AZ-900 Exam - 1

Question 1

Which of the following terms refer to making a service available with no downtime for an extended period of time?

1. Agility
2. Fault tolerance
3. High availability

Answer 1

1. Agility
2. Fault tolerance
3. High availability

Question 2

Which term from the list below would be viewed as benefits of using cloud services?

1. Unpredictable costs
2. Local reach only
3. Elasticity

Answer 2

1. Unpredictable costs
2. Local reach only
3. Elasticity

Question 3

From the choices below, what is one of the advantages of moving your infrastructure to Azure?

1. The move reduces Capital Expenditures. (CapEx)
2. The move reduces Operational Expenses (OpEx).
3. The move allows for complete control of infrastructure resources.

Answer 3

1. The move reduces Capital Expenditures. (CapEx)
2. The move reduces Operational Expenses (OpEx).
3. The move allows for complete control of infrastructure resources.

Question 4

Which cloud model provides the greatest degree of ownership and control?

1. Hybrid
2. Private
3. Public

Answer 4

1. Hybrid
2. Private
3. Public

Question 5

Which cloud model provides the greatest degree of flexibility?

1. Public
2. Private
3. Hybrid

Answer 5

1. Public
2. Private
3. Hybrid

Question 6

Which of the following describes a benefit of cloud services?

1. Economies of scale
2. Fixed workloads
3. Unpredictable costs

Answer 6

1. Economies of scale
2. Fixed workloads
3. Unpredictable costs

Question 7

Which of the following refers to spending money upfront and then deducting that expense over time?

1. Capital expenditure
2. Operational expenditures
3. Supply and demand

Answer 7

1. Capital expenditure
2. Operational expenditures
3. Supply and demand

Question 8

Which of the following describes a public cloud?

1. Is owned and operated by the organization that uses the resources from that cloud.
2. Lets organizations run applications in the cloud or on-premises.
3. Provides resources and services to multiple organizations and users, who connect through a secure network connection.

Answer 8

1. Is owned and operated by the organization that uses the resources from that cloud.
2. Lets organizations run applications in the cloud or on-premises.
3. Provides resources and services to multiple organizations and users, who connect through a secure network connection.

Question 9

You have legacy applications that require specialized mainframe hardware and you have newer shared applications. Which cloud deployment model would be best for you?

1. Public cloud
2. Private cloud
3. Hybrid cloud

Answer 9

1. Public cloud
2. Private cloud
3. Hybrid cloud

Question 10

Microsoft Office 365 is an example of?

1. Infrastructure as a Service
2. Platform as a Service
3. Software as a Service

Answer 10

1. Infrastructure as a Service
2. Platform as a Service
3. Software as a Service

Question 11

Which of the following describes Platform as a Service (PaaS)?

1. Users are responsible for purchasing, installing, configuring, and managing their own software (operating systems, middleware, and applications).
2. Users create and deploy applications quickly without having to worry about managing the underlying infrastructure.
3. Users pay an annual or monthly subscription.

Answer 11

1. Users are responsible for purchasing, installing, configuring, and managing their own software (operating systems, middleware, and applications).
2. Users create and deploy applications quickly without having to worry about managing the underlying infrastructure.
3. Users pay an annual or monthly subscription.

Question 12

Which of the following requires the most user management of the cloud services?

1. Infrastructure as a Service
2. Platform as a Service
3. Software as a Service

Answer 12

1. Infrastructure as a Service
2. Platform as a Service
3. Software as a Service

Question 13

You’re developing an application and want to focus on building, testing, and deploying. You don’t want to worry about managing the underlying hardware or software. Which cloud service type is best for you?

1. Infrastructure as a Service (IaaS)
2. Software as a Service (SaaS)
3. Platform as a Service (PaaS)

Answer 13

1. Infrastructure as a Service (IaaS)
2. Software as a Service (SaaS)
3. Platform as a Service (PaaS)

Question 14

You are running a virtual machine in a public cloud using IaaS. Which model correctly reflects how that resource is managed?

1. Shared responsibility model
2. Cloud user management model
3. User management model

Answer 14

1. Shared responsibility model
2. Cloud user management model
3. User management model

Question 15

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer 15

see pic

Question 16

To complete the sentence, select the appropriate option in the answer area.

Answer 16

see pic

Question 17

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer 17

see pic

Question 18

You plan to migrate several servers from an on-premises network to Azure. What is an advantage of using a public cloud service for the servers over an on-premises network?

1. The public cloud is owned by the public, NOT a private corporation
2. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud
3. All public cloud resources can be freely accessed by every member of the public
4. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

Answer 18

1. The public cloud is owned by the public, NOT a private corporation
2. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud
3. All public cloud resources can be freely accessed by every member of the public
4. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

Question 19

In which type of cloud model are all the hardware resources owned by a third-party and shared between multiple tenants?

1. private
2. hybrid
3. public

Answer 19

1. private
2. hybrid
3. public

Question 20

You have 50 virtual machines hosted on-premises and 50 virtual machines hosted in Azure. The on-premises virtual machines and the Azure virtual machines connect to each other. Which type of cloud model is this?

1. hybrid
2. private
3. public

Answer 20

1. hybrid
2. private
3. public

Question 21

To complete the sentence, select the appropriate option in the answer area.

Answer 21

see pic

Question 22

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer 22

see pic

Question 23

You have an Azure environment that contains 10 virtual networks and 100 virtual machines. You need to limit the amount of inbound traffic to all the Azure virtual networks. What should you create?

1. One network security group (NSG)
2. 10 virtual network gateways
3. 10 Azure Express Route circuits
4. One Azure firewall

Answer 23

1. One network security group (NSG)
2. 10 virtual network gateways
3. 10 Azure Express Route circuits
4. One Azure firewall

Question 24

Your company plans to deploy an Artificial Intelligence (AI) solution in Azure. What should the company use to build, test, and deploy predictive analytics solutions?

1. Azure Logic Apps
2. Azure Machine Learning Studio
3. Azure Batch
4. Azure Cosmos DB

Answer 24

1. Azure Logic Apps
2. Azure Machine Learning Studio
3. Azure Batch
4. Azure Cosmos DB

Question 25

To complete the sentence, select the appropriate option in the answer area.

Answer 25

see pic

Question 26

What are two characteristics of the public cloud?

1. dedicated hardware
2. unsecured connections
3. limited storage
4. metered pricing
5. self-service management

Answer 26

1. dedicated hardware
2. unsecured connections
3. limited storage
4. metered pricing
5. self-service management

Question 27

Which Azure service should you use to correlate events from multiple resources into a centralized repository?

1. Azure Event Hubs
2. Azure Analysis Services
3. Azure Monitor
4. Azure Log Analytics

Answer 27

1. Azure Event Hubs
2. Azure Analysis Services
3. Azure Monitor
4. Azure Log Analytics

Question 28

An Azure administrator plans to run a PowerShell script that creates Azure resources. You need to recommend which computer configuration to use to run the script. Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed. Does this meet the goal?

1. Yes
2. No

Answer 28

1. Yes
2. No

Question 29

You plan to implement an Azure database solution. You need to implement a database solution that meets the following requirements: Can add data concurrently from multiple regions Can store JSON documents Which database service should you deploy?

1. Azure Cosmos DB
2. Azure SQL
3. Azure Database for MySQL servers
4. Azure Database for PostgreSQL servers
5. SQL elastic pools
6. SQL Server stretch databases

Answer 29

1. Azure Cosmos DB
2. Azure SQL
3. Azure Database for MySQL servers
4. Azure Database for PostgreSQL servers
5. SQL elastic pools
6. SQL Server stretch databases

Question 30

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

1. All the Azure resources deployed to a single resource group must share the same Azure region.
2. If you assign a tag to a resource group, all the Azure resources in that resource group are assigned to the same tag.
3. If you set permissions to a resource group, all the Azure resources in that resource group inherit the permissions.

Answer 30

1. Yes-Yes-Yes
2. Yes-Yes-No
3. Yes-No-Yes
4. Yes-No-No
5. No-No-Yes
6. No-Yes-No

Question 31

You need to view a list of planned maintenance events that can affect the availability of an Azure subscription. Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer area.

1. Resource Groups
2. App Services
3. Monitor
4. Security Center
5. Help + support

Answer 31

1. Resource Groups
2. App Services
3. Monitor
4. Security Center
5. Help + support

Question 32

Which of the following ensures data-residency and compliance needs are met for customers who need to keep their data and applications close?

1. Geographies
2. Regions
3. Zones

Answer 32

1. Geographies
2. Regions
3. Zones

Question 33

As a best practice, all resources that are part of an application and share the same lifecycle should exist in the same?

1. Availability set
2. Region
3. Resource group

Answer 33

1. Availability set
2. Region
3. Resource group

Question 34

Which Azure compute resource can you use to deploy to manage a set of identical virtual machines?

1. Virtual machine availability sets
2. Virtual machine availability zones
3. Virtual machine scale sets

Answer 34

1. Virtual machine availability sets
2. Virtual machine availability zones
3. Virtual machine scale sets

Question 35

Which of the following should you use when you are concerned only about the code running your service and not the underlying platform or infrastructure?

1. Azure App Service
2. Azure Container Instances
3. Azure Functions

Answer 35

1. Azure App Service
2. Azure Container Instances
3. Azure Functions

Question 36

Azure Resource Manager templates use which format?

1. HTML
2. JSON
3. XML

Answer 36

1. HTML
2. JSON
3. XML

Question 37

Which of the following services is a distributed network of servers that can efficiently deliver web content to users?

1. Azure App Services
2. Azure Content Delivery Network
3. Azure Cosmos DB

Answer 37

1. Azure App Services
2. Azure Content Delivery Network
3. Azure Cosmos DB

Question 38

Which of the following is optimized for storing massive amounts of unstructured data, such as videos and images?

1. Blobs
2. Files
3. Queues

Answer 38

1. Blobs
2. Files
3. Queues

Question 39

Which of the following is part of the Azure Artificial Intelligence service?

1. HDInsight
2. Azure Machine Learning service
3. Azure DevTest Labs

Answer 39

1. HDInsight
2. Azure Machine Learning service
3. Azure DevTest Labs

Question 40

Which of the following cloud services provides development collaboration tools including high-performance pipelines, free private Git repositories, and configurable Kanban boards?

1. Azure DevOps Services
2. Azure Event Grid
3. HDInsight

Answer 40

1. Azure DevOps Services
2. Azure Event Grid
3. HDInsight

Question 41

Microsoft Azure datacenters are organized and made available by?

1. Geographies
2. Regions
3. Zones

Answer 41

1. Geographies
2. Regions
3. Zones

Question 42

Which of the following is used to ensure availability during maintenance events?

1. Availability Set
2. Availability Zone
3. Scale Set

Answer 42

1. Availability Set
2. Availability Zone
3. Scale Set

Question 43

Which is true about Azure Load Balancer?

1. Azure Load Balancer distributes traffic among similar systems, making your services more highly available.
2. Azure Load Balancer works with internet-facing traffic only.
3. You must use Azure Load Balancer if you want to distribute traffic among your virtual machines running in Azure.

Answer 43

1. Azure Load Balancer distributes traffic among similar systems, making your services more highly available.
2. Azure Load Balancer works with internet-facing traffic only.
3. You must use Azure Load Balancer if you want to distribute traffic among your virtual machines running in Azure.

Question 44

You are managing one of your Azure services remotely from your Android phone. Which management tools would best allow you to do manage remotely from your Android phone with the least amount of administrative effort?

1. Azure CLI
2. Azure portal
3. Powershell

Answer 44

1. Azure CLI
2. Azure portal
3. Powershell

Question 45

Which of the following terms ensure that both data-residency and compliance needs are met for customers who need to keep their data and applications close?

1. Geographies
2. Regions
3. Zones

Answer 45

1. Geographies
2. Regions
3. Zones

Question 46

A company is planning on deploying an Azure Web App to 2 regions. One of the key requirements is to ensure that the web app is always running if an Azure region fails. You need to ensure deployment costs are minimized.

Which of the following service would you include in the deployment of the solution?

1. Azure Functions
2. Azure Traffic Manager
3. Azure Application Gateway
4. Azure Load Balancer

Answer 46

1. Azure Functions
2. Azure Traffic Manager
3. Azure Application Gateway
4. Azure Load Balancer

Question 47

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Dikerler, Ozan. 330 Questions and Answers of AZ-900 Certification Exam : Pass! Microsoft Azure AZ-900 Exam in the first attempt (p. 42). Ozan Dikerler. Kindle Edition.

Answer 47

see pic

Question 48

You plan to migrate a web application to Azure. The web application is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application. What should you include in the recommendation?

1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service (IaaS)
4. Database as a Service (DaaS)

Answer 48

1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service (IaaS)
4. Database as a Service (DaaS)

Question 49

Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases? To answer, select the appropriate options in the answer area.

Answer 49

see pic

Question 50

You plan to provision Infrastructure as a Service (IaaS) resources in Azure. Which resource is an example of IaaS?

1. an Azure web app
2. an Azure virtual machine
3. an Azure logic app
4. an Azure SQL database

Answer 50

1. an Azure web app
2. an Azure virtual machine
3. an Azure logic app
4. an Azure SQL database

Question 51

Your company plans to deploy several custom applications to Azure. The applications will provide invoicing services to the customers of the company. Each application will have several prerequisite applications and services installed. You need to recommend a cloud deployment solution for all the applications. What should you recommend?

1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service (laaS)

Answer 51

1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service (laaS)

Question 52

You plan to extend your company’s network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1. You need to create an Azure resource that defines the VPN appliance in Azure. Which Azure resource should you create?

Answer 52

see pic

Question 53

You plan to create an Azure virtual machine. You need to identify which storage service must be used to store the unmanaged data disks of the virtual machine. What should you identify?

1. Containers
2. File shares
3. Tables
4. Queues

Answer 53

1. Containers
2. File shares
3. Tables
4. Queues

Question 54

You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI. You need to recommend a storage solution for the data. Which two solutions should you recommend?

1. Azure Data Lake
2. Azure Cosmos DB
3. Azure SQL Data Warehouse
4. Azure SQL Database
5. Azure Database for PostgreSQL

Answer 54

1. Azure Data Lake
2. Azure Cosmos DB
3. Azure SQL Data Warehouse
4. Azure SQL Database
5. Azure Database for PostgreSQL

Question 55

You plan to map a network drive from several computers that run Windows 10 to Azure Storage. You need to create a storage solution in Azure for the planned mapped drive. What should you create?

1. an Azure SQL database
2. a virtual machine data disk
3. a Files service in a storage account
4. a Blobs service in a storage account

Answer 55

1. an Azure SQL database
2. a virtual machine data disk
3. a Files service in a storage account
4. a Blobs service in a storage account

Question 56

A company has the following on-premise data stores.

A Microsoft SQL Server 2012 database.

A Microsoft SQL Server 2008 database.

The data needs to be migrated to Azure.

Requirement 1 - The data in the Microsoft SQL Server 2012 database needs to be migrated to an Azure SQL database.

Requirement 2 - The data in a table in the Microsoft SQL Server 2008 database needs to be migrated to an Azure CosmosDB account that uses the SQL API.

Which of the following should be used to accomplish Requirement2?

1. AzCopy
2. Azure CosmosDB Data Migration tool
3. Data Management Gateway
4. Data Migration Assistant

Answer 56

1. AzCopy
2. Azure CosmosDB Data Migration tool
3. Data Management Gateway
4. Data Migration Assistant

Question 57

You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period. What should you include in the recommendation?

1. fault tolerance
2. elasticity
3. scalability
4. low latency

Answer 57

1. fault tolerance
2. elasticity
3. scalability
4. low latency

Question 58

To complete the sentence, select the appropriate option in the answer area.

Answer 58

see pic

Question 59

Your company hosts an accounting application named App1 that is used by all the customers of the company. App1 has low usage during the first three weeks of each month and very high usage during the last week of each month. Which benefit of Azure Cloud Services supports cost management for this type of usage pattern?

1. high availability
2. high latency
3. elasticity
4. load balancing

Answer 59

1. high availability
2. high latency
3. elasticity
4. load balancing

Question 60

To complete the sentence, select the appropriate option in the answer area.

1. fault tolerance
2. disaster recovery
3. elasticity
4. high availability

Answer 60

1. fault tolerance
2. disaster recovery
3. elasticity
4. high availability

Question 61

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer 61

Box 1: No It is not true that a company must always migrate from an internal network to implement a hybrid cloud. You could start with a public cloud and then combine that with an on-premise infrastructure to implement a hybrid cloud.

Box 2: Yes A company can extend the computing resources of its internal network by using the public cloud. This is very common. When you need more resources, rather than pay out for new on-premises infrastructure, you can configure a cloud environment and connect your on-premises network to the cloud environment by using a VPN.

Box 3: No It is not true that only guest users can access cloud resources. You can give anyone with an account in Azure Active Directory access to the cloud resources.

Question 62

To which cloud models can you deploy physical servers?

1. private cloud and hybrid cloud only
2. private cloud only
3. private cloud, hybrid cloud and public cloud
4. hybrid cloud only

Answer 62

1. private cloud and hybrid cloud only
2. private cloud only
3. private cloud, hybrid cloud and public cloud
4. hybrid cloud only

Question 63

This question requires that you evaluate the underlined text to determine if it is correct. An Azure region contains one or more data centers that are connected by using a low-latency network. Instructions: Review the underlined text. If it makes the statement correct, select No change is needed. If the statement is incorrect, select the answer choice that makes the statement correct.

1. No change is needed
2. Is found in each country where Microsoft has a subsidiary office
3. Can be found in every country in Europe and the Americas only
4. Contains one or more data centers that are connected by using a high-latency network

Answer 63

1. No change is needed
2. Is found in each country where Microsoft has a subsidiary office
3. Can be found in every country in Europe and the Americas only
4. Contains one or more data centers that are connected by using a high-latency network

Question 64

This question requires that you evaluate the underlined text to determine if it is correct. One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform. Instructions: Review the underlined text. If it makes the statement correct, select No change is needed. If the statement is incorrect, select the answer choice that makes the statement correct.

1. No change is needed
2. automatic scaling
3. data compression
4. versioning

Answer 64

1. No change is needed
2. automatic scaling
3. data compression
4. versioning

Question 65

You have an Azure environment that contains 10 web apps. To which URL should you connect to manage all the Azure resources?

Answer 65

see pic

Question 66

To complete the sentence, select the appropriate option in the answer area.

Answer 66

see pic

Question 67

Which Azure service should you use to collect events from multiple resources into a centralized repository?

1. Azure Event Hubs
2. Azure Analysis Services
3. Azure Monitor
4. Azure Stream Analytics

Answer 67

1. Azure Event Hubs
2. Azure Analysis Services
3. Azure Monitor
4. Azure Stream Analytics

Question 68

Which service provides serverless computing in Azure?

1. Azure Virtual Machines
2. Azure Functions
3. Azure storage account
4. Azure dedicated hosts

Answer 68

1. Azure Virtual Machines
2. Azure Functions
3. Azure storage account
4. Azure dedicated hosts

Question 69

This question requires that you evaluate the underlined text to determine if it is correct. Azure Databricks is an Apache Spark-based analytics service. Instructions: Review the underlined text. If it makes the statement correct, select No change is needed. If the statement is incorrect, select the answer choice that makes the statement correct.

1. No change is needed.
2. Azure Data Factory
3. Azure DevOps
4. Azure HDInsight

Answer 69

1. No change is needed.
2. Azure Data Factory
3. Azure DevOps
4. Azure HDInsight

Question 70

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify a DDoS protection plan. Does this meet the goal?

1. Yes
2. No

Answer 70

1. Yes
2. No

Question 71

Match the term to the correct definition. Instructions: To answer, MATCH the appropriate term from the column on the left to its description on the right. Each term may be used once, more than once, or not at all.

1. A-B-C-D
2. B-A-D-C
3. D-C-B-A
4. C-D-B-A
5. B-D-A-C
6. B-A-C-D

Answer 71

1. A-B-C-D
2. B-A-D-C
3. D-C-B-A
4. C-D-B-A
5. B-D-A-C
6. B-A-C-D

Question 72

You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password. Which Azure service should you use?

1. Azure AD Connect Health
2. Azure AD Privileged Identity
3. Management Azure Advanced Threat Protection (ATP)
4. Azure AD Identity Protection

Answer 72

1. Azure AD Connect Health
2. Azure AD Privileged Identity
3. Management Azure Advanced Threat Protection (ATP)
4. Azure AD Identity Protection

Question 73

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure firewall. Does this meet the goal?

1. Yes
2. No

Answer 73

1. Yes
2. No

Question 74

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

To implement an Azure Multi-Factor Authentication (MFA) solution, you must deploy a federation solution or sync on-premises identities to the cloud.

Two valid methods for Azure Multi-Factor Authentication (MFA) are picture identication and a passport number.

Azure Multi-Factor Authentication (MFA) can be required for administrative and non-administrative user accounts.

Answer 74

To implement an Azure Multi-Factor Authentication (MFA) solution, you must deploy a federation solution or sync on-premises identities to the cloud. - YES

Two valid methods for Azure Multi-Factor Authentication (MFA) are picture identication and a passport number. - NO

Azure Multi-Factor Authentication (MFA) can be required for administrative and non-administrative user accounts. - YES

Question 75

Your network contains an Active Directory forest. The forest contains 5,000 user accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. You need to recommend a solution to minimize the impact on users after the planned migration. What should you recommend?

1. Implement Azure Multi-Factor Authentication (MFA)
2. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
3. Instruct all users to change their password
4. Create a guest user account in Azure Active Directory (Azure AD) for each user

Answer 75

1. Implement Azure Multi-Factor Authentication (MFA)
2. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
3. Instruct all users to change their password
4. Create a guest user account in Azure Active Directory (Azure AD) for each user

Question 76

Which of the following could grant or deny access based on the originating IP address?

1. Azure Active Directory
2. Azure Firewall
3. VPN Gateway

Answer 76

1. Azure Active Directory
2. Azure Firewall
3. VPN Gateway

Question 77

Which of the following could require both a password and a security question for full authentication?

1. Azure Firewall
2. Application Gateway
3. Multi-Factor Authentication

Answer 77

Which of the following could require both a password and a security question for full authentication?

1. Azure Firewall
2. Application Gateway
3. Multi-Factor Authentication

Question 78

Which of the following services would you use to filter internet traffic in your Azure virtual network?

1. Azure Firewall
2. Network Security Group
3. VPN Gateway

Answer 78

1. Azure Firewall
2. Network Security Group
3. VPN Gateway

Question 79

Which of the following lets you store passwords in Azure so you can centrally manage them for your services and applications?

1. Azure Advanced Threat Protection
2. Azure Key Vault
3. Azure Security Center

Answer 79

1. Azure Advanced Threat Protection
2. Azure Key Vault
3. Azure Security Center

Question 80

Which of the following should you use to download published audit reports and how Microsoft builds and operates its cloud services?

1. Azure Policy
2. Azure Service Health
3. Service Trust Portal

Answer 80

1. Azure Policy
2. Azure Service Health
3. Service Trust Portal

Question 81

Which of the following provides information about planned maintenance and changes that could affect the availability of your resources?

1. Azure Monitor
2. Azure Security Center
3. Azure Service Health

Answer 81

1. Azure Monitor
2. Azure Security Center
3. Azure Service Health

Question 82

Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?

1. Microsoft Privacy Statement
2. Compliance Manager
3. Azure Service Health

Answer 82

1. Microsoft Privacy Statement
2. Compliance Manager
3. Azure Service Health

Question 83

Which of the following can be used to help you enforce resource tagging so you can manage billing?

1. Azure Policy
2. Azure Service Health
3. Compliance Manager

Answer 83

1. Azure Policy
2. Azure Service Health
3. Compliance Manager

Question 84

Which of the following can be used to define a repeatable set of Azure resources that implement organizational requirements?

1. Azure Blueprint
2. Azure Policy
3. Azure Resource Groups

Answer 84

1. Azure Blueprint
2. Azure Policy
3. Azure Resource Groups

Question 85

Which of the following lets you grant users only the rights they need to perform their jobs?

1. Azure Policy
2. Compliance Manager
3. Role-Based Access Control

Answer 85

1. Azure Policy
2. Compliance Manager
3. Role-Based Access Control

Question 86

Which of these options helps you most easily disable an account when an employee leaves your company?

1. Enforce multi-factor authentication (MFA)
2. Monitor sign-on attempts
3. Use single sign-on (SSO)

Answer 86

1. Enforce multi-factor authentication (MFA)
2. Monitor sign-on attempts
3. Use single sign-on (SSO)

Question 87

What is Azure Information Protection?

1. AIP is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
2. AIP is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
3. AIP is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.

Answer 87

1. AIP is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
2. AIP is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
3. AIP is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.

Question 88

Which of the following items would be good use of a resource lock?

1. An ExpressRoute circuit with connectivity back to your on-premises network
2. A non-production virtual machine used to test occasional application builds
3. A storage account used to temporarily store images processed in a development environment

Answer 88

1. An ExpressRoute circuit with connectivity back to your on-premises network
2. A non-production virtual machine used to test occasional application builds
3. A storage account used to temporarily store images processed in a development environment

Question 89

Which of the following approaches would be the most efficient way to ensure a naming convention was followed across your subscription?

1. Send out an email with the details of your naming conventions and hope it is followed.
2. Create a policy with your naming requirements and assign it to the scope of your subscription
3. Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.

Answer 89

1. Send out an email with the details of your naming conventions and hope it is followed.
2. Create a policy with your naming requirements and assign it to the scope of your subscription
3. Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.

Question 90

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.

What are two possible solutions?

1. Modify an Azure Traffic Manager profile
2. Modify a network security group (NSG)
3. Modify a DDoS protection plan
4. Modify an Azure firewall

Answer 90

1. Modify an Azure Traffic Manager profile
2. Modify a network security group (NSG)
3. Modify a DDoS protection plan
4. Modify an Azure firewall

Question 91

To complete the sentence, select the appropriate option in the answer area.

Answer 91

Azure automatically routes traffic between subnets in a virtual network.

Therefore, all virtual machines in a virtual network can connect to the other virtual machines in the same virtual network.

Even if the virtual machines are on separate subnets within the virtual network, they can still communicate with each other.

To ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be deployed to a separate virtual network.

Question 92

To complete the sentence, select the appropriate option in the answer area.

When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines?

1. To the same Azure region
2. By using the same Azure Resource Manager template
3. to the same resource group
4. to the same availability zone

Answer 92

1. To the same Azure region
2. By using the same Azure Resource Manager template
3. to the same resource group
4. to the same availability zone

Question 93

You need to identify the type of failure for which an Azure Availability Zone can be used to protect access to Azure services. What should you identify?

1. a physical server failure
2. an Azure region failure
3. a storage failure
4. an Azure data center failure

Answer 93

1. a physical server failure
2. an Azure region failure
3. a storage failure
4. an Azure data center failure

Question 94

This question requires that you evaluate the underlined text to determine if it is correct.

Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.

Instructions: Review the underlined text. If it makes the statement correct, select No change is needed. If the statement is incorrect, select the answer choice that makes the statement correct.

1. No change is needed
2. Management groups
3. Azure policies
4. Azure App Service plans

Answer 94

1. No change is needed
2. Management groups
3. Azure policies
4. Azure App Service plans

Question 95

How can the IT department ensure that employees at the company’s retail stores can access company applications only from approved tablet devices?

1. SSO
2. Conditional Access
3. Multifactor authentication

Answer 95

1. SSO
2. Conditional Access
3. Multifactor authentication

Question 96

How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?

1. SSO
2. Conditional Access
3. Multifactor authentication

Answer 96

1. SSO
2. Conditional Access
3. Multifactor authentication

Question 97

How can the IT department reduce the number of times users must authenticate to access multiple applications?

1. SSO
2. Conditional Access
3. Multifactor authentication

Answer 97

1. SSO
2. Conditional Access
3. Multifactor authentication

Question 98

How can companies allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?

1. Create a role assignment through Azure role-based access control (Azure RBAC).
2. Create a policy in Azure Policy that audits resource usage.
3. Split the environment into separate resource groups.

Answer 98

1. Create a role assignment through Azure role-based access control (Azure RBAC).
2. Create a policy in Azure Policy that audits resource usage.
3. Split the environment into separate resource groups.

Question 99

Which is the best way for companies to ensure that they only deploy cost-effective virtual machine SKU sizes?

1. Create a policy in Azure Policy that specifies the allowed SKU sizes.
2. Periodically inspect the deployment manually to see which SKU sizes are used.
3. Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.

Answer 99

1. Create a policy in Azure Policy that specifies the allowed SKU sizes.
2. Periodically inspect the deployment manually to see which SKU sizes are used.
3. Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.

Question 100

Which is likely the best way for companies to identify which billing department each Azure resource belongs to?

1. Track resource usage in a spreadsheet.
2. Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.
3. Apply a tag to each resource that includes the associated billing department.

Answer 100

1. Track resource usage in a spreadsheet.
2. Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.
3. Apply a tag to each resource that includes the associated billing department.