AZ 900 Flashcards by Edgar Mendoza

What is the main function of Azure Application Insights?

Analytics & Performance Monitoring of LIVE applications

How well did you know this?

Not at all

Perfectly

Which of the following Azure compute services is best suited for running short, event-driven computations?

Azure Functions

How well did you know this?

Not at all

Perfectly

What is a primary feature of the consumption-based model in cloud computing?

Pay only for cloud resources they use

How well did you know this?

Not at all

Perfectly

Which cloud model is best suited for a business that requires customization and control over data but also wants to leverage some public cloud services?

Hybrid

How well did you know this?

Not at all

Perfectly

Your company hosts an accounting app named App1 that is used by all the customers of the company. App1 has low usage during the first three weeks of each month and very high usage during the last week of each month. Which benefit of Azure Cloud Services supports cost management for this type of usage pattern?

Elasticity

How well did you know this?

Not at all

Perfectly

Keywords in Elasticity

Elastic Computing. Autoscaling. Dynamic Resource Allocation . Demand-Based Scaling

How well did you know this?

Not at all

Perfectly

What does Microsoft Defender for Cloud primarily provide?

Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads, including those in Azure, on-premises, and other cloud platforms.

How well did you know this?

Not at all

Perfectly

What does the Azure Total Cost of Ownership (TCO) Calculator help you estimate?

Potential Savings by migrating to Azure

How well did you know this?

Not at all

Perfectly

What is the primary role of Azure DNS?

To host DNS domains and manage DNS records for domain name resolution

How well did you know this?

Not at all

Perfectly

In the context of Azure Identity and Access Management, what is the primary function of multi-factor authentication (MFA)?

Verify users

How well did you know this?

Not at all

Perfectly

When planning to migrate a public website to Azure, you must plan to:

Pay monthly usage cost

How well did you know this?

Not at all

Perfectly

What role does Azure Advisor play in Azure management?

It offers personalized recommendations based on your usage

How well did you know this?

Not at all

Perfectly

What is the primary use of Azure Resource Manager templates?

To automate the deployment and management of Azure Resources

How well did you know this?

Not at all

Perfectly

In Azure, what is the purpose of using tags?

To organize resources for billing or management

How well did you know this?

Not at all

Perfectly

Can anyone use Azure government?

Azure Government is dedicated for US government entities and contractors.

How well did you know this?

Not at all

Perfectly

Which Azure service would you use to manage governance across multiple Azure environments?

Azure Management Groups

How well did you know this?

Not at all

Perfectly

Which Azure service would you use to manage cloud-based identities?

Entra ID

How well did you know this?

Not at all

Perfectly

Describe the function of Microsoft Purview in the Azure ecosystem.

Microsoft Purview offers a unified data governance service that helps organizations manage, govern, and protect their data across enterprise systems and applications.

How well did you know this?

Not at all

Perfectly

Identify the primary use case for Azure Regions and Region Pairs in terms of application deployment.

Azure Regions and Region Pairs optimize application performance and user experience by hosting applications closer to users, reducing network latency.

How well did you know this?

Not at all

Perfectly

Which component of Azure architecture is specifically designed to provide geographic redundancy and high availability?

Azure Availability Zones

How well did you know this?

Not at all

Perfectly

What is the primary benefit of using high-availability features in the cloud?

Minimization of downtime

How well did you know this?

Not at all

Perfectly

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1. The company has users that work remotely. The remote workers require access to the VMs on VNet1. You need to provide access for the remote workers. What should you do?

Configure Point-to-Site VPN Connection

How well did you know this?

Not at all

Perfectly

Which Azure service helps to estimate the cost savings of migrating to Azure before actually making the migration?

TCO - Total Cost of Ownership

How well did you know this?

Not at all

Perfectly

Which Azure service would be the most appropriate for a company looking to deploy single containers quickly without worrying about the infrastructure?

Azure Container Instances

How well did you know this?

Not at all

Perfectly

What is the primary function of Azure ExpressRoute?

Establish private connections between your on-premises infrastructure and Microsoft Azure cloud services.

Describe the main advantage of using Azure Virtual Machine Scale Sets.

Allow for automatic scaling of applications

What distinguishes Azure Virtual Machine Scale Sets from individual Azure Virtual Machines?

Scale Sets automatically increase or decrease the number of VM instances according to defined rules

You are tasked with deploying Azure virtual machines for your company. You need to make use of the appropriate cloud deployment solution.

IaaS

What is Azure Virtual Desktop primarily used for?

Desktop Virtualization

What type of cloud computing service allows customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure?

Platform as a Service (PaaS) provides customers with a platform allowing them to develop, run, and manage applications without the complexity associated with maintaining the infrastructure typically required to develop and launch an app.

How does Azure role-based access control (RBAC) enhance security?

Defines what users can and cannot do with Azure Resources

Which Azure feature is specifically designed to help manage compliance and governance across Azure subscriptions?

Azure Policy

Your company’s infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation. The resources required by each business unit are identical. You are required to sanction a strategy to create Azure resources automatically.

Azure Bicep is an Infrastructure-as-Code solution that can be used to deploy identical resources programmatically.

Your company has data centers in Los Angeles and New York. The company has a Microsoft Azure subscription. You are configuring the two data centers as geo-clustered sites for site resiliency. You need to recommend an Azure storage redundancy option. You have the following data storage requirements: - Data must be stored on multiple nodes. - Data must be stored on nodes in separate geographic locations. - Data can be read from the secondary location as well as from the primary location. Which of the following Azure stored redundancy options should you recommend?

Geo-redundant

What does Azure Service Health specifically monitor?

Azure Service Health provides personalized alerts and guidance when Azure service issues affect you. It offers detailed information on the health of deployed services and helps plan for maintenance.

What functionality does Azure Monitor provide?

Collects and Analyzes data generated by Azure resources

What is the primary function of Azure Virtual Network subnets?

Segment the virtual networks into one or more sub-networks

An organization that hosts its infrastructure in ________ no longer requires a data center.

Public Cloud

In the shared responsibility model, what is generally the responsibility of the cloud provider in an IaaS deployment?

Physical Security of Hardware

What is the purpose of Azure Availability Zones?

Provide High Redundancy and High Availability within a Region

What is the primary purpose of Azure Resource Manager (ARM)?

Deployment and Management of Resources in Azure

Which Azure service would you recommend for a company needing large-scale data migration from an on-premises data center to the cloud?

Azure Data Box

Your company has a Microsoft Entra ID (Azure AD) environment. Users occasionally connect to Azure AD via the internet. You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address are automatically encouraged to change passwords. What should you use?

Conditional Access

Describe the key characteristic of Platform as a Service (PaaS).

Offers development frameworks and tools

Which Azure service is essential for organizing and managing Azure resources by custom categories?

Azure Tags allow users to organize resources by assigning metadata to resources in the form of tags, which can be used to categorize resources for clarity and billing purposes.

What is the purpose of Azure Conditional Access?

Enforce Security policies when users attempt to access resources

How does Azure VPN Gateway integrate with a hybrid cloud solution?

Allows secure connectivity between Azure Cloud Resources and On-Premises Network

Which service provides serverless computing in Azure?

Azure Functions provides a platform for serverless code. Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure.

Your company plans to migrate all its network resources to Azure. You need to start the planning process by exploring Azure. What should you create first?

Subscription

Which Azure service helps to estimate the cost savings of migrating to Azure before making the migration?

TCO Calculator

You need to purchase a third-party virtual security appliance that you will deploy to an Azure subscription. What should you use?

Azure Marketplace | Search for "security" and "network security"

Microsoft Defender for Cloud can be used with Azure and non-Azure resources. True or False?

True

Application Insights is a feature of ___

Azure Monitor

An availability zone in Azure has physically separate locations ________________.

Within a single Azure region

What can you use to automatically send an alert if an administrator stops an Azure virtual machine?

Azure Monitor

In which type of cloud model are all the hardware resources owned by a third party and shared between multiple tenants?

Public

You plan to deploy a critical line-of-business application to Azure. The application will run on an Azure virtual machine. You need to recommend a deployment solution for the application. The solution must provide a guaranteed availability of 99.99 percent. What is the minimum number of virtual machines and the minimum number of availability zones you should recommend for the deployment?

2 VM's in Three Different Availability Zones

If a resource group RG1 has a delete lock, what should the administrator do before delete RG1?

Remove the delete lock

Can you assign a lock to every Azure Resource?

Yes

You plan to migrate a web application to Azure. The web application is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application. What should you include in the recommendation?

Platform as a Service (PaaS)

You need to be notified when Microsoft plans to perform maintenance that can affect the resources deployed to an Azure subscription. What should you use?

Azure Service Health provides a personalized view of the health of the Azure services and regions you're using. This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use.

What is the function of a Site-to-Site VPN?

Connection from an on-premise VPN device to an Azure VPN Gateway

You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center. You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription. You need to identify which expenditure model to use for the planned Azure solution. Which expenditure model should you identify?

Operational

Your manager wants to download NIST compliance documents of Microsoft 365 and Microsoft Azure. Which portal should you recommend?

Service Trust Portal

Your company plans to move several servers to Azure. The company’s compliance policy states that a server named FinServer must be on a separate network segment. You are evaluating the Azure services that can be used to meet the compliance policy requirements. Which Azure solution should you recommend?

A Virtual Network for FinServer and another virtual network for all the other servers

What is the primary role of Azure DNS?

Host DNS domains and manage DNS records for domain name resolution

Your manager needs to see who deleted the virtual machine last night. Which service should they use to review this information?

Activity Log

You have an Azure subscription. You need to review your secure score. What should you use?

The central feature in Defender for Cloud that enables you to achieve those goals is secure score.

You plan to deploy several Azure virtual machines. You need to ensure that the services running on the virtual machines are available if a single data center fails. You deploy the virtual machines to two or more resource groups. Does this meet the goal?

Azure Policy Initiative definition is a ________________

Collection of policy definitions

What can you use to identify underutilized or unused Azure virtual machines?

Advisor | Cost Tab

Just-in-time access is provided by which Azure service?

The just-in-time (JIT) access feature in Microsoft Defender for Cloud allows you to lock down inbound traffic to your Azure Virtual Machines. This reduces exposure to attacks while providing easy access when you need to connect to a VM.

Which Azure service should you use to store certificates?

Key Vault | Secure store for storing types of sensitive information including passwords and certs

To which cloud models can you deploy physical servers?

A private cloud is on-premises, so you can deploy physical servers. A hybrid cloud is a mix of on-premises and public cloud resources. You can deploy physical servers on-premises. In public cloud, it will be a virtual machine.

You plan to build a new solution in Azure that will use platform as a service (PaaS) products. What solution should you use to estimate the monthly costs?

The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

Your organization plans to deploy several production virtual machines that will have consistent resource usage throughout the year. What can you use to minimize the costs of the virtual machines without reducing the functionality of the virtual machines?

Azure Reservations offers discounted prices on certain Azure Services and can save you up to 72 percent compared to pay-as-you-go

What are Azure Reservations

Cost-saving option offered by Microsoft Azure - Allow you to prepay for one-year or three-year terms of specific Azure Resources

Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account?

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides management layer that enables you to create, update, and delete resources in an Azure account.

What affect does using a "read only" resource lock on a Azure Storage Account have?

The storage account cannot have its properties altered but it doesn't affect the data itself

What can you use to manage servers across third party cloud platforms and on-premises environments?

Azure Arc

What restrictions can Azure Policy enact?

Azure Policy can add restrictions on storage account SKUs, virtual machine instance types, and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if they are sure.