AZ-900 Exam Part 2

Question 1

You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period. What should you include in the recommendation?

1. Availability Set
2. Fault Tolerance
3. Scalability
4. Elasticity
5. Low Latency

Answer 1

Fault Tolerance

• Fault Tolerance is the ability of a system to continue to function in the event of a failure of some of its components

Question 2

In Azure what do you understand by Application availability?
1. Application is available to high end users
2. The individual SLA of each resource
3. Overall time that the system is functional and working

Answer 2

Overall time that the system is functional and working

Question 3

Your company plans to start using Azure and will migrate all its network resources to Azure. You need to start the planning process by exploring Azure. What should you create first?
1. A subscription
2. A resource group
3. Virtual network
4. A management group

Answer 3

A subscription

Question 4

You plan to build an enterprise data warehouse in Axure to perform business data analysis. The requirement is to build an integrated environment that will support the development of end to end analytical solutions. Which service should you use for this?
1. Azure Machine Learning
2. Azure Synapse Analytics
3. Azure Database for PostGreSQL

Answer 4

Azure Synapse Analytics

• Azure Machine Learning is incorrect because it does not provide enterprise data warehouse services. Azure Machine Learning is a development platform for coding machine learning.
• Azure Synapse Analytics is a data analytics platform that combines data integration, enterprise data warehousing, and big data analytics. Also supports the development of end to end analytical solutions.
• Azure Database for PostgreSQL is a relational database service based on Postgres database engine. Cannot be used to build a data warehouse

Question 5

You are the data engineer for your company. An application uses a NoSQL database to store data. The database uses the key value and wide column NoSQL database type. Developers need to access the data in the database using an API. You need to determine which API to use for the database model and type. Which two APIs should you use?
1. Cassandra API
2. Table API
3. SQL API
4. Gremlin API
5. MongoDB API

Answer 5

Cassandra API and MongoDB API

• Cassandra API and MongoDB API both have key value pair

Question 6

Hybrid Cloud is part of Public Cloud. True or False?

Answer 6

False

• A public cloud is part of Hybrid cloud. Many customers take advantage of the hybrid cloud to achieve global scale, increased reliability

Question 7

Define availability set.
1. Group of instances of your application in an availability zone.
2. A logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.
3. Set of resources

Answer 7

A logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.

Question 8

Your company plans to deploy an AI solution to Azure. What should the company use to build, test, and deploy predictive analytics solutions?
1. Azure Logic Apps
2. Azure Machine Learning Studio
3. Azure Batch
4. Azure Cosmos DB

Answer 8

Azure Machine Learning Studio

Question 9

Which Azure service should you use to correlate events from multiple resources into a centralized repository?
1. Azure Event Hubs
2. Azure Analysis Services
3. Azure Monitor
4. Azure Log Analytics

Answer 9

Azure Log Analytics

Question 10

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine VM1 is accessible from the internet over HTTP. You propose Azure firewall as a solution. Does this meet the goal?

Answer 10

Yes

Question 11

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual named VM1 is accessible from the Internet over HTTP. As a solution you modify the DDoS protection plan. Does this meet the goal?

Answer 11

No

• Correct answer is Azure Firewall

Question 12

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual named VM1 is accessible from the Internet over HTTP. As a solution you modify an Azure Traffic Manager profile. Does this meet the goal?

Answer 12

No

• Azure Traffic manager allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.

Question 13

Which of the following correctly defines Edge computing?
1. Edge Computing allows you to secure your application on multiple locations
2. Edge computing allows customers to run VMs, containers and data services at edge locations
3. Edge computing allows you to create scalable web apps

Answer 13

Edge computing allows customers to run VMs, containers and data services at edge locations

Question 14

From Azure Cloud Shell, you can track your company’s regulatory standards and regulations, such as ISO 27001. True or False?

Answer 14

False.

• Trust Center is the correct answer to this. The Trust Center can be used to track your company’s compliance

Question 15

The only way to use Azure resources is to purchase an Azure account before you can use them?

Answer 15

False

You need an Azure subscription before using Azure resources. But you can have a free Azure account

Question 16

Azure AD can be used to grant or deny access based on the originating IP Address. True or False?

Answer 16

False

Question 17

Azure Firewall can be used to grant or deny access based on the originating IP Address. True or False?

Answer 17

True

Question 18

Your company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution. Which two Azure resources should you identify?
1. Azure Data Lake
2. Azure Queue storage
3. Azure File Storage
4. Azure IoT Hub

Answer 18

Azure Data Lake and Azure IoT Hub

• Azure Data Lake can be used to store the data from devices and sensors.
• Azure Queue storage is exclusively for messages, but here we’re collecting data
• Azure Files is a cloud storage service designed for sharing files, development or debugging tools, and applications that rely on native file systems.
• IoT Hub does the data processing.

Question 19

Which Azure service you can use for quickly sending miilions of notifications to IOS, Android, Windows, or Kindle devices, working with APNs (Apple Push Notification service), GCM (Google Cloud Messaging), WNS (Windows Push Notification Service), and more.
1. IoT Hub
2. Azure Notification Hubs
3. Azure Machine Learning
4. Azure Monitor

Answer 19

Azure Notification Hubs

Question 20

To what should an application connect to retrieve security tokens?
1. Azure Storage account
2. Azure AD
3. Azure security center
4. Azure Key Vault

Answer 20

Azure AD

Azure AD authenticates users and provides access tokens. An access token is a security token that is issued by an authentication server. Security Token is not a Secret, Password, Private Key, Certificate, etc. Plus tokens are not static so there is no point in storing them (they’re only valid for a short duration).

Question 21

You need to be aware of the latest Azure security standards to protect your data. Which of the following services should you use to ensure this?
1. Azure Government
2. Online Terms of Service
3. Trust Center
4. Azure Compliance Documentation

Answer 21

Azure Trust Center

• Azure Government addresses the security and compliance needs of US federal agencies, state and local governemnts, and their solution providers
• Online Terms of Service is an agreement between Microsoft and you. Details the obligations and both parties regarding the processing and security of customer data
• Trust Center implements Microsoft’s principles for maintaining data integrity in the cloud and Microsoft implements security, privacy, and compliance, and transparency in all Microsoft cloud products and services.
• Compliance Documentation provides detail on Azure legal and regulatory standard and compliance.

Question 22

Azure Reserved VM instances are an example of OpEx. True or False?

Answer 22

False

• You pay up front for the use of a virtual machine for a period of time (1 or 3 years). Can save you money. Because it’s an up front cost, it is Capex.

Question 23

Azure Cosmos DB is an example of which cloud offering?
1. PAAS
2. IAAS
3. Serverless
4. SAAS

Answer 23

PAAS

Question 24

Your network contains an Active Directory forest. The forest contains 5000 User Accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. You need to recommend a solution to minimize the impact on users after the planned migration. What should you recommend?
1. Implement Azure MFA
2. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
3. Instruct all users to change their password
4. Create a guest user account in Azure AD for each user

Answer 24

Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)

• Azure AD is Microsoft’s cloud based identity and access management service, which helps your employees sign in and access resources in
• External: Microsoft Office 365, Azure Portal, and thousands of other SaaS applications.
• Internal: Apps on your corporate network and intranet. Along with cloud apps developed by your organization

Question 25

Which of the following best explains cloud computing?
1. Delivery of computing services over the internet
2. Setting up your own datacenter
3. Scalable computing

Answer 25

Delivery of computing services over the internet

Question 26

Which of the following is NOT a feature of cloud computing?
1. Latest technology
2. Limited pool of services
3. Flexible resources
4. Economies of sale

Answer 26

Limited pool of services

Question 27

You plan to extend your company’s network to Azure. The network contains a VPN appliance that uses an IP Address of 131.107.200.1. You need to create an Azure resource that identifies the VPN appliance. Which resource should you create?
1. Virtual Networks
2. Load balancers
3. Virtual Network Gateways
4. DNS Zones
5. Local Network Gateway
6. ExpressRoute circuits

Answer 27

Local Network Gateway

Question 28

If Microsoft plans to end support for an Azure service that does NOT have a successor service, Microsoft will provide notification at least 12 months before. True or False?

Answer 28

True

Question 29

When you need to delegate permissions to several Azure virtual machines simulatanously, you must deploy Azure VM to which of the following?
1. Azure Region
2. Azure Availability Zone
3. Azure resource group
4. Azure resource manager template

Answer 29

Azure resource group

Question 30

One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform. True or False?

Answer 30

True

• Note: Azure SQL Data Warehouse is now Azure Synapse Analytics

Question 31

Authorizatoin to access Azure resources can be provided only to Azure AD users. true or false?

Answer 31

false

Question 32

Identities stored in Azure AD, third party cloud services, and on-premise AD can be used to access Azure resources. True or False?

Answer 32

False

Question 33

Azure has built in authentication and authorization services that provide secure access to Azure resources. True or False?

Answer 33

True

Question 34

Match the following Azure service with it’s definition. Azure AD, RBAC, Conditional Access
1. An if-then statement of Assignments and Access controls
2. Responsible for Authentication
3. Responsible for Authorization

Answer 34

Conditional Access - An if-then statement of Assignments and Access controls
RBAC - Responsible for Authorization
Azure AD - Responsible for Authentication

Question 35

Azure China is operated by Microsoft. True or False

Answer 35

False

Question 36

Azure Government is operated by Microsoft. True or False

Answer 36

True

Question 37

Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information. True or False?

Answer 37

False

• Answer is Azure Information Protection achieves this.
• You use Azure Information Protection labels to apply classifications to documents and emails.
• When you do this, the classification is identitfiable regardless of where it is stored or whom it is shared with.
• Labels can be applied by admins, users, or a combination of them.

Question 38

Azure China is operated by 21Vianet. True or False

Answer 38

True

Question 39

Microsoft Azure services operated by 21Vianet are standalone instances, seperating from Azure Global Services. True or False

Answer 39

True

Question 40

Service availabilty is not identical to global Azure. True or False

Answer 40

True

Question 41

You have a resource group named RG1. You plan to create virtual networks and app services in RG1. You need to prevent the creation of virtual machines only in RG1. Solution must ensure you can create other objects in RG1. What should you use
1. Lock
2. Azure role
3. Tag
4. Azure policy

Answer 41

Azure policy

• Azure policies can be used to define requirements for resource properties during deployment and for existing resources.
• Used to create, assign, and manage policies. These policies enforce different rules and effects over your resources. So those resources stay compliant with company and SLA
• A read-only lock will prevent any resources from being created, not just azure VMs

Question 42

Azure Advisor provides recommendations on how to improve the security of an Azure AD environment. True or False?

Answer 42

False

Question 43

Azure Advisor provides recommendations on how to configure the network settings on Azure Virtual Machines. True or False?

Answer 43

False

Question 44

Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines. True or False?

Answer 44

True

Question 45

After you create a Virtual Machine you need to modify the network security group (NSG) to allow connections to TCP port 8080 on the VM. True or False

Answer 45

True

• When you create a VM, the default setting is to create a NSG attached to the network interface assigned to a VM.
• NSGs work like firewalls. You can attach them to vNets or subnets of vNets
• Can use multiple NSGs within a vNet to restrict traffic between resources such as VMs and subnets.
• Can filter network traffic to and from Azure resources in a vNet with NSGs
• Can add security rules that allow or deny network traffic.

Question 46

Azure Germany can be used by legal residents of Germany only. True or False

Answer 46

False

Azure Germany can be used by any user or enteprise that requires its data to reside in Germany

Question 47

Authorization to access Azure resources can be provided only to Azure AD users. True or False

Answer 47

False

Question 48

You plan to migrate a web app to Azure. The web app is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web app. What should you include in the recommendation?
1. IAAS
2. SAAS
3. PAAS
4. DAAS (Database as a service)

Answer 48

PAAS

• Because the web app needs to a platform to be hosted on and run.

Question 49

What can Azure Information Protect encrypt?
1. Network Traffic
2. Documents and Email Messages
3. Azure Storage Account
4. Azure SQL database

Answer 49

Documents and Email Messages

Question 50

What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?
1. Knowledge Center website
2. Advisor blade from the Azure portal
3. Compliance Manager from the Security Trust Portal
4. Security Center blade from azure portal

Answer 50

Security Center blade from azure portal

• Azure Security center helps you prevent, detect, and respond to threats with increased visisbility into and control over the security of your Azure resources.
• Available in Azure portal

Question 51

You have an Azure Virtual Network VNET1 in a resource group RG1. You assign an Azure policy that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically. True or False?

Answer 51

False

VNET1 will continue to function normally

Question 52

Azure Firewall will encrypt network traffic sent from Azure to the Internet. True or False?

Answer 52

False

Azure Firewall allows or blocks network traffic

Question 53

Network security group will encrypt all the network traffic sent from Azure to the internet. True or False?

Answer 53

False.

• NSGs work similar to Azure Firewall where it will allow or block network traffic.

Question 54

Azure VMs that run Windows 2016 can encrypt network traffic sent to the Internet. True or False.

Answer 54

False

• Windows 2016 supports other encryption methods such as IPSEC or SSL or TLS. The VM cannot encrypt the network traffic.

Question 55

Does Azure BOT services provide a digital online assistant that provides speech support?

Answer 55

Yes

Question 56

Your company has an Azure environment that contains resources in several regions. A company policy that states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located. You need to create the Azure resource that must be used to meet the policy requirement. What should you create?
1. A read only lock
2. Azure policy
3. management group
4. reservation

Answer 56

Azure policy

Question 57

You need to configure an Azure solution that meets the following requirements:
* Secures websites from attacks
* Generates reports that contain details of attempted attacks.
What should you include in the solution?
1. Azure Firewall
2. A network security group (NSG)
3. Azure Information Protection
4. DDos Protection

Answer 57

DDoS protection

• DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users.

Question 58

You are building an application using a virtual machine in Azure. As a security requirement, it is necessary to apply Azure Multi Factor authentication based on certain conditions. Which Azure service should you choose?
1. Azure Monitor
2. Azure Advanced Threat Protection (ATP)
3. Azure AD ID Protection
4. Azure Security Center

Answer 58

Azure AD ID Protection

• Azure Monitor is incorrect because this is for collecting application monitoring data
• Azure ATP is incorrect because it is used to monitor and analyze user activity and information across the network, such as permissions and group membership
• Azure AD ID Protection allows you to apply MFA with conditions . Also used to detect risks such as anonymous IP address logins, unfamiliar sign-ins, and credential leaks.
• Azure security center is an infrastructure security management system. It’s an ATP feature

Question 59

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. What are two possible solutions?
1. Modify Azure Traffic Manager profile
2. Modify network security group
3. Modify DDOS protection plan
4. Modify Azure firewall

Answer 59

Modify network security group and Azure firewall

Question 60

Which of the following provides a command platform for deploying objects to your Cloud infrastructure and maintaining consistency throughout your Azure environment.
1. Azure policy
2. Resource Group
3. Azure Resource Manager
4. Management Group

Answer 60

Azure Resource Manager

• ARM is a service that provides a management layer that allows you to create, update, and delete Azure resources, all while maintaining consistency across your Azure environment.

Question 61

Which of the following can be used to help you enforce resource tagging so you can manage billing?
1. Azure Policy
2. Azure Service Health
3. Compliance Manager

Answer 61

Azure Policy

Question 62

You can use Service Trust Portal to download published audit reports and how Microsoft builds and operates its cloud services. True or False?

Answer 62

True.

Question 63

Choose an international organization that develops international standards for privacy and compliance?
1. International, Governmental, and Defense Agencies
2. GDPR
3. International Civil Defence Organization
4. International Organization for Standardization (ISO)

Answer 63

International Organization for Standardization (ISO)

Question 64

Azure web app, Azure logic app, and Azure SQL database are all examples of PAAS. True or False?

Answer 64

True

Question 65

DNS server runs on a VM is PAAS. True or False?

Answer 65

False

IAAS

Question 66

Azure Files is an example of SAAS. True or False?

Answer 66

False

PAAS. Built on top of Azure storage and provides fully managed file shares over a protocol called SMB

Question 67

Use DDoS Protection service in combination with a web application firewall (WAF) for protection both at the network level and at the application level. True or False

Answer 67

True

Question 68

A company is planning on hosting an app on a set of VMs. The VM are going to be running for a prolonged duration of time. Which of the following should be considered to reduce the overall cost of VM Usage?
1. Premium Disks
2. VM Scale Sets
3. Azure Reservations
4. Azure Resource Groups

Answer 68

Azure Reservations

Question 69

NSG can be applied to what level?
1. Subscription level
2. Subnet level
3. Management group level
4. VM/NIC level

Answer 69

Subnet Level and VM/NIC level

Question 70

What are different levels of access tiers for blob data, select all applicable options?
1. Hot Tier
2. Cold Tier
3. Archive Tier
4. Permenant Tier

Answer 70

Hot Tier, Cold Tier, and Archive Tier

Hot Tier is when you frequently access the data
Cool Tier is when you infrequently access data
Archive - rarely access data

Question 71

What is guaranteed in an Azure Service Level Agreement (SLA) for VM
1. Uptime
2. Feature availability
3. Bandwidth
4. Performance

Answer 71

Uptime

Question 72

You can enable just in time access by using:
1. Azure Bastion
2. Azure Firewall
3. Azure Front Door
4. Azure Security Center

Answer 72

Azure Security Center

• The just in time virtual machine access feature in Azure security center allows you lock down inbound traffic to VMs, Reduces exposure to attacks

Question 73

For which resource can you NOT use Microsoft Defender for Cloud to secure the containers?
1. Azure Kubernetes Service
2. Container hosts (VMs running Docker)
3. Azure Container Registry (ACR)
4. Azure Container Instance (ACI)

Answer 73

Azure Container Instance

ACI does not use Microsoft Defender, and allows you to run containers without VMs