AZ-900 Exam Part 2 Flashcards by Fatima Hussaini

You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period. What should you include in the recommendation?

Availability Set
Fault Tolerance
Scalability
Elasticity
Low Latency

Fault Tolerance

Fault Tolerance is the ability of a system to continue to function in the event of a failure of some of its components

How well did you know this?

Not at all

Perfectly

In Azure what do you understand by Application availability?
1. Application is available to high end users
2. The individual SLA of each resource
3. Overall time that the system is functional and working

Overall time that the system is functional and working

How well did you know this?

Not at all

Perfectly

Your company plans to start using Azure and will migrate all its network resources to Azure. You need to start the planning process by exploring Azure. What should you create first?
1. A subscription
2. A resource group
3. Virtual network
4. A management group

A subscription

How well did you know this?

Not at all

Perfectly

You plan to build an enterprise data warehouse in Axure to perform business data analysis. The requirement is to build an integrated environment that will support the development of end to end analytical solutions. Which service should you use for this?
1. Azure Machine Learning
2. Azure Synapse Analytics
3. Azure Database for PostGreSQL

Azure Synapse Analytics

Azure Machine Learning is incorrect because it does not provide enterprise data warehouse services. Azure Machine Learning is a development platform for coding machine learning.
Azure Synapse Analytics is a data analytics platform that combines data integration, enterprise data warehousing, and big data analytics. Also supports the development of end to end analytical solutions.
Azure Database for PostgreSQL is a relational database service based on Postgres database engine. Cannot be used to build a data warehouse

How well did you know this?

Not at all

Perfectly

You are the data engineer for your company. An application uses a NoSQL database to store data. The database uses the key value and wide column NoSQL database type. Developers need to access the data in the database using an API. You need to determine which API to use for the database model and type. Which two APIs should you use?
1. Cassandra API
2. Table API
3. SQL API
4. Gremlin API
5. MongoDB API

Cassandra API and MongoDB API

Cassandra API and MongoDB API both have key value pair

How well did you know this?

Not at all

Perfectly

Hybrid Cloud is part of Public Cloud. True or False?

False

A public cloud is part of Hybrid cloud. Many customers take advantage of the hybrid cloud to achieve global scale, increased reliability

How well did you know this?

Not at all

Perfectly

Define availability set.
1. Group of instances of your application in an availability zone.
2. A logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.
3. Set of resources

A logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.

How well did you know this?

Not at all

Perfectly

Your company plans to deploy an AI solution to Azure. What should the company use to build, test, and deploy predictive analytics solutions?
1. Azure Logic Apps
2. Azure Machine Learning Studio
3. Azure Batch
4. Azure Cosmos DB

Azure Machine Learning Studio

How well did you know this?

Not at all

Perfectly

Which Azure service should you use to correlate events from multiple resources into a centralized repository?
1. Azure Event Hubs
2. Azure Analysis Services
3. Azure Monitor
4. Azure Log Analytics

Azure Log Analytics

How well did you know this?

Not at all

Perfectly

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine VM1 is accessible from the internet over HTTP. You propose Azure firewall as a solution. Does this meet the goal?

Yes

How well did you know this?

Not at all

Perfectly

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual named VM1 is accessible from the Internet over HTTP. As a solution you modify the DDoS protection plan. Does this meet the goal?

Correct answer is Azure Firewall

How well did you know this?

Not at all

Perfectly

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual named VM1 is accessible from the Internet over HTTP. As a solution you modify an Azure Traffic Manager profile. Does this meet the goal?

Azure Traffic manager allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.

How well did you know this?

Not at all

Perfectly

Which of the following correctly defines Edge computing?
1. Edge Computing allows you to secure your application on multiple locations
2. Edge computing allows customers to run VMs, containers and data services at edge locations
3. Edge computing allows you to create scalable web apps

Edge computing allows customers to run VMs, containers and data services at edge locations

How well did you know this?

Not at all

Perfectly

From Azure Cloud Shell, you can track your company’s regulatory standards and regulations, such as ISO 27001. True or False?

False.

Trust Center is the correct answer to this. The Trust Center can be used to track your company’s compliance

How well did you know this?

Not at all

Perfectly

The only way to use Azure resources is to purchase an Azure account before you can use them?

False

You need an Azure subscription before using Azure resources. But you can have a free Azure account

How well did you know this?

Not at all

Perfectly

Azure AD can be used to grant or deny access based on the originating IP Address. True or False?

False

How well did you know this?

Not at all

Perfectly

Azure Firewall can be used to grant or deny access based on the originating IP Address. True or False?

True

How well did you know this?

Not at all

Perfectly

Your company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution. Which two Azure resources should you identify?
1. Azure Data Lake
2. Azure Queue storage
3. Azure File Storage
4. Azure IoT Hub

Azure Data Lake and Azure IoT Hub

Azure Data Lake can be used to store the data from devices and sensors.
Azure Queue storage is exclusively for messages, but here we’re collecting data
Azure Files is a cloud storage service designed for sharing files, development or debugging tools, and applications that rely on native file systems.
IoT Hub does the data processing.

How well did you know this?

Not at all

Perfectly

Which Azure service you can use for quickly sending miilions of notifications to IOS, Android, Windows, or Kindle devices, working with APNs (Apple Push Notification service), GCM (Google Cloud Messaging), WNS (Windows Push Notification Service), and more.
1. IoT Hub
2. Azure Notification Hubs
3. Azure Machine Learning
4. Azure Monitor

Azure Notification Hubs

How well did you know this?

Not at all

Perfectly

To what should an application connect to retrieve security tokens?
1. Azure Storage account
2. Azure AD
3. Azure security center
4. Azure Key Vault

Azure AD

Azure AD authenticates users and provides access tokens. An access token is a security token that is issued by an authentication server. Security Token is not a Secret, Password, Private Key, Certificate, etc. Plus tokens are not static so there is no point in storing them (they’re only valid for a short duration).

How well did you know this?

Not at all

Perfectly

You need to be aware of the latest Azure security standards to protect your data. Which of the following services should you use to ensure this?
1. Azure Government
2. Online Terms of Service
3. Trust Center
4. Azure Compliance Documentation

Azure Trust Center

Azure Government addresses the security and compliance needs of US federal agencies, state and local governemnts, and their solution providers
Online Terms of Service is an agreement between Microsoft and you. Details the obligations and both parties regarding the processing and security of customer data
Trust Center implements Microsoft’s principles for maintaining data integrity in the cloud and Microsoft implements security, privacy, and compliance, and transparency in all Microsoft cloud products and services.
Compliance Documentation provides detail on Azure legal and regulatory standard and compliance.

How well did you know this?

Not at all

Perfectly

Azure Reserved VM instances are an example of OpEx. True or False?

False

You pay up front for the use of a virtual machine for a period of time (1 or 3 years). Can save you money. Because it’s an up front cost, it is Capex.

How well did you know this?

Not at all

Perfectly

Azure Cosmos DB is an example of which cloud offering?
1. PAAS
2. IAAS
3. Serverless
4. SAAS

PAAS

How well did you know this?

Not at all

Perfectly

Your network contains an Active Directory forest. The forest contains 5000 User Accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. You need to recommend a solution to minimize the impact on users after the planned migration. What should you recommend?
1. Implement Azure MFA
2. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
3. Instruct all users to change their password
4. Create a guest user account in Azure AD for each user

Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)

Azure AD is Microsoft’s cloud based identity and access management service, which helps your employees sign in and access resources in
External: Microsoft Office 365, Azure Portal, and thousands of other SaaS applications.
Internal: Apps on your corporate network and intranet. Along with cloud apps developed by your organization

How well did you know this?

Not at all

Perfectly

Which of the following best explains cloud computing? 1. Delivery of computing services over the internet 2. Setting up your own datacenter 3. Scalable computing

Delivery of computing services over the internet

Which of the following is NOT a feature of cloud computing? 1. Latest technology 2. Limited pool of services 3. Flexible resources 4. Economies of sale

Limited pool of services

You plan to extend your company's network to Azure. The network contains a VPN appliance that uses an IP Address of 131.107.200.1. You need to create an Azure resource that identifies the VPN appliance. Which resource should you create? 1. Virtual Networks 2. Load balancers 3. Virtual Network Gateways 4. DNS Zones 5. Local Network Gateway 6. ExpressRoute circuits

Local Network Gateway

If Microsoft plans to end support for an Azure service that does NOT have a successor service, Microsoft will provide notification at least 12 months before. True or False?

True

When you need to delegate permissions to several Azure virtual machines simulatanously, you must deploy Azure VM to which of the following? 1. Azure Region 2. Azure Availability Zone 3. Azure resource group 4. Azure resource manager template

Azure resource group

One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform. True or False?

True ## Footnote * Note: Azure SQL Data Warehouse is now Azure Synapse Analytics

Authorizatoin to access Azure resources can be provided only to Azure AD users. true or false?

false

Identities stored in Azure AD, third party cloud services, and on-premise AD can be used to access Azure resources. True or False?

False

Azure has built in authentication and authorization services that provide secure access to Azure resources. True or False?

True

Match the following Azure service with it's definition. Azure AD, RBAC, Conditional Access 1. An if-then statement of Assignments and Access controls 2. Responsible for Authentication 3. Responsible for Authorization

Conditional Access - An if-then statement of Assignments and Access controls RBAC - Responsible for Authorization Azure AD - Responsible for Authentication

Azure China is operated by Microsoft. True or False

False

Azure Government is operated by Microsoft. True or False

True

Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information. True or False?

False ## Footnote * Answer is Azure Information Protection achieves this. * You use Azure Information Protection labels to apply classifications to documents and emails. * When you do this, the classification is identitfiable regardless of where it is stored or whom it is shared with. * Labels can be applied by admins, users, or a combination of them.

Azure China is operated by 21Vianet. True or False

True

Microsoft Azure services operated by 21Vianet are standalone instances, seperating from Azure Global Services. True or False

True

Service availabilty is not identical to global Azure. True or False

True

You have a resource group named RG1. You plan to create virtual networks and app services in RG1. You need to prevent the creation of virtual machines only in RG1. Solution must ensure you can create other objects in RG1. What should you use 1. Lock 2. Azure role 3. Tag 4. Azure policy

Azure policy ## Footnote * Azure policies can be used to define requirements for resource properties during deployment and for existing resources. * Used to create, assign, and manage policies. These policies enforce different rules and effects over your resources. So those resources stay compliant with company and SLA * A read-only lock will prevent any resources from being created, not just azure VMs

Azure Advisor provides recommendations on how to improve the security of an Azure AD environment. True or False?

False

Azure Advisor provides recommendations on how to configure the network settings on Azure Virtual Machines. True or False?

False

Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines. True or False?

True

After you create a Virtual Machine you need to modify the network security group (NSG) to allow connections to TCP port 8080 on the VM. True or False

True ## Footnote * When you create a VM, the default setting is to create a NSG attached to the network interface assigned to a VM. * NSGs work like firewalls. You can attach them to vNets or subnets of vNets * Can use multiple NSGs within a vNet to restrict traffic between resources such as VMs and subnets. * Can filter network traffic to and from Azure resources in a vNet with NSGs * Can add security rules that allow or deny network traffic.

Azure Germany can be used by legal residents of Germany only. True or False

False ## Footnote Azure Germany can be used by any user or enteprise that requires its data to reside in Germany

Authorization to access Azure resources can be provided only to Azure AD users. True or False

False

You plan to migrate a web app to Azure. The web app is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web app. What should you include in the recommendation? 1. IAAS 2. SAAS 3. PAAS 4. DAAS (Database as a service)

PAAS ## Footnote * Because the web app needs to a platform to be hosted on and run.

What can Azure Information Protect encrypt? 1. Network Traffic 2. Documents and Email Messages 3. Azure Storage Account 4. Azure SQL database

Documents and Email Messages

What should you use to evaluate whether your company's Azure environment meets regulatory requirements? 1. Knowledge Center website 2. Advisor blade from the Azure portal 3. Compliance Manager from the Security Trust Portal 4. Security Center blade from azure portal

Security Center blade from azure portal ## Footnote * Azure Security center helps you prevent, detect, and respond to threats with increased visisbility into and control over the security of your Azure resources. * Available in Azure portal

You have an Azure Virtual Network VNET1 in a resource group RG1. You assign an Azure policy that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically. True or False?

False ## Footnote VNET1 will continue to function normally

Azure Firewall will encrypt network traffic sent from Azure to the Internet. True or False?

False ## Footnote Azure Firewall allows or blocks network traffic

Network security group will encrypt all the network traffic sent from Azure to the internet. True or False?

False. ## Footnote * NSGs work similar to Azure Firewall where it will allow or block network traffic.

Azure VMs that run Windows 2016 can encrypt network traffic sent to the Internet. True or False.

False ## Footnote * Windows 2016 supports other encryption methods such as IPSEC or SSL or TLS. The VM cannot encrypt the network traffic.

Does Azure BOT services provide a digital online assistant that provides speech support?

Yes

Your company has an Azure environment that contains resources in several regions. A company policy that states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located. You need to create the Azure resource that must be used to meet the policy requirement. What should you create? 1. A read only lock 2. Azure policy 3. management group 4. reservation

Azure policy

You need to configure an Azure solution that meets the following requirements: * Secures websites from attacks * Generates reports that contain details of attempted attacks. What should you include in the solution? 1. Azure Firewall 2. A network security group (NSG) 3. Azure Information Protection 4. DDos Protection

DDoS protection ## Footnote * DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users.

You are building an application using a virtual machine in Azure. As a security requirement, it is necessary to apply Azure Multi Factor authentication based on certain conditions. Which Azure service should you choose? 1. Azure Monitor 2. Azure Advanced Threat Protection (ATP) 3. Azure AD ID Protection 4. Azure Security Center

Azure AD ID Protection ## Footnote * Azure Monitor is incorrect because this is for collecting application monitoring data * Azure ATP is incorrect because it is used to monitor and analyze user activity and information across the network, such as permissions and group membership * Azure AD ID Protection allows you to apply MFA with conditions . Also used to detect risks such as anonymous IP address logins, unfamiliar sign-ins, and credential leaks. * Azure security center is an infrastructure security management system. It's an ATP feature

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. What are two possible solutions? 1. Modify Azure Traffic Manager profile 2. Modify network security group 3. Modify DDOS protection plan 4. Modify Azure firewall

Modify network security group and Azure firewall

Which of the following provides a command platform for deploying objects to your Cloud infrastructure and maintaining consistency throughout your Azure environment. 1. Azure policy 2. Resource Group 3. Azure Resource Manager 4. Management Group

Azure Resource Manager ## Footnote * ARM is a service that provides a management layer that allows you to create, update, and delete Azure resources, all while maintaining consistency across your Azure environment.

Which of the following can be used to help you enforce resource tagging so you can manage billing? 1. Azure Policy 2. Azure Service Health 3. Compliance Manager

Azure Policy

You can use Service Trust Portal to download published audit reports and how Microsoft builds and operates its cloud services. True or False?

True.

Choose an international organization that develops international standards for privacy and compliance? 1. International, Governmental, and Defense Agencies 2. GDPR 3. International Civil Defence Organization 4. International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

Azure web app, Azure logic app, and Azure SQL database are all examples of PAAS. True or False?

True

DNS server runs on a VM is PAAS. True or False?

False ## Footnote IAAS

Azure Files is an example of SAAS. True or False?

False ## Footnote PAAS. Built on top of Azure storage and provides fully managed file shares over a protocol called SMB

Use DDoS Protection service in combination with a web application firewall (WAF) for protection both at the network level and at the application level. True or False

True

A company is planning on hosting an app on a set of VMs. The VM are going to be running for a prolonged duration of time. Which of the following should be considered to reduce the overall cost of VM Usage? 1. Premium Disks 2. VM Scale Sets 3. Azure Reservations 4. Azure Resource Groups

Azure Reservations

NSG can be applied to what level? 1. Subscription level 2. Subnet level 3. Management group level 4. VM/NIC level

Subnet Level and VM/NIC level

What are different levels of access tiers for blob data, select all applicable options? 1. Hot Tier 2. Cold Tier 3. Archive Tier 4. Permenant Tier

Hot Tier, Cold Tier, and Archive Tier ## Footnote Hot Tier is when you frequently access the data Cool Tier is when you infrequently access data Archive - rarely access data

What is guaranteed in an Azure Service Level Agreement (SLA) for VM 1. Uptime 2. Feature availability 3. Bandwidth 4. Performance

Uptime

You can enable just in time access by using: 1. Azure Bastion 2. Azure Firewall 3. Azure Front Door 4. Azure Security Center

Azure Security Center ## Footnote * The just in time virtual machine access feature in Azure security center allows you lock down inbound traffic to VMs, Reduces exposure to attacks

For which resource can you NOT use Microsoft Defender for Cloud to secure the containers? 1. Azure Kubernetes Service 2. Container hosts (VMs running Docker) 3. Azure Container Registry (ACR) 4. Azure Container Instance (ACI)

Azure Container Instance ## Footnote ACI does not use Microsoft Defender, and allows you to run containers without VMs