AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 4

Question 1

A _____________ endpoint is a network interface that uses a private IP address from your virtual network.

Private

Internal

Hybrid

Public

Answer 1

Private

Explanation:
A private endpoint is a network interface that uses a private IP address from your virtual network. This network interface connects you privately and securely to a service that’s powered by Azure Private Link. By enabling a private endpoint, you’re bringing the service into your virtual network.

The service could be an Azure service such as:

Azure Storage

Azure Cosmos DB

Azure SQL Database

Your own service, using Private Link service.

Question 2

Which of the following is NOT a benefit of using Azure Arc?

Increased visibility and control over resources

Improved security and compliance for resources

Consistent management of resources across hybrid environments

Centralized billing and cost management for all resources

Answer 2

Centralized billing and cost management for all resources

Explanation:
Azure Arc is a hybrid management service that allows you to manage your servers, Kubernetes clusters, and applications across on-premises, multi-cloud, and edge environments. Some of the benefits of using Azure Arc include consistent management of resources across hybrid environments, improved security and compliance for resources, and increased visibility and control over resources.

Centralized billing and cost management for all resources: Thus is not a benefit of using Azure Arc. While Azure provides centralized billing and cost management for resources in the cloud, Azure Arc is focused on managing resources across hybrid environments and does not provide billing or cost management features.

Other options -

Consistent management of resources across hybrid environments: This is a key benefit of using Azure Arc. With Azure Arc, you can apply policies, monitor and manage resources, and automate tasks across all of your environments, including on-premises, multi-cloud, and edge environments.

Improved security and compliance for resources: This is another benefit of using Azure Arc. Azure Arc allows you to apply security and compliance policies to resources across all of your environments, providing consistent protection against threats and helping you maintain regulatory compliance.

Increased visibility and control over resources: This is also a benefit of using Azure Arc. With Azure Arc, you can gain a unified view of all your resources across hybrid environments, and apply policies, automate tasks, and monitor resources from a single location. This provides greater control and visibility over your entire IT estate.

Question 3

Which type of scaling focuses on adjusting the capabilities of resources, such as increasing processing power?

Vertical scaling

Static scaling

Elastic scaling

Horizontal scaling

Answer 3

Vertical scaling

Explanation:
Vertical scaling involves adjusting the capabilities of resources, such as adding more CPUs or RAM to a virtual machine. It focuses on enhancing the capacity of individual resources.

With horizontal scaling, if you suddenly experienced a steep jump in demand, your deployed resources could be scaled out (either automatically or manually). For example, you could add additional virtual machines or containers, scaling out. In the same manner, if there was a significant drop in demand, deployed resources could be scaled in (either automatically or manually), scaling in.

Question 4

_____________________ enforcement is at the center of a Zero Trust architecture.

Identities
Applications
Devices
Data
Security policy
Network

Answer 4

Security policy

Explanation:
Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network

A Zero Trust approach extends throughout the entire digital estate and serves as an integrated security philosophy and end-to-end strategy.

This illustration provides a representation of the primary elements that contribute to Zero Trust.

In the illustration:

Security policy enforcement is at the center of a Zero Trust architecture. This includes Multi Factor authentication with conditional access that takes into account user account risk, device status, and other criteria and policies that you set.

Identities, devices (also called endpoints), data, applications, network, and other infrastructure components are all configured with appropriate security. Policies that are configured for each of these components are coordinated with your overall Zero Trust strategy. For example, device policies determine the criteria for healthy devices and conditional access policies require healthy devices for access to specific apps and data.

Threat protection and intelligence monitors the environment, surfaces current risks, and takes automated action to remediate attacks.

Question 5

Which of the following is NOT a feature of Azure Monitor?

Metrics
Database management
Alerts
Log Analytics

Answer 5

Database management

Explanation:
Azure Monitor is a service that provides full-stack monitoring capabilities for applications and infrastructure in Azure. It collects and analyzes telemetry data from a variety of sources, including Azure resources, third-party resources, and custom applications. The key features of Azure Monitor include:

Log Analytics: This feature allows you to collect and analyze log data from various sources, including Azure resources, operating systems, and custom applications. It provides advanced querying and visualization capabilities to help you understand and troubleshoot issues.

Metrics: This feature provides a comprehensive view of the performance and health of your Azure resources, including virtual machines, databases, and web applications. It allows you to set up custom charts and alerts based on specific metrics.

Alerts: This feature enables you to set up notifications for specific conditions or events in your Azure environment, such as high CPU usage, application errors, or security threats. It supports various notification channels, including email, SMS, and webhooks.

Other option -

Database management: This is not a feature of Azure Monitor. There are other Azure services, such as Azure SQL Database and Azure Database for MySQL, that provide database management capabilities.

Question 6

Which of the following is a benefit of using Azure Cloud Shell for managing Azure resources?

It offers more advanced features than other Azure management tools
It eliminates the need to install and configure command-line interfaces on your local machine
It allows for easier integration with third-party tools and services
It provides faster access to Azure resources

Answer 6

It eliminates the need to install and configure command-line interfaces on your local machine

Explanation:
‘It eliminates the need to install and configure command-line interfaces on your local machine’ is correct because Azure Cloud Shell provides a browser-based command-line interface that allows you to manage your Azure resources without having to install and configure command-line interfaces on your local machine. This makes it easier and more convenient to manage your Azure resources from any device and location.

Other options:

It provides faster access to Azure resources is incorrect because the speed of access to Azure resources is not determined by the management tool used, but rather by factors such as network latency and the size and complexity of the resources being accessed.

It offers more advanced features than other Azure management tools is incorrect because Azure Cloud Shell provides the same set of features as other Azure management tools, such as Azure CLI and Azure PowerShell, and does not offer any advanced features that are not available in other tools.

It allows for easier integration with third-party tools and services is incorrect because the integration of Azure Cloud Shell with third-party tools and services is not any easier or more seamless than the integration of other Azure management tools.

Question 7

Which of the following scenarios is a suitable use case for applying a resource lock?

Automating the deployment of resources using templates.

Preventing read access to a development virtual machine.

Ensuring a critical storage account is not accidentally deleted.

Restricting network access to an Azure SQL database.

Answer 7

Ensuring a critical storage account is not accidentally deleted.

Explanation:
Using a lock, READ access is never affected. Read below from the official Azure docs:

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Reference: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

Question 8

Which of the following best describes Azure Arc?

A platform for building microservices-based applications that run across multiple nodes

A bridge that extends the Azure platform to help you build apps with the flexibility to run across datacenters

A cloud-based identity and access management service

A service for analyzing and visualizing large datasets in the cloud

Answer 8

A bridge that extends the Azure platform to help you build apps with the flexibility to run across datacenters

Explanation:
Azure Arc is a service from Microsoft that allows organizations to manage and govern their on-premises servers, Kubernetes clusters, and applications using Azure management tools and services. With Azure Arc, customers can use Azure services such as Azure Policy, Azure Security Center, and Azure Monitor to manage their resources across on-premises, multi-cloud, and edge environments. Azure Arc also enables customers to deploy and manage Azure services on-premises or on other clouds using the same tools and APIs as they use in Azure.

Question 9

Each zone is made up of one or more datacentres equipped with common power, cooling, and networking.

True
False

Answer 9

False

Explanation:
Azure Availability Zones are unique physical locations within an Azure region and offer high availability to protect your applications and data from datacentre failures. Each zone is made up of one or more datacentres equipped with independent power, cooling, and networking.

Question 10

Which of the following best describes the concept of “immutable infrastructure” in the context of IaC?

Infrastructure that cannot be changed once deployed.
Infrastructure that is managed through a graphical user interface.
Infrastructure that is stored in a physical data center.
Infrastructure that is recreated rather than modified in place.

Answer 10

Infrastructure that is recreated rather than modified in place.

Explanation:
Immutable infrastructure refers to the practice of recreating infrastructure components whenever changes are needed rather than modifying them in place. This approach aligns with IaC principles, enhancing consistency and reducing configuration drift.

Question 11

________________ asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection.

Across-Region Replication

Auto-Region Replicas

Cross-region replication

Auto-Region Replication

Answer 11

Cross-region replication

Explanation:
To ensure customers are supported across the world, Azure maintains multiple geographies. These discrete demarcations define a disaster recovery and data residency boundary across one or multiple Azure regions.

Cross-region replication is one of several important pillars in the Azure business continuity and disaster recovery strategy. Cross-region replication builds on the synchronous replication of your applications and data that exists by using availability zones within your primary Azure region for high availability. Cross-region replication asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection.

Some Azure services take advantage of cross-region replication to ensure business continuity and protect against data loss. Azure provides several storage solutions that make use of cross-region replication to ensure data availability. For example, Azure geo-redundant storage (GRS) replicates data to a secondary region automatically. This approach ensures that data is durable even if the primary region isn’t recoverable.

Question 12

Which of the following authentication protocols is not supported by Azure AD?

SAML
NTLM
OpenID Connect
OAuth 2.0

Answer 12

NTLM

Explanation:
Azure AD does support SAML, OAuth 2.0, and OpenID Connect authentication protocols. However, NTLM is not supported by Azure AD.

NTLM is a legacy authentication protocol that is not recommended for modern authentication scenarios due to its security limitations. Azure AD recommends using modern authentication protocols such as SAML, OAuth 2.0, and OpenID Connect, which provide stronger security and support features such as multi-factor authentication and conditional access.

Therefore, the correct answer is NTLM.

Question 13

Which type of resource lock allows you to modify the resource, but not delete it?

Restrict lock
CanNotModify lock
Read-only lock
CanNotDelete lock

Answer 13

CanNotDelete lock

Explanation:
As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Reference: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

Question 14

As the Cloud Admin of your organization, you want to Block your employees from accessing your apps from specific locations. Which of the following can help you achieve this?

Azure Role Based Access Control (RBAC)

Azure Active Directory Conditional Access

Azure Sentinel

Azure Single Sign On (SSO)

Answer 14

Azure Active Directory Conditional Access

Explanation:
The modern security perimeter now extends beyond an organization’s network to include user and device identity. Organizations can use identity-driven signals as part of their access control decisions.

Conditional Access brings signals together, to make decisions, and enforce organizational policies. Azure AD Conditional Access is at the heart of the new identity-driven control plane.

Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it.

Question 15

You want to ensure that all virtual machines deployed in your Azure environment are configured with specific antivirus software. Which Azure service can you use to enforce this policy?

Azure Security Center
Azure Monitor
Azure Policy
Azure Advisor

Answer 15

Azure Policy

Explanation:
The correct option is Azure Policy. Azure Policy is the service that allows you to enforce organizational standards and compliance across all your resources in Azure. With Azure Policy, you can create policies that enforce specific configurations and settings for resources, including virtual machines, at the time of deployment or during their lifecycle. In this scenario, you can create a policy that enforces the installation of specific antivirus software on all virtual machines, ensuring that all resources in your environment are compliant with your organization’s security requirements.

Azure Advisor provides recommendations to optimize your resources, Azure Security Center helps to identify and remediate potential security threats, and Azure Monitor provides insights into the performance and health of your applications and resources. While these services are useful for monitoring and optimizing your environment, they do not enforce specific policies or configurations on your resources.

Other Options :

Azure Advisor: This service provides recommendations to optimize Azure resources based on best practices, but it does not have the capability to enforce policies.

Azure Security Center: This service focuses on security and threat protection for Azure resources. It provides recommendations to improve security posture and allows for continuous monitoring and alerting of security-related events, but it does not enforce policies related to antivirus software.

Azure Monitor: This service provides real-time monitoring and alerting for Azure resources, but it does not have the capability to enforce policies.

Reference: https://learn.microsoft.com/en-us/azure/governance/policy/overview#azure-policy-objects

Question 16

What is the maximum number of cloud-only user accounts that can be created in Azure AD?

50,000

100,000

500,000

1,000,000

Answer 16

1,000,000

Explanation:
The correct answer is 1,000,000.

Azure AD has the capability to hold up to 1,000,000 cloud-only user accounts. This limit can be extended further by contacting Microsoft support.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/service-limits-restrictions

Question 17

Which of the following is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, On-Premises, AND Multicloud (Amazon AWS and Google GCP) resources?

Azure Sentinel

Azure Key Vault

Microsoft Defender for Cloud

Azure DDoS Protection

Azure Front Door

Answer 17

Microsoft Defender for Cloud

Explanation:
Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises:

Defender for Cloud secure score continually assesses your security posture so you can track new security opportunities and precisely report on the progress of your security efforts.

Defender for Cloud recommendations secures your workloads with step-by-step actions that protect your workloads from known security risks.

Defender for Cloud alerts defends your workloads in real-time so you can react immediately and prevent security events from developing.

Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction

Question 18

Your company has deployed a web application to Azure, and you want to restrict access to it from the internet while allowing access from your company’s on-premises network. Which Network Security Group (NSG) rule would you configure?

Inbound rule allowing traffic from your company’s on-premises network to the web application’s private IP address.

Outbound rule allowing traffic from any destination to your company’s on-premises network.

Inbound rule allowing traffic from any source to the web application’s public IP address.

Outbound rule allowing traffic from the web application’s private IP address to any destination.

Answer 18

Inbound rule allowing traffic from your company’s on-premises network to the web application’s private IP address.

Explanation:
The correct answer is : Inbound rule allowing traffic from your company’s on-premises network to the web application’s private IP address.

To restrict access to the web application from the internet while allowing access from your company’s on-premises network, you need to create an inbound NSG rule that allows traffic from your company’s on-premises network to the web application’s private IP address. This can be achieved by creating a rule with a source IP address range that matches your company’s on-premises network and a destination IP address range that matches the web application’s private IP address.

Inbound rule allowing traffic from any source to the web application’s public IP address: This is incorrect because it allows traffic from any source, including the internet, to the web application’s public IP address.

Outbound rule allowing traffic from any destination to your company’s on-premises network: This is incorrect because it allows traffic from any destination, including the internet, to your company’s on-premises network, which could be a security risk.

Outbound rule allowing traffic from the web application’s private IP address to any destination: This is incorrect because it allows outbound traffic from the web application’s private IP address to any destination, but does not restrict inbound traffic to the web application.

Question 19

In the context of Infrastructure as Code (IaC), _________ are independent files, typically containing set of resources meant to be deployed together.

Functions

Modules

Units

Methods

Answer 19

Modules

Explanation:
One of the goals of using code to deploy infrastructure is to avoid duplicating work or creating multiple templates for the same or similar purposes. Infrastructure modules should be reusable and flexible and should have a clear purpose.

Modules are independent files, typically containing set of resources meant to be deployed together. Modules allow you to break complex templates into smaller, more manageable sets of code. You can ensure that each module focuses on a specific task and that all modules are reusable for multiple deployments and workloads.

Question 20

Is it possible for you to run BOTH Bash and Powershell based scripts from the Azure Cloud shell?

No
Yes

Answer 20

Yes

Explanation:
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Select Cloud Shell.

Select Bash or PowerShell.

Reference : https://docs.microsoft.com/en-us/azure/cloud-shell/overview

Question 21

Which service would you use to reduce the overhead of manually assigning permissions to a set of resources?

Azure Logic Apps
Azure Policy
Azure Trust Center
Azure Resource Manager

Answer 21

Azure Resource Manager

Explanation:
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Question 22

Which of the following endpoints for a managed instance enables data access to your managed instance from outside a virtual network?

Hybrid
Public
External
Private

Answer 22

Public

Explanation:
Public endpoint for a managed instance enables data access to your managed instance from outside the virtual network. You are able to access your managed instance from multi-tenant Azure services like Power BI, Azure App Service, or an on-premises network. By using the public endpoint on a managed instance, you do not need to use a VPN, which can help avoid VPN throughput issues.

Question 23

How can you apply a resource lock to an Azure resource?

By configuring a network security group.

By using the Azure portal or Azure PowerShell

By creating a new resource group for the resource.

By assigning a custom role to the resource.

By using the Azure API for RBAC

Answer 23

By using the Azure portal or Azure PowerShell

Explanation:
You can apply a resource lock to an Azure resource using the Azure portal or Azure PowerShell. This allows you to control access and modifications to the resource.

Question 24

Someone in your organization accidentally deleted an important Virtual Machine that has led to huge revenue losses. Your senior management has tasked you with investigating who was responsible for the deletion. Which Azure service can you leverage for this task?

Azure Arc
Azure Event Hubs
Azure Service Health
Azure Monitor
Azure Advisor

Answer 24

Azure Monitor

Explanation:
Log Analytics is a tool in the Azure portal that’s used to edit and run log queries with data in Azure Monitor (Correct) Logs.

You might write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze them. Or you might write a more advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend.

Whether you work with the results of your queries interactively or use them with other Azure Monitor features, such as log query alerts or workbooks, Log Analytics is the tool that you’ll use to write and test them.

Azure Advisor (incorrect) analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.

Azure Service Health (incorrect) helps you stay informed and take action, with alerts for outages and a personalised dashboard for service issues.

Question 25

______________ is a security framework that uses the principles of explicit verification, least privileged access, and assuming breach to keep users and data secure while allowing for common scenarios like access to applications from outside the network perimeter.

Less Trust

Least Trust

Zero Trust

No Trust

Answer 25

Zero Trust

Explanation:
Zero Trust is a security framework that does not rely on the implicit trust afforded to interactions behind a secure network perimeter. Instead, it uses the principles of explicit verification, least privileged access, and assuming breach to keep users and data secure while allowing for common scenarios like access to applications from outside the network perimeter.

App developers can improve app security, minimize the impact of breaches, and ensure that their applications meet their customers’ security requirements by adopting Zero Trust principles.

Question 26

If your organization has many Azure subscriptions, which of the following is useful to efficiently manage access, policies, and compliance for those subscriptions?

Azure Subscriptions

Azure Blueprints
Azure Management Groups

Azure Policy

Answer 26

Azure Management Groups

Explanation:
If your organization has many Azure subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Management groups provide a governance scope above subscriptions. You organize subscriptions into management groups the governance conditions you apply cascade by inheritance to all associated subscriptions.

Management groups give you enterprise-grade management at scale no matter what type of subscriptions you might have. However, all subscriptions within a single management group must trust the same Azure Active Directory (Azure AD) tenant.

For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all nested management groups, subscriptions, and resources, and allow VM creation only in authorized regions.

Question 27

In a Public Cloud model, you get dedicated hardware, storage, and network devices than the other organizations or cloud “tenants”.

No
Yes

Answer 27

No

Explanation:
Public clouds are the most common type of cloud computing deployment. The cloud resources (like servers and storage) are owned and operated by a third-party cloud service provider and delivered over the internet. With a public cloud, all hardware, software, and other supporting infrastructure are owned and managed by the cloud provider. Microsoft Azure is an example of a public cloud.

In a public cloud, you share the same hardware, storage, and network devices with other organisations or cloud “tenants,” and you access services and manage your account using a web browser. Public cloud deployments are frequently used to provide web-based email, online office applications, storage, and testing and development environments.

Reference: https://azure.microsoft.com/en-ca/resources/cloud-computing-dictionary/what-are-private-public-hybrid-clouds/#deployment-options

Question 28

A(n) ________________ in Azure Monitor monitors your telemetry and captures a signal to see if the signal meets the criteria of a preset condition. If the conditions are met, an alert is triggered, which initiates the associated action group.

preset condition
alert rule
alert condition
preset rule

Answer 28

alert rule

Explanation:
Alerts help you detect and address issues before users notice them by proactively notifying you when Azure Monitor data indicates that there may be a problem with your infrastructure or application.

You can alert on any metric or log data source in the Azure Monitor data platform.

An alert rule monitors your telemetry and captures a signal that indicates that something is happening on a specified target. The alert rule captures the signal and checks to see if the signal meets the criteria of the condition. If the conditions are met, an alert is triggered, which initiates the associated action group and updates the state of the alert.

Question 29

_________________ is a strategy that employs a series of mechanisms to slow the advance of an attack that’s aimed at acquiring unauthorized access to information. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure.

Defense in Layers

Defense in Depth

Defense in Steps

Defense in Series

Answer 29

Defense in Depth

Explanation:
Defense in depth is a strategy that employs a series of mechanisms to slow the advance of an attack that’s aimed at acquiring unauthorized access to information. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure.

Microsoft applies a layered approach to security, both in its physical datacenters and across Azure services. The objective of defense in depth is to protect information and prevent it from being stolen by individuals who aren’t authorized to access it

Question 30

What is the primary purpose of external identities in Azure Active Directory?

To provide secure access to Azure resources for employees within the organization.

To enable single sign-on between Azure subscriptions.

To manage user identities exclusively for on-premises applications.

To allow external partners and customers to access resources in your Azure environment.

Answer 30

To allow external partners and customers to access resources in your Azure environment.

Explanation:
External identities in Azure AD enable organizations to extend their identity management beyond their own employees. This allows external partners, vendors, and customers to access specific resources within the organization’s Azure environment without requiring them to have internal accounts.

Question 31

__________________ lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.

Azure Virtual Network

Azure Firewall

Azure Sentinel

Azure ExpressRoute

Azure DNS

Answer 31

Azure ExpressRoute

Explanation:
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.

Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a colocation facility. ExpressRoute connections don’t go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet. For information on how to connect your network to Microsoft using ExpressRoute, see ExpressRoute connectivity models.

Question 32

In the context of Azure networking, what is the purpose of a Network Security Group (NSG) associated with a private endpoint?

To manage IP address assignments for the private endpoint.

To ensure the availability and uptime of the private endpoint.

To encrypt data traffic between the private endpoint and the Azure service.

To enforce access control rules on inbound and outbound traffic to the private endpoint.

Answer 32

To enforce access control rules on inbound and outbound traffic to the private endpoint.

Explanation:
A Network Security Group (NSG) associated with a private endpoint is used to enforce access control rules on the inbound and outbound traffic to the private endpoint. This helps in controlling and restricting the network traffic flow to and from the private endpoint, enhancing security and compliance.

Question 33

Your organization uses Microsoft Defender for Cloud and you receive an alert that suspicious activity has been detected on one of your cloud resources. What should you do?

Wait for a follow-up email from Microsoft Support before taking any action.

Ignore the alert, as Microsoft Defender for Cloud will automatically handle any threats.

Investigate the alert and take appropriate action to remediate the threat if necessary.

Delete the cloud resource to prevent the threat from spreading.

Answer 33

Investigate the alert and take appropriate action to remediate the threat if necessary.

Explanation:
Microsoft Defender for Cloud can detect and alert you to potential threats to your cloud resources, but it is up to you to investigate the alert and take appropriate action to remediate the threat. Ignoring the alert or waiting for a follow-up email from Microsoft Support can leave your organization vulnerable to attack. Deleting the cloud resource may not necessarily eliminate the threat, and could cause other issues such as data loss.

Question 34

Which of the following two storage solutions are built to handle NoSQL data?

Azure Cosmos DB

Azure Table Storage

Azure NoSQL Database

Azure SQL Database

Answer 34

Azure Cosmos DB

Azure Table Storage

Explanation:
Azure Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design. Because Table storage is schemaless, it’s easy to adapt your data as the needs of your application evolve.

Azure Cosmos DB is a fully managed NoSQL database for modern app development. Single-digit millisecond response times, and automatic and instant scalability, guarantee speed at any scale.

Question 35

Which cloud deployment model is best suited for organizations with extremely strict data security and compliance requirements?

Public cloud

Hybrid cloud

Private cloud

Community cloud

Answer 35

Private cloud

Explanation:
The correct answer is Private Cloud. Private clouds are cloud deployments that are dedicated to a single organization and are hosted either on-premises or in a third-party data center. Private clouds offer greater control over data security and compliance, as the organization has direct control over the infrastructure and can implement security measures tailored to their specific requirements. Private clouds can also be used to address regulatory compliance requirements that may restrict the use of public clouds for certain types of data.

In contrast, public clouds and community clouds are shared by multiple organizations, which can raise concerns about data security and compliance. Hybrid clouds, which combine elements of public and private clouds, can also be used to address data security and compliance requirements, but they can be more complex to manage.

Question 36

Azure Pay As you Go is an example of which cloud expenditure model?

Capital (CapEx)
Operational (OpEx)

Answer 36

Operational (OpEx)

Explanation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it). However, this switch also requires more careful management of your costs.

Question 37

Which of the following protocols is used for federated authentication in Azure AD?

OAuth 2.0

LDAP

SAML

OpenID Connect

Answer 37

SAML

Explanation:
SAML (Security Assertion Markup Language) is the protocol used for federated authentication in Azure AD.

Federated authentication is a mechanism that allows users to use their existing credentials from a trusted identity provider (IdP) to authenticate with another application or service. In the context of Azure AD, federated authentication allows users to use their existing corporate credentials to authenticate with cloud-based applications and services.

Azure AD supports several federated authentication protocols, including Security Assertion Markup Language (SAML), OAuth 2.0, and OpenID Connect. SAML is widely used for federated authentication in enterprise environments, while OAuth 2.0 and OpenID Connect are commonly used in web and mobile applications.

Question 38

Your colleague is looking for an Azure service that can help them understand how their applications are performing and proactively identify issues that affect them , AND the resources they depend on.

What’s your recommendation?

Azure Advisor

Azure Monitor

Azure Comprehend

Azure Service Health

Answer 38

Azure Monitor

Explanation:
Azure Monitor helps you maximize the availability and performance of your applications and services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. This information helps you understand how your applications are performing and proactively identify issues that affect them and the resources they depend on.

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.

Azure Comprehend is not an existing service.

Azure Advisor helps to quickly and easily optimize your Azure deployments. Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.

Question 39

______________ allows you to implement your system’s logic into readily available blocks of code that can run anytime you need to respond to critical events.

Azure Kinect DK

Azure Cognitive Services

Azure Application Insights

Azure Quantum

Azure Functions

Answer 39

Azure Functions

Explanation:
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

You focus on the pieces of code that matter most to you, and Azure Functions handles the rest.

Azure Functions provides “compute on-demand” in two significant ways.

First, Azure Functions allows you to implement your system’s logic into readily available blocks of code. These code blocks are called “functions”. Different functions can run anytime you need to respond to critical events.

Second, as requests increase, Azure Functions meets the demand with as many resources and function instances as necessary - but only while needed. As requests fall, any extra resources and application instances drop off automatically.

Question 40

Which of these approaches is NOT a cost saving solutions?

Load balancing the incoming traffic

Use Reserved Instances with Azure Hybrid

Making use of Azure Cost Management

Use the correct and appropriate instance size based on current workload

Answer 40

Load balancing the incoming traffic

Explanation:
Load balancing is done to increase the overall availability of the application not to optimise costs.

Question 41

__________________ Infrastructure as Code involves writing a definition that defines how you want your environment to look. In this definition, you specify a desired outcome rather than how you want it to be accomplished.

Declarative

Imperative

Ad-Hoc

Your answer is incorrect
Defined

Answer 41

Declarative

Explanation:
Declarative Infrastructure as Code involves writing a definition that defines how you want your environment to look. In this definition, you specify a desired outcome rather than how you want it to be accomplished. The tooling figures out how to make the outcome happen by inspecting your current state, comparing it to your target state, and then applying the differences.

Question 42

It is possible to deploy a new Azure Virtual Network (VNet) using PowerAutomate on a Google Chromebook.

No

Yes

Answer 42

No

Explanation:
No, PowerApps is not a part of Azure!

Question 43

You are the lead architect of your organization. One of the teams has a requirement to copy hundreds of TBs of data to Azure storage in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios.

Which of the following would be a good solution for this use case?

Azure Cosmos DB

Azure Data Lake Storage

Azure File Sync

Azure Data Box

Answer 43

Azure Data Box

Explanation:
Azure Data Box Gateway is a storage solution that enables you to seamlessly send data to Azure. This article provides you an overview of the Azure Data Box Gateway solution, benefits, key capabilities, and the scenarios where you can deploy this device.

Data Box Gateway is a virtual device based on a virtual machine provisioned in your virtualized environment or hypervisor. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files.

Use cases -

Data Box Gateway can be leveraged for transferring data to the cloud such as cloud archival, disaster recovery, or if there is a need to process your data at cloud scale. Here are the various scenarios where Data Box Gateway can be used for data transfer.

Cloud archival - Copy hundreds of TBs of data to Azure storage using Data Box Gateway in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios.

Continuous data ingestion - Continuously ingest data into the device to copy to the cloud, regardless of the data size. As the data is written to the gateway device, the device uploads the data to Azure Storage.

Initial bulk transfer followed by incremental transfer - Use Data Box for the bulk transfer in an offline mode (initial seed) and Data Box Gateway for incremental transfers (ongoing feed) over the network.

Question 44

Which of the following can repeatedly deploy your infrastructure throughout the development lifecycle and have confidence your resources are deployed in a consistent manner?

Azure Resource Manager templates

Azure Templates

Management groups

The Azure API Management service

Answer 44

Azure Resource Manager templates

Explanation:
Azure Resource Manager Templates is correct since templates are idempotent (Same), which means you can deploy the same template many times and get the same resource types in the same state.

Question 45

Which of the following services can host the following type of apps:

Web apps
API apps
WebJobs
Mobile apps

Azure App Environment

Azure Bastion

Azure Arc

Azure App Service

Answer 45

Azure App Service

Explanation:
App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux. It enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model.

Types of app services

With App Service, you can host most common app service styles like:

Web apps

API apps

WebJobs

Mobile apps

Question 46

______________ is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources

HTML

Tricep

PHP

Bicep

Answer 46

Bicep

Explanation:
Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. In Bicep files, you define the infrastructure you intend to deploy and its properties. Compared to ARM templates, Bicep files are easier to read and write for a non-developer audience because they use a concise syntax.

Question 47

_______________ brings signals together, to make decisions, and enforce organizational policies. In simple terms, they are if-then statements, if a user wants to access a resource, then they must complete an action.

Conditional Access

Active Directory Access

Logical Access

Demand Access

Answer 47

Conditional Access

Explanation:
The modern security perimeter now extends beyond an organization’s network to include user and device identity. Organizations can use identity-driven signals as part of their access control decisions.

Conditional Access brings signals together, to make decisions, and enforce organizational policies. Azure AD Conditional Access is at the heart of the new identity-driven control plane.

Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it.

Administrators are faced with two primary goals:

Empower users to be productive wherever and whenever

Protect the organization’s assets

Question 48

Azure CosmosDB is an example of a ___________________ offering.

Infrastructure as a Service (IaaS)

Serverless Computing

Software as a Service (SaaS)

Platform as a Service (PaaS)

Answer 48

Platform as a Service (PaaS)

Explanation:
Azure CosmosDB is an example of Platform as a Service!

Azure Cosmos DB is a fully managed NoSQL database for modern app development. Single-digit millisecond response times, and automatic and instant scalability, guarantee speed at any scale. Business continuity is assured with SLA-backed availability and enterprise-grade security. App development is faster and more productive thanks to turnkey multi region data distribution anywhere in the world, open source APIs and SDKs for popular languages. As a fully managed service, Azure Cosmos DB takes database administration off your hands with automatic management, updates and patching. It also handles capacity management with cost-effective serverless and automatic scaling options that respond to application needs to match capacity with demand.

Question 49

An _________________ is a collection of policy definitions that are grouped together towards a specific goal or purpose in mind.

Azure Initiative

Azure Bundle

Azure Collection

Azure Group

Answer 49

Azure Initiative

Explanation:
An Azure initiative is a collection of Azure policy definitions that are grouped together towards a specific goal or purpose in mind. Azure initiatives simplify management of your policies by grouping a set of policies together as one single item. For example, you could use the PCI-DSS built-in initiative which has all the policy definitions that are centered around meeting PCI-DSS compliance.

Similar to Azure Policy, initiatives have definitions ( a bunch of policies ) , assignments and parameters. Once you determine the definitions that you want, you would assign the initiative to a scope so that it can be applied.

Question 50

_______________ is a unified cloud-native application protection platform that helps strengthen your security posture, enables protection against modern threats, and helps reduce risk throughout the cloud application lifecycle across multicloud and hybrid environments.

Microsoft Defender for Cloud

Microsoft Priva

Azure Network Security Group

Azure Firewall

Azure Bastion

Answer 50

Microsoft Defender for Cloud

Explanation:
From the official documentation: Microsoft Defender for Cloud is a unified cloud-native application protection platform that helps strengthen your security posture, enables protection against modern threats, and helps reduce risk throughout the cloud application lifecycle across multicloud and hybrid environments.

Question 51

Which of the following resources can be managed using Azure Arc?

Kubernetes clusters

Only Windows and Linux Servers & Virtual Machines

Windows Server and Linux servers

Only Kubernetes Clusters and Virtual Machines

All of these

Virtual machines

Answer 51

All of these

Explanation:
The answer is All of the these. Azure Arc enables you to manage resources both on-premises and across multiple clouds using a single control plane. This includes managing Windows Server and Linux servers, Kubernetes clusters, and virtual machines. By extending Azure services to hybrid environments, Azure Arc provides consistent management, security, and compliance across all resources.

Question 52

When a blob is in the archive access tier, what must you do first before accessing it?

Add it to a new resource group

Rehydrate it

Modify its policy

Move it to File Storage

Answer 52

Rehydrate it

Explanation:

Question 53

The Microsoft _____________ provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices.

Privacy Policy

Service Trust Portal

Advisor

Blueprints

Answer 53

Service Trust Portal

Explanation:
The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices.

The Service Trust Portal contains details about Microsoft’s implementation of controls and processes that protect our cloud services and the customer data therein. To access some of the resources on the Service Trust Portal, you must log in as an authenticated user with your Microsoft cloud services account (Azure Active Directory organization account) and review and accept the Microsoft Non-Disclosure Agreement for Compliance Materials.

Question 54

Which of the following Azure compliance certifications is specifically designed for the healthcare industry?

GDPR

None of the above

HIPAA/HITECH

ISO 27001

Answer 54

HIPAA/HITECH

Explanation:
The correct answer is HIPAA/HITECH. HIPAA stands for the Health Insurance Portability and Accountability Act, which is a US law that regulates the handling of sensitive medical information. HITECH stands for the Health Information Technology for Economic and Clinical Health Act, which expands on HIPAA’s privacy and security rules. Azure has undergone third-party audits and achieved compliance with the HIPAA/HITECH standards, making it suitable for use in the healthcare industry.

Question 55

It is possible to have multiple Subscriptions inside a Management Group.

No

Yes

Answer 55

Yes

Explanation:
When you define your management group hierarchy, first create the root management group. Then move all existing subscriptions in the directory into the root management group. New subscriptions always go into the root management group initially. Later, you can move them to another management group.

What happens when you move a subscription to an existing management group? The subscription inherits the policies and role assignments from the management group hierarchy above it. Establish many subscriptions for your Azure workloads. Then create other subscriptions to contain Azure services that other subscriptions share.

Do you expect your Azure environment to grow? Then create management groups for production and nonproduction now, and apply appropriate policies and access controls at the management group level. As you add new subscriptions to each management group, those subscriptions inherit the appropriate controls.

Question 56

In Azure, which of the following services can be accessed through private endpoints?

Azure Key Vault.

Azure App Service.

Azure SQL Database.

Azure Storage accounts.

All of the above.

Answer 56

All of the above.

Explanation:
Private endpoints can be used to access various Azure services, including Azure Storage accounts, Azure Key Vault, Azure App Service, and Azure SQL Database. By using private endpoints, you can connect to these services from within your virtual network, ensuring that the traffic remains within the Azure backbone network and doesn’t traverse the public internet.

Question 57

Which of the following can help you automate deployments and use the practice of infrastructure as code?

Mangement Groups

Azure Arc

ARM Templates

Azure IaaC

Answer 57

ARM Templates

Explanation:
With the move to the cloud, many teams have adopted agile development methods. These teams iterate quickly. They need to repeatedly deploy their solutions to the cloud, and know their infrastructure is in a reliable state. As infrastructure has become part of the iterative process, the division between operations and development has disappeared. Teams need to manage infrastructure and application code through a unified process.

To meet these challenges, you can automate deployments and use the practice of infrastructure as code. In code, you define the infrastructure that needs to be deployed. The infrastructure code becomes part of your project. Just like application code, you store the infrastructure code in a source repository and version it. Any one on your team can run the code and deploy similar environments.

To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates (ARM templates). The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.

Question 58

As the owner of a streaming platform deployed on Azure, you notice a huge spike in traffic whenever a new web-series in released but moderate traffic otherwise. Which of the following is a clear benefit of this type of workload?

Elasticity

High availability

High latency

Load balancing

Answer 58

Elasticity

Explanation:
Elasticity in this case is the ability to provide additional compute resource when needed (spikes) and reduce the compute resource when not needed to reduce costs. Load Balancing and High Availability are also great advantages the streaming platform would enjoy, but Elasticity is the option that best describes the workload in the question.

Question 59

In the _______ as a Service cloud service model, customers are responsible for managing applications, data, runtime, middleware, and operating systems, while the cloud provider manages the underlying infrastructure.

Infrastructure

Platform

Software

Answer 59

Infrastructure

Explanation:
In the IaaS cloud service model, customers are responsible for managing applications, data, runtime, middleware, and operating systems, while the cloud provider manages the underlying infrastructure. Customers have more control and flexibility over their infrastructure compared to the other cloud service models, but also have more responsibility for managing their applications and workloads.

Question 60

What is the minimum Azure AD edition required to enable self-service password reset for users?

Premium P1 edition

Basic edition

Premium P2 edition

Free edition

Answer 60

Premium P1 edition

Explanation:
The correct answer is - Premium P1 edition is the minimum required edition to enable self-service password reset for users in Azure AD.

Question 61

Which of the following services can you use to calculate your estimated hourly or monthly costs for using Azure?

Azure Total Cost of Ownership (TCO) calculator

Azure Cost Management

Azure Calculator

Azure Pricing Calculator

Answer 61

Azure Pricing Calculator

Explanation:
You can use the Azure Pricing Calculator to calculate your estimated hourly or monthly costs for using Azure. Azure TCO on the other hand is primarily used to estimate the cost savings you can realize by migrating your workloads to Azure.

Question 62

You’ve been planning to decommission your On-Prem database hosting Gigabytes of data. Which of the following is True about data ingress (moving into) for Azure?

It is free of cost

It is charged $0.05 per GB

It is charged $0.05 per TB

It is charged per hour of data transferred

Answer 62

It is free of cost

Explanation:
Bandwidth refers to data moving in and out of Azure data centres, as well as data moving between Azure data centres; other transfers are explicitly covered by the Content Delivery Network, ExpressRoute pricing or Peering

Question 63

Azure DNS can manage DNS records for your Azure services, but cannot provide DNS for your external resources.

True
False

Answer 63

False

Explanation:
Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

Azure DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services.

DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. To learn more about pricing, see Azure DNS pricing.

Question 64

Azure Cosmos DB is a Software as a Service (SaaS) offering from Microsoft Azure.

No, it is an IaaS offering.

No, it is a PaaS offering.

Yes, it is a SaaS offering.

Answer 64

No, it is a PaaS offering.

Explanation:
Azure Cosmos DB is an example of a Platform as a Service (PaaS) offering.

Question 65

Subscriptions can be moved to another Management Group as well as merged into one Single subscription.

No
Yes

Answer 65

No

Explanation:
Even though Subscriptions can be moved to another management group, they cannot be merged into 1 single subscription.

Question 66

In which scenario would you use the Business-to-Business (B2B) collaboration feature in Azure AD?

Granting external vendors access to a shared project workspace.

Enabling employees to access internal applications.

Allowing customers to sign up for your e-commerce website.

Providing internal access to company reports.

Answer 66

Granting external vendors access to a shared project workspace.

Explanation:”
Business-to-Business (B2B) collaboration in Azure AD is used to collaborate with users external to your organization, such as vendors or partners. It allows you to securely share resources like documents and applications while maintaining control over access.

Question 67

What is the primary purpose of a public endpoint in Azure?

To provide a direct and secure connection to Azure services.

To enforce access control policies for resource groups.

To restrict incoming network traffic to specific IP ranges.

To prevent communication between virtual networks.

Answer 67

To provide a direct and secure connection to Azure services.

Explanation:
A public endpoint in Azure allows resources to be accessed over the public internet. It’s used to expose services to clients or users who are not within the same network as the resource. Public endpoints are commonly used for services that need to be accessed from anywhere, such as web applications.

Question 68

Which of the following provides support for key migration workloads like Windows, SQL and Linux Server, databases, data, web apps, and virtual desktops?

\Azure Migrate

Azure Recommendations

Azure Advisor

Azure Suggestions

Answer 68

\Azure Migrate

Explanation:
Azure Migrate provides all the Azure migration tools and guidance you need to plan and implement your move to the cloud—and track your progress using a central dashboard that provides intelligent insights.

Multiple scenarios

Use a comprehensive approach to migrating your application and datacenter estate. Get support for key migration workloads like Windows, SQL and Linux Server, databases, data, web apps, and virtual desktops. Migrate to destinations including Azure Virtual Machines, Azure VMware Solution, Azure App Service, and Azure SQL Database. Migrations are holistic across VMware, Hyper-V, physical server, and cloud-to-cloud migration.

Question 69

Which of the following is the foundation for building enterprise data lakes on Azure AND is built on top of Azure Blob storage?

Azure Data Lake Storage Gen3

Azure Data Lake Storage Gen2

Azure Data Lake Storage Gen1

Azure Data Lake Storage Gen4

Answer 69

Azure Data Lake Storage Gen2

Explanation:
Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob Storage.

Data Lake Storage Gen2 converges the capabilities of Azure Data Lake Storage Gen1 with Azure Blob Storage. For example, Data Lake Storage Gen2 provides file system semantics, file-level security, and scale. Because these capabilities are built on Blob storage, you’ll also get low-cost, tiered storage, with high availability/disaster recovery capabilities.

Question 70

Which of the following can help you manage multiple Azure Subscriptions?

Blueprints

Management Groups

Resource Groups

Policies

Answer 70

Management Groups

Explanation:
If you have only a few subscriptions, it’s fairly easy to manage them independently. But what if you have many subscriptions? Then you can create a management group hierarchy to help manage your subscriptions and resources.

For your subscriptions, Azure management groups help you efficiently manage:

Access

Policies

Compliance

Each management group contains one or more subscriptions.

Azure arranges management groups in a single hierarchy. You define this hierarchy in your Azure Active Directory (Azure AD) tenant to align with your organization’s structure and needs. The top level is called the root management group. You can define up to six levels of management groups in your hierarchy. Only one management group contains a subscription.

Azure provides four levels of management scope:

Management groups

Subscriptions

Resource groups

Resources

If you apply any access or policy at one level in the hierarchy, it propagates down to the lower levels. A resource owner or subscription owner can’t alter an inherited policy. This limitation helps improve governance.

This inheritance model lets you arrange the subscriptions in your hierarchy, so each subscription follows appropriate policies and security controls.

Question 71

_______________ service is available to transfer on-premises data to Blob storage when large datasets or network constraints make uploading data over the wire unrealistic.

Azure Data Factory

Azure FileSync

Azure Blob Storage

Azure Data Box

Answer 71

Azure Data Box

Explanation:
Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn’t adhere to a particular data model or definition, such as text or binary data.

Blob storage is designed for:

Serving images or documents directly to a browser.

Storing files for distributed access.

Streaming video and audio.

Writing to log files.

Storing data for backup and restore, disaster recovery, and archiving.

Storing data for analysis by an on-premises or Azure-hosted service.

A number of solutions exist for migrating existing data to Blob storage:

Azure Data Box service is available to transfer on-premises data to Blob storage when large datasets or network constraints make uploading data over the wire unrealistic. Depending on your data size, you can request Azure Data Box Disk, Azure Data Box, or Azure Data Box Heavy devices from Microsoft. You can then copy your data to those devices and ship them back to Microsoft to be uploaded into Blob storage.

AzCopy is an easy-to-use command-line tool for Windows and Linux that copies data to and from Blob storage, across containers, or across storage accounts. For more information about AzCopy, see Transfer data with the AzCopy v10.

and more..

Question 72

Which of the following is an offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements?

Hot Tier

Archive Tier

Infrequent Tier

Cool Tier

Answer 72

Archive Tier

Explanation:
Data stored in the cloud grows at an exponential pace. To manage costs for your expanding storage needs, it can be helpful to organize your data based on how frequently it will be accessed and how long it will be retained. Azure storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it’s being used. Azure Storage access tiers include:

Hot tier - An online tier optimized for storing data that is accessed or modified frequently. The Hot tier has the highest storage costs, but the lowest access costs.

Cool tier - An online tier optimized for storing data that is infrequently accessed or modified. Data in the Cool tier should be stored for a minimum of 30 days. The Cool tier has lower storage costs and higher access costs compared to the Hot tier.

Archive tier - An offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours. Data in the Archive tier should be stored for a minimum of 180 days.

Question 73

Which of the following is a key benefit of using Role-Based Access Control (RBAC) over traditional access control methods?

RBAC allows you to assign permissions to specific roles rather than individual users.

RBAC provides centralized management of user identities and access.

RBAC supports a wider range of authentication protocols than traditional methods.

RBAC provides stronger encryption for sensitive data.

Answer 73

RBAC allows you to assign permissions to specific roles rather than individual users.

Explanation:
Role-Based Access Control (RBAC) is an approach to access control that allows you to manage user access based on the roles they perform within an organization. With RBAC, you can define a set of roles, each with a specific set of permissions, and then assign users to those roles.

One of the key benefits of RBAC over traditional access control methods is that it allows you to assign permissions to specific roles rather than individual users. This means that when a user’s role changes, their permissions can be automatically adjusted without the need for manual updates. This can help to streamline the process of managing access control and reduce the risk of errors or oversights.

RBAC provides centralized management of user identities and access: This is incorrect because RBAC does not provide centralized management of user identities and access. Instead, RBAC is a way to manage access control for specific resources within an organization.

RBAC supports a wider range of authentication protocols than traditional methods: This is incorrect because RBAC does not necessarily support a wider range of authentication protocols than traditional methods. RBAC is a method of access control, whereas authentication protocols are used to verify the identity of users.

RBAC provides stronger encryption for sensitive data: This is incorrect because RBAC does not provide stronger encryption for sensitive data. Encryption is a method of protecting data from unauthorized access, whereas RBAC is a way to manage access control for specific resources within an organization.

Therefore, the correct answer is ‘RBAC allows you to assign permissions to specific roles rather than individual users’, as RBAC allows you to assign permissions to specific roles rather than individual users, making it easier to manage access control and reduce the risk of errors or oversights.

Question 74

Which of the following services can help applications absorb unexpected traffic bursts, which prevents servers from being overwhelmed by a sudden flood of requests?

Azure Message Storage

Azure Decouple Storage

Azure Table Storage

Azure Queue Storage

Answer 74

Azure Queue Storage

Explanation:
Azure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account. Queues are commonly used to create a backlog of work to process asynchronously.

Question 75

______________ Infrastructure as Code involves writing scripts in languages like Bash or PowerShell. You explicitly state commands that are executed to produce a desired outcome.

Ad-Hoc

Imperative

Defined

Declarative

Answer 75

Imperative

Explanation:
Imperative Infrastructure as Code involves writing scripts in languages like Bash or PowerShell. You explicitly state commands that are executed to produce a desired outcome. When you use imperative deployments, it’s up to you to manage the sequence of dependencies, error control, and resource updates.

Question 76

All resources in a VNet can communicate outbound to the internet, by default.

No
Yes

Answer 76

Yes

Explanation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

All resources in a VNet can communicate outbound to the internet, by default. You can communicate inbound to a resource by assigning a public IP address or a public Load Balancer. You can also use public IP or public Load Balancer to manage your outbound connections. To learn more about outbound connections in Azure, see Outbound connections, Public IP addresses, and Load Balancer.

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

Question 77

Your startup plans to migrate to Azure soon, but for all the resources, you would like control of the underlying Operating System and Middleware.

Which of the following cloud models would make the most sense?

Anything as a Service (XaaS)

Software as a Service (SaaS)

Infrastructure as a Service (laaS)

Platform as a Service (PaaS)

Answer 77

Infrastructure as a Service (laaS)

Explanation:
Infrastructure as a service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. IaaS is one of the four types of cloud services, along with software as a service (SaaS), platform as a service (PaaS), and serverless.

Migrating your organization’s infrastructure to an IaaS solution helps you reduce maintenance of on-premises data centers, save money on hardware costs, and gain real-time business insights. IaaS solutions give you the flexibility to scale your IT resources up and down with demand. They also help you quickly provision new applications and increase the reliability of your underlying infrastructure.

IaaS lets you bypass the cost and complexity of buying and managing physical servers and datacenter infrastructure. Each resource is offered as a separate service component, and you only pay for a particular resource for as long as you need it. A cloud computing service provider like Azure manages the infrastructure, while you purchase, install, configure, and manage your own software—including operating systems, middleware, and applications.

Incorrect Answers:

A: Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools. In this scenario, you need to run your own apps, but the OS, Middleware and Runtime are managed by the cloud provider.

B: Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure servers, storage, and networking but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating. Here as well, the OS, Middleware and Runtime are managed by the cloud provider.

C: Anything As a Service : Irrelevant to the question completely.

Question 78

Your company has decided to migrate its on-premises virtual machines to Azure. Which Azure Virtual Machines feature allows you to migrate virtual machines without downtime?

Azure Virtual Machine Scale Sets

Azure Spot Virtual Machines

Azure Reserved Virtual Machines

Azure Site Recovery

Answer 78

Azure Site Recovery

Explanation:
Azure Site Recovery (ASR) is a service offered by Azure that enables replication of virtual machines from on-premises environments to Azure or between Azure regions with little or no downtime. This allows for the migration of virtual machines to Azure without any disruption to business operations. After replication to Azure, the virtual machines can be launched and used as if they were in the on-premises environment.

Other Options :

Azure Reserved Virtual Machines: This is a purchasing option for Azure virtual machines where compute capacity can be reserved for one or three years at a lower cost than pay-as-you-go pricing. This option is not related to virtual machine migration.

Azure Spot Virtual Machines: This is a purchasing option for Azure virtual machines that allows the use of unused capacity in Azure data centers at a significant discount compared to pay-as-you-go pricing. This option is not related to virtual machine migration.

Azure Virtual Machine Scale Sets: This is a service that allows the creation and management of a group of identical virtual machines in Azure, designed to horizontally scale applications to meet increased demand. Although this service can be used in combination with virtual machine migration, it does not provide a solution for migrating virtual machines without downtime.

Question 79

What is the default action for a Network Security Rule (NSG) rule if no other action is specified?

Deny

Allow

Block

Answer 79

Deny

Explanation:
The default action for an NSG rule if no other action is specified is DENY.

Question 80

Microsoft’s approach to privacy is built on six principles. Which of the following is NOT one of those 6 principles?

Transparency

Security

Strong legal protections

No content-based targeting

Protection

Control

Answer 80

Protection

Explanation:
Microsoft’s approach to privacy is built on six principles:

Control: Microsoft provides customers with the ability to control their personal data and how it is used.

Transparency: Microsoft is transparent about the collection, use, and sharing of personal data.

Security: Microsoft takes strong measures to protect personal data from unauthorized access, disclosure, alteration, and destruction.

Strong legal protections: Microsoft complies with applicable laws and regulations, including data protection and privacy laws.

No content-based targeting: Microsoft does not use personal data to target advertising to customers based on the content of their communications or files.

Benefits to the customer: Microsoft uses personal data to provide customers with valuable products and services that improve their productivity and overall experience.

Protection is NOT one of the principles.