AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 Test 1

Question 1

Azure Virtual Machines (VM) are classified as which of the following?

Database-as-a-Service (Daas)
Platform-as-a-Service (Paas)
Infrastructure-as-a-Service (Iaas)
Software-as-a-Service (Saas)

Answer 1

Infrastructure-as-a-Service (Iaas)

Explanation:
Azure Virtual Machines (VM) are classified as Infrastructure-as-a-Service (IaaS) because they provide virtualized computing resources, such as processing power, memory, and storage, over the internet. Users have full control over the operating system and applications running on the VM.

Question 2

What is the significance of implementing security controls at the “data” layer in the defense-in-depth model?
Your answer is correct

It protects sensitive data and ensures confidentiality, integrity, and availability.
It prevents network-based attacks against resources.
It ensures the physical security of data storage.
It reduces the impact of denial of service (DoS) attacks.

Answer 2

It protects sensitive data and ensures confidentiality, integrity, and availability.

Explanation:
The significance of implementing security controls at the “data” layer in the defense-in-depth model is to protect sensitive data and ensure confidentiality, integrity, and availability. These controls help safeguard data from unauthorized access, modification, or disclosure, thereby maintaining the overall security of the organization’s data assets.

Question 3

What is the primary purpose of Microsoft Defender for Cloud?

To provide a physical security layer for computing hardware.
To monitor security posture and protect against threats in cloud, on-premises, hybrid, and multi-cloud environments.
To provide network segmentation for virtual machines.
To automate the deployment of virtual machines in the cloud.

Answer 3

To monitor security posture and protect against threats in cloud, on-premises, hybrid, and multi-cloud environments.

Explanation:
The primary purpose of Microsoft Defender for Cloud is to monitor the security posture of cloud environments and protect against threats across various deployment scenarios, including cloud, on-premises, hybrid, and multi-cloud environments.

Question 4

True or False: Resources don’t inherit the tags you apply to a resource group or a subscription.

A. False
B. True

Answer 4

B. True

Explanation:
True. Resources in Azure do not automatically inherit the tags applied to a resource group or subscription. Tags must be explicitly applied to each individual resource to ensure consistent tagging across all resources within a resource group or subscription.

Question 5

A resource group can contain resources from multiple Azure regions.
Your answer is correct

Yes
No

Answer 5

Yes

Explanation:
Yes, a resource group in Azure can contain resources from multiple Azure regions. Resource groups are logical containers that hold related resources for an Azure solution. They help manage and organize resources and do not limit the resources to a specific region. This allows for flexibility in organizing resources across different regions within the same resource group.

Question 6

You have managed an app that you developed and deployed On-Prem for a long time, but would now like to move it to Azure and be relieved of all the manual administration and maintenance. Which of the following buckets would be most suitable for your use case?

A. SaaS
B. PaaS
C. IaaS
D. DaaS

Answer 6

B. PaaS

Explanation:
Platform as a Service (PaaS) would be the most suitable option for your use case. PaaS provides a platform and environment for developers to build, deploy, and manage applications without the complexity of infrastructure management. This would allow you to focus on developing and running your app without worrying about the underlying infrastructure.

Question 7

Yes or no:
All resource types support Tags in Azure

No
Yes

Answer 7

No

Explanation:
Not all resource types in Azure support Tags. Some resource types may not have the capability to have Tags applied to them. It is essential to understand which resource types allow for the use of Tags and which do not in Azure.

Question 8

It is possible to deploy Azure resources through a Tablet by using Bash in the Azure Cloud Shell.

No
Yes

Answer 8

Yes

Explanation:
Yes, it is possible to deploy Azure resources through a Tablet by using Bash in the Azure Cloud Shell. The Azure Cloud Shell provides a browser-based shell experience that enables access to Azure resources from virtually anywhere, including tablets. Users can use the Bash environment within the Cloud Shell to manage Azure resources, run scripts, and execute commands to deploy and manage resources in Azure.

Question 9

A medium-sized business is looking to migrate its customer relationship management (CRM) system to the cloud. The business requires customization options but also wants to minimize the IT overhead associated with managing the underlying infrastructure. Which cloud service model would be most suitable?

PaaS
SaaS
IaaS
Hybrid

Answer 9

PaaS

Explanation:
PaaS (Platform as a Service) would be the most suitable cloud service model for the medium-sized business in this scenario. PaaS offers customization options for developing, testing, and deploying applications without the need to manage the underlying infrastructure. This helps minimize IT overhead while still allowing for customization of the CRM system.

Question 10

Which of the following services provides information about Azure service incidents, planned maintenance and can notify you of issues via Email, SMS and push notifications?

Azure Trust Portal
Azure Service Health
Azure Initiatives
Azure Monitor

Answer 10

Azure Monitor

Explanation
Azure Service Health is the correct choice as it specifically provides information about Azure service incidents, planned maintenance, and can notify users of issues via Email, SMS, and push notifications. It helps users stay informed about the status of Azure services they are using.

Question 11

Deleting a resource groups deletes all the resources inside it as well.

No
Yes

Answer 11

Yes

Explanation:
Yes, deleting a resource group in Azure will also delete all the resources contained within that resource group. This includes virtual machines, storage accounts, databases, and any other resources provisioned within the resource group. It is important to be cautious when deleting a resource group as it will result in the permanent deletion of all resources within it.

Question 12

Which of the following is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs.?

Azure DevOps
Azure Logic Apps
Azure Functions
Azure App Service

Answer 12

Azure Functions

Explanation
Azure Functions is a serverless compute service that allows you to run event-triggered code without having to explicitly provision or manage infrastructure. It is designed to help you write less code, maintain less infrastructure, and save on costs by only paying for the resources used during execution.

Question 13

What Azure service provides recommendations to optimize your cloud spending based on your usage patterns?

Azure Advisor
Azure Cost Management and Billing
Azure Monitor
Azure Policy

Answer 13

Azure Cost Management and Billing

Explanation
Azure Cost Management and Billing is the correct choice as it provides recommendations to optimize your cloud spending based on your usage patterns. It offers cost analysis, budgeting tools, and cost optimization recommendations to help you manage and optimize your Azure spending effectively.

Question 14

Inter-Region transfer of data is always free of cost.

No
Yes

Answer 14

No

Explanation:
The correct choice is No because inter-Region transfer of data in Azure is not always free of cost. Depending on the specific Azure services being used and the regions involved in the data transfer, charges may apply for transferring data across different regions. It is important to review the Azure pricing documentation for detailed information on data transfer costs between regions.

Question 15

A startup is developing a mobile application that experiences unpredictable traffic spikes. Which cloud pricing model would best accommodate these fluctuations while minimizing costs?

Spot instances
Dedicated hosts
Reserved instances
Pay-as-you-go

Answer 15

Pay-as-you-go

Explanation
The pay-as-you-go pricing model allows the startup to only pay for the resources they use, making it ideal for unpredictable traffic spikes. This model provides flexibility to scale resources up or down based on demand, helping to minimize costs during low-traffic periods.

Question 16

How can you determine the estimated monthly cost of an Azure service or resource?

By analyzing the usage data of the resource
By contacting Microsoft customer support
By checking the current Azure Marketplace pricing
By using the Azure Pricing Calculator

Answer 16

By using the Azure Pricing Calculator

Explanation
Using the Azure Pricing Calculator is the correct way to determine the estimated monthly cost of an Azure service or resource. The calculator allows you to input the details of the service or resource you plan to use, such as region, type, and quantity, and provides an estimate of the monthly cost based on the current pricing information.

Question 17

When computing and processing demand increases beyond an on-premises datacenter’s capabilities, businesses can easily use the ___________ cloud to instantly scale capacity up or down to handle excess capacity.

Private
Public

Answer 17

Public

Explanation
Public cloud services provide businesses with the ability to instantly scale their computing and processing capacity up or down based on demand. This scalability is achieved by leveraging the resources and infrastructure of a third-party cloud service provider, allowing businesses to quickly adapt to changing workload requirements without the need for additional on-premises hardware or infrastructure investments.

Question 18

One of the definitions of the Hybrid cloud model is to use multiple Public Clouds in conjunction with a Private Cloud.

No
Yes

Answer 18

Yes

Explanation:
Yes, one of the definitions of the Hybrid cloud model is indeed to use multiple Public Clouds in conjunction with a Private Cloud. This approach allows organizations to leverage the benefits of both public and private cloud environments, enabling them to optimize performance, security, and cost-effectiveness based on their specific needs and workloads.

Question 19

How does Defender for Cloud contribute to the security of Azure-native services?

By focusing solely on Azure App Service protection.
By automatically deploying Log Analytics agents to Azure machines.
By enforcing access controls on physical hardware.
By natively integrating with Azure services to provide monitoring and protection.

Answer 19

By natively integrating with Azure services to provide monitoring and protection.

Explanation
This choice is correct because Defender for Cloud natively integrates with Azure services to provide monitoring and protection. It leverages Azure’s capabilities to secure Azure-native services and resources, offering comprehensive security features within the Azure environment.

Question 20

Which of the following can you use to implement strict governance and ensure that the right people have access to the right resources, and only when they need it?

Azure Bastion
Microsoft Sentinel
Microsoft Entra ID

Explanation
Microsoft Entra ID is a solution that enables organizations to implement strict governance by providing identity and access management capabilities. It ensures that the right people have access to the right resources at the right time, making it a suitable choice for enforcing access control policies.
Microsoft Defender for Cloud

Answer 20

Microsoft Entra ID

Explanation
Microsoft Entra ID is a solution that enables organizations to implement strict governance by providing identity and access management capabilities. It ensures that the right people have access to the right resources at the right time, making it a suitable choice for enforcing access control policies.

Question 21

You want to restrict access to certain Azure resources based on departmental requirements within your organization. Which Azure feature would you use?

Management groups
Subscriptions
Microsoft Entra ID
Resource groups

Answer 21

Subscriptions

Explanation:
Subscriptions in Azure provide a way to group and manage resources, billing, and access control. By using subscriptions, you can set permissions and access controls at the subscription level to restrict access to certain Azure resources based on departmental requirements within your organization.

Question 22

An organization would like to create a web app to allow its employees to enter their vacation / time-off details and then store that information in a backend storage solution. They have noted that Python is their preferred language.

As the lead consultant, which service would you recommend?

Azure Kubernetes
Azure Cosmos DB
Azure Functions
Azure App Service

.

Answer 22

Azure App Service

Explanation
Azure App Service is the most suitable option for hosting web applications like the one described in the question. It supports multiple programming languages, including Python, and provides a fully managed platform for building, deploying, and scaling web apps without managing the underlying infrastructure.

Question 23

_________________ offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. This means it can be used to completely replace or supplement traditional on-premises file servers or NAS devices.

Azure Files
Azure SQL Database
Azure Blob Storage
Azure Data Lake Storage

Answer 23

Azure Files

Explanation
Azure Files offers fully managed file shares in the cloud that can be accessed via the SMB or NFS protocols. It is designed to provide a simple way to create file shares in Azure that can be used to replace or supplement traditional on-premises file servers or NAS devices, making it the correct choice for this scenario.

Question 24

We get total control of the underlying Operating System when working with Platform As a Service (PaaS) solutions.

Yes
No

Answer 24

No

Explanation
In Platform As a Service (PaaS) solutions, the cloud provider manages the underlying Operating System, providing a fully managed platform for deploying and running applications. Users do not have direct access or control over the Operating System, as it is abstracted to simplify application development and deployment.

Question 25

Which of the following services provides a personalized view of the health of the Azure services, regions, and resources you rely on?

Azure Advisor
Azure Service Health
Azure Monitor
Azure Resource Health

Answer 25

Azure Service Health

Explanation
Azure Service Health provides a personalized view of the health of Azure services, regions, and resources that you rely on. It offers proactive notifications and guidance when Azure service issues affect you.

Question 26

Which of the following factors can affect the availability of an Azure service under the SLA?

Natural disasters
Hardware or software failures within Azure
Network disruptions outside of Azure
Planned maintenance activities

Answer 26

Natural disasters

Explanation
Natural disasters such as earthquakes, floods, or severe weather events can disrupt Azure data centers and infrastructure, leading to service outages and impacting availability. While natural disasters are rare, they are considered a factor that can affect the availability of Azure services under the SLA.
Your selection is correct

Hardware or software failures within Azure
Explanation
Hardware or software failures within Azure can significantly impact the availability of Azure services and are covered under the SLA commitments. These failures can lead to service interruptions or outages, affecting the availability guarantees provided by Microsoft.

Planned maintenance activities
Explanation
Planned maintenance activities are a factor that can affect the availability of an Azure service under the SLA. During planned maintenance, Azure services may experience downtime or reduced performance, impacting the availability guarantees outlined in the SLA.

Question 27

Which of the following is NOT a benefit of using Microsoft Entra ID?

Unlimited data storage
Enhanced security with multi-factor authentication
Centralized identity management

Answer 27

Unlimited data storage

Explanation
Unlimited data storage is not a benefit of using Microsoft Entra ID. While Microsoft Entra ID provides centralized identity management, simplified access to applications, and enhanced security features, it does not offer unlimited data storage as a feature.

Question 28

You can significantly reduce costs (up-to 72%) as compared to pay-as-you-go pricing by _______________.

Not using a lot of resources
Provisioning a lot of resources
Using Reserved Instances
Using the free tier

Answer 28

Using Reserved Instances

Explanation
Using Reserved Instances allows you to commit to a specific amount of usage for a one- or three-year term, which can result in significant cost savings compared to pay-as-you-go pricing. This option provides a discounted rate for the committed usage.

Question 29

____________ is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption.

A Subscription
A User Account
A License
A Resource Group

Answer 29

A Subscription

Explanation
A Subscription is the correct choice as it refers to an agreement with Microsoft to use their cloud platforms or services. Charges for the subscription can be based on a per-user license fee or on cloud-based resource consumption, making it the appropriate option for this scenario.

Question 30

Which protocol does Microsoft Entra ID primarily use for single sign-on (SSO)?

SNMP
FTP
HTTP
SAML

Answer 30

SAML

Explanation:
SAML (Security Assertion Markup Language) is the correct protocol primarily used by Microsoft Entra ID for single sign-on (SSO). SAML enables secure authentication and authorization between identity providers and service providers.

Question 31

You have dozens of Virtual Machines (VM) hosted in Azure. The lead architect has asked for your suggestions to migrate all the VMs to an Azure Pay-As-You-Go subscription. Which expenditure model would apply to the stated requirement?

Fault Tolerant
Capital
Scalable
Operational

Answer 31

Operational

Explanation:
The Operational expenditure model, also known as Pay-As-You-Go, is suitable for migrating Virtual Machines (VMs) to an Azure subscription where you pay for the resources you use on a consumption basis. This model is flexible and aligns with the requirement to move the VMs to an Azure Pay-As-You-Go subscription.

Question 32

When assigning Azure role-based access control (Azure RBAC) at the management group level, which of the following occurs?

Permissions are restricted to the management group level only.
Permissions are assigned individually for each subscription under the management group.
Permissions are inherited by all sub-management groups, subscriptions, resource groups, and resources under the management group.
Permissions apply only to the resources within the management group.

Answer 32

Permissions are inherited by all sub-management groups, subscriptions, resource groups, and resources under the management group.

Explanation
When Azure RBAC is assigned at the management group level, the permissions are inherited by all sub-management groups, subscriptions, resource groups, and resources under the management group. This allows for consistent access control across all resources within the hierarchy.

Question 33

Your organization has an on-premise infrastructure. The requirement from senior management is to migrate everything to the cloud.

As an advisor, what would you recommend to deal with an unexpected Azure outage in a Data Center / Availability Zone?

Scalability
Elasticity
Availability Zone.
Fault Tolerance

Answer 33

Fault Tolerance

Explanation
Fault Tolerance is the ability of a system to remain operational even when some of its components fail. Implementing fault tolerance measures such as redundancy, failover mechanisms, and backup systems can help mitigate the impact of an unexpected Azure outage in a Data Center or Availability Zone.

Question 34

What is the primary purpose of Microsoft Purview in Azure?

To offer a suite of security services for protecting virtual machines.
To provide a cloud-based development platform for building and deploying applications.
To manage and govern data across on-premises, multi-cloud, and SaaS environments.
To enable real-time analytics and monitoring for Azure resources.

Answer 34

To manage and govern data across on-premises, multi-cloud, and SaaS environments.

Explanation
This choice is correct. Microsoft Purview is designed to manage and govern data across on-premises, multi-cloud, and SaaS environments. It provides organizations with a unified view of their data estate and helps ensure compliance and data security.

Question 35

For industries that work with highly sensitive data, such as banking, finance, government, and healthcare, ___________ cloud may be their best cloud option.

Private
Public
Hybrid

Answer 35

Hybrid

Explanation:
Hybrid cloud combines the benefits of both private and public cloud models, allowing organizations to leverage the scalability and cost-effectiveness of public cloud services while maintaining sensitive data and critical workloads on-premises or in a private cloud environment. This hybrid approach provides flexibility, security, and compliance for industries like banking, finance, government, and healthcare that require a balance between security and agility.

Question 36

You are the senior architect of XYZ organization and the senior management has requested to migrate all on-prem resources to the cloud.

The requirement is that only Platform as a Service (PaaS) solutions must be used in Azure.

Solution: To begin, you create an Azure App Service and Azure SQL databases.

Would this meet the goal?
Yes
No

Answer 36

Yes

Explanation
Yes, creating an Azure App Service and Azure SQL databases aligns with the requirement of using Platform as a Service (PaaS) solutions in Azure. Azure App Service is a fully managed platform for building, deploying, and scaling web apps, while Azure SQL databases provide a fully managed relational database service. Both of these services fall under the category of PaaS offerings in Azure, making this solution suitable for the migration of on-prem resources to the cloud.

Question 37

Which of the following displays personalized recommendations for all your subscriptions, and you can use filters to select recommendations for specific subscriptions, resource groups, or services?

Azure Monitor
Azure Service Health
Azure Arc
Azure Advisor

Answer 37

Azure Advisor

Explanation
Azure Advisor is the correct choice as it provides personalized recommendations for all your subscriptions. It allows you to use filters to select recommendations for specific subscriptions, resource groups, or services, making it a versatile tool for optimizing your Azure resources.

Question 38

How many levels of depth can a management group tree support, excluding the root level and the subscription level?

4
6
7
5

Answer 38

6

Explanation
This choice states that a management group tree can support up to 6 levels of depth, excluding the root level and the subscription level. This information is correct as Azure allows for a maximum depth of 6 levels in the management group tree.

Question 39

A customer is using a Platform as a Service (PaaS) model to develop a web application. Which of the following security responsibilities typically falls on the Cloud Service Provider (CSP)?

Managing user identities and access controls
All of the these
Securing the application code
Protecting the underlying infrastructure

Answer 39

Protecting the underlying infrastructure

Protecting the underlying infrastructure, such as servers, networks, and storage, is a security responsibility that typically falls on the Cloud Service Provider (CSP). The CSP is responsible for ensuring the security and compliance of the infrastructure that hosts the web application.

Question 40

You want to deploy a file share that can be accessed from multiple Azure virtual machines without setting up a separate file server. Which Azure service can you use to achieve this?

Azure Storage Account
Azure Virtual Network
Azure SQL Database
Azure App Service

Answer 40

Azure Storage Account

Explanation
Azure Storage Account is the correct choice for deploying a file share that can be accessed from multiple Azure virtual machines. Azure Storage provides scalable, secure, and highly available storage solutions, including Azure File Shares, which can be mounted as network drives on virtual machines.

Question 41

What is the default maximum capacity for storage accounts?

400 TB
2 PiB
5 PiB
750 TiB

Answer 41

5 PiB

Explanation
The default maximum capacity for storage accounts in Microsoft Azure is 5 PiB (Pebibytes). This capacity allows for storing a large amount of data within the storage account without the need for additional configuration or scaling

Question 42

Select the characteristics of the Public Cloud from the following:

Organizations are responsible for hardware maintenance and updates.
Unsecured connections
No capital expenditure to scale up
Metered pricing
Hardware must be purchased for start-up and maintenance.
Applications can be quickly provisioned and deprovisioned.

Answer 42

No capital expenditure to scale up
Explanation
One of the key benefits of the Public Cloud is that it eliminates the need for capital expenditure to scale up. Users can easily adjust their resources based on demand without the upfront costs associated with traditional IT infrastructure.

Metered pricing
Explanation
Metered pricing is a characteristic of the Public Cloud, where users are charged based on their actual usage of resources. This pay-as-you-go model allows for cost-effective scalability and flexibility.

Applications can be quickly provisioned and deprovisioned.
Explanation
Applications can be quickly provisioned and deprovisioned in the Public Cloud, allowing organizations to rapidly deploy and remove resources as needed. This agility and flexibility are essential for adapting to changing business requirements.

Question 43

When you as a consumer are implementing a Software as a Service (SaaS) solution, you are responsible for configuring high availability.

Review the bolded text. If the statement is already correct, select “No change is needed”. If the statement is incorrect, choose the option below that would make the statement correct.

No change is needed
configuring the SaaS solution
installing the SaaS solution

Answer 43

configuring the SaaS solution

Explanation
Configuring the SaaS solution is the correct responsibility of the consumer when implementing a Software as a Service (SaaS) solution. This includes setting up redundancy, failover mechanisms, and load balancing to achieve high availability.

Question 44

Yes or No: Permissions are by default inherited by all resources residing in a resource group.

No
Yes

Answer 44

Yes

Explanation:
Yes, permissions are by default inherited by all resources residing in a resource group in Azure. This means that when you assign permissions to a resource group, all resources within that group inherit those permissions unless explicitly overridden at the resource level.

Question 45

Data in an Azure storage account is replicated 3 times in the primary region.

No
Yes

Answer 45

Yes

Explanation:
Azure Storage always stores multiple copies of your data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets the Service-Level Agreement (SLA) for Azure Storage even in the face of failures.

Question 46

What is Microsoft Entra ID?

A cloud-based identity and access management service
A cloud-based application deployment service
A cloud-based network security service
A cloud-based storage solution

Answer 46

A cloud-based identity and access management service

Explanation
Microsoft Entra ID is a cloud-based identity and access management service provided by Microsoft. It helps organizations manage user identities and control access to resources in the cloud.

Question 47

A resource can belong to more than one resource group.

No
Yes

Answer 47

No

Explanation:
Correct. In Azure, a resource can only be associated with a single resource group. This design choice ensures that resources are organized efficiently and consistently within the Azure environment.

Question 48

If you want to migrate a website that is hosted On-Prem presently to Azure, one of the clear benefits is the Pay-As-You-Go Pricing that comes with Azure.

This is not true, a website hosted on Azure will be costlier as its charged by the second.

The given statement is correct.

This is not true, we first need to pay to transfer all the website data to Azure

This is not true. You need a VPN to complete the migration which will cost a lot.

Answer 48

The given statement is correct.

Explanation
The statement is accurate because one of the benefits of migrating a website from an On-Prem environment to Azure is the Pay-As-You-Go Pricing model, which allows you to pay only for the resources you use, providing cost-efficiency and flexibility.

Question 49

A customer is using an Infrastructure as a Service (IaaS) model. Which of the following is primarily the customer’s responsibility?

Ensuring the availability of the cloud platform
Patching the operating system of virtual machines
Protecting the underlying network infrastructure
Securing the physical data center

Answer 49

Patching the operating system of virtual machines

Explanation
Patching the operating system of virtual machines is primarily the customer’s responsibility in an Infrastructure as a Service (IaaS) model. Customers are responsible for maintaining and updating the software and operating systems running on the virtual machines they deploy in the cloud.

Question 50

A large enterprise with a complex IT infrastructure wants to migrate its legacy on-premises applications to the cloud without significant changes to its existing environment. Which cloud service model would be the best choice for this migration?

IaaS
PaaS
SaaS
Hybrid Cloud

Answer 50

IaaS

Explanation:
Overall explanation
IaaS provides the most flexibility to replicate an on-premises environment in the cloud. The enterprise can migrate its servers and applications with minimal changes to the underlying infrastructure.

Incorrect:

PaaS and SaaS involve significant changes to the application environment, which is not ideal for migrating legacy applications.

Hybrid Cloud might be considered if the enterprise wants to keep some applications on-premises, but the primary focus here is on migrating existing applications, making IaaS the best choice.

Question 51

Suppose the lead architect in your company has asked your team to implement a PaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure App Service and 3 Azure Virtual machines.

Would you agree with this implementation?

Yes
No

Answer 51

No

Explanation:
An Azure App Service is a PaaS (Platform as a Service) example so this is not an issue.

However, Azure Virtual machines fall under the category of IaaS (Infrastructure as a Service) service since you’re renting infrastructure. Therefore, we would disagree with this decision.

Question 52

How does the defense-in-depth model enhance cybersecurity compared to relying solely on perimeter security?

It eliminates the need for regular security updates.
It isolates the network from the internet entirely.
It reduces the need for user authentication.
It provides protection against both external and internal threats.

Answer 52

It provides protection against both external and internal threats.

Explanation
The defense-in-depth model provides protection against both external threats, such as cyberattacks from outside the organization, and internal threats, such as insider threats or accidental data breaches. By implementing multiple layers of security controls, organizations can better defend against a wide range of cybersecurity risks.

Question 52

One of the teams in your company is looking for a solution for collecting, analyzing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment.

Which of the following would you recommend?

Azure Advisor
Azure Logs
Azure Insights
Azure Monitor

Answer 52

Azure Monitor

Explanation
Azure Monitor is the recommended solution for collecting, analyzing, and potentially taking action based on metric and logging data from the entire Azure and on-premises environment. It provides a comprehensive monitoring and analytics solution for resources in Azure and on-premises environments, allowing you to gain insights, detect issues, and take proactive actions based on the data collected.

Question 53

You are a tech startup owner and would like to migrate your self hosted apps and services to Azure.

Which of the following is an advantage of the Public Cloud that you’ll realize thanks to the migration?

Near unlimited scalability as on-demand resources are available to meet your business needs.

Resources are not shared with others, so higher levels of control and privacy are possible.

Peace of mind that Azure will send over hardware for you to store in your warehouse.

Your organization can customize its cloud environment to meet specific business needs.

Answer 53

Near unlimited scalability as on-demand resources are available to meet your business needs.

Explanation:
This choice is correct because one of the key advantages of the Public Cloud, such as Azure, is near unlimited scalability. Azure provides on-demand resources that can scale up or down based on your business needs, allowing you to quickly adjust resources to meet demand without the need for physical hardware provisioning.

Question 54

What is the primary goal of the defense-in-depth model in cybersecurity?

To create a single layer of security controls to prevent all threats.
To outsource security responsibilities to third-party providers.
To establish multiple layers of security controls to mitigate risks.
To focus solely on physical security measures for data centers.

Answer 54

To establish multiple layers of security controls to mitigate risks.

Explanation:
The primary goal of the defense-in-depth model in cybersecurity is to establish multiple layers of security controls to mitigate risks. By implementing a layered approach to security, organizations can better protect their systems, data, and assets from a wide range of cyber threats and attacks.

Question 55

Which of the following actions can help you reduce your Azure costs?

Reducing the amount of data transferred between Azure regions
Keeping all virtual machines running 24/7
Enabling automatic scaling for all virtual machines
Increasing the number of virtual machines deployed

Answer 55

Reducing the amount of data transferred between Azure regions

Explanation:
Increasing the number of virtual machines deployed will actually lead to higher Azure costs as you will be paying for more resources. It is important to right-size your resources and only deploy the necessary number of virtual machines to avoid unnecessary expenses.

Question 56

Which of the following factors influence the cost of Azure resources? (Select all that apply)

Resource type
Consumption
Geography
Maintenance

Answer 56

Resource type

Explanation
The type of Azure resource being used directly impacts its cost. Different resource types have varying pricing structures and cost models, so choosing the right resource type is essential for managing costs effectively.

Consumption
Explanation
Consumption refers to the amount of usage or resources consumed within Azure. The more resources you use or the higher the usage, the higher the cost will be. Monitoring and optimizing consumption can help control costs.
Your selection is correct

Geography
Explanation
The geographic location where Azure resources are deployed can impact their cost. Different regions may have different pricing for resources, and data transfer costs can vary based on the distance between regions. Choosing the right geography for resource deployment can help optimize costs.

Question 57

Your company plans to deploy multiple Virtual Machines in Azure. As the lead architect, you must ensure that all these virtual machines are available if a single data center fails.

Solution: You deploy the virtual machines to two or more Availability Zones.

Would this solution meet the goal?

Your answer is correct
Yes

Explanation
Yes, deploying the virtual machines to two or more Availability Zones in Azure would meet the goal of ensuring availability in case a single data center fails. Availability Zones are physically separate data centers within an Azure region, each with its own power, cooling, and networking. By distributing the virtual machines across multiple Availability Zones, you can achieve higher availability and resilience to failures.
No

Answer 57

Yes

Explanation
Yes, deploying the virtual machines to two or more Availability Zones in Azure would meet the goal of ensuring availability in case a single data center fails. Availability Zones are physically separate data centers within an Azure region, each with its own power, cooling, and networking. By distributing the virtual machines across multiple Availability Zones, you can achieve higher availability and resilience to failures.

Question 58

You’ve been asked by senior management to prepare a presentation describing not only the benefits, but also the estimated cost savings you can realize by migrating your workloads to Azure. As the lead architect, which service would you use for these calculations?

Azure Advisor
Azure Monitor
Azure Cost Management
Azure TCO calculator

Answer 58

Azure TCO calculator

Explanation
The Azure TCO (Total Cost of Ownership) calculator is specifically designed to help organizations estimate the cost savings and benefits of migrating their workloads to Azure. It provides a detailed breakdown of the costs associated with running workloads on-premises versus in the cloud, allowing you to make informed decisions about migration.

Question 59

Which of the following is an accurate description of Azure ExpressRoute?

A service that provides backup and disaster recovery solutions for Azure resources.
A service that enables you to manage and monitor Azure resources from a single, unified dashboard.
A service that provides dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters.

Answer 59

A service that provides dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters.

Explanation
Azure ExpressRoute is a service that offers dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters. This allows for a more secure and reliable connection compared to using the public internet.

Question 60

Can you apply a read-only lock to an Azure resource that already has a delete lock applied to it?

No, but a read-only lock can be temporarily disabled to make modifications
Yes, but only by the owner of the subscription
No, a delete lock overrides all other locks and prevents any modifications or deletions

Answer 60

Yes, but only by the owner of the subscription

Explanation
Yes, the owner of the subscription can apply a read-only lock to an Azure resource that already has a delete lock applied to it. The read-only lock will restrict any modifications to the resource while still allowing the owner to view the resource and its settings.

Question 61

When should you scale ‘out’ your deployment?

When you need additional Virtual Machines / compute to speed up your application
When you need to reduce your cost of operation
When you need a stronger CPU to make your application run faster
When you want to reduce the unused capacity of your system

Answer 61

When you need additional Virtual Machines / compute to speed up your application

Explanation
Scaling out by adding additional Virtual Machines or compute resources is the correct choice when you need to increase the capacity of your deployment to handle higher traffic or workload. This approach helps speed up your application by distributing the workload across multiple instances.
When you need to reduce your cost of operation

Question 62

Which cloud service model places the greatest responsibility on the customer for security?

PaaS
IaaS
All models share equal responsibility
SaaS

Answer 62

IaaS

Explanation
Infrastructure as a Service (IaaS) places the greatest responsibility on the customer for security, as they are responsible for securing the virtual machines, operating systems, applications, and data running on the cloud infrastructure provided by the service provider.

Question 63

In the defense-in-depth model, what is the role of the “network” layer?

It limits communication between resources and enforces access controls.
It focuses on securing access to applications.
It ensures the physical security of computing hardware.
It secures access to virtual machines.

Answer 63

It limits communication between resources and enforces access controls.

Explanation
The network layer in the defense-in-depth model is responsible for limiting communication between resources and enforcing access controls. It includes implementing network segmentation, firewalls, and network access controls to prevent unauthorized access and ensure secure communication between resources.

Question 64

Yes or No:

Your company has explored some of the services in Azure Public preview. One of the architects working in your team has advised to deploy mission critical services/applications to these services. Are they correct?

Yes
No

Answer 64

No

Explanation
The architect advising against deploying mission critical services or applications to services in Azure Public preview is correct. It is important to prioritize stability, reliability, and support when deploying critical workloads. Waiting for services to be generally available ensures a more mature and tested environment, reducing the risk of potential issues or changes impacting the performance of mission critical applications.

Question 65

If you assign permissions to a resource group, all the resources inside it inherit these permissions.

Yes
No

Answer 65

Yes

Explanation
Yes, when you assign permissions to a resource group in Azure, all the resources contained within that resource group inherit those permissions. This simplifies access management and ensures consistency in permissions across all resources within the resource group.

Question 66

Which of the following affect costs in Azure? (Choose 2)

Location
Instance size
Knowledge center usage

Answer 66

Location

Explanation
The location of resources in Azure can impact costs due to differences in pricing based on regions and data transfer costs between regions. Choosing a specific location for your resources can affect the overall cost of running services in Azure.

Instance size

Explanation
The instance size of virtual machines or other resources in Azure directly affects costs. Larger instance sizes typically come with higher costs, so selecting the appropriate instance size based on your workload requirements is crucial for cost optimization in Azure.

Question 67

A small development team is building a proof-of-concept (POC) for a new mobile application. The team needs a flexible environment to experiment with different technologies and frameworks rapidly. Which cloud service model would best support this?

SaaS
Hybrid Cloud
PaaS
IaaS

Answer 67

PaaS

Explanation
Platform as a Service (PaaS) is the best cloud service model for a small development team building a proof-of-concept for a new mobile application. PaaS offers a flexible environment where developers can focus on building and deploying applications without worrying about managing the underlying infrastructure. It allows for rapid experimentation with different technologies and frameworks.

Question 68

Which of the following services would you help achieve the following:

1) Create and manage a group of load balanced VMs.

2) Provide high availability and application resiliency by distributing VMs across availability zones

3) Allows your application to automatically scale as resource demand changes

Azure Resource Groups
Azure Scale Sets
Azure Subscriptions
Azure Region Pairs

Answer 68

Azure Scale Sets

Explanation
Azure Scale Sets allow you to create and manage a group of load balanced VMs, providing high availability and application resiliency by distributing VMs across availability zones. They also enable your application to automatically scale as resource demand changes, making them the correct choice for the given requirements.

Azure Resource Groups
Azure Resource Groups are logical containers that hold related resources for an Azure solution. While they help manage and organize Azure resources, they do not specifically address the requirements of creating and managing a group of load balanced VMs, providing high availability, or enabling automatic scaling for applications.

Azure Subscriptions

Explanation
Azure Subscriptions are used to manage billing, access control, and resource limits for Azure services. They are not directly related to creating and managing a group of load balanced VMs, providing high availability, or enabling automatic scaling for applications.

Azure Region Pairs

Explanation
Azure Region Pairs are used for pairing Azure regions for data residency, compliance, and disaster recovery purposes. They do not directly relate to creating and managing a group of load balanced VMs, providing high availability, or enabling automatic scaling for applications.

Question 69

The shared responsibility model is important because:

It ensures complete security of cloud environments.
It helps to avoid security incidents.
It clearly defines the roles of the CSP and customer in security.

Answer 69

It clearly defines the roles of the CSP and customer in security.

Explanation
The shared responsibility model is crucial as it clearly outlines the responsibilities of both the Cloud Service Provider (CSP) and the customer in terms of security. This helps in understanding who is responsible for what aspects of security, ensuring a collaborative approach to maintaining a secure cloud environment.

Question 70

Which of the following is NOT a responsibility of the cloud service provider (CSP) in the shared responsibility model?

Providing network connectivity
Protecting the operating system of virtual machines
Ensuring data privacy
Securing the physical data center

Answer 70

Ensuring data privacy

Explanation
Ensuring data privacy is primarily the responsibility of the customer in the shared responsibility model. While the cloud service provider (CSP) may provide tools and services to help customers protect their data, ultimately it is the customer’s responsibility to ensure the privacy and security of their data.
Securing the physical data center

Question 71

Which of the following Azure storage solutions meets ALL the following requirements:

1) The ability to handle unstructured data (document, graph, key-value)

2) Automatically index all data, regardless of the data model.

3) Multi-region writes and data distribution to any Azure region.

Azure SQL Edge
Azure Database for MariaDB
Azure SQL Databases
Azure Files
Azure Cosmos DB
Azure Cache for Redis

Answer 71

Azure Cosmos DB

Explanation
Azure Cosmos DB is the correct choice as it meets all the specified requirements. It can handle unstructured data such as documents, graphs, and key-value pairs. It automatically indexes all data regardless of the data model. Additionally, it offers multi-region writes and data distribution to any Azure region, making it a suitable choice for the given requirements.

Question 72

A small startup is developing a custom e-commerce platform that requires high scalability and flexibility to accommodate rapid growth. Which cloud service model would be the most suitable for their initial development and deployment?

SaaS
Hybrid Cloud
IaaS
PaaS

Answer 72

IaaS

Explanation:
IaaS (Infrastructure as a Service) provides the highest level of flexibility and control, allowing the startup to customize their infrastructure to meet their specific needs. They can scale resources up or down as required, and have full control over the operating system, applications, and data.

Incorrect:

1. PaaS (Platform as a Service) offers a pre-built platform for application development, but it might be restrictive for a startup that requires a highly customized e-commerce platform.
2. SaaS (Software as a Service) provides a complete application, which is not suitable for a startup developing its own platform.
3. Hybrid Cloud combines IaaS and PaaS, but it’s overkill for a startup in its initial stages.

Question 73

Which of the following services can automatically sign users in when they are on their corporate devices & connected to your corporate network?

Single-Sign-On (SSO)
Azure Sentinel
Multi-Factor Authentication (MFA)
Password Auth

Answer 73

Single-Sign-On (SSO)

Explanation
Single-Sign-On (SSO) is a service that allows users to access multiple applications with one set of login credentials. It can automatically sign users in when they are on their corporate devices and connected to the corporate network, providing a seamless user experience.

Question 74

Is it possible for anyone to modify an Azure resource that has a delete lock applied to it?

No, a delete lock prevents all users from modifying or deleting the resource
No, but a delete lock can be temporarily disabled to make modifications
Yes, but only by users with the least privileges
Yes, it is possible for the admin to do so

Answer 74

Yes, it is possible for the admin to do so

Explanation
Yes, it is possible for the admin to modify an Azure resource that has a delete lock applied to it. Delete locks prevent accidental deletion of a resource, but they do not restrict modifications by administrators who have the necessary permissions.

Question 75

Is an internet connection necessary for using cloud computing?

No
Yes

Answer 75

No

Explanation:
This choice is correct because an internet connection is not a strict requirement for using cloud computing. While many cloud services and resources are accessed over the internet, there are scenarios where cloud computing can be utilized in offline or restricted network environments, making an internet connection not necessary for all cloud computing use cases.

Question 76

________________ is the mission-critical cloud, delivering breakthrough innovation to US government customers and their partners. Only US federal, state, local, and tribal governments and their partners have access to this dedicated instance, with operations controlled by screened US citizens.

Azure Government
Azure US
Azure Nation
Azure United States

Answer 76

Azure Government

Explanation:
Azure Government - It is the mission-critical cloud, delivering breakthrough innovation to US government customers and their partners. Only US federal, state, local, and tribal governments and their partners have access to this dedicated instance, with operations controlled by screened US citizens.

Question 77

During live telecasts of football matches, streaming platforms sometimes experience massive spikes in viewerships and users visiting their websites when a goal is scored. Which of the following would be beneficial to deal with such expected demand of resources?

Kubernetes
Your answer is correct
Serverless Computing
Containers
Virtual Machines

Answer 77

Serverless Computing

Explanation
Serverless Computing allows developers to focus on writing code without worrying about managing servers or infrastructure. It automatically scales based on demand, making it an ideal choice for handling sudden spikes in viewership during live telecasts of football matches.

Question 78

Which of the following is a feature of Microsoft Entra ID?

Managed Identities
SQL Databases
Virtual Machines
Resource Groups

Answer 78

Managed Identities

Explanation
Managed Identities are a feature of Microsoft Entra ID that provides an identity for services to authenticate with Azure resources securely. It eliminates the need to store credentials in code and ensures seamless integration with Azure services.

Question 79

When you create a resource group, you need to provide a location for that resource group.

Yes
No

Answer 79

Yes

Explanation
Yes, when creating a resource group in Azure, you are required to specify a location for that resource group. The location determines the Azure region where the metadata for the resource group is stored, and it also dictates the data residency and compliance of the resources within that group.