenter. These VMs should perform an identical set of functionalities and have the same software installed.

Answer 33

Availability Set

Question 34

What helps you to automatically detect, investigate, and remediate identity risks for users? It also lets you export all the information that was collected about risks to third-party tools and solutions so that you can further analyze it.

Answer 34

Azure AD Identity Protection

Question 35

What is the workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services?

Answer 35

Compliance Manager

Question 36

What allows you to collaborate with external users by inviting them to your Azure AD tenant?

Answer 36

Azure AD B2B

Question 37

What is a logical group of hardware in Azure that shares a common power source and network switch?

Answer 37

A Fault Domain

Question 38

What is the command to create a VM in Azure using CLI?

Answer 38

az vm create

Question 39

What allows you to manage your customers’ identities and access, giving them protected access to resources and services?

Answer 39

Azure AD B2C

Question 40

What is a loosely isolated environment that allows us to build and run software packages?

These software packages include the code and all dependencies to run applications quickly and reliably on any computing environment.

Answer 40

Container

Question 41

What is the containerization platform used to develop, ship, and run containers

Answer 41

Docker

Question 42

What are containers for managing access, policies, and compliance across multiple Azure subscriptions

Answer 42

Azure Management Groups

Question 43

What is a set or group of policy definitions to help track your compliance state for a larger goal?

Answer 43

Initiative Definition

Question 44

What is the process that creates secure remote access for your on-premises apps?

Answer 44

Azure AD Application Proxy

Question 45

What does Azure AD DS stand for?

Answer 45

Azure Active Directory Domain Services

Question 46

What is the Azure service endpoint that support sets of HTTP operations (methods), which provide create, retrieve, update, or delete access to the service’s resources?

Answer 46

Azure REST API

Question 47

What allows you to organize resources into named resource groups that let you deploy, update, or delete all of the resources together and also allows you to create templates, which can be used to create and deploy specific configurations?

Answer 47

Azure Resource Manager

Question 48

What consists of several components configured as a client-server implementation where the client and server run simultaneously on the same host and the client communicates with the server using a REST API, which allows the client to also communicate with a remote server instance

Answer 48

Docker Engine

Question 49

What responds to requests from the client via a REST API and can interact with other daemons and is also responsible for tracking the lifecycle of our containers?

Answer 49

Docker server/Dockerd daemon

Question 50

What is a computer program that runs as a background process, rather than being under the direct control of an interactive user?

Answer 50

daemon

Question 51

What are the networks, storage volumes, plugins, and other service objects that you’ll create and configure to support your container deployments?

Answer 51

Docker objects

Question 52

What is the Docker server?

Answer 52

a daemon named dockerd

Question 53

What is the Software-as-a-Service (SaaS) Docker container registry that we use to store and distribute the container images we create?

Answer 53

Docker Hub

Question 54

What a central location in which data is stored and managed?

Answer 54

Repository

Question 55

What makes it possible for development teams to rapidly build and deploy new environments with the trust they’re building within organizational compliance using a set of built-in components, such as networking, to speed up development and delivery?

Answer 55

Azure Blueprints

Question 56

What is a secure point-to-point service that uses a third-party connectivity partner to provide and host circuits on your behalf?

Answer 56

ExpressRoute

Question 57

What does Unionfs stand for?

Answer 57

Stackable Unification File System

Question 58

What is the file system used to create Docker images?

Answer 58

Unionfs

Question 59

What file system allows you to stack several directories, called branches, in such a way that it appears as if the content is merged but the content is physically kept separate and allows you to add and remove branches as you build out your file system?

Answer 59

Unionfs

Question 60

What service protects your physical or virtual machines in case of failure no matter where they reside: on-premises or in the cloud

Answer 60

Azure Backup

Question 61

What is an image that uses the Docker scratch image?

Answer 61

Base Image

Question 62

What is an empty container image that doesn’t create a filesystem layer and assumes that the application you’re going to run can directly use the host OS kernel?

Answer 62

Scratch Image

Question 63

What is the container image from which you create your images called?

Answer 63

Parent Image

Question 64

What is the name for data that adheres to a strict schema, so all of the data has the same fields or properties?

Answer 64

Structured/Relational Data

Question 65

What is the name of data where the fields do not neatly fit into tables, rows, and columns so it contains tags that make the organization and hierarchy of the data apparent?

Answer 65

Semi-Structured Data

Question 66

What is a logical group of database operations that execute together?

Answer 66

A Transaction

Question 67

What kind of database supports semi-structured data, or NoSQL data, by design?

Answer 67

Azure Cosmos DB

Question 68

What are small applications that allow you to configure and automate tasks on Azure VMs after initial deployment?

Answer 68

Azure VM Extensions

Question 69

What do you get with the Azure Active Directory Free tier?

Answer 69

• Manage users and groups
• On-premises AD synchronization
• Self-service password reset for Azure AD users (not on-prem AD)
• Basic reports
• Single sign on for Microsoft 365, Azure Services, and many third-party SaaS applications

Question 70

What is the value between 1 and 223 given by Azure AD that reveals how effective your security is by showing how well you match the recommendations and best practices that Microsoft suggests for tenant security?

Answer 70

Identity Secure Score

Question 71

What are the JSON files that define the resources you need to deploy for your solution called?

Answer 71

Resource Manager Templates

Question 72

What are the advantages of using Azure Backup?

Answer 72

1. Unlimited data transfer
2. Data encryption
3. Application-consistent backups
4. Long-term retention
5. Automatic storage management
6. High availability due to unlimited scaling
7. Multiple storage options: locally redundant vs geo-redundant storage
8. Pay-as-you-use model

Question 73

What is the name given to a recovery point that has all required data to restore the backup copy?

Answer 73

Application-Consistent Backup

Question 74

What is a backup as a service offering that protects physical or virtual machines no matter where they reside: on-premises or in the cloud through the use of Azure Recovery Services?

Answer 74

Azure Backup

Question 75

What is a storage entity in Azure that houses data which is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations?

Answer 75

Azure Recovery Services Vault

Question 76

What replicates workloads from a primary site to a secondary location, so in the case of an outage at your primary site, you can fail over to a secondary location?

Answer 76

Azure Site Recovery

Question 77

What are the benefits of Azure Site Recovery?

Answer 77

1. Uses Azure as your recovery site, eliminating the cost and complexity of maintaining a secondary physical data center
2. Makes it incredibly simple to test failovers for recovery drills without impacting your production environments

Question 78

What is the reference architecture where (usually) an Azure virtual network acts as a central connection point between the cloud and on-premises network?

Answer 78

Azure Hub-Spoke

Question 79

What is used to capture packet data from the Azure services you use, help you understand the flow of data in network traffic patterns, and troubleshoot network-related problems on your network?

Answer 79

Azure Network Watcher

Question 80

What is an architecture where multiple tenants share the same physical instance of the app, and although tenants share physical resources (such as VMs or storage), each tenant gets its own logical instance of the app?

Answer 80

Azure Multi-Tenant

Question 81

What is a domain that you customize for your Azure AD directory?

Answer 81

Custom Domain

Question 82

What role do you use to manage all resources in Azure, including the access levels that users need for resources?

Answer 82

Owner Role

Question 83

What role gives you access to all administrative capabilities in Azure AD and is automatically granted to the creator of a tenant?

Answer 83

Global Administrator

Question 84

What provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication?

• These Azure services remove the need to deploy, manage, and patch domain controllers (DCs) in the cloud

Answer 84

Azure AD DS

Question 85

What does Azure AD DS stand for?

Answer 85

Azure Active Directory Domain Services

Question 86

What require users to pass additional authentication challenges, such as multi-factor authentication, before they access an app?

Answer 86

Conditional-Access Policies

Question 87

What notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime, and allows you to configure customizable cloud alerts and use your personalized dashboard to analyze health issues?

Answer 87

Azure Service Health

Question 88

What helps you diagnose and get support for service problems that affect your Azure resources and reports on the current and past health of your resources?

Answer 88

Azure Resource Health

Question 89

Is RBAC or Azure Policy default allow and explicit deny?

Answer 89

Azure Policy

Question 90

What allows users to be added and removed from groups automatically based on your criteria?

Answer 90

Dynamic Groups

Question 91

In Azure AD what allows users elevated access to control who is allowed to do what?

Answer 91

Administrator roles

Question 92

What are the Powershell and Azure CLI commands for creating a new user in Azure AD?

Answer 92

PS - New-AzureADUser

CLI - az ad user create

Question 93

What Azure AD role allows you to create and modify users in Azure AD?

Answer 93

User Administrator

Question 94

What type of account does a native member of the Azure AD organization that has a set of default permissions like being able to manage their profile information have?

Answer 94

Member User Account

Question 95

What type of account has restricted Azure AD organization permissions and is given to someone invited to collaborate with your organization?7

Answer 95

Guest Users Account

Question 96

When a user is deleted, how long does the account remain in a suspended state that allows the user to be restored?

Answer 96

30 days

Question 97

What are the PowerShell and Azure CLI commands for creating a new user in Azure?

Answer 97

PS - New-AzureADUser

CLI - az ad user create

Question 98

What is used to manage Azure AD-related resources like users, groups, billing, licensing, application registration and more?

Answer 98

Azure AD Roles

Question 99

What is used to manage access to Azure resources like virtual machines, SQL databases, or storage?

Answer 99

RBAC Roles

Question 100

What is assigning a user the required access rights by directly assigning a role that has those access rights?

Answer 100

Direct Assignment

Question 101

What is assigning a group the required access rights, and members of the group will inherit those rights?

Answer 101

Group Assignment

Question 102

What is using rules to determine a group membership based on user or device properties?

Answer 102

Rule-Based Assignment

Question 103

What is Microsoft’s cloud-based identity and access management service which provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks?

Answer 103

Azure AD

Question 104

What represents the organization and the default directory assigned to it?

Answer 104

Tenant

Question 105

What service allows you to synchronize a traditional Active Directory with your Azure AD instance?

Answer 105

Azure AD Connect

Question 106

How do most enterprises add users to their Azure directory?

Answer 106

Azure AD Connect

Question 107

Why do most Enterprises sync their on-premises Active Directory to Azure AD?

Answer 107

So their users can use single-sign-on (SSO) to access local and cloud-based resources

Question 108

How do you manually add new users to your directory in Azure?

Answer 108

You can manually add new users through the Azure portal, but you need to be in the User Administrator role to perform this function

Question 109

What groups provide collaboration opportunities by giving members access to a shared mailbox, calendar, files, SharePoint site, and more?

Answer 109

Microsoft 365 Groups

Question 110

Which role has full access to all resources, including the right to delegate access to others?

Answer 110

Owner Role

Question 111

Which role can create and manage all types of Azure resources but can’t grant access to others?

Answer 111

Contributor Role

Question 112

Which role can only view existing Azure resources?

Answer 112

Reader Role

Question 113

How data operations are specified, either with or separately from management operations, preventing current role assignments with wildcards (*) from suddenly having access to data.

Answer 113

DataActions and NotDataActions Properties

Question 114

What tier of Azure AD is required for custom role creation?

Answer 114

Azure AD Premium P1 or P2

Question 115

What is the free tool you can download and install to synchronize your local AD with your Azure directory?

Answer 115

Azure AD Connect

Question 116

What component is responsible for creating users, groups, and other objects, and also makes sure that identity information for your on-premises users and groups matches that in the cloud?

Answer 116

Azure AD Connect

Question 117

What’s included in Azure AD Connect?

Answer 117

1. Syncing your on-Premises AD to your Azure AD
2. Health Monitoring
3. Active Directory Federation Services (AD FS)
4. Password hash synchronization
5. Pass-through authentication

Question 118

What can be used to address complex deployments, such as domain join SSO, enforcement of the Active Directory sign-in policy, and smart card or third-party multi-factor authentication?

Answer 118

AD Federation Services (AD FS)

Question 119

What feature is a sign-in method that synchronizes a hash of a user’s on-premises Active Directory password with Azure AD?

Answer 119

Password Hash Synchronization

Question 120

What allows users to sign in to both on-premises and cloud-based applications using the same passwords and allows organizations to enforce their security and password complexity policies?

Answer 120

Pass-Through Authentication

Question 121

What role can manage access to Azure resources?

Answer 121

User Access Administrator Role

Question 122

What are the RBAC roles?

Answer 122

1. Owner
2. Contributor
3. Reader
4. User Access Administrator

Question 123

What Azure AD tier is required for the use of Dynamic User Membership?

Answer 123

Azure AD Premium P1 or P2

Question 124

What are the Azure AD Roles?

Answer 124

1. Global Administrator
2. User Administrator
3. Billing Administrator

Question 125

What are the different Azure scope levels?

Answer 125

1. Management Group
2. Subscription
3. Resource Group
4. Resource

Question 126

What are the different ways to access Azure role information?

Answer 126

1. Azure Portal
2. Command Line - PowerShell or Azure CLI
3. Azure Resource Manager Templates
4. REST API

Question 127

What is the logical container for anything you create in an Azure subscription like virtual machines, Application Gateways, and CosmosDB instances?

Answer 127

Resource Groups

Question 128

What provides fine-grained access management for Azure resources, enabling you to grant users the specific rights they need to perform their jobs?

Answer 128

RBAC - Role Based Access Control

Question 129

What tier of Azure AD grants you access to use the RBAC service?

Answer 129

RBAC is considered a core service and is included with all subscription levels at no cost

Question 130

How does RBAC defines access?

Answer 130

RBAC uses an allow model for access. When you are assigned to a role, RBAC allows you to perform specific actions, such as read, write, or delete. Therefore, if one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, you will have both read and write permissions on that resource group.

Question 131

What is a setting that can be applied to any resource to block modification or deletion?

Answer 131

Resource Locks

Question 132

What are the different types of resource locks?

Answer 132

1. Delete - will allow all operations against the resource but block the ability to delete it
2. Read-Only - will only allow read activities to be performed against it, blocking any modification or deletion of the resource

Question 133

What can resource locks be applied to?

Answer 133

1. Subscriptions
2. Resource Groups
3. Individual Resources

Question 134

How many Azure AD directories can a subscription be associated with?

Answer 134

1

Question 135

How many subscriptions can an Azure AD directory be associated with?

Answer 135

Many

Question 136

What is the authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure, allowing you to grant the exact access that users need for their jobs?

Answer 136

RBAC (Role-Based Access Control)

Question 137

What are the possible scopes of a role assignment?

Answer 137

1. Subscription
2. Resource Group
3. Single Resource

Question 138

What is the name for a user, group or application that you want to grant access to?

Answer 138

Security Principal

Question 139

What component of Azure AD Connect is responsible for creating users, groups, and other objects, and making sure that identity information for your on-premises users and groups matches that in the cloud?

Answer 139

Sync Services

Question 140

What is a collection of permissions that lists the permissions that can be performed, such as read, write, and delete?

Answer 140

Role or Role Definition

Question 141

What role has full access to all resources, including the right to delegate access to others?

Answer 141

Owner

Question 142

What role can create and manage all types of Azure resources, but can’t grant access to others?

Answer 142

Contributor

Question 143

What role can view existing Azure resources?

Answer 143

Reader

Question 144

What role lets you manage user access to Azure resources?

Answer 144

User Access Administrator

Question 145

What is the process of binding a role to a security principal at a particular scope, for the purpose of granting access?

Answer 145

Role Assignment

Question 146

What countries are in Azure Billing Zone 1?

Answer 146

United States, US Government, Europe, Canada, UK, France, Switzerland

Question 147

What countries are in Azure Billing Zone 2?

Answer 147

East Asia, Southeast Asia, Japan, Australia, India, Korea

Question 148

What countries are in Azure Billing Zone 3?

Answer 148

Brazil, South Africa, UAE

Question 149

What countries are in Azure Billing DE Zone 1?

Answer 149

Germany

Question 150

What is the free service built into Azure that provides recommendations on high availability, security, performance, operational excellence, and cost by analyzing your deployed services and looking for ways to improve your environment across each of these areas

Answer 150

Azure Advisor

Question 151

What built-in Azure tool can be used to gain greater insights into where your cloud money is going by showing you historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set?

Answer 151

Azure Cost Management

Question 152

What built-in Azure tool allows you to set budgets, schedule reports, and analyze your cost areas?

Answer 152

Azure Cost Management

Question 153

Which Azure tool might help you consider purchase and licensing optimizations or infrastructure deployment changes based on your findings?

Answer 153

Cost Analysis Tool

Question 154

What does Azure Advisor provide recommendations on?

Answer 154

1. High availability
2. Security
3. Performance
4. Operational excellence
5. Cost

Question 155

What Azure Resources can be moved?

Answer 155

1. Azure storage accounts
2. Azure virtual machines
3. Azure virtual networks

Question 156

What Azure resources can not be moved?

Answer 156

1. Azure Active Directory domain services
2. Azure Backup vaults
3. Azure App Service gateways

Question 157

What are some important factors to consider when moving virtual machines in Azure?

Answer 157

If you want to move a virtual machine, all of its dependents must go with it.

You can’t move virtual machines with certificates in Azure Key Vault between subscriptions.

You can’t move virtual machine scale sets with standard load balancers or a standard public IP.

You can’t move any managed disks that are in availability zones to different subscriptions.

Question 158

What are some important factors to consider when moving networking resources in Azure?

Answer 158

When moving a virtual network, you must also move its dependent resources

For VPN Gateways, you must move IP addresses, virtual network gateways, and all associated connection resources

Local network gateways can be in a different resource group

Question 159

What else must be moved when moving a virtual machine with a network interface card?

Answer 159

1. All dependent resources
2. The virtual network for the network interface card
3. All other network interface cards for the virtual network
4. The VPN gateways

Question 160

Does the location of the resource change when being moved?

Answer 160

No, if you have a storage account in the East US region, and you move it to another resource group, it keeps its East US region location.

Question 161

How do you move a peered virtual network?

Answer 161

To move a peered virtual network, you must first disable the virtual network peering. Once disabled, you can move the virtual network. After the move, reenable the virtual network peering.

Question 162

What do you need to know about how subnet links affect moving resources?

Answer 162

You can’t move a virtual network to a different subscription if the virtual network contains a subnet with resource navigation links.

Question 163

What should you do before attempting to move a resource?

Answer 163

You should test whether it will be successful by calling the validate move operation from the Azure REST API.

Question 164

What helps you control the devices that you add to your organization’s Azure AD instance?

Answer 164

Device identity in Azure AD

Question 165

What allows you to “Bring Your Own Device” where security is typically provided from a password, a PIN, a pattern, or Windows Hello?

Answer 165

Azure AD Registered

Question 166

What allows users to access your cloud-based Azure AD instance through their work account on devices owned by your organization?

Answer 166

Azure AD Joined

Question 167

What allows users access to an organization’s on-premises and cloud resources, where the users devices and Azure AD accounts belong to that organization?

Answer 167

Hybrid Azure AD Joined

Question 168

What uses data from sources known as signals, validates them against a user-definable rule base, and chooses the best outcome to enforce your organization’s security policies?

Answer 168

Conditional Access in Azure AD

Question 169

What allows you to join devices to your Azure Active Directory organization without needing to sync with an on-premises Active Directory instance?

Answer 169

Azure AD Join

Question 170

What devices does Azure AD Join work with?

Answer 170

Windows 10 or Windows Server 2019 devices

Question 171

What type of environment uses pass-through authentication or password hash sync to provide single sign-on (SSO) to your devices?

Answer 171

Managed Environment

Question 172

What type of environments require the use of an identity provider that must support the WS-Trust and WS-Fed protocols for Azure AD join to work natively with Windows devices?

Answer 172

Federated Environments

Question 173

What two protocols must be supported by the identity provider for Azure AD join to work natively with Windows devices?

Answer 173

1. WS-Fed is required to join a device to Azure AD.

2. WS-Trust is needed to sign in to an Azure AD joined device.

Question 174

What authentication methods aren’t valid ways to join devices to Azure AD, but can be used to sign in to Azure AD joined devices, if you have Active Directory Federation Services configured?

Answer 174

Smart Cards and Certificate-Based Authentication

Question 175

What additional setup step is required when using manual user configuration to create users in your on-premises Active Directory instance?

Answer 175

You need to synchronize the accounts to Azure AD by using Azure AD Connect.

Question 176

What provides a means to enforce organization-required configurations like requiring storage to be encrypted, password complexity, software installations, and software updates?

Answer 176

Device Management and/or Mobile Device Management (MDM)

Question 177

What are the two approaches to Azure AD joined devices?

Answer 177

1. MDM Only

2. Co-Management

Question 178

What is the Azure AD join approach where all joined devices are managed exclusively through a provider, like Intune?

Answer 178

MDM Only Approach

Question 179

What is the Azure AD join approach where all joined devices use a combination of a locally installed System Center Configuration Manager agent and your MDM provider to manage devices?

Answer 179

Co-Management Approach

Question 180

What needs to be done to grant access to on-premises web applications?

Answer 180

Each user needs to add the app to their trusted sites or intranet zone, depending on where the app exists.

Question 181

What two groups can the Azure Data Box family be divided into?

Answer 181

1. Offline data transfer

2. Online data transfer

Question 182

What allows you to move large amounts of data to Azure whenever you have time, network bandwidth, or cost constraints so you don’t tie up your organization’s network bandwidth while shifting the vehicle data to Azure?

Answer 182

Offline Data Transfer

Question 183

Which offline data transfer option provides one ~35-TB transfer to Azure usingUSB?

Answer 183

Data Box Disk

Question 184

Which offline data transfer option provides one ~80-TB transfer to Azure per order using standard network interface protocols like SMB and NFS?

Answer 184

Data Box

Question 185

Which offline data transfer option provides one ~800-TB transfer to Azure using high-throughput network interfaces to connect and copy data to the device with standard network interface protocols like SMB and NFS?

Answer 185

Data Box Heavy

Question 186

What are the three offline data transfer options?

Answer 186

1. Data Box Disk
2. Data Box
3. Data Box Heavy

Question 187

What enables a link between your on-premises assets and Azure in order to transfer huge amounts of Data to Azure?

Answer 187

Online Data Transfer

Question 188

What device is a dedicated appliance with 12 TB of local SSD storage that can preprocess and run machine learning on data before uploading it to Azure?

Answer 188

Data Box Edge

Question 189

What device is an entirely virtual appliance that is based on a virtual machine that you provision in your on-premises environment?

Answer 189

Data Box Gateway

Question 190

What Azure service enables you to organize, move, and transform large quantities of data from many different sources?

Answer 190

Azure Data Factory

Question 191

How does Azure Data Factory work?

Answer 191

In Data Factory, you create data pipelines that ingest data from relational databases, NoSQL databases, and other systems. You can use Azure Machine Learning, Hadoop, Spark, and other services to process and transform that data. Then, at the end of the pipeline, you can publish the transformed data to Azure SQL Data Warehouse, Azure SQL Database, Azure Cosmos DB, and Azure Storage.

Question 192

What allows you to extend your on-premises file shares into Azure by working with your existing on-premises file shares to expand your storage capacity and provide redundancy in the cloud?

Answer 192

Azure File Sync

Question 193

What is an optional feature of Azure File Sync that allows frequently accessed files to be cached locally on the server?

Answer 193

Cloud Tiering

Question 194

What is the high-level Azure resource for Azure File Sync, is a peer of the storage account, and can also be deployed to Azure resource groups?

Answer 194

Storage Sync Service

Question 195

What outlines the replication topology for a set of files or folders?

Answer 195

Sync Group

Question 196

How does a sync group work?

Answer 196

All endpoints located in the same sync group are kept in sync with each other. If you have different sets of files that must be in sync and managed with Azure File Sync, you would create two sync groups and different endpoints.

Question 197

What represents the trust relationship between the on-premises server and the Storage Sync Service?

Answer 197

A server being registered to the Storage Sync Service

Question 198

What is the downloadable package that enables Windows Server to be synced with an Azure file share?

Answer 198

Azure File Sync Agent

Question 199

What are the three components of the Azure File Sync agent?

Answer 199

1. FileSyncSvc.exe. Service that monitors changes on endpoints.
2. StorageSync.sys. Azure file system filter driver.
3. PowerShell management cmdlets.

Question 200

What represents a specific location on a registered File Sync server, like a folder on a local disk?

Answer 200

Server Endpoint

Question 201

What is the name for the Azure file share that is part of a sync group?

Answer 201

Cloud Endpoint

Question 202

What are the system requirements for you local file server in order to use Azure File Sync?

Answer 202

1. Operating system: Windows Server 2012 R2 or newer
2. Memory: 2 GB of RAM or more
3. Patches: Latest Windows patches applied
4. Storage: Locally attached volume formatted in the NTFS file format

Question 203

What features does NTFS support?

Answer 203

1. Access Control Lists (ACLs)
2. NTFS Compression
3. Sparse Files

Question 204

What is the advantage of using sparse files?

Answer 204

Sparse files are stored in a more efficient way than normal files.

Question 205

What in Azure is used to store the file share where all Azure Storage data objects are stored?

Answer 205

Storage Account

Question 206

What are the main Azure Storage data objects that are stored in a storage account?

Answer 206

1. Blobs
2. Files
3. Queues
4. Disks

Question 207

What do you specify to control the size of your Azure file share?

Answer 207

Quota Size

Question 208

What is responsible for establishing trust between your company’s server and Azure allowing you to connect the file share in Azure with the file directory on your server?

Answer 208

Storage Sync Service

Question 209

What must a sync group contain in order to function?

Answer 209

1. One cloud endpoint that represents an Azure file share

2. One or more server endpoints that map to a path on a registered Windows file server

Question 210

How does the sync group manage the storage sync process?

Answer 210

By using metadata stored in a hidden folder: .SystemShareInformation.
Don’t delete this folder.

Question 211

What is the link to the Azure portal?

Answer 211

portal.azure.com

Question 212

What do most Azure CLI commands begin with?

Answer 212

AZ

Question 213

What are the 5 types of Azure Storage Replication?

Answer 213

1. LRS - Locally-Redundant Storage
2. ZRS - Zone-Redundant Storage
3. GRS - Geo-Redundant Storage
4. RA-GRS - Read-Access Geo-Redundant Storage
5. Object Replication for Block Blob Storage

Question 214

How long do you have to recover files with a soft delete?

Answer 214

6 days

Question 215

How does a SAS Shared Access Signature work?

Answer 215

Token signed by keys

Question 216

What is the container that groups a set of Azure Storage services together.

Answer 216

Azure Storage Account

Question 217

What Azure Storage services can be grouped into Azure Storage?

Answer 217

1. Azure Blobs
2. Azure Files
3. Azure Queues
4. Azure Tables

Question 218

What defines a policy that applies to all the storage services in the account?

Answer 218

Storage Account Settings

Question 219

What settings can be controlled by a storage account?

Answer 219

1. Subscription
2. Location
3. Performance
4. Standard vs Premium

Question 220

What is the difference between the standard and premium storage account settings?

Answer 220

Standard allows you to have any data service (Blob, File, Queue, Table) and uses magnetic disk drives, while premium introduces additional services for storing data.

Question 221

What determines the strategy used to make copies of your data to protect against hardware failure or natural disaster?

Answer 221

Data Replication

Question 222

What is the minimum number of copies of your data that Azure will maintain within a storage account’s data center?

Answer 222

3

Question 223

What controls how quickly you will be able to access the blobs in this storage account?

Answer 223

Access Tier

Question 224

What is the security feature that determines the supported protocols for access to storage?

Answer 224

Secure Transfer Required

Question 225

What is the storage security feature that allows inbound access requests only from the virtual network(s) you specify?

Answer 225

Virtual Networks

Question 226

What is the system Azure uses to organize your resources and defines the API that you use to create, configure, and manage those resources?

Answer 226

Deployment Model

Question 227

What are the 3 Azure Storage Account types?

Answer 227

1. StorageV2 (general purpose v2): the current offering that supports all storage types and all of the latest features
   Recommended
2. Storage (general purpose v1): a legacy kind that supports all storage types but may not support all features
3. Blob storage: a legacy kind that allows only block blobs and append blobs

Question 228

What are the two Azure Deployment Model types?

Answer 228

1. Resource Manager: the current model that uses the Azure Resource Manager API
2. Classic: a legacy offering that uses the Azure Service Management API

Question 229

What deployment model and account kind should you use for all newly created storage accounts?

Answer 229

The core advice here is to choose the Resource Manager deployment model and the StorageV2 (general purpose v2) account kind for all your storage accounts. The other options still exist primarily to allow existing resources to continue operation. For new resources, there are few reasons to consider the other choices.

Question 230

What is the one disk in each virtual machine that contains the operating system files?

Answer 230

OS Disk

Question 231

What type of virtual disks can be added to a virtual machine to store data?

Answer 231

Data Disk

Question 232

What type of virtual disk is used for short-term storage applications such as page files and swap files?

Answer 232

Temporary Disk

Question 233

What type of disk has faster read-and-write latency than a managed disk and is also faster to reset the image to the original boot state if you’re using an ephemeral disk?

Answer 233

Ephemeral OS Disks

Question 234

What is a virtual hard disk for which Azure manages all the required physical infrastructure and since Azure takes care of the underlying complexity they are easy to use?

Answer 234

Managed Disks

Question 235

How are virtual hard disks stored in Azure?

Answer 235

They are stored as page blobs in an Azure Storage account, but you don’t have to create storage accounts, blob containers, and page blobs yourself or maintain this infrastructure later.

Question 236

How many managed disks can you create per region and type within you subscription?

Answer 236

50,000

Question 237

What % of availability do managed disks support and how does it accomplish this?

Answer 237

1. 99.999%

2. By storing data 3 times

Question 238

What do you use to protect sensitive data on a managed disk from unauthorized access?

Answer 238

1. Azure Storage Service Encryption (SSE)
2. Azure Disk Encryption (ADE), which uses BitLocker for Windows virtual machines, and DM-Crypt for Linux virtual machines

Question 239

What measure the rate at which the disk can complete a mix of read and write operations?

Answer 239

Input/output operations per second (IOPS)

Question 240

What measures the rate at which data can be moved onto the disk from the host computer and off the disk to the host computer and is measured in MBps?

Answer 240

Throughput (AKA Data Transfer Rate)

Question 241

What provides the highest disk performance available in Azure.

Answer 241

Ultra SSD

Question 242

What are the Ultra SSD limitations?

Answer 242

1. They’re only available in a subset of Azure regions.
2. They can only be attached to virtual machines that are in availability zones.
3. They can only be attached to ES/DS v3 virtual machines.
4. They can only be used as data disks and can only be created as empty disks.
5. They don’t support disk snapshots, virtual machine images, scale sets, Azure Disk Encryption, Azure Backup, or Azure Site Recovery

Question 243

What is the next tier down from ultra disks in terms of performance, but still provide high throughput and IOPS with low latency without the limitations?

Answer 243

Premium SSD

Question 244

What is a cost-effective storage option for virtual machines that need consistent performance at lower speeds? (but they still have latencies in the range of 1 millisecond to 10 milliseconds and up to 6,000 IOPS)

Answer 244

Standard SSD

Question 245

Which storage option stores data on conventional magnetic disk drives with moving spindles?

Answer 245

Standard HDD

Question 246

What type of storage replication copies your data three times across separate racks of hardware in a datacenter, inside one region so even if there’s a hardware failure, or if maintenance work is happening in the datacenter, this replication type ensures data is available for use?

Answer 246

Locally redundant storage (LRS)

Question 247

What type of storage replication copies your data three times within one region, and three times in a secondary region that’s paired with it so if your primary region is experiencing an outage, your secondary region is available for use?

Answer 247

Geographically Redundant Storage (GRS)

Question 248

What type of storage replication grants you read access from your secondary region even if the primary region hasn’t failed?

Answer 248

Read-Access Geo-Redundant Storage (RA-GRS)

Question 249

What type of storage replication copies your data in three storage clusters in a single region where each cluster is in a different physical location and is considered as a single availability zone? Each cluster uses its own separate utilities for things like networking and power so if one datacenter is experiencing outage, your data remains accessible.

Answer 249

Zone-Redundant Storage (ZRS)

Question 250

What type of storage replication combines the high availability benefits of ZRS with GRS so your data is copied across three availability zones in one region as well as replicated three times to another secondary region that’s paired with it so your zone-redundant data is also secure from regional level outage?

Answer 250

Geo-Zone-Redundant Storage (GZRS)

Question 251

What type of storage replication uses the same replication method as GZRS but lets you read from the secondary region even if your primary isn’t experiencing downtime?

Answer 251

Read-Access Geo-Zone-Redundant Storage (RA-GZRS)

Question 252

What is it when an Azure region is paired with another in the same geographical location to protect against regional outage and are used with GRS and GZRS replication types?

Answer 252

Paired Regions

Question 253

What do you use to avoid downtime or data loss when migrating your data to an account that uses ZRS, GZRS, or RA-GZRS?

Answer 253

Live Migration

Question 254

What are the limitations for live migrations?

Answer 254

1. Unlike a manual app, you won’t know exactly when a live migration will complete.
2. Data can only be migrated to the same region.
3. Live migration is only supported for data held in standard storage account types.
4. If your account contains a large file share, live migration to GZRS isn’t supported.

Question 255

What are the limitations for live migrations?

Answer 255

1. Unlike a manual app, you won’t know exactly when a live migration will complete.
2. Data can only be migrated to the same region.
3. Live migration is only supported for data held in standard storage account types.
4. If your account contains a large file share, live migration to GZRS isn’t supported.

Question 256

Once the failover process is complete, what type of storage replication will you be using?

Answer 256

Locally Redundant Storage (LRS)

Question 257

What should be used to track the health status of Azure Storage and other Azure services?

Answer 257

Azure Service Health

Question 258

What is used to automatically encrypt all data written to Azure Storage?

Answer 258

Storage Service Encryption (SSE) with a 256-bit Advanced Encryption Standard (AES) cipher

Question 259

How does Azure let you encrypt virtual hard disks?

Answer 259

By using Azure Disk Encryption which uses BitLocker for Windows images, and dm-crypt for Linux

Question 260

What automatically stores keys to help you control and manage the disk-encryption keys and secrets so even if someone gets access to the VHD image and downloads it, they can’t access the data on the VHD?

Answer 260

Azure Key Vault

Question 261

What is the optional flag that you can enable on storage accounts that adds the appropriate headers when you use HTTP GET requests to retrieve resources from the Storage account?

Answer 261

CORS Support