AZ-900 Exam Part 2 Flashcards
You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period. What should you include in the recommendation?
- Availability Set
- Fault Tolerance
- Scalability
- Elasticity
- Low Latency
Fault Tolerance
- Fault Tolerance is the ability of a system to continue to function in the event of a failure of some of its components
In Azure what do you understand by Application availability?
1. Application is available to high end users
2. The individual SLA of each resource
3. Overall time that the system is functional and working
Overall time that the system is functional and working
Your company plans to start using Azure and will migrate all its network resources to Azure. You need to start the planning process by exploring Azure. What should you create first?
1. A subscription
2. A resource group
3. Virtual network
4. A management group
A subscription
You plan to build an enterprise data warehouse in Axure to perform business data analysis. The requirement is to build an integrated environment that will support the development of end to end analytical solutions. Which service should you use for this?
1. Azure Machine Learning
2. Azure Synapse Analytics
3. Azure Database for PostGreSQL
Azure Synapse Analytics
- Azure Machine Learning is incorrect because it does not provide enterprise data warehouse services. Azure Machine Learning is a development platform for coding machine learning.
- Azure Synapse Analytics is a data analytics platform that combines data integration, enterprise data warehousing, and big data analytics. Also supports the development of end to end analytical solutions.
- Azure Database for PostgreSQL is a relational database service based on Postgres database engine. Cannot be used to build a data warehouse
You are the data engineer for your company. An application uses a NoSQL database to store data. The database uses the key value and wide column NoSQL database type. Developers need to access the data in the database using an API. You need to determine which API to use for the database model and type. Which two APIs should you use?
1. Cassandra API
2. Table API
3. SQL API
4. Gremlin API
5. MongoDB API
Cassandra API and MongoDB API
- Cassandra API and MongoDB API both have key value pair
Hybrid Cloud is part of Public Cloud. True or False?
False
- A public cloud is part of Hybrid cloud. Many customers take advantage of the hybrid cloud to achieve global scale, increased reliability
Define availability set.
1. Group of instances of your application in an availability zone.
2. A logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.
3. Set of resources
A logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.
Your company plans to deploy an AI solution to Azure. What should the company use to build, test, and deploy predictive analytics solutions?
1. Azure Logic Apps
2. Azure Machine Learning Studio
3. Azure Batch
4. Azure Cosmos DB
Azure Machine Learning Studio
Which Azure service should you use to correlate events from multiple resources into a centralized repository?
1. Azure Event Hubs
2. Azure Analysis Services
3. Azure Monitor
4. Azure Log Analytics
Azure Log Analytics
Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine VM1 is accessible from the internet over HTTP. You propose Azure firewall as a solution. Does this meet the goal?
Yes
Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual named VM1 is accessible from the Internet over HTTP. As a solution you modify the DDoS protection plan. Does this meet the goal?
No
- Correct answer is Azure Firewall
Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual named VM1 is accessible from the Internet over HTTP. As a solution you modify an Azure Traffic Manager profile. Does this meet the goal?
No
- Azure Traffic manager allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.
Which of the following correctly defines Edge computing?
1. Edge Computing allows you to secure your application on multiple locations
2. Edge computing allows customers to run VMs, containers and data services at edge locations
3. Edge computing allows you to create scalable web apps
Edge computing allows customers to run VMs, containers and data services at edge locations
From Azure Cloud Shell, you can track your company’s regulatory standards and regulations, such as ISO 27001. True or False?
False.
- Trust Center is the correct answer to this. The Trust Center can be used to track your company’s compliance
The only way to use Azure resources is to purchase an Azure account before you can use them?
False
You need an Azure subscription before using Azure resources. But you can have a free Azure account
Azure AD can be used to grant or deny access based on the originating IP Address. True or False?
False
Azure Firewall can be used to grant or deny access based on the originating IP Address. True or False?
True
Your company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution. Which two Azure resources should you identify?
1. Azure Data Lake
2. Azure Queue storage
3. Azure File Storage
4. Azure IoT Hub
Azure Data Lake and Azure IoT Hub
- Azure Data Lake can be used to store the data from devices and sensors.
- Azure Queue storage is exclusively for messages, but here we’re collecting data
- Azure Files is a cloud storage service designed for sharing files, development or debugging tools, and applications that rely on native file systems.
- IoT Hub does the data processing.
Which Azure service you can use for quickly sending miilions of notifications to IOS, Android, Windows, or Kindle devices, working with APNs (Apple Push Notification service), GCM (Google Cloud Messaging), WNS (Windows Push Notification Service), and more.
1. IoT Hub
2. Azure Notification Hubs
3. Azure Machine Learning
4. Azure Monitor
Azure Notification Hubs
To what should an application connect to retrieve security tokens?
1. Azure Storage account
2. Azure AD
3. Azure security center
4. Azure Key Vault
Azure AD
Azure AD authenticates users and provides access tokens. An access token is a security token that is issued by an authentication server. Security Token is not a Secret, Password, Private Key, Certificate, etc. Plus tokens are not static so there is no point in storing them (they’re only valid for a short duration).
You need to be aware of the latest Azure security standards to protect your data. Which of the following services should you use to ensure this?
1. Azure Government
2. Online Terms of Service
3. Trust Center
4. Azure Compliance Documentation
Azure Trust Center
- Azure Government addresses the security and compliance needs of US federal agencies, state and local governemnts, and their solution providers
- Online Terms of Service is an agreement between Microsoft and you. Details the obligations and both parties regarding the processing and security of customer data
- Trust Center implements Microsoft’s principles for maintaining data integrity in the cloud and Microsoft implements security, privacy, and compliance, and transparency in all Microsoft cloud products and services.
- Compliance Documentation provides detail on Azure legal and regulatory standard and compliance.
Azure Reserved VM instances are an example of OpEx. True or False?
False
- You pay up front for the use of a virtual machine for a period of time (1 or 3 years). Can save you money. Because it’s an up front cost, it is Capex.
Azure Cosmos DB is an example of which cloud offering?
1. PAAS
2. IAAS
3. Serverless
4. SAAS
PAAS
Your network contains an Active Directory forest. The forest contains 5000 User Accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. You need to recommend a solution to minimize the impact on users after the planned migration. What should you recommend?
1. Implement Azure MFA
2. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
3. Instruct all users to change their password
4. Create a guest user account in Azure AD for each user
Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
- Azure AD is Microsoft’s cloud based identity and access management service, which helps your employees sign in and access resources in
- External: Microsoft Office 365, Azure Portal, and thousands of other SaaS applications.
- Internal: Apps on your corporate network and intranet. Along with cloud apps developed by your organization
Which of the following best explains cloud computing?
1. Delivery of computing services over the internet
2. Setting up your own datacenter
3. Scalable computing
Delivery of computing services over the internet
Which of the following is NOT a feature of cloud computing?
1. Latest technology
2. Limited pool of services
3. Flexible resources
4. Economies of sale
Limited pool of services
You plan to extend your company’s network to Azure. The network contains a VPN appliance that uses an IP Address of 131.107.200.1. You need to create an Azure resource that identifies the VPN appliance. Which resource should you create?
1. Virtual Networks
2. Load balancers
3. Virtual Network Gateways
4. DNS Zones
5. Local Network Gateway
6. ExpressRoute circuits
Local Network Gateway
If Microsoft plans to end support for an Azure service that does NOT have a successor service, Microsoft will provide notification at least 12 months before. True or False?
True
When you need to delegate permissions to several Azure virtual machines simulatanously, you must deploy Azure VM to which of the following?
1. Azure Region
2. Azure Availability Zone
3. Azure resource group
4. Azure resource manager template
Azure resource group
One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform. True or False?
True
- Note: Azure SQL Data Warehouse is now Azure Synapse Analytics
Authorizatoin to access Azure resources can be provided only to Azure AD users. true or false?
false
Identities stored in Azure AD, third party cloud services, and on-premise AD can be used to access Azure resources. True or False?
False
Azure has built in authentication and authorization services that provide secure access to Azure resources. True or False?
True
Match the following Azure service with it’s definition. Azure AD, RBAC, Conditional Access
1. An if-then statement of Assignments and Access controls
2. Responsible for Authentication
3. Responsible for Authorization
Conditional Access - An if-then statement of Assignments and Access controls
RBAC - Responsible for Authorization
Azure AD - Responsible for Authentication
Azure China is operated by Microsoft. True or False
False
Azure Government is operated by Microsoft. True or False
True
Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information. True or False?
False
- Answer is Azure Information Protection achieves this.
- You use Azure Information Protection labels to apply classifications to documents and emails.
- When you do this, the classification is identitfiable regardless of where it is stored or whom it is shared with.
- Labels can be applied by admins, users, or a combination of them.
Azure China is operated by 21Vianet. True or False
True
Microsoft Azure services operated by 21Vianet are standalone instances, seperating from Azure Global Services. True or False
True
Service availabilty is not identical to global Azure. True or False
True
You have a resource group named RG1. You plan to create virtual networks and app services in RG1. You need to prevent the creation of virtual machines only in RG1. Solution must ensure you can create other objects in RG1. What should you use
1. Lock
2. Azure role
3. Tag
4. Azure policy
Azure policy
- Azure policies can be used to define requirements for resource properties during deployment and for existing resources.
- Used to create, assign, and manage policies. These policies enforce different rules and effects over your resources. So those resources stay compliant with company and SLA
- A read-only lock will prevent any resources from being created, not just azure VMs
Azure Advisor provides recommendations on how to improve the security of an Azure AD environment. True or False?
False
Azure Advisor provides recommendations on how to configure the network settings on Azure Virtual Machines. True or False?
False
Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines. True or False?
True
After you create a Virtual Machine you need to modify the network security group (NSG) to allow connections to TCP port 8080 on the VM. True or False
True
- When you create a VM, the default setting is to create a NSG attached to the network interface assigned to a VM.
- NSGs work like firewalls. You can attach them to vNets or subnets of vNets
- Can use multiple NSGs within a vNet to restrict traffic between resources such as VMs and subnets.
- Can filter network traffic to and from Azure resources in a vNet with NSGs
- Can add security rules that allow or deny network traffic.
Azure Germany can be used by legal residents of Germany only. True or False
False
Azure Germany can be used by any user or enteprise that requires its data to reside in Germany
Authorization to access Azure resources can be provided only to Azure AD users. True or False
False
You plan to migrate a web app to Azure. The web app is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web app. What should you include in the recommendation?
1. IAAS
2. SAAS
3. PAAS
4. DAAS (Database as a service)
PAAS
- Because the web app needs to a platform to be hosted on and run.
What can Azure Information Protect encrypt?
1. Network Traffic
2. Documents and Email Messages
3. Azure Storage Account
4. Azure SQL database
Documents and Email Messages
What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?
1. Knowledge Center website
2. Advisor blade from the Azure portal
3. Compliance Manager from the Security Trust Portal
4. Security Center blade from azure portal
Security Center blade from azure portal
- Azure Security center helps you prevent, detect, and respond to threats with increased visisbility into and control over the security of your Azure resources.
- Available in Azure portal
You have an Azure Virtual Network VNET1 in a resource group RG1. You assign an Azure policy that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically. True or False?
False
VNET1 will continue to function normally
Azure Firewall will encrypt network traffic sent from Azure to the Internet. True or False?
False
Azure Firewall allows or blocks network traffic
Network security group will encrypt all the network traffic sent from Azure to the internet. True or False?
False.
- NSGs work similar to Azure Firewall where it will allow or block network traffic.
Azure VMs that run Windows 2016 can encrypt network traffic sent to the Internet. True or False.
False
- Windows 2016 supports other encryption methods such as IPSEC or SSL or TLS. The VM cannot encrypt the network traffic.
Does Azure BOT services provide a digital online assistant that provides speech support?
Yes
Your company has an Azure environment that contains resources in several regions. A company policy that states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located. You need to create the Azure resource that must be used to meet the policy requirement. What should you create?
1. A read only lock
2. Azure policy
3. management group
4. reservation
Azure policy
You need to configure an Azure solution that meets the following requirements:
* Secures websites from attacks
* Generates reports that contain details of attempted attacks.
What should you include in the solution?
1. Azure Firewall
2. A network security group (NSG)
3. Azure Information Protection
4. DDos Protection
DDoS protection
- DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users.
You are building an application using a virtual machine in Azure. As a security requirement, it is necessary to apply Azure Multi Factor authentication based on certain conditions. Which Azure service should you choose?
1. Azure Monitor
2. Azure Advanced Threat Protection (ATP)
3. Azure AD ID Protection
4. Azure Security Center
Azure AD ID Protection
- Azure Monitor is incorrect because this is for collecting application monitoring data
- Azure ATP is incorrect because it is used to monitor and analyze user activity and information across the network, such as permissions and group membership
- Azure AD ID Protection allows you to apply MFA with conditions . Also used to detect risks such as anonymous IP address logins, unfamiliar sign-ins, and credential leaks.
- Azure security center is an infrastructure security management system. It’s an ATP feature
Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. What are two possible solutions?
1. Modify Azure Traffic Manager profile
2. Modify network security group
3. Modify DDOS protection plan
4. Modify Azure firewall
Modify network security group and Azure firewall
Which of the following provides a command platform for deploying objects to your Cloud infrastructure and maintaining consistency throughout your Azure environment.
1. Azure policy
2. Resource Group
3. Azure Resource Manager
4. Management Group
Azure Resource Manager
- ARM is a service that provides a management layer that allows you to create, update, and delete Azure resources, all while maintaining consistency across your Azure environment.
Which of the following can be used to help you enforce resource tagging so you can manage billing?
1. Azure Policy
2. Azure Service Health
3. Compliance Manager
Azure Policy
You can use Service Trust Portal to download published audit reports and how Microsoft builds and operates its cloud services. True or False?
True.
Choose an international organization that develops international standards for privacy and compliance?
1. International, Governmental, and Defense Agencies
2. GDPR
3. International Civil Defence Organization
4. International Organization for Standardization (ISO)
International Organization for Standardization (ISO)
Azure web app, Azure logic app, and Azure SQL database are all examples of PAAS. True or False?
True
DNS server runs on a VM is PAAS. True or False?
False
IAAS
Azure Files is an example of SAAS. True or False?
False
PAAS. Built on top of Azure storage and provides fully managed file shares over a protocol called SMB
Use DDoS Protection service in combination with a web application firewall (WAF) for protection both at the network level and at the application level. True or False
True
A company is planning on hosting an app on a set of VMs. The VM are going to be running for a prolonged duration of time. Which of the following should be considered to reduce the overall cost of VM Usage?
1. Premium Disks
2. VM Scale Sets
3. Azure Reservations
4. Azure Resource Groups
Azure Reservations
NSG can be applied to what level?
1. Subscription level
2. Subnet level
3. Management group level
4. VM/NIC level
Subnet Level and VM/NIC level
What are different levels of access tiers for blob data, select all applicable options?
1. Hot Tier
2. Cold Tier
3. Archive Tier
4. Permenant Tier
Hot Tier, Cold Tier, and Archive Tier
Hot Tier is when you frequently access the data
Cool Tier is when you infrequently access data
Archive - rarely access data
What is guaranteed in an Azure Service Level Agreement (SLA) for VM
1. Uptime
2. Feature availability
3. Bandwidth
4. Performance
Uptime
You can enable just in time access by using:
1. Azure Bastion
2. Azure Firewall
3. Azure Front Door
4. Azure Security Center
Azure Security Center
- The just in time virtual machine access feature in Azure security center allows you lock down inbound traffic to VMs, Reduces exposure to attacks
For which resource can you NOT use Microsoft Defender for Cloud to secure the containers?
1. Azure Kubernetes Service
2. Container hosts (VMs running Docker)
3. Azure Container Registry (ACR)
4. Azure Container Instance (ACI)
Azure Container Instance
ACI does not use Microsoft Defender, and allows you to run containers without VMs