AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 2

Question 1

You are designing a solution to improve the resiliency of your application in Azure. Which of the following would you choose to ensure your application remains available during planned maintenance events?

Scale Sets
Availability Zones
Availability Sets
Azure Container Registry

Answer 1

Availability Zones

Explanation:
Availability Zones are a high-availability offering from Microsoft Azure that provide a fault-tolerant architecture for applications. Availability Zones are physically separate data centers within an Azure region, each with their own power, cooling, and networking infrastructure.

By deploying virtual machines and other resources across multiple Availability Zones, you can ensure that your application remains available even in the event of a data center outage or other disruption. Availability Zones provide redundancy and isolation, which helps protect your application from both planned and unplanned downtime.

Other options -

Availability Sets are a feature of Microsoft Azure that help ensure that virtual machines are distributed across multiple fault domains and update domains within a single data center or region. This helps protect against hardware failures and other disruptions by ensuring that virtual machines are not all located in the same physical rack or power source. However, Availability Sets do not provide any inherent protection against data center-wide outages, which can occur due to issues such as network outages, power failures, or natural disasters. In such cases, all virtual machines in the affected data center or region may become unavailable.

Scale Sets is not necessarily the best choice for ensuring availability during planned maintenance events because it only provides horizontal scalability by adding or removing virtual machines based on demand, but does not inherently provide any availability benefits beyond what is provided by the underlying infrastructure.

Scale Sets are a feature of Microsoft Azure that provide automatic scaling of a set of virtual machines based on demand. This helps ensure that the application can handle varying levels of traffic and usage, but does not necessarily provide inherent resiliency against planned maintenance events or other types of disruptions.

Azure Container Registry is a managed private Docker registry service that enables you to store and manage container images in Azure. While it provides benefits such as secure storage, authentication, and geo-replication of container images, it is not directly related to ensuring availability during planned maintenance events.

Question 2

Which of the following would you use if you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications?

Azure Sentinel
Azure Service Health
Azure Advisor
Azure Monitor

Answer 2

Azure Monitor

Explanation:
If you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, you want to visit Azure Monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage.

Question 3

When a subscription expires, the trusted instance of the Azure AD service remains, but the security principals still maintain access to Azure resources.

Yes
No

Answer 3

No

Explanation:
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

One or more Azure subscriptions can establish a trust relationship with an instance of Azure Active Directory (Azure AD) in order to authenticate and authorize security principals and devices against Azure services. When a subscription expires, the trusted instance of the Azure AD service remains, but the security principals LOSE access to Azure resources.

Question 4

Azure guarantees 99.99% availability for the Free version of the Azure Active Directory (AAD).

Yes
No

Answer 4

No

Explanation:
Note from the above image that NO SLA is provided for the FREE tier of the Azure Active Directory!

Question 5

Which of the following services is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform?

Azure Bot Services
Azure Machine Learning Studio
Azure Databricks
Azure Cognitive Services

Answer 5

Azure Databricks

Explanation:
Lot of people get confused between Azure Databricks and Azure HDInsight.

Azure HDInsight is primarily a managed Apache Hadoop service that lets you run Apache Spark, Apache Hive, Apache Kafka, Apache HBase, and more in the cloud.

Azure Databricks is a premium Spark offering that is ideal for customers who want their data scientists to collaborate easily and run their Spark based workloads efficiently and at industry leading performance.

It is essentially an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform.

Question 6

Your company is considering migrating its on-premises infrastructure to Azure. The management team wants to compare the costs of running the existing infrastructure in-house to the projected costs in Azure. Which tool should you use to provide this comparison?

Resource cost calculator

Billing calculator

Pricing calculator

Your answer is correct
Total Cost of Ownership calculator

Answer 6

Total Cost of Ownership calculator

Explanation:
The Total Cost of Ownership (TCO) calculator is designed to help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud infrastructure. It takes into account your current infrastructure configuration, power costs, IT labor costs, and other factors to provide an estimate of the cost difference between the two environments.

Other options -

Pricing calculator - This tool is designed to estimate the cost of provisioning resources in Azure but does not provide a comparison between on-premises infrastructure costs and Azure Cloud infrastructure costs.

Resource cost calculator - This option is incorrect because there is no specific “Resource cost calculator” in Azure. The Pricing calculator and TCO calculator are the main tools used to estimate costs in Azure.

Billing calculator - This option is incorrect because there is no specific “Billing calculator” in Azure. The Pricing calculator estimates costs for provisioning resources in Azure, while the TCO calculator compares on-premises infrastructure costs to Azure Cloud infrastructure costs.

Question 7

Azure Advisor has the ability to provide recommendations for Azure ExpressRoute.

No
Yes

Answer 7

Yes

Explanation:
Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.

Advisor provides recommendations for Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, Azure Synapse Analytics, SQL servers, storage accounts, Traffic Manager profiles, and virtual machines.

Azure Advisor also includes your recommendations from Microsoft Defender for Cloud which may include recommendations for additional resource types.

Question 8

Suppose the lead architect in your company has asked your team to implement a PaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure Event Hubs and Azure Blob Storage.

Would you agree with this implementation?

No
Yes

Answer 8

Yes

Explanation:
Yes, both of these services fall under the PaaS category, and therefore meet our requirements!

Question 9

Which of the following would you need to set up alerts for outages or when autoscaling is about to deploy new instances?

Azure Advisor
Azure Bastion
Azure Service Health
Azure Monitor

Answer 9

Azure Monitor

Explanation:
You can use Azure Monitor to set up alerts for key events that are related to your specific resources.

Question 10

Which of the following does not affect costs in Azure?

Instance Size of VMs
Location
Resource usage
Resource Type
Tags

Answer 10

Tags

Explanation:
Tags do not incur costs, but are rather a great way to know which resources are incurring costs!

Great reference on costs - https://docs.microsoft.com/en-ca/learn/modules/plan-manage-azure-costs/4-purchase-azure-services

Question 11

Where can you obtain up-to-date details about the personal data Microsoft processes, how it processes it and for what purposes?

Microsoft Privacy Statement
Azure Trust Center
Azure Knowledge Center
Compliance Manager

Answer 11

Microsoft Privacy Statement

Explanation:
This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Microsoft offers a wide range of products, including server products used to help operate enterprises worldwide, devices you use in your home, software that students use at school, and services developers use to create and host what’s next. References to Microsoft products in this statement include Microsoft services, websites, apps, software, servers, and devices.

Please read the product-specific details in this privacy statement, which provide additional relevant information. This statement applies to the interactions Microsoft has with you and the Microsoft products listed below, as well as other Microsoft products that display this statement.

Question 12

Choose 3 components of Azure SLAs:

Usage Targets
Uptime and Connectivity Guarantees
Performance Targets
Service Credits

Answer 12

Uptime and Connectivity Guarantees
Performance Targets
Service Credits

Explanation:
A Service Level Agreement or SLA is a formal document that provides specific terms that state the level of service that will be provided to a customer. Microsoft’s Azure SLA defines three primary characteristics of

Azure service - Performance targets, Uptime, and Connectivity guarantees.

It should be noted that the free and shared tiers of many services DO NOT come with an SLA. (Imp.)

Question 13

What is the primary purpose of redundancy in Azure Storage?

To provide high availability and durability in the face of failures.
To increase the storage capacity of Azure resources.
To improve data processing speed for applications.
To protect against data corruption and unauthorized access.

Answer 13

To provide high availability and durability in the face of failures.

Explanation:
From the official documentation: Azure Storage always stores multiple copies of your data so that it’s protected from planned and unplanned events such as transient hardware failures, network or power outages, and natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures. Redundancy in Azure Storage ensures that data is protected from planned and unplanned events, providing high availability and durability even in the event of hardware failures, outages, or disasters.

Question 14

A startup is planning to run a few simulations and needs to deploy pre-configured Virtual Machines in a lab-like environment using ARM templates. These VMs will be used to test app versions and scale up load testing by creating multiple test agents and environments.

As the principal consultant, which of the following services would you recommend?

Microsoft Managed Desktop
Azure Virtual Machine Scale Sets
Azure Reserved Virtual Machine (VM) Instances
Azure DevTest Labs

Answer 14

Azure DevTest Labs

Explanation:
Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms.

Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim preconfigured VMs, or create and configure their own VMs and environments. Lab policies and other methods track and control lab usage and costs.

Question 15

A SaaS solution allows access to the underlying Operating System of the application.

Yes
No

Answer 15

No

Explanation:
A SaaS solution does not provide access to the operating system. In fact, with a SaaS we have the least maintenance effort but also the least degree of control.

An example of SaaS is Zoom, Outlook etc.

Question 16

In which scenario is geo-redundant storage (GRS) recommended for Azure Storage?

When protection from regional disasters is required.
When data needs to be replicated asynchronously across availability zones.
When cost optimization is the top priority.
When read access to the secondary region is essential.

Answer 16

When protection from regional disasters is required.

Explanation:
Geo-redundant storage (GRS) copies data synchronously within a single region and then asynchronously to a secondary region, providing durability and protection against regional disasters.

Question 17

In the case of Resource groups, the most restrictive lock in the inheritance takes precedence.

Yes
No

Answer 17

Yes

Explanation:
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.

If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.

Question 18

What are the two options for replicating data within the primary region in Azure Storage?

Geo-redundant storage and geo-zone-redundant storage.
Geo-zone-redundant storage and locally redundant storage.
Locally redundant storage and zone-redundant storage.
Geo-redundant storage and zone-redundant storage.

Answer 18

Locally redundant storage and zone-redundant storage.

Explanation:
Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region, locally redundant storage (LRS) and zone-redundant storage (ZRS).

Also, Azure Storage offers locally redundant storage (LRS) and zone-redundant storage (ZRS) as options for replicating data within the primary region.

Question 19

Which of the following services can facilitate the deployment and scaling of containers?

Azure Active Directory
Azure Logic Apps
Azure Cognitive Services
Azure Kubernetes

Answer 19

Azure Kubernetes

Explanation:
Azure Kubernetes Service (AKS) offers the quickest way to start developing and deploying cloud-native apps, with built-in code-to-cloud pipelines and guardrails. Get unified management and governance for on-premises, edge, and multicloud Kubernetes clusters. Interoperate with Azure security, identity, cost management, and migration services.

Question 20

What is the key advantage of using zone-redundant storage (ZRS) in the primary region?

It allows data to be accessible even if a zone becomes unavailable.
It guarantees data replication to a secondary region.
It provides read access to replicated data in the secondary region.
It offers the highest level of durability compared to other options.

Answer 20

It allows data to be accessible even if a zone becomes unavailable.

Explanation:
For Availability Zone-enabled Regions, zone-redundant storage (ZRS) replicates your Azure Storage data synchronously across three Azure availability zones in the primary region. ZRS offers durability for Azure Storage data objects of at least 12 nines (99.9999999999%) over a given year.

With ZRS, your data is still accessible for both read and write operations even if a zone becomes unavailable.

Question 21

The composite SLA for an application replying on multiple services would be higher than the individual SLAs of the particular services.

No
Yes

Answer 21

No

Explanation:
From the official Azure documentation:

Composite SLAs involve multiple services supporting an application, each with differing levels of availability.

For example, consider an App Service web app that writes to Azure SQL Database. At the time of this writing, these Azure services have the following SLAs:

App Service web apps = 99.95%

SQL Database = 99.99%

What is the maximum downtime you would expect for this application? If either service fails, the whole application fails. The probability of each service failing is independent, so the composite SLA for this application is 99.95% × 99.99% = 99.94%. That’s LOWER than the individual SLAs, which isn’t surprising because an application that relies on multiple services has more potential failure points.

You can improve the composite SLA by creating independent fallback paths. For example, if SQL Database is unavailable, put transactions into a queue to be processed later.

With this design, the application is still available even if it can’t connect to the database. However, it fails if the database and the queue both fail at the same time. The expected percentage of time for a simultaneous failure is 0.0001 × 0.001, so the composite SLA for this combined path is:

Database or queue = 1.0 − (0.0001 × 0.001) = 99.99999%

The total composite SLA is:

Web app and (database or queue) = 99.95% × 99.99999% = ~99.95%

There are tradeoffs to this approach. The application logic is more complex, you are paying for the queue, and you need to consider data consistency issues.

Question 22

A startup has deployed a set of Virtual Machines which are critical for their day-to-day operations. They need to ensure their availability even if a single data center goes down.

One of their interns has suggested that deploying these VMs to multiple resource groups would solve the problem. Do you agree?

Yes
No

Answer 22

No

Explanation:
A resource group is a logical container for Azure resources. When you create a resource group, you specify which location to create the resource group in.

However, when you create a virtual machine and place it in the resource group, the virtual machine can still be in a different location (different datacenter).

Therefore, creating multiple resource groups, even if they are in separate datacenters does not ensure that the services running on the virtual machines are available if a single data center fails. What you really need is high availability and deploying the VM to multiple Regions and AZs.

Question 23

An Azure subscription can trust multiple Azure Active Directory (Azure AD) tenants

Yes
No

Answer 23

No

Explanation:
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Please Note :

Multiple subscriptions can trust the same Azure AD directory. Each subscription can

only trust a single directory.

Question 24

You have configured a VPN connection between an on-premises network and an Azure virtual network using Site-to-Site VPN (IPsec). However, you are experiencing connectivity issues and suspect that there is an issue with the VPN gateway. Which Azure service can you use to diagnose connectivity issues for your VPN gateway?

Azure Traffic Manager
Azure Network Watcher
Azure ExpressRoute
Azure Application Gateway

Answer 24

Azure Network Watcher

Explanation:
Azure Network Watcher is a monitoring and diagnostic service that provides tools to diagnose network issues in Azure. It includes a VPN diagnostics tool that can be used to diagnose connectivity issues with VPN gateways, including Site-to-Site VPN (IPsec) gateways. The tool can help identify configuration issues, routing issues, and other common problems that can cause connectivity issues.

Other Options:

Azure Traffic Manager: This is a global DNS load balancer that can be used to distribute incoming traffic across multiple Azure regions. It is not designed for diagnosing network connectivity issues.

Azure Application Gateway: This is a web traffic load balancer that can be used to manage and route HTTP and HTTPS traffic. It is not designed for diagnosing network connectivity issues.

Azure ExpressRoute: This is a dedicated, private connection between an on-premises datacenter and Azure. It is not used for Site-to-Site VPN (IPsec) connections, and is not designed for diagnosing connectivity issues with VPN gateways.

Question 25

What is the main purpose of the Azure Pricing Calculator?

To estimate the cost of provisioning resources in Azure
To manage the billing of your Azure account
To provision resources in Azure
To compare the costs of running on-premises and Azure Cloud infrastructure

Answer 25

To estimate the cost of provisioning resources in Azure

Explanation:
To estimate the cost of provisioning resources in Azure - This is the correct answer because the Azure Pricing Calculator is specifically designed to help users estimate the cost of provisioning resources in Azure.

To compare the costs of running on-premises and Azure Cloud infrastructure - This option is incorrect because this function is performed by the Total Cost of Ownership (TCO) Calculator, not the Pricing Calculator.

To provision resources in Azure - This option is incorrect because the Pricing Calculator does not provision resources; it only provides cost estimates for resources. To provision resources, you would use the Azure Portal or other management tools.

To manage the billing of your Azure account - This option is incorrect because the Pricing Calculator does not manage billing. It only provides cost estimates for resources. To manage billing, you would use the Azure Cost Management and Billing tools.

Question 26

As a consultant, which of the following Locks would you recommend to an organization to prevent deletion or modification of mission-critical resources?

isCritical
ReadOnly
CanNotChange
CanNotModify

Answer 26

ReadOnly

Explanation:
As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly. In the left navigation panel, the subscription lock feature’s name is Resource locks, while the resource group lock feature’s name is Locks.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Question 27

Each Azure Subscription can trust multiple Active Directories.

True
False

Answer 27

False

Explanation:
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

Question 28

Which of the following is NOT a cost saving solution?

Load balance your virtual machines to manage incoming traffic
Choosing an appropriate instance type for a VM
Using a Pay as you go Subscription
Use Azure Reserved Virtual Machine instances

Answer 28

Load balance your virtual machines to manage incoming traffic

Explanation:
Overall explanation
Load balancing is used for PERFORMANCE OPTIMISATION and not cost saving.

Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.

Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It’s the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer’s front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a virtual machine scale set.

A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs.

An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario.

Question 29

A Platform as a Service (PaaS) solution that has already been deployed cannot be scaled up or out without re-deploying it.

True
False

Answer 29

False

Explanation:
You can always scale your PaaS solution up (increase the memory) or out (add more instances) without re-deployment.

The very beauty of PaaS is that it allows you to avoid the expense and complexity of buying and managing software licences, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes or the development tools and other resources. You manage the applications and services that you develop, and the cloud service provider typically manages everything else.

Question 30

If you want to raise the limit or quota above the default limit, _____________________

open an online customer support request at no charge.
define a blueprint in Azure Blueprint to implement this change
Upgrade your support plan
create an Azure policy defining this increase but it will be charged.

Answer 30

open an online customer support request at no charge.

Explanation:
If you want to raise the limit or quota above the default limit, you can open an online customer support request at no charge.

Question 31

You want to set up a VPN connection between two Azure virtual networks that are in different regions. Which of the following VPN connection types would be best suited for this scenario?

Point-to-Site (VPN over SSL)
ExpressRoute
Site-to-Site (IPsec)
VNet-to-VNet (IPsec)

Answer 31

Site-to-Site (IPsec)

Explanation:
The correct answer Site-to-Site (IPsec).

Site-to-Site (IPsec) VPN connection type is used to connect two or more virtual networks that are in different regions, data centers, or even different cloud providers. It allows you to connect an on-premises network or a branch office network to an Azure virtual network, or to connect two Azure virtual networks that are in different regions. Site-to-Site VPN connections use a VPN gateway to provide a secure connection over the Internet. IPsec is the protocol used to secure the VPN connection.

Other options:

VNet-to-VNet (IPsec): This is not the best choice for this scenario because it is designed to connect two virtual networks within the same region. It creates an IPsec tunnel between the two virtual networks, allowing resources to communicate securely and privately over the Microsoft backbone network. Since the two virtual networks in this scenario are in different regions, VNet-to-VNet (IPsec) would not be the most efficient or cost-effective option.

Point-to-Site (VPN over SSL): This is used to connect individual devices to an Azure virtual network over a VPN connection. It is not suitable for connecting virtual networks in different regions.

ExpressRoute: This is a private connection between an on-premises infrastructure and an Azure data center. It provides dedicated, high-speed connectivity between your network and Azure, but it is not suitable for connecting virtual networks in different regions.

Question 32

_______ is capable of sending encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.

A Firewall
A VPN Gateway
An Application Gateway
Network Security Group (NSG)

Answer 32

A VPN Gateway

Explanation:
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

Question 33

Azure _____________ are unique physical buildings—located all over the globe—that house a group of networked computer servers.

Availability Zones
Geographies
Regions
Datacenters

Answer 33

Datacenters

Explanation:
Azure datacentres are unique physical buildings—located all over the globe—that house a group of networked computer servers.

Question 34

Which of the following services can be used to store unstructured data in Azure?

Azure File Storage
Azure Blob Storage
Azure Table Storage
Azure Queue Storage

Answer 34

Azure File Storage
Azure Blob Storage
Azure Table Storage

Explanation:
The Azure services that can be used to store unstructured data are: Azure Blob Storage, Azure Table Storage and Azure File Storage.

Azure Table Storage can also be used to store unstructured data in Azure. Azure Table Storage is a NoSQL key-value store that can be used to store structured and semi-structured data, as well as unstructured data such as large text and binary data. Azure Table Storage allows you to store large amounts of data in a flexible schema that can evolve over time, making it a good choice for storing unstructured data that does not fit well into a fixed schema.

Azure File Storage can also be used to store unstructured data in Azure. Azure File Storage is a fully managed file share service that can be used to store and share unstructured data, such as documents, media files, and logs. Azure File Storage provides the standard SMB (Server Message Block) file share protocol, which allows you to easily mount file shares from multiple VMs in the same region or across regions. This makes it a good choice for scenarios where you need to share unstructured data between multiple VMs or applications.

Azure Blob Storage is a massively scalable object storage service that allows you to store and access large amounts of unstructured data, such as text and binary data, images, and videos. It’s commonly used for data storage, backup and recovery, and data archiving.

Incorrect -

Azure Queue Storage, on the other hand, is not suitable for storing unstructured data. It is designed for reliably queuing and processing messages between different components of a distributed application, rather than for storing large amounts of unstructured data.

Question 35

An organization is planning to migrate large amounts of data from their On-Prem storage to Azure. However, they are worried of incurring huge costs for this transfer and have halted their plans for now.

Is this assumption valid?

Yes
No

Answer 35

No

Explanation:
Data ingress (incoming) to Azure data centers is free, so the organizations assumptions are invalid.

Question 36

Your organization is using Azure for disaster recovery purposes. You have set up replication of virtual machines to an Azure region different from the primary region. Which of the following factors could affect the cost of this setup?

The network bandwidth between the primary and secondary regions

The number of virtual machines being replicated
Your selection is correct

The amount of data being replicated

The types of virtual machines being replicated.

Answer 36

The network bandwidth between the primary and secondary regions

The number of virtual machines being replicated
Your selection is correct

The amount of data being replicated

The types of virtual machines being replicated.

Explanation:
All of the options could potentially affect the cost of this setup.

The number of virtual machines being replicated - The more virtual machines being replicated, the higher the cost will be, as each VM will require resources to be replicated to the secondary region.

The amount of data being replicated - The amount of data being replicated can have a significant impact on the cost, as data transfer between regions incurs charges.

The network bandwidth between the primary and secondary regions - The network bandwidth between the primary and secondary regions can also impact the cost, as higher bandwidth requirements will result in higher charges.

The types of virtual machines being replicated - The types of virtual machines being replicated could also impact the cost, as certain VM sizes are more expensive than others.

Question 37

Your compliance team has contacted you and stated that a certain VM running a mission critical database (with confidential data) should not be able to connect to other applications and VMs. How would you accomplish this?

Deploy the VM to a brand new resource group

Deploy the VM to a certain subnet and restrict traffic using a Network Security Group (NSG).

Use an Azure Load Balancer

No need to do anything as a VM cannot communicate with other services.

Answer 37

Deploy the VM to a certain subnet and restrict traffic using a Network Security Group (NSG).

Explanation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

Subnets: Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network’s address space to each subnet. You can then deploy Azure resources in a specific subnet. Just like in a traditional network, subnets allow you to segment your VNet address space into segments that are appropriate for the organization’s internal network. This also improves address allocation efficiency. You can secure resources within subnets using Network Security Groups. For more information, see Security groups.

You can filter network traffic between subnets using either or both of the following options:

1) Security groups: Network security groups and application security groups can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol. To learn more, see Network security groups or Application security groups.

2) Network virtual appliances: A network virtual appliance is a VM that performs a network function, such as a firewall, WAN optimization, or other network function. To view a list of available network virtual appliances that you can deploy in a virtual network, see Azure Marketplace.

Question 38

Is it possible to run a PowerShell module directly from a Windows computer with Azure PowerShell installed?
Your answer is incorrect

No
Yes

Answer 38

Yes

Explanation:
A Powershell script can create Azure resources, and since the Powershell module is installed on the Windows computer, this is easily doable.

Question 39

Which of the following services can help you decouple components and asynchronous message storage, for communication between application components, whether they are running in the cloud, on the desktop, on-premise, or on mobile devices?

Azure Data Box
Azure File Sync
Azure Queue Storage
Azure Asynchronous Communicator

Answer 39

Azure Queue Storage

Explanation:
You can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices.

A single queue message can be up to 64 KB in size, and a queue can contain millions of messages, up to the total capacity limit of a storage account. Queue storage is often used to create a backlog of work to process asynchronously.

Question 40

The Azure ________ is a fully managed Platform as a Service (PaaS) that provides a runtime environment for hosting, deploying, and scaling applications.

Azure Front Door

Azure Logic Apps

Azure App Service

Azure Advisor

Answer 40

Azure App Service

Explanation:
The Azure App Service is the correct answer and is a fully managed Platform as a Service (PaaS) that provides a runtime environment for hosting, deploying, and scaling applications.

Azure App Service supports a variety of programming languages, including .NET, Java, Node.js, Python, and PHP, among others. It also provides built-in support for popular content management systems like WordPress and Drupal, and integrates with Azure DevOps for streamlined deployment and continuous integration/continuous deployment (CI/CD).

Other Options:

Azure Logic Apps is designed more for workflow automation and integration, and does not provide a runtime environment for hosting and deploying applications. While it is possible to use Azure Logic Apps to trigger actions in response to events in Azure App Service (for example, deploying a new version of an application), it is not a direct replacement for Azure App Service.

Azure Advisor is a valuable tool for optimizing Azure resources, it is not a fully managed Platform as a Service (PaaS) like Azure App Service. Azure Advisor does not provide a runtime environment for hosting, deploying, and scaling applications, and it does not support a variety of programming languages.

Azure Front Door is a useful service for load balancing and routing traffic, it is not a fully managed Platform as a Service (PaaS) like Azure App Service. Azure Front Door does not provide a runtime environment for hosting, deploying, and scaling applications, and it does not support a variety of programming languages.

Question 41

Every Azure region is composed of a set of datacenters.

No
Yes

Answer 41

Yes

Explanation:
A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. Each Azure region has a minimum of three availability zones.

Question 42

In which of the following scenarios, would an IaaS deployment make the most sense?

For analytics or business intelligence

For a lift-and-shift migration

For setting a development framework

For finance and expense tracking

Answer 42

For a lift-and-shift migration

Explanation:
From the official docs: Infrastructure as a service (IaaS) is the most flexible category of cloud services, as it provides you the maximum amount of control for your cloud resources. In an IaaS model, the cloud provider is responsible for maintaining the hardware, network connectivity (to the internet), and physical security. You’re responsible for everything else: operating system installation, configuration, and maintenance; network configuration; database and storage configuration; and so on. With IaaS, you’re essentially renting the hardware in a cloud datacenter, but what you do with that hardware is up to you.

Question 43

Azure HDInsight can be used to run popular open-source frameworks including Apache Hadoop, Spark, Hive, Kafka, and more for open-source big data analytics.

Yes

No

Answer 43

Yes

Explanation:
Yes! Azure HDInsight is an enterprise-ready, managed cluster service for open-source analytics.

You can run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka,

and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. You can also effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

Question 44

You plan to provision Infrastructure as a Service (IaaS) resources in Azure.

Which of the following is an example of IaaS in Azure?

Azure Machine Learning

Azure Event Hubs

Azure Virtual Machine

Azure HDInsight

Answer 44

Azure Virtual Machine

Explanation:
An Azure virtual machine is an example of Infrastructure as a Service (IaaS).

Azure Machine Learning, Azure Event Hubs, Azure HDInsight are all examples of Platform as a Service (Paas)

Question 45

Select the valid types of storage tiers for Azure Blob Storage?

Hot Tier

Cold Tier

Archive Storage Tier

Deep Sleep Tier

Infrequently Accessed Tier

Answer 45

Hot Tier

Cold Tier

Archive Storage Tier

Explanation:
Azure storage offers different access tiers, which allow you to store blob object data in the most cost-effective manner. The available access tiers include:

1) Hot Storage- Optimized for storing data that is accessed frequently.

2) Cool Storage- Optimized for storing data that is infrequently accessed and stored for at least 30 days.

3) Archive Storage- Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours).

Question 46

Which of the following is a great place to start when examining the security of your Azure-based solutions and provides threat protection across all of your services both in Azure, and on-premises?

Azure Advanced Threat Protection

Azure Trust Center

Azure Compliance Manager

Azure Security Center

Answer 46

Azure Security Center

Explanation:
A great place to start when examining the security of your Azure-based solutions is Azure Security Center. Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. Security Center can:

1) Provide security recommendations based on your configurations, resources, and networks.

2) Monitor security settings across on-premises and cloud workloads, and automatically apply

required security to new services as they come online.

3) Continuously monitor all your services, and perform automatic security assessments to

identify potential vulnerabilities before they can be exploited.

4) Use machine learning to detect and block malware from being installed on your virtual

machines and services. You can also define a list of allowed applications to ensure that only

the apps you validate are allowed to execute.

5) Analyze and identify potential inbound attacks, and help to investigate threats and any post-

breach activity that might have occurred.

Question 47

In the context of Azure subscriptions, what does an Azure free trial subscription provide? (Select all that apply)

Credit to spend within the first 30 days of sign-up

Access to a number of Azure products free for 12 months

Unlimited access to all Azure services

Access to more than 25 products that are always free

Answer 47

Credit to spend within the first 30 days of sign-up
Access to a number of Azure products free for 12 months
Access to more than 25 products that are always free

Question 48

How is the cost of network traffic in Azure affected?

By geography

By resource type

By the number of users

By the type of subscription

Answer 48

By geography

Explanation:
The cost of network traffic in Azure is affected by geography. Data transfer costs can vary depending on the zones, which are geographical groupings of Azure regions for billing purposes. The cost of moving data within a region or between regions can differ, impacting the overall cost of network traffic.

Question 49

If you have a Delete lock on a resource and attempt to delete its resource group, all resources inside the resource group still get deleted.

Yes
No

Answer 49

No

Explanation:
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.

If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.

Question 50

A company has approached you to help them plan an architecture, that would be capable of capturing data from millions of connected devices and securely storing them for analysis. Which of the following two services would you include in the project proposal?

Azure Data Lake

Azure Notification Hubs

Azure IoT Hubs

Azure ExpressRoute

Answer 50

Azure Data Lake
Azure IoT Hubs

Explanation:
Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT hub.

Several messaging patterns are supported, including device-to-cloud telemetry, uploading files from devices, and request-reply methods to control your devices from the cloud. IoT Hub also supports monitoring to help you track device creation, device connections, and device failures.

IoT Hub scales to millions of simultaneously connected devices and millions of events per second to support your IoT workloads. For more information about scaling your IoT Hub, see IoT Hub scaling. To learn more about the tiers of service offered by IoT Hub, check out the pricing page.

IoT Hub can further route messages to Azure Data Lake Storage.

Question 51

Which of these is NOT a valid Azure resource group constraint?

A Resource group can be used to apply consistent policies to resources using another service.

A Resource group can contain resources located in different regions

A Resource group must be in the same region as its resources

A Resource group can contain resources that belong to different subscriptions

Answer 51

A Resource group must be in the same region as its resources

Explanation:
The option “Resource group must be in the same region as its resources” is NOT a valid constraint for Resource Groups.

While it’s recommended that resources in a resource group be located in the same region for optimal performance, it’s not a strict requirement. Resources in a resource group can span different regions, and this can be useful for achieving high availability and disaster recovery scenarios, as well as for optimizing data access for users in different geographic locations.

Other options:

Resource group can contain resources located in different regions: This is a valid Azure resource group constraint. As mentioned above, resources in a resource group can span different regions.

Resource group can contain resources that belong to different subscriptions: This is also a valid Azure resource group constraint. A single resource group can contain resources that belong to different subscriptions, which is useful for managing resources across multiple subscriptions.

Resource group can be used to apply consistent policies to resources: This is also a valid Azure resource group constraint. Azure Policy can be used to apply governance policies to all resources in a resource group, ensuring consistent compliance across resources.

Question 52

Which of the following can you use to filter traffic to and from an Azure Virtual Network?

Azure Firewall

Azure Network Security Group

Azure Advanced Threat Protection (ATP)

Azure DDoS Protection

Answer 52

Azure Network Security Group

Explanation:
You can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

For each rule, you can specify source and destination, port, and protocol. This article describes properties of a network security group rule, the default security rules that are applied, and the rule properties that you can modify to create an augmented security rule.

Reference : https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 53

Is data transfer between Azure services located in two regions free?

Yes
No

Answer 53

No

Explanation:
Outbound data transfer is charged at the normal rate and inbound data transfer is free.

Question 54

Azure HDInsight an example of a Software as a Service (SaaS) offering.

No
Yes

Answer 54

No

Explanation:
No, Azure HDInsight is a PaaS offering.

From the official Azure documentation:

Run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

Question 55

Select the option that is FALSE for Resource Groups.

A resource can only belong to one resource group

Resources may be moved from one resource group to another

You can add or remove a resource to a resource group at any time.

The resources in a resource group can be located in different regions than the resource group.

Resource groups can be nested

Answer 55

Resource groups can be nested

Explanation:
Resource groups can’t be nested, i.e, a resource group cannot exist inside another resource group. It is however possible is to link resources from other resource groups within a resource group.

From the official documentation (amazing summary, please do read) -

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal

Question 56

Which of the following statements BEST describes the Modern Lifecycle Policy for Azure products and services?

For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 6 months’ notification prior to ending support if no successor product or service is offered—excluding free services or preview releases.

For products and services governed by the Modern Lifecycle Policy, unless otherwise noted, Microsoft’s policy is to provide a minimum 90 days’ notification when customers are required to take action in order to avoid significant degradation to the normal use of the product or service.

For products and services governed by the Modern Lifecycle Policy, unless otherwise noted, Microsoft’s policy is to provide a minimum 120 days’ notification when customers are required to take action in order to avoid significant degradation to the normal use of the product or service.
Correct answer

For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months’ notification prior to ending support if no successor product or service is offered—excluding free services or preview releases.

Answer 56

For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months’ notification prior to ending support if no successor product or service is offered—excluding free services or preview releases.

Explanation
he Modern Lifecycle Policy covers products and services that are serviced and supported continuously. Under this policy, the product or service remains in support if the following criteria are met:

Customers must stay current as per the servicing and system requirements published for the product or service.

Customers must be licensed to use the product or service.

Microsoft must currently offer support for the product or service.

Hence, only the statement -

“For products governed by the Modern Lifecycle Policy,

Microsoft will provide a minimum of 12 months’ notification prior to ending support

if no successor product or service is offered —excluding free services or preview

releases.” is correct.

Question 57

Availability for all Azure services is calculated over a ____________ billing cycle.

quarterly

yearly

monthly

weekly

Answer 57

monthly

Explanation:
Availability for all Azure services is calculated over a monthly billing cycle. Click here to download SLA for most Microsoft Azure Services.

Question 58

Is there a default spending limit for the Azure Free account?

No
Yes

Answer 58

Yes

Explanation:
A credit of $200 is assigned to the Free account and is valid for 30 days from the

date of activation.

Question 59

With Azure ___________ , you can scale your applications and create highly available services

Bastion

Kubernetes

Information Protection

Load Balancer

Answer 59

Load Balancer

Explanation:
From the official documentation:

Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.

Why use Azure Load Balancer?

With Azure Load Balancer, you can scale your applications and create highly available services. Load balancer supports both inbound and outbound scenarios. Load balancer provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.

Question 60

Suppose the lead architect in your company has asked your team to implement a PaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure SQL Database and an Azure Load Balancer.

Would you agree with this implementation?

No

Yes

Answer 60

No

Explanation:
Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure as servers, storage, and networking, but also middleware, development tools, business intelligence (BI) services, database management systems, and more.

Azure SQL Databases are PaaS, that’s fine. BUT:

Azure Load Balancers are IaaS not PaaS!

Question 61

Your manager has asked you to recommend an Azure Service that can be used to securely manage and store certificates for your teams services. Which of the following would you recommend?
Your answer is correct

Azure Key Vault

Azure Confidential Ledger

Azure Bastion

Azure Active Directory

Answer 61

Azure Key Vault

Explanation:
Secure key management is essential to protect data in the cloud . Azure Key Vault encrypts keys and small secrets like passwords that use keys stored in hardware security modules (HSMs).

For more assurance, it is possible to import or generate keys in HSMs, and Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). With Key Vault, Microsoft doesn’t see or extract your keys.

You can monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection.

All of the control, none of the work - the motto

By using Key Vault, you don’t need to provision, configure, patch, and maintain HSMs and key management software. Provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets, and policies. You keep control over your keys—simply grant permission for your own and partner applications to use them as needed. Applications never have direct access to keys. Developers manage keys used for Dev/Test and seamlessly migrate to production the keys that are managed by security operations.

Question 62

The private preview phase for a service includes formal support.

Yes
No

Answer 62

No

Explanation:
No. Private is a phase when Azure invites a few customers to take part in early access to new concepts and features. This phase does not include formal support. It is not available to the general public as well.

Question 63

The Azure ________ service allows you to create and manage private networks in the cloud and connect them to on-premises networks using a VPN gateway.

Azure Security Center

Azure Traffic Manager

Azure Virtual Network

Azure DNS

Answer 63

Azure Virtual Network

Explanation:
The correct answer is Azure Virtual Network. The Azure Virtual Network service allows you to create and manage private networks in the cloud and connect them to on-premises networks using a VPN gateway.

Azure Virtual Network is a networking service that allows you to create and manage virtual networks in the cloud, and connect them securely to your on-premises infrastructure. With Azure Virtual Network, you can create subnets, assign IP addresses, and control traffic flow between virtual machines and other resources.

The VPN gateway in Azure Virtual Network provides a secure, encrypted connection between your virtual network in Azure and your on-premises network. This allows you to extend your on-premises infrastructure to the cloud, and access resources in Azure as if they were located on your local network.

Other Options -

Azure DNS: While Azure DNS provides a scalable and reliable domain name system (DNS) service that can be used to resolve domain names to IP addresses, it is not directly related to creating and managing private networks or connecting them to on-premises networks using a VPN gateway.

Azure Traffic Manager: While Azure Traffic Manager is a global DNS-based traffic load balancer that can be used to distribute traffic across multiple endpoints, it is not directly related to creating and managing private networks or connecting them to on-premises networks using a VPN gateway.

Azure Security Center: While Azure Security Center is a unified security management and monitoring service that provides threat protection for cloud workloads, it is not directly related to creating and managing private networks or connecting them to on-premises networks using a VPN gateway. Azure Security Center is focused on securing cloud resources and workloads, rather than on networking and connectivity.

Question 64

In order to move a VM from one region to another, one must be prepared for a brief downtime.
Correct answer

Yes
No

Answer 64

Yes

Explanation:
Virtual Machines are resources and can be moved to a new region.

For VMs, replica VMs are created in the target region. The source VM is shut down, and some downtime occurs (usually minutes).

Question 65

A resource can connect to resources in other resource groups.
Your answer is correct

Yes

No

Answer 65

Yes

Explanation:
A resource can connect to resources in other resource groups. This scenario is common when the two resources are related but don’t share the same lifecycle. For example, you can have a web app that connects to a database in a different resource group.

More about resource groups:

Reference : https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups

Question 66

When you cancel an Azure Subscription, your resources are immediately deleted permanently to free up space.

No
Yes

Answer 66

No

Explanation:
When you cancel an Azure subscription:

A resource lock doesn’t block the subscription cancellation.

Azure preserves your resources by deactivating them instead of immediately deleting them.

Azure only deletes your resources permanently after a waiting period.

Question 67

Which Azure Service allows you to create, assign and manage policies to enforce different rules and stay compliant with your Service Level Agreements (SLAs)?

Azure Security Center
Azure Blueprints
Azure Policy
Azure Trust Portal

Answer 67

Azure Policy

Explanation:
Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill-down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.

Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started.

Question 68

Australia is composed of 1 single Azure Region.

Yes
No

Answer 68

No

Explanation:
No, Australia has several Azure regions -

Question 69

What information can you input into the TCO calculator to estimate the cost difference between your current datacenter and Azure? (Select all that apply)

Power costs
Current infrastructure configuration
IT labor costs
Subscription type

Answer 69

Power costs
Current infrastructure configuration
IT labor costs

Explanation:
Overall explanation
Current infrastructure configuration - Correct, the TCO calculator allows you to input your current infrastructure configuration, including servers, databases, storage, and outbound network traffic.

Power costs - Correct, the TCO calculator lets you add assumptions about power costs in your current environment to estimate the cost difference between on-premises and Azure.

IT labor costs - Correct, the TCO calculator allows you to include assumptions about IT labor costs to help estimate the cost difference between your current environment and Azure.

Subscription type - Incorrect, the TCO calculator focuses on comparing on-premises infrastructure costs with Azure Cloud infrastructure costs. Subscription type is not part of the input for the TCO calculator.

Question 70

_______________ enables a user to log in one time and use that credential to access multiple resources and applications from different providers.

Multi-factor Authentication (MFA)
Domain Name Service (DNS)
Passwordless
Single Sign On (SSO)

Answer 70

Single Sign On (SSO)

Explanation:
SSO enables you to remember only one username and one password to access multiple applications. A single identity is tied to a user, which simplifies the security model. As users change roles or leave an organization, access modifications are tied to that identity, which greatly reduces the effort needed to change or disable accounts.

Question 71

If you setup a free Azure account, then does the Standard support plan come along with this free account?

No
Yes

Answer 71

No

Explanation:
The BASIC Support plan is associated with all accounts but a STANDARD plan needs to be purchased and costs $100/month.

Question 72

Which of the following Azure services CANNOT be used to deploy a containerized application?

Azure Kubernetes Service (AKS)
Azure Content Delivery Network (CDN)
Azure Virtual Machines (VMs)
Azure Container Instances (ACI)

Answer 72

Azure Content Delivery Network (CDN)

Explanation:
Overall explanation
The Azure Content Delivery Network (CDN) service cannot be used to deploy a containerized application.

CDN is a service for delivering static content (such as images, videos, and other files) from a distributed network of servers. It is not designed for running and deploying containerized applications.

On the other hand, Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and Azure Virtual Machines (VMs) can all be used to deploy containerized applications.

Azure Kubernetes Service (AKS) provides a managed Kubernetes service for deploying, scaling, and managing containerized applications.

Azure Container Instances (ACI) is a serverless service that allows you to run containers on demand without having to manage the underlying infrastructure.

Azure Virtual Machines (VMs) provide a more flexible option for running containers by allowing you to choose the operating system and configure the environment to your specific needs.

Question 73

A startup has deployed a set of Virtual Machines which are critical for their day-to-day operations. They need to ensure their availability even if a single data center goes down.

One of their interns has suggested that deploying the VMs through a Scale Set would solve the problem. Do you agree?

Yes
No

Answer 73

No

Explanation:
This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal.

Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.

Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events

Question 74

It’s possible to deploy an Azure VM from an Ubuntu system by using PowerShell in the Cloud Shell.

Yes
No

Answer 74

Yes

Explanation:
Tip: Most such questions mentioning Operating Systems (Ubuntu, Linux, Windows, MacOS) are to create confusion. If you can open a browser - you can access the Cloud Shell which gives you access to Bash or PowerShell.

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Question 75

Your organization has deployed a Virtual Machine in Azure with the Standard_D2s_v3 VM size. The Virtual Machine is running a resource-intensive workload, and you want to optimize costs. Which of the following could be an effective way to achieve this?

Use a larger VM size to improve performance
Use a smaller VM size to reduce costs
Use a different Azure region with lower VM pricing.
Enable automatic scaling to adjust VM size based on workload

Answer 75

Enable automatic scaling to adjust VM size based on workload

Explanation:
The correct answer is ‘Enable automatic scaling to adjust VM size based on workload’ as it could be an effective way to optimize costs for the Virtual Machine in Azure. Automatic scaling allows you to automatically adjust the number of Virtual Machine instances and the size of the instances based on demand, which can help you save costs by avoiding overprovisioning.

Using a larger VM size : This would increase costs as its more expensive to use a larger VM size.

Using a smaller VM size: This could reduce performance and may not be suitable for a resource-intensive workload.

Using a different Azure region with lower VM pricing: This may not be a practical solution if the workload requires a specific region for compliance or latency reasons.

Question 76

In a Private Preview, Azure invites all customers to take part in early access to new concepts and features.

True
False

Answer 76

False

Explanation:
Private Preview - During this phase we invite a few customers to take part in early access to new concepts and features. This phase DOES NOT include formal support.

Question 77

Azure Active Directory can restrict access attempts to only those coming from known devices.

False
True

Answer 77

True

Explanation:
Azure AD provides services such as:

Authentication

This includes verifying identity to access applications and resources. It also includes providing functionality such as self-service password reset, multifactor authentication, a custom list of banned passwords, and smart lockout services.

Single sign-on

SSO enables you to remember only one username and one password to access multiple applications. A single identity is tied to a user, which simplifies the security model. As users change roles or leave an organization, access modifications are tied to that identity, which greatly reduces the effort needed to change or disable accounts.

Application management

You can manage your cloud and on-premises apps by using Azure AD. Features like Application Proxy, SaaS apps, the My Apps portal (also called the access panel), and single sign-on provide a better user experience.

Device management

Along with accounts for individual people, Azure AD supports the registration of devices. Registration enables devices to be managed through tools like Microsoft Intune. It also allows for device-based Conditional Access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.

Question 78

You have managed an App that you developed and deployed On-Prem for a long time, but would now like to move it to Azure and be relieved of all the manual administration and maintenance. Which of the following buckets would be most suitable for your use case?

Database as a Service (Daas)
Infrastructure as a Service (Iaas)
Software as a service (Saas)
Platform as a service (Paas)

Answer 78

Platform as a service (Paas)

Explanation:
Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.

Question 79

Which of the following requires the greatest security effort on your part?

Database as a service (Daas)
Platform as a service (Paas)
Infrastructure as a service (Iaas)
Software as a service (Saas)

Answer 79

Infrastructure as a service (Iaas)

Explanation:
IaaS (Infrastructure as a Service) is, in effect, where a cloud provider hosts the infrastructure components traditionally present in an on-premises data center including servers (operating systems), storage and networking hardware as well as the virtualization or hypervisor layer.

From a security perspective, this offering is probably the closest to traditional in-house IT infrastructure, (Indeed, many companies will effectively move existing server payloads to IaaS either partially or completely resulting in a hybrid solution.) and it will require much of the same security tools as a result.

Question 80

Which of the following services would you use to embed the ability to see, hear, speak, search, understand, and accelerate decision-making into your apps without having any machine-learning expertise?

Azure Machine Learning Studio
Azure Events Hub
Azure Cognitive Services
Azure App Service

Answer 80

Azure Cognitive Services

Explanation:
Cognitive Services bring AI within reach of every developer—without requiring machine-learning expertise. All it takes is an API call to embed the ability to see, hear, speak, search, understand, and accelerate decision-making into your apps.