AZ-900 Exam Flashcards
Your company intends to automate server deployments to Azure. However there is concern that administrative credentials could be uncovered during the process. During deployment you have to ensure that credentials are encrypted.
Will Multi Factor Authentication accomplish this?
No
- Multi-Factor Authentication is when users are prompted for an additional form of authentication during the sign in process (i.e. through a cell phone or second device to confirm it is them).
- A better solution would be Azure Key Vault
Users ocassionally connect to Azure AD via Internet. You need to ensure that users who connect to Azure AD with an unidentified IP address are prompted to change their password.
Will Azure Active Directory Identity Protection accomplish this?
Yes
Azure Active Directory Identity Protection identifies risks of many types. Define which type of risks it identifies and protects against.
- Anonymous IP Address
- Atypical travel
- Malware Linked IP Address
- Unfamiliar sign-in properties
- Leaked credentials
- Password spray
Users ocassionally connect to Azure AD via Internet. You need to ensure that users who connect to Azure AD with an unidentified IP address are prompted to change their password.
Will Azure Active Directory Privileged Identity Management accomplish this?
No
Azure AD Privileged Identity Management that allows you to manage, control, and monitor access to important resources in your organization. This is useful in preventing malicious users from getting access or an authorized user compromising sensitive information.
Availability Zones can be implemented in all Azure regions.
True or False?
False
Regions that do not have support for Availability Zones are known as Alternate Regions
Only Virtual Machines that run Windows can be created in Availability Zones
True or False?
False
You can run either Windows or Linux
Availability Zones are used to replicate data and applications to multiple regions.
True or False?
False
Availibility Zones are used to replicate data and applications in the same region.
Each Azure subscription can contain multiple account Administrators.
True or False?
False
There is only one account Administrator per Azure account (or subscription).
Each Azure subscription can be managed by using a Microsoft account only.
True or False?
False
An Azure resource group contains multiple subscriptions.
True or False?
False
An Azure subscription can contain multiple resource groups
Microsoft SQL Server 2019 installed on Azure Virtual Machine is an example of PAAS
True or False?
False
Azure SQL database is an example of PAAS
True or False?
True
Azure Cosmos database is an example of SAAS
True or False?
False
Azure Cosmos Database is an example of PAAS
What is the first stage in the Microsoft Cloud Adoption Framework for Azure?
- Adopt the cloud
- Make a plan
- Ready your organization
- Define your strategy
Define your strategy
You plan to deploy several Azure Virtual Machines. You need to ensure that the services running on the Virtual Machines remain available if a single data center fails.
Can you accomplish this by deploying 2 or more availability zones?
Yes
When you need to delete permissions to several Azure machines simultaneously, you must deploy the Azure Virtual Machines ____________________________
- to same region
- by using same Azure resource manager template
- to same resource group
- to same availability zone
to same resource group
Permissions will descend on all the resources in the resource group
What does a customer provide in a SAAS model?
- Application Data
- Data Storage
- Computer resources
- Application software
Application Data
In SAAS, you just use the service. Think of Gmail or Microsoft 365
Your company plans to migrate all its data and resources to Azure. The migration plan only intends to use PAAS solutions. What may you use according to the migration plan?
- Azure Virtual Machine, Azure SQL Database, Azure storage accounts
- Azure App Service and Azure Virtual Machines that have Microsoft SQL Server installed
- Azure App Service and Azure SQL Database
- Azure stoage accounts and web servers in Azure Virtual Machines
Azure App Service and Azure SQL Database
A Microsoft SQL Database hosted on Azure and software updates managed by Azure is an example of:
- Disaster Recovery as a Service
- IAAS
- PAAS
- SAAS
PAAS
If you install Microsoft SQL Database on an Azure VM and manage software updates yourself then it is IAAS.
You need to create a new Azure Virtual Machine on a tablet that runs Android OS. Can you use Bash in Azure Cloud Shell to accomplish this goal?
Yes
Azure Cloud Shell runs in the Azure Portal that you can access via the browser and can run Bash or Powershell
Your company has data centers in NY and LA. Your company has an Azure subscription. You are configuring two data centers as geo clustered sites for site resiliency. What would you recommend as an Azure storage redundancy option considering the following:
- Data must be stored on multiple nodes
- Data must be stored on nodes in seperate geographic locations.
- Data can be read from primary and seconday locations
- Geo-redundant storage
- Read-only geo-redundant storage
- Zone-redundant storage
- Locally-redundant storage
Read-only geo-redundant storage
Your company intends to subscribe to an Azure support plan. The support plan must allow for new support requests to be opened. Which support plans allow for this? (Can select multiple options)
- Basic
- Developer
- Standard
- Professional Direct
- Premium
Basic, Developer, Standard, Professional Direct
All support plans support this feature
Your company’s developers plan to deploy a large number of Virtual Machines on a weekly basis. They will be removing the virtual machines the same week. 60% of the Virtual Machines will be running Windows, and the remaining will be running Linux.
Would Microsoft Managed Desktop be a suitable Azure service for this effort?
No
Azure DevTest Labs would be better suited because you are deploying a large number of Virtual Machines fast and do not need it for long periods of time.
Company ABC uses management groups to manage resources in your Azure tenant more efficiently. They want Useralpha to be able to manage user access to Azure resources. You need to determine which role based access control (RBAC) Useralpha should be added to.
Your solution should follow the principle of least privilege. To which role should you add Useralpha?
- User Access Administrator
- Owner
- Management Group Contributor
- Contributor
User Access Administrator
- Owner has full access to all resources and can delegate access to others. (Service Admin and Co-Admin are assigned as owner role at the subscription scope).
- Contributor creates and manage all types of Azure resources, creates new tenant in Azure AD, and cannot grant access to others.
- Reader can view all Azure resources
- User Access Administrator can manage user access to Azure resources.
- You could have also selected Owner since they also have access to this but since the question mentions least privilege, the answer is not Owner.
Which Azure service should you use to store certificates?
1. Azure Security Center
2. Azure Storage account
3. Azure Key Vault
4. Azure Information Protection
Azure Key Vault
- Azure Key Vault is a cloud service that is used for securely storing and accessing secrets, anything that you want to tightly control access to, (i.e. passwords, API keys, certificates, and cryptographic keys).
- Azure Security Center is a set of tools used for managing and monitoring security for VMs and other cloud computing resources.
- Azure storage account contains azure storage objects (i.e. blobs, files, shares, queues, tables, disks, etc.)
- Azure Information Protection is a solution that enables organizations to discover, classify, and protect documents or emails by applying labels to the content
Which service provides severless computing in Azure?
Azure Functions
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. You just focus on the code that matters to you.
An Azure service is available to customer when it is in
1. private preview
2. public preview
3. development
4. enterprise agreement (EA) subscription
Public Preview
Data that is stored in an Azure Storage account automatically has at least three copies. True or False?
True
There are many data replication options in Azure Storage (LRS, ZRS, GRS, and GA-RS). LRS (locally redundant storage) is the minimum of all of them and allows for data replication three times synchronously in the primary region.
All data that is copied to an Azure storage account is backed up automatically to another Azure data center True or False?
False
It is not automatically configured but you can configure it manually to backup to another Azure data center
An Azure Storage Account can contain up two 2TB of data and up to one million files. True or False?
False
Limits are much higher
If you have Azure resources deployed to every region, you can implement availability zones in all the regions. True or False?
False
Not all Azure regions support availability zones (Alternate vs Recommended Regions)
Availability zones are used to replicate data and applications to multiple regions. True or False?
False
You plan to deploy a critical application to Azure that will run on an Azure virtual machine. You need to recommend a deployment solution for the application. The solution must provide a guaranteed availability of 99.99 percent.
What is the minimum number of VMs and availability zones you need for this deployment.
2 Virtual Machines and 2 Availability Zones
Your company hosts an accounting application named App1. App1 has low usage during the first three weeks of each month and very high usage during the last week of each month.
Which Azure Cloud Service supports cost management for this type of usage pattern?
Elasticity
Which blade in Azure should you use to view security recommendations?
1. Monitor
2. Subscription
3. Market Place
4. Advisor
Advisor
Which blade in Azure should you use to monitor the health of Azure Services?
1. Monitor
2. Subscription
3. Market Place
4. Advisor
Monitor
Which blade in Azure should you use to browse availabile VM images?
1. Monitor
2. Subscription
3. Market Place
4. Advisor
Market Place
Azure Monitor can monitor the performance of on prem computers. True or False?
True
Azure Monitor helps you maximize the availability and performance of your applications and services. You may collect, analyze, and act on telemetry from your cloud or on-premise environments.
Azure Monitor can send alerts to Azure AD security groups. True or False?
False
While Azure Monitor can be used to create alerts, it cannot send alerts related to Azure AD security groups.
Azure Monitor can trigger alerts based on data in an Azure Log Analytics workspace. True or False?
True
Azure DevOps Services allows developers to deploy or update applications to Azure using CI/CD pipelines. True or False?
True
Azue DevOps services include a Git Repository for developers to store code. True or False?
True
Azure Repos accomplishes this
Azure DevOps Services can be used to build and host web apps. True or False?
False
Define Azure DevOps
An integrated solution for deployment of code.
Define Azure Advisor
A tool that provides guidance and recommendations to improve an Azure environment.
Define Azure Cognitive Services
A simplified tool to build Artifical Intelligence applications
Define Azure Application Insights
Monitors web applications
You need to implement a database solution that meets the following requirements:
* Can add data concurrently from multiple regions
* Can store JSON documents
Which database service should you deploy?
Azure Cosmos DB
Azure Cosmos DB is a globally distributed multi model database service. It is a great way to store unstructured data such as JSON files
You have an Azure environment that contains multiple Azure virtual machines. You plan to implement a solution that enables client computers on your on prem network to communicate to the Azure virtual machines. Which two Azure resources should you include in the recommendation to create this?
1. Virtual Network Gateway
2. Load Balancer
3. Application Gateway
4. Virtual network
5. Gateway subnet
Virtual Network Gateway and Gateway Subnet
Recommend a tool to automatically send an alert if an admin stops an Azure Virtual Machine
1. Azure Logic Apps
2. Azure Machine Learning Designer
3. Azure Monitor
4. Azure Advisor
Azure Monitor
- Azure Logic Apps is used for creating and running automatic workflows that integrate your app, data, service, and system. Allows you to build automated workflows
- Azure Machine Learning Designer is a drag and drop interface that you use to train or deploy model in Azure Machine Learning
- Azure Advisor is a recommendation service that analyzes your configuration and usage and then it helps you to follow best Microsoft Azure practices. You can get recommendations based on cost, security, reliability, operational excellence, performance, etc.
Azure billing is attached on what level?
1. Resource Group
2. Azure AD
3. Azure Subcription
Azure Subscription
A common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
1. Azure policies
2. Resource groups
3. Azure Resource Manager templates
4. Management Groups
Azure Resource Manager Templates
- ARM templates are good for using code to deploy infrastructure and produce repeatable results
- Azure Policies helps you to enforce the standards or access the compliance at a scale. So this is more related to compliance
- Azure Management group is used to manage multiple subscriptions. Also related to access
From Azure Service Health, an admin can view the health of all the services in an Azure environment. True or False?
True
From Azure Service Health, an admin can create a rule to be alerted if an Azure service fails. True or False?
True
From Azure Service Health, an admin can prevent a service failure. True or False?
False
Azure advisor can generate a list of Azure VMs that are not backed up. True or False?
True
If you implement the security recommendations provided by Azure Advisor, your company’s secure score will increase. True or False?
True
To maintain Microsoft support you must implement the security recommendations provided by Azure Advisor within a period of 30 days. True or False?
False
These are only recommendations (optional)
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure. What should the company use to train and deploy models in Azure Machine Learning?
1. Azure Logic Apps
2. Azure Machine Learning Designer
3. Azure Batch
4. Azure Cosmos DB
Azure Machine Learning Designer
- Azure Machine Learning designer is a drag and drop interface used to train and deploy models in Azure Machine Learning.
You have an Azure web app. You need to manage the settings of the web app from an IPhone. What tool can you use?
1. Linux
2. Azure Portal
3. Windows Powershell
4. Azure Storage Explorer
Azure Portal
What analyzes security log files from Azure Virtual Machines
Azure Senitnel
What displays the secure score for an Azure subscription
Azure Security Center
What stores passwords for use by Azure Function applications.
Azure Key Vault
Which Azure Service is a managed relational cloud database service?
Azure SQL Database
What service is a cloud based service that leverages on massively parallel processing (MPP) to quickly run complex queries across petabytes of data in a relational database.
Azure SQL Synapse Analytics
- If the question mentions MPP (massively parallel processing) and PB of data (large amount of data) then you can safely assume it is talking about Azure SQL Synapse Analytics
What service can run massively parallel data transformations and processing programs across PB of data
Azure Data Lake Analytics
What Azure service is an open source framework for the distributed processing and analysis of big data sets in clusters
Azure HDInsight
Which tool enables users to authenticate to multiple applications by using single sign-on (SSO)
1. Azure resource group
2. Azure AD
3. Azure Advisor
4. Azure Monitor
Azure AD
- Azure AD enterprise identity service provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks
You can delete all related Azure resources in a resource group by deleting the resource group only. True or False?
True
All resources in Azure must reside under a resource group. True or False?
True
One Azure resource can only be inside only one resource group. You can move resource from one resource group to another, but resource can not be in two resource groups at the same time. True or False?
True
Define Azure Monitor
Helps you maximize the availability and performance of your application and services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your on premise and cloud environment.
Azure Sentinel use playbook to
1. Monitor Azure Service
2. Maintain Security Certificates
3. Run Powershell scripts
4. Automatically respond to threats
Automatically respond to threats
Who can use the Azure Total Cost of Ownership calculator?
1. Billing readers for an Azure subscription only
2. Azure account administrator
3. Anyone
4. Users who have an account in Azure AD
Anyone
- The TCO calculator helps you estimate the cost of operating your solution on Azure over time instead of running that solution on premise.
- Useful when you want to switch your entire solution from on premise to the cloud
You have on-premise application that sends email notifications automatically based on a rule. You plan to migrate the application to Azure
You need to recommend a serverless computing solution for the application. What should you include in the recommendation?
1. A web app
2. A server image in Azure marketplace
3. A logic app
4. An API app
Logic App
- Whenever you see serverless computing in the question, you should keep in mind two services - Logic App and Azure function
You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video files. You need to recommend which Azure feature must be used to provide the best video playback experience. What should you recommend?
1. An application gateway
2. An Azure ExpressRoute circuit
3. Content Delivery Network (CDN)
4. Azure Traffic manager
Content Delivery Network (CDN)
- CDN is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point of presence locations that are close to end users to minimize latency
- Web Application gateway helps you manage traffic to your web application
- Azure ExpressRoute circuit helps you connect your on-premise data center to your cloud solution through a connectivity provider
- Azure Traffic Manager is a DNS based traffic load balancer. Allows you to distribute traffic to your public facing web application across the globe. With public endpoints and high availability and quick responsiveness.
You have an application that is comprised of an Azure web app that has a SLA of 99.95 percent and an Azure SQL database that has an SLA of 99.99 percent.
The composite SLA for the app is the product of both SLAs, which equals 99.94 percent. Is the last statement true?
True
Cost of Azure resource can vary between regions. True or False?
True
An Azure reservation is used to reserve server capacity at a a specific data center. True or False?
False
- It is false because you cannot make a reservation at the data center level, only at the region level.
- Azure Reservation helps you save money by committing a one year or three year plan for multiple products. Can help you reduce cost by up to 72 percent compared to pay-as-you-go
You can stop an Azure SQL Database instance to decrease costs. True or False?
False
- Azure does not give you access to the underlying SQL Server that is hosting the Azure SQL database, and as such you cannot stop it.
What provides the platform for serverless code?
Azure Functions
What is a big data analysis service for machine learning?
1. Azure Databricks
2. Azure functions
3. Azure App Service
Azure Databricks
What detects and diagnoses anomalies in web apps?
1. Azure Application Insights
2. Azure Functions
3. Azure App Service
Azure Application Insights
What hosts web apps?
Azure App Service
The ability to use the same credentials to access multiple resources and applications.
1. Authorization
2. MFA
3. Azure AD
4. Single Sign On
Single Sign On
The process of identifying the access level of a user or service.
1. Authorization
2. MFA
3. Azure AD
4. Single Sign On
Authorization
- Sometimes people confuse authorization with authentication. Authentication is when you put in your credentials at login and once you are able to login, you are authenticated. Authorization is related to access and permissions.
What should you use in Microsoft Sentinel to see visualization of an incident with related to alert and entities?
1. A workbook
2. Analytic rule
3. connector
4. investigation graph
Investigation Graph
- After you connected your data sources to Microsoft Sentinel, you want to be notified when something suspicious happens. To enable you to do this, Microsoft Sentinel lets you create advaned alert rules, that generate incidents that you can assign and investigate
Which IOT solution is high security microcontroller and Linux based application in Azure?
1. IOT Hub
2. IOT central
3. Azure Sphere
Azure Sphere
- Azure Sphere is a secured, high level application platform with built in communicaton and security features for internet connected devices. It comprises of a microcontroller unit MCU, custom high level Linux based OS, and a cloud based security service that provides continuous renewable security.
A VM can be deployed to multiple resource groups. True or False?
False
- You can move one virtual machine to another (and all other resources in Azure) resource group but it cannot exist in multiple resource groups.
Most Azure services are introduced in private preview before being introduced in public preview and then in general availability. True or False?
True
- Once an Azure service completes its development phase, it is released to the public (public preview phase). After the service has been validated. andtested, it ready as. aProduction ready service (aka general availability)
Azure services in public preview can be managed only by using Azure CLI. True or False?
False
- It can be managed via Azure portal, powershell, API, etc.
The cost of an Azure service in private preview decreases when the service becomes generally available. True or False?
False
Trust Center is part of the Azure Security Center. True or False?
False
Azure Trust Center provides support and resources for the legal and compliance community
Trust Center can only be accessed by users that have an Azure subscription. True or False?
False
- Trust Center is open site documentation available to anyone
Trust Center provides information about the Azure compliance offerings. True. or False?
True
General Data Protection Regulation (GDPR) defines data protection and privacy rules. True or False?
True
General Data Protection Regulation applies to companies that offer goods and services to individuals in the EU. True or False?
True
Azure can be used to build a General Data Protection Regulation compliant infrastructure. True or False?
True
From Azure Monitor you can view which user turned off a specific virtual machine during the last 14 days. True or False.
False
- Correct answer is Azure Activity Log.
Azure Key Vault is used to store user secrets. True or False?
False
- Azure Key Vault can be used to store app secrets.
