AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 5 Flashcards
Your company is building a mission critical application and wants asynchronous message management for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices. They also expect sudden bursts of requests and are looking to prevent servers from being overwhelmed.
Which of the following is the right choice?
Azure Async Manager
Azure Queue Storage
Azure FileSync
Azure Table Storage
Azure Files
Azure Data Box Gateway
Azure Queue Storage
Explanation:
You can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices
The Azure Data Box family provides a range of physical devices and a virtual device to help customers with their offline and online data transfer needs, respectively called Data Box, Data Box Disk, Data Box Heavy, and Data Box ________.
Edge
Corner
Node
Ultra
Edge
Explanation:
The correct answer is “Edge”. The full list of Azure Data Box devices is: Data Box, Data Box Disk, Data Box Heavy, Data Box Edge.
Which of the following Azure AD features allows users to use their existing corporate credentials to sign in to cloud-based applications?
Correct answer
Azure AD B2C
Azure AD B2B
Azure AD Domain Services
Azure AD Connect
Azure AD B2C
Explanation:
The correct option is - Azure AD B2C. It allows users to use their existing corporate credentials, social accounts, or local accounts to sign in to cloud-based applications.
Other options -
Azure AD Connect, is used to synchronize identities between on-premises Active Directory and Azure AD. Azure AD B2B, enables collaboration between users in different organizations by allowing external users to access resources in a partner organization's Azure AD. Azure AD Domain Services, provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication without the need for domain controllers.
You have multiple offices with file servers that need to access and share the same files. Which Azure service would be the most suitable to achieve this while minimizing latency and maintaining a central copy of the data?
Your answer is correct
Azure File Sync
Azure Data Lake Storage
Azure Blob Storage
Azure Storage Service Encryption
Azure File Sync
Explanation:
The correct answer is Azure File Sync. It is the most suitable service for this scenario as it allows you to synchronize files between on-premises file servers and Azure Files. This enables multiple offices with file servers to access and share the same files while minimizing latency by using a local cache. Additionally, it maintains a central copy of the data in Azure Files, which can be accessed and managed centrally.
Which tier of Azure Files allows you to enable Azure File Sync?
Premium
Standard
Both Premium and Standard
None of the above
Both Premium and Standard
Explanation:
Azure File Sync supports both Premium and Standard tiers of Azure Files, which means you can enable Azure File Sync on either tier depending on your performance and cost requirements.
Premium tier offers higher performance with lower latency, but at a higher cost compared to the Standard tier. However, it is not the only tier supported for Azure File Sync. Standard tier provides cost-effective storage but with lower performance compared to the Premium tier.
True or False: Azure Data Box can be used to transfer data from Azure to on-premises data centers or other cloud providers.
Your answer is incorrect
False
True
True
Explanation:
Yes, Azure Data Box can be used to transfer data from Azure to other cloud providers. This can be useful when customers need to move data between different cloud providers or from on-premises data centers to cloud providers other than Azure.
Which of the following does not affect a storage account billing?
Your answer is correct
Data Ingress within the same AZ
Data Egress outside a region
Redundancy
Access Tier
Region
Account Type
Data Ingress within the same AZ
Explanation:
An Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable.
Azure Storage bills based on your storage account usage. All objects in a storage account are billed together as a group. Storage costs are calculated according to the following factors:
Region refers to the geographical region in which your account is based. Account type refers to the type of storage account you're using. Access tier refers to the data usage pattern you’ve specified for your general-purpose v2 or Blob Storage account. Capacity refers to how much of your storage account allotment you're using to store data. Redundancy determines how many copies of your data are maintained at one time, and in what locations. Transactions refer to all read and write operations to Azure Storage. Data egress refers to any data transferred out of an Azure region. When the data in your storage account is accessed by an application that isn’t running in the same region, you're charged for data egress. For information about using resource groups to group your data and services in the same region to limit egress charges, see What is an Azure resource group?.
The Azure Storage pricing page provides detailed pricing information based on account type, storage capacity, replication, and transactions. The Data Transfers pricing details provides detailed pricing information for data egress. You can use the Azure Storage pricing calculator to help estimate your costs.
True or False: Private endpoints provide secure access to Azure resources over the public internet.
Your answer is incorrect
True
False
False
Explanation:
This statement is false. Private endpoints provide secure access to Azure resources, but they do so without using the public internet. Private endpoints allow resources to be accessed privately through the Azure backbone network, enhancing security by avoiding exposure to the public internet.
Which of the following are free?
Data transfer within the same region
Data Ingress
Data transfer within same Availability Zone
Data transfer from one region to another
Data transfer within the same region
Data Ingress
Data transfer within same Availability Zone
Explanation:
The Basic service tier is automatically enabled for free as part of your Azure subscription.
No
Yes
Yes
Explanation:
This is True, the basic Tier is activated and provided as part of your Azure Subscription!
What is the key advantage of using ARM templates for resource deployment?
They ensure consistent and repeatable resource deployments.
They allow you to deploy resources manually.
They provide direct access to Azure data centers and are hence faster.
They eliminate the need for Azure subscriptions.
They ensure consistent and repeatable resource deployments.
Explanation:
ARM templates enable consistent and repeatable deployments by defining the desired state of resources in a declarative manner. This reduces manual errors and ensures a predictable environment.
What is the key benefit of using Azure AD B2C for managing customer identities?
Ability to enforce security policies on internal applications.
Centralized management of employee identities and access.
Customizable user experiences for sign-up and sign-in processes.
Integration with on-premises Active Directory.
Customizable user experiences for sign-up and sign-in processes.
Explanation:
Azure AD B2C allows you to provide custom user experiences during sign-up and sign-in processes for your applications. This enhances customer engagement and satisfaction by delivering a branded and consistent identity experience.
There is no programmatic access to the Blob, Queue, Table, and File services in Azure, though you can access VMs using API calls.
False
True
False
Explanation:
The REST APIs for the Microsoft Azure storage services offer programmatic access to the Blob, Queue, Table, and File services in Azure or in the development environment via the storage emulator.
All storage services are accessible via REST APIs. Storage services may be accessed from within a service running in Azure, or directly over the Internet from any application that can send an HTTP/HTTPS request and receive an HTTP/HTTPS response.
Important:
The Azure storage services support both HTTP and HTTPS; however, using HTTPS is highly recommended.
Storage Account
All access to storage services takes place through the storage account. The storage account is the highest level of the namespace for accessing each of the fundamental services. It is also the basis for authorization.
The REST APIs for storage services expose the storage account as a resource.
How does Microsoft Purview contribute to data collaboration within an organization?
It provides tools to discover and share trusted data sources across teams.
It facilitates secure communication between on-premises servers and Azure services.
It enables real-time communication between virtual machines.
It offers a cloud-based file sharing and storage solution.
It provides tools to discover and share trusted data sources across teams.
Explanation:
Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview enables data collaboration by providing tools for discovering and sharing trusted data sources across different teams and departments. It helps improve data accessibility and collaboration while maintaining governance and security.
Which of the following scenarios would be best suited for using Azure Active Directory (AAD) rather than Role-Based Access Control (RBAC)?
Limiting access to specific resource groups within an Azure subscription.
Managing user identities for a cloud-based application.
Managing access to a specific Azure resource for a group of users.
Providing role-based access control to an Azure Virtual Machine.
Managing user identities for a cloud-based application.
Explanation:
The correct answer is : Managing user identities for a cloud-based application.
Azure Active Directory (AAD) is a cloud-based identity and access management service that is used to manage user identities and their access to various cloud-based applications and services, including those hosted in Azure. AAD provides a centralized location for managing user accounts, passwords, and access to applications.
In contrast, Role-Based Access Control (RBAC) is used to manage access control for specific Azure resources, including virtual machines, storage accounts, and other Azure services. RBAC provides a way to assign permissions to specific roles rather than individual users, making it easier to manage access control in large environments.
Other options -
Managing access to a specific Azure resource for a group of users : This describes a scenario that would be best suited for using RBAC. Providing role-based access control to an Azure Virtual Machine : This also describes a scenario that would be best suited for using RBAC, as RBAC is used to provide role-based access control to Azure Virtual Machines. Limiting access to specific resource groups within an Azure subscription: This also describes a scenario that would be best suited for using RBAC, as it involves limiting access to specific resource groups within an Azure subscription.
Therefore, the correct answer is Managing user identities for a cloud-based application, as Azure Active Directory is best suited for managing user identities for cloud-based applications, whereas RBAC is best suited for managing access control to specific Azure resources.
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most unrestrictive lock in the inheritance takes precedence.
Yes
No
No
Explanation:
As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.
If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.
When you cancel an Azure subscription:
A resource lock doesn't block the subscription cancellation. Azure preserves your resources by deactivating them instead of immediately deleting them. Azure only deletes your resources permanently after a waiting period.
An Insurance company is planning to migrate sensitive client records to Azure. They are concerned about the security of their data during the transfer process. They have decided to use Azure Data Box for this migration. Which of the following security features can they rely on to ensure their data remains secure during the transfer process?
Data-at-rest encryption
Firewall protection
Multi-factor authentication
Tamper-resistant storage
Data-at-rest encryption
Tamper-resistant storage
Explanation:
Azure Data Box offers several security features to protect data during the transfer process, including data-at-rest encryption and tamper-resistant storage. Data-at-rest encryption ensures that data is encrypted while it is being stored on the Data Box device. Tamper-resistant storage is designed to help protect against unauthorized access or tampering during the transit.
A company can extend a private cloud by adding its own physical servers to the public cloud.
No
Yes
No
Explanation:
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.
Which of the following can you use to estimate the cost savings you can get by migrating your workloads to Azure?
Azure Cost Management
Azure TCO Calculator
Azure Pricing Calculator
Azure Advisor
Azure TCO Calculator
Explanation:
Azure Total Cost of Ownership (TCO) Calculator helps you estimate the cost savings you can realise by migrating your workloads to Azure
What is a key advantage of using Infrastructure as Code (IaC) in cloud deployments?
It reduces the need for data backups.
It increases physical hardware utilization.
It enables version control and automated provisioning.
It eliminates the need for network monitoring.
It enables version control and automated provisioning.
Explanation:
Infrastructure as Code (IaC) is a key DevOps practice that involves the management of infrastructure, such as networks, compute services, databases, storages, and connection topology, in a descriptive model. IaC allows teams to develop and release changes faster and with greater confidence.
Also, Infrastructure as Code (IaC) allows you to store your infrastructure configuration as code in version control systems. This enables tracking changes over time, collaborating with team members, and automating the provisioning and management of resources.
Since your company has shifted to a fully-remote working model, they are looking to provide employees with the best virtualized experience while saving costs by using existing eligible Windows licences. They also want to enable Bring your own device (BYOD) to access their desktop and applications over the Internet.
Which of the following would you suggest?
Azure FileSync
Azure Virtual Machines
Azure ExpressRoute
Azure Virtual Desktop
Azure Kubernetes
Azure Arc
Azure Virtual Desktop
Explanation:
Azure Virtual Desktop allows you to enable a secure remote desktop experience from virtually anywhere. You can set up Azure Virtual Desktop (formerly Windows Virtual Desktop) in minutes to enable secure remote work. It is also possible to provide the familiarity and compatibility of Windows 11 with the new scalable multi-session experience for your end users and save costs by using existing eligible Windows licences.
Which Azure service allows you to provide a self-service sign-up experience for customers accessing your application?
Azure Active Directory Domain Services
Azure Multi-Factor Authentication
Azure B2B Collaboration
Azure Active Directory B2C
Azure Active Directory B2C
Explanation:
Azure Active Directory B2C (Business-to-Customer) is designed to handle customer identities and provides a self-service sign-up experience. It enables organizations to customize and control how customers sign up, sign in, and manage their profiles when accessing applications.
Select the valid options to pay for Azure? ( Choose 3 )
Your selection is incorrect
Microsoft Stores
Azure Website
Microsoft Representative
Azure Partner
Any 3rd Party Vendor
Xbox Website
Azure Website
Microsoft Representative
Azure Partner
Explanation:
Your company plans to migrate all on-premises data to Azure.
However, before this, the legal department has asked you to fetch all information such as Audit and Compliance Reports to identify whether Azure complies with the company’s regional requirements.
Which of the following can help with this?
The Knowledge Center
The Trust Center
The Azure portal
Azure Marketplace
The Trust Center
Explanation:
You can use the Trust Center to check the Audit and Compliance requirements (compliance manager).
______________ enables centralizing your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server.
Azure Data Box Gateway
Azure Resource Manager
Azure File Sync
Azure Arc
Azure File Manager
Azure File Sync
Explanation:
Azure File Sync enables centralizing your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server. While some users may opt to keep a full copy of their data locally, Azure File Sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.
Azure file shares can be used in two ways: by directly mounting these serverless Azure file shares (SMB) or by caching Azure file shares on-premises using Azure File Sync. Which deployment option you choose changes the aspects you need to consider as you plan for your deployment.
Direct mount of an Azure file share: Since Azure Files provides SMB access, you can mount Azure file shares on-premises or in the cloud using the standard SMB client available in Windows, macOS, and Linux. Because Azure file shares are serverless, deploying for production scenarios does not require managing a file server or NAS device. This means you don't have to apply software patches or swap out physical disks. Cache Azure file share on-premises with Azure File Sync: Azure File Sync enables you to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms an on-premises (or cloud) Windows Server into a quick cache of your Azure file share.
Availability zones are implemented in all Azure regions.
No
Yes
No
Explanation:
This might actually come as a shock to you, but not all Azure regions support Availability zones.
Which of the following are like a physical disk in an on-premises server but, virtualized?
Azure Managed Disks
Azure Tapes
Azure Blobs
Azure Virtual Machines
Azure SQL Databases
Azure Managed Disks
Explanation:
Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. Managed disks are like a physical disk in an on-premises server but, virtualized. With managed disks, all you have to do is specify the disk size, the disk type, and provision the disk. Once you provision the disk, Azure handles the rest.
You have a workload in Blob Storage that processes large datasets that need to be stored in a cost-effective way, while additional data is being gathered for processing. Which of the following Access Tiers would make the most sense?
Hot
Luke Warm
Archive
Cool
Efficient
Cool
Explanation:
The keyword here is ‘cost-effective’.
From the Official Azure Documentation:
When your data is stored in an online access tier (either Hot or Cool), users can access it immediately. The Hot tier is the best choice for data that is in active use, while the Cool tier is ideal for data that is accessed less frequently, but that still must be available for reading and writing.
Example usage scenarios for the Hot tier include:
Data that's in active use or is expected to be read from and written to frequently. Data that's staged for processing and eventual migration to the Cool access tier.
Usage scenarios for the Cool access tier include:
Short-term data backup and disaster recovery. Older data sets that aren't used frequently, but are expected to be available for immediate access. Large data sets that need to be stored in a cost-effective way while additional data is being gathered for processing.
You have to run business critical workloads using Azure Virtual Machines, SQL Databases, Data Explorer, and Blob Storage for the next 3 years. Which of the following would provide the MOST cost savings?
Stopping the Virtual Machines every night
By using Resources judiciously
Using a Pay-As-You-Go subscription
By Purchasing Reservations
By Purchasing Reservations
Explanation:
Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.
You can pay for a reservation up front or monthly. The total cost of up-front and monthly reservations is the same and you don’t pay any extra fees when you choose to pay monthly. Monthly payment is available for Azure reservations, not third-party products.
Why buy a reservation?
If you have consistent resource usage that supports reservations, buying a reservation gives you the option to reduce your costs. For example, when you continuously run instances of a service without a reservation, you’re charged at pay-as-you-go rates. When you buy a reservation, you immediately get the reservation discount. The resources are no longer charged at the pay-as-you-go rates.
__________________ provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Azure Conditional Access and MFA
Azure Resource Groups
Azure Policy
Azure Subscriptions
Azure Management Groups
Azure Policy
Explanation:
Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.
Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started.
All Azure Policy data and objects are encrypted at rest. For more information, see Azure data encryption at rest.
Your company is looking for a tool that can help with the following:
1) Upload, download and manage Azure Storage blobs, files, queues and tables, as well as Azure Data Lake Storage entities.
2) Configure storage permissions and access controls, tiers and rules.
Which of the following is the right choice?
Azure Data Box Gateway
Azure AzCopy
Azure Blueprint
Azure Policy
Azure VM Scale Sets
ARM Templates
Azure Storage Explorer
Azure Storage Explorer
Explanation:
Azure Storage Explorer is a free tool to conveniently manage your Azure cloud storage resources from your desktop. You can easily use it to do the following - Upload, download and manage Azure Storage blobs, files, queues and tables, as well as Azure Data Lake Storage entities and Azure Managed Disks. Configure storage permissions and access controls, tiers and rules.
Which of the following is not a valid authentication method for Azure AD?
Passwords
Certificates
None of the above
Biometric authentication
None of the above
Explanation:
The correct answer is - None of the above.
Azure AD supports multiple authentication methods for user sign-in, including passwords, certificates, and biometric authentication. Passwords are the most commonly used authentication method and are supported by all Azure AD editions. Certificates can be used for machine authentication and require a client certificate to be installed on the device. Biometric authentication uses unique physical characteristics, such as fingerprints or facial recognition, to authenticate users.
What does Microsoft Purview offer to assist organizations with data lineage and impact analysis?
Real-time data replication between Azure regions.
Built-in ETL (Extract, Transform, Load) capabilities for data integration.
Integrated machine learning models for predictive analytics.
Tools for visualizing data flow and understanding its origins and dependencies.
Tools for visualizing data flow and understanding its origins and dependencies.
Explanation:
Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview provides tools for visualizing data lineage, allowing organizations to track the flow of data, understand its origins, and analyze its dependencies. This helps in performing impact analysis and ensuring data quality.
Your organization has decided to migrate a large amount of on-premises data to Azure Blob Storage. Due to bandwidth limitations and a strict migration timeline, you are considering using Azure Data Box to expedite the process. Which of the following factors should you take into account when choosing the appropriate Data Box device for your migration?
Your organization’s budget for the migration
The type of data you are transferring
Your available network bandwidth
The total amount of data you need to transfer
The total amount of data you need to transfer
Explanation:
The correct answer is : The total amount of data you need to transfer.
When choosing the appropriate Data Box device for a migration, it is important to consider the total amount of data that needs to be transferred, as different devices have different capacity limits.
The available network bandwidth is also an important factor, as it affects the speed of the transfer. The type of data being transferred may affect the choice of device, as some types of data may require specialized hardware or encryption capabilities. The organization's budget for the migration is not necessarily a factor in choosing the appropriate Data Box device, as the cost of the devices is fixed and does not vary based on the amount of data being transferred.
What is an ARM template used for?
To declare the desired state of Azure resources and their dependencies.
To provide user authentication for Azure services.
To configure Azure Active Directory settings.
To define the schema for Azure Storage.
To declare the desired state of Azure resources and their dependencies.
Explanation:
An ARM template is a JSON file that defines the desired state of Azure resources, including their configuration, dependencies, and relationships. It allows you to automate resource provisioning.
Which Azure service can Azure Firewall integrate with to provide threat intelligence and advanced security analytics?
Azure Sentinel
Azure Monitor
Azure Active Directory
Azure Security Center
Azure Sentinel
Explanation:
The correct answer is Azure Sentinel. Azure Firewall can integrate with Azure Sentinel to provide threat intelligence and advanced security analytics. Azure Sentinel is a cloud-native security information and event management (SIEM) solution that provides intelligent security analytics and threat intelligence across the enterprise. By integrating Azure Firewall with Azure Sentinel, customers can gain visibility and control over network traffic, detect threats, and respond quickly to security incidents.
Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system
Yes
No
Yes
Explanation:
A few key differences between Azure Policy and RBAC exist. RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group. Azure Policy focuses on resource properties during deployment and for already-existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system.
RBAC and Polices in Azure play a vital role in a governance strategy. While different, they both work together to ensure organizational business rules are followed be ensuring proper access and resource creation guidelines are met.
Which of the following is the correct hierarchy for the Azure levels of scope?
Management Group –> Subscription –> Resource Group
Resource Group –> Management Group –> Subscription
Subscription –> Management Group –> Resource Group
Management Group –> Resource Group –> Subscription
Subscription –> Resource Group –> Management Group
Management Group –> Subscription –> Resource Group
Explanation:
Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. The following image shows an example of these layers. Though not labeled as such, the blue cubes are resources.
Which of the following would be ideal to store flexible datasets like user data for web applications, address books, device information, or other types of metadata your service requires?
Azure Queue Storage
Azure Data Lake Storage Gen1
Azure File Sync
Azure Table Storage
Azure SQL Database
Azure Data Lake Storage Gen2
Azure Table Storage
Explanation:
Azure Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design. Because Table storage is schemaless, it’s easy to adapt your data as the needs of your application evolve. Access to Table storage data is fast and cost-effective for many types of applications, and is typically lower in cost than traditional SQL for similar volumes of data.
You can use Table storage to store flexible datasets like user data for web applications, address books, device information, or other types of metadata your service requires. You can store any number of entities in a table, and a storage account may contain any number of tables, up to the capacity limit of the storage account.
Azure Locks can be set at the ______ level to prevent users from modifying or deleting a resource group or its resources.
Resource
Management Group
Tenant
Subscription
Subscription
Explanation:
Azure Locks can be set at the subscription level to prevent users from modifying or deleting a resource group or its resources. When an Azure Lock is applied to a resource or resource group, it prevents all users and roles from making any changes to the resource or deleting it.
Other Options:
Resource is incorrect because locks can be applied to resources, but it is not the highest level at which a lock can be set. Setting a lock at the resource level would only apply to that specific resource, whereas setting a lock at the subscription level would apply to all resources within the subscription. Management Group is incorrect because although locks can be applied at the management group level, this is not the highest level at which a lock can be set. Setting a lock at the management group level would apply to all resources within that management group, but if a resource group is not within that management group, it would not be affected by the lock. Tenant is incorrect because locks cannot be set at the tenant level. The highest level at which locks can be set is the subscription level.
If your workload can tolerate interruptions and its execution time is flexible, which of the following pricing plans would be BEST suited to save costs?
Pay-as-you-go
Reserved Instances
Dedicated Hosts
Spot Pricing
Spot Pricing
Explanation:
Which of the following can be leveraged for transferring data to the cloud such as cloud archival, disaster recovery, or if there is a need to process your data at cloud scale?
Azure Arc
Azure Data Box Gateway
Azure CosmosDB
Azure Data Lake Storage Gen2
Azure File Sync
Azure Sentinel
Azure Data Box Gateway
Explanation:
Azure Data Box Gateway is a storage solution that enables you to seamlessly send data to Azure. This article provides you an overview of the Azure Data Box Gateway solution, benefits, key capabilities, and the scenarios where you can deploy this device.
Data Box Gateway is a virtual device based on a virtual machine provisioned in your virtualized environment or hypervisor. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files.
Use cases:
Data Box Gateway can be leveraged for transferring data to the cloud such as cloud archival, disaster recovery, or if there is a need to process your data at cloud scale. Here are the various scenarios where Data Box Gateway can be used for data transfer.
Cloud archival - Copy hundreds of TBs of data to Azure storage using Data Box Gateway in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios. Continuous data ingestion - Continuously ingest data into the device to copy to the cloud, regardless of the data size. As the data is written to the gateway device, the device uploads the data to Azure Storage. Initial bulk transfer followed by incremental transfer - Use Data Box for the bulk transfer in an offline mode (initial seed) and Data Box Gateway for incremental transfers (ongoing feed) over the network.
To utilize a hybrid cloud model, you must deploy resources to the public cloud while having some resources on-prem/ on a private cloud.
Correct answer
Yes
No
Yes
Explanation:
A hybrid cloud is a combination of an on-prem deployment or private cloud, and public cloud. Therefore, to create a hybrid cloud, you must deploy resources to a public cloud.
Which of the following is not a valid way to connect your on-premise data center to Azure?
Site-to-site virtual private networks
Point-to-site virtual private networks
Network virtual appliances
Azure ExpressRoute
Network virtual appliances
Explanation:
Azure virtual networks enable you to filter traffic between subnets by using the following approaches:
Network security groups A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol. Network virtual appliances A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.
Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments. There are three mechanisms for you to achieve this connectivity:
Point-to-site virtual private networks The typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network. Site-to-site virtual private networks A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet. Azure ExpressRoute For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach. ExpressRoute provides a dedicated private connectivity to Azure that doesn't travel over the internet.
Which of the following can you use to calculate your estimated hourly or monthly costs for using Azure?
Azure TCO Calculator
Azure Advisor
Azure Pricing Calculator
Azure Cost Management
Azure Billing
Azure Pricing Calculator
Explanation:
Disclaimer : Prices are estimates and are not intended as actual price quotes. Actual prices may vary depending on the date of purchase, currency of payment and type of agreement that you enter into with Microsoft. Contact a Microsoft sales representative for additional information on pricing.
Your ________________ is your organization’s ability to protect from and respond to security threats.
security posture
security standard
security blueprint
security response
security posture
Explanation:
The objective of defense in depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it.
A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.
Your security posture is your organization’s ability to protect from and respond to security threats. The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA.
Confidentiality
The principle of least privilege means restricting access to information only to individuals explicitly granted access, at only the level that they need to perform their work. This information includes protection of user passwords, email content, and access levels to applications and underlying infrastructure.
Integrity
Prevent unauthorized changes to information:
At rest: when it's stored.
In transit: when it's being transferred from one place to another, including from a local computer to the cloud.
A common approach used in data transmission is for the sender to create a unique fingerprint of the data by using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The receiver recalculates the data's hash and compares it to the original to ensure that the data wasn't lost or modified in transit.
Availability
Ensure that services are functioning and can be accessed only by authorized users. Denial-of-service attacks are designed to degrade the availability of a system, affecting its users.
Which tool should you use to perform a lift-and-shift migration of your on-premises virtual machines to Azure?
Azure Database Migration Service
Azure Data Factory
Azure Migrate - Server Migration
Azure Site Recovery
Azure Migrate - Server Migration
Explanation:
Azure Migrate - Server Migration is the right tool for performing a lift-and-shift migration of your on-premises virtual machines to Azure. It supports various virtualization platforms like VMware, Hyper-V, and physical servers. The tool simplifies the migration process, automates tasks, and ensures minimal downtime during migration.
Which of the following is the most flexible category of cloud services?
Platform as a Service (PaaS)
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS)
Overall explanation
From the Official Azure Documentation:
IaaS is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application. Instead of buying hardware, with IaaS, you rent it.
Your company wants to copy blobs or files to or from a storage account and is looking for a command-line utility to accomplish this. Which of the following is the right choice?
Azure AzCopy
Azure Storage Explorer
Azure PowerShell
Azure FileSync
Azure Bash
Azure AzCopy
Explanation:
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
A large organization plans to migrate all their On-Prem Virtual Machines to an Azure pay-as-you-go subscription. Which of the following expenditure models would this migration follow?
Capital
Operational
Scalable
Elastic
Operational
Explanation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it).
This switch also requires more careful management of your costs. The benefit of the cloud is that you can fundamentally and positively affect the cost of a service you use by merely shutting down or resizing it when it’s not needed.
What is the primary benefit of using private endpoints for connecting to Azure services?
Faster network performance compared to public endpoints.
Improved security by bypassing the public internet.
Compatibility with legacy protocols.
Reduced cost for outbound data transfer.
Improved security by bypassing the public internet.
Explanation:
One of the primary benefits of using private endpoints is improved security. By utilizing private endpoints, you can establish a direct connection to Azure services from within your virtual network, bypassing the public internet. This helps in reducing the exposure of your resources to potential security risks associated with public internet traffic.
When a company thinks of migrating to the public cloud (like Azure), which of the following expense gets reduced?
Capital Expense
Secondary Expense
Operational Expense
Primary Expense
Capital Expense
Explanation:
Migrating to the public cloud saves a lot of Capex upfront and one of the biggest advantages is the ability to Pay as you go!
Which of the following best describes the relationship between Azure AD and RBAC?
Azure AD and RBAC are two separate identity and access management solutions.
Azure AD is a prerequisite for RBAC, and RBAC relies on Azure AD for user authentication.
Azure AD and RBAC are both built into the Azure portal and are used interchangeably.
Azure AD and RBAC provide complementary functionality for managing access to Azure resources.
Azure AD and RBAC provide complementary functionality for managing access to Azure resources.
Explanation:
The correct option is : Azure AD and RBAC provide complementary functionality for managing access to Azure resources.
Azure AD and RBAC are both related to identity and access management (IAM) in Azure, but they serve different purposes. Azure AD provides identity management services, including user authentication and authorization for cloud-based applications and services, while RBAC is used to manage access to specific Azure resources.
RBAC provides a way to assign permissions to specific roles rather than individual users, which makes it easier to manage access control in large environments. Azure AD provides a central location for managing user identities and their access to various applications and resources, including Azure resources.
Therefore, Azure AD and RBAC are complementary solutions that work together to provide a comprehensive IAM solution for Azure users.
Other options -
Azure AD and RBAC are two separate identity and access management solutions : This option is incorrect because Azure AD and RBAC are not two separate solutions. Rather, they are two separate components of the larger Azure IAM solution. Azure AD provides identity management services, while RBAC provides a way to manage access control for specific Azure resources. Azure AD is a prerequisite for RBAC, and RBAC relies on Azure AD for user authentication : This option is incorrect because RBAC does not rely on Azure AD for user authentication. Instead, RBAC is used to manage access to specific Azure resources, and it is possible to use RBAC without using Azure AD. While Azure AD can be used to manage RBAC roles, it is not a prerequisite for using RBAC. Azure AD and RBAC are both built into the Azure portal and are used interchangeably : This option is incorrect because Azure AD and RBAC are not interchangeable solutions. Rather, they serve different purposes and provide different functionality. Azure AD is used to manage user identities and their access to various applications and resources, while RBAC is used to manage access control for specific Azure resources.
You own a streaming-service website and notice extremely high spikes in traffic whenever a new movie is launched on your platform. However, during the rest of the month you experience moderate traffic.
Which of the following benefits does having your website hosted on Azure provide you given this scenario?
Auto-Rollovers
Load Balancing
Fault Tolerance
Elasticity
High Latency
Elasticity
Explanation:
Elasticity in this case is the ability to provide additional compute resource when needed and reduce the compute resource when not needed to reduce costs.
Autoscaling is an example of elasticity. Here you don’t need to provision lot of resources in advance. You will incur costs by allocating more resources only when demand increases!
Elastic computing is the ability to quickly expand or decrease computer processing, memory and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the amount of resources actually needed without disrupting operations. With cloud elasticity, a company avoids paying for unused capacity or idle resources and doesn’t have to worry about investing in the purchase or maintenance of additional resources and equipment.
You are migrating an application with multiple interconnected servers to Azure. To ensure minimal downtime and a smooth migration, which Azure Migrate features should you utilize?
Azure Migrate - App Service and Azure Migrate - Web App Migration
Azure Migrate - Data Box and Azure Migrate - Data Factory
Azure Migrate - Database Assessment and Azure Migrate - Database Migration
Correct answer
Azure Migrate - Server Assessment and Azure Migrate - Server Migration
Azure Migrate - Server Assessment and Azure Migrate - Server Migration
Explanation:
Azure Migrate - Server Assessment helps you to evaluate the migration readiness of your on-premises servers, identify any potential issues, and provide recommendations. Azure Migrate - Server Migration is designed to migrate your on-premises virtual machines or physical servers to Azure with minimal downtime. These two features work together to ensure a smooth migration of interconnected servers, as they address both the pre-migration assessment and the actual migration process.
Other options:
Azure Migrate - App Service and Azure Migrate Web App Migration - These are geared towards migrating web applications to Azure App Service and not for migrating interconnected servers. Azure Migrate - Database Assessment and Azure Migrate Database Migration - These focus on the assessment and migration of on-premises databases to Azure. They are not intended for migrating interconnected servers. Azure Migrate - Data Box and Azure Migrate Data Factory - These are used for transferring large amounts of data to Azure and for data integration, respectively. They do not address the migration of interconnected servers.
Azure Synapse Analytics is an analytics service that brings together data integration, enterprise data warehousing and big data analytics
No
Yes
Yes
Explanation:
Azure Synapse Analytics was previously called Azure SQL Data Warehouse!
Azure Synapse Analytics is a limitless analytics service that brings together data integration, enterprise data warehousing and big data analytics. It gives you the freedom to query data on your terms, using either serverless or dedicated resources at scale. Azure Synapse brings these worlds together with a unified experience to ingest, explore, prepare, manage and serve data for immediate BI and machine-learning needs.
You have deployed a new Azure SQL Database in a VNet and want to restrict the ports, as well as allow or deny communication based on the connection state of the flow record.
What should you use?
An Azure Policy
An Azure DNS Record
An Azure Active Directory (Azure AD) role
An Azure Network Security Group (NSG)
An Azure ExpressRoute
An Azure Blueprint
An Azure Network Security Group (NSG)
Explanation:
Restricting Internet access to your VMs in Azure can be achieved by making use of Azure Network Security Groups.
From the Official Azure Documentation:
We can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
__________________ are often used to create solutions by using a microservice architecture. This architecture is where you break solutions into smaller, independent pieces.
Containers
Functions
Modules
Kubernetes
Containers
Explanation:
Containers are often used to create solutions by using a microservice architecture. This architecture is where you break solutions into smaller, independent pieces. For example, you might split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.
Imagine your website back-end has reached capacity but the front end and storage aren’t being stressed. You could:
Scale the back end separately to improve performance. Decide to use a different storage service. Replace the storage container without affecting the rest of the application.
True or False: Business-to-Customer (B2C) scenarios in Azure AD are primarily focused on internal employee collaboration.
False
True
False
Explanation:
This statement is false. Business-to-Customer (B2C) scenarios in Azure AD are focused on managing customer identities and providing a tailored sign-up and sign-in experience for external customers using your applications.
From the official documentation: Azure AD B2C is a Customer Identity and Access Management (CIAM) solution that lets you build user journeys for consumer- and customer-facing apps. If you’re a business or individual developer creating customer-facing apps, you can scale to millions of consumers, customers, or citizens by using Azure AD B2C. Developers can use Azure AD B2C as the full-featured CIAM system for their applications.
With Azure AD B2C, customers can sign in with an identity they’ve already established (like Facebook or Gmail). You can completely customize and control how customers sign up, sign in, and manage their profiles when using your applications.
A company wants to deploy a set of Azure Virtual Machines and wants to understand their pricing. Which 2 of the following affect Virtual Machine (VM) costs in Azure?
The Size of the Virtual Machine (VM)
The Resource group the VM belongs to
The Data Center the VM resides in
The Scale Set the VM belongs to
The Region the Virtual Machine is located in
The branding of the VM
The Virtual Network the VM belongs to
The Size of the Virtual Machine (VM)
The Region the Virtual Machine is located in
Explanation:
From the Azure Pricing Calculator, we can see that:
Region and Instance size affects Virtual Machine costs!
All data that is copied to an Azure storage account is backed up automatically to another Azure data center.
Your answer is incorrect
Yes
No
No
Explanation:
Automatically is the key word in this question that most people miss.
Data is not backed up automatically to another Azure Data Center, although it can be backed up depending on the replication option configured for the account. Locally Redundant Storage (LRS) is the default which maintains three copies of the data in the data center.
Geo-redundant storage (GRS) has cross-regional replication to protect against regional outages. Data is replicated synchronously three times in the primary region, then replicated asynchronously to the secondary region.
Which of the following Azure Migrate features can be used to discover and assess physical servers?
Hyper-V discovery
Dependency visualization
Agent-less discovery
Agent-based discovery
Agent-based discovery
Explanation:
The keyword here is ‘physical’ servers. The correct answer is ‘Agent-Based Discovery’. Agent-based discovery is the correct choice for discovering and assessing physical servers. This method requires the installation of agents on the physical servers, which then collect and report data back to Azure Migrate for assessment.
Other Options -
Dependency visualization is a feature within Azure Migrate that helps you understand the dependencies between servers, applications, and services. It doesn't directly discover or assess physical servers. Hyper-V discovery is used to discover and assess virtual machines running on Hyper-V hosts. It is not designed for discovering and assessing physical servers. Agentless discovery is a method used by Azure Migrate to discover and assess virtual machines in virtualized environments, such as VMware or Hyper-V, without the need for installing agents on the source virtual machines. It is not intended for discovering and assessing physical servers.
What is a key security feature of Azure Data Box devices that ensures data is unreadable if intercepted during the shipping process?
Data transfer over HTTPS
Data-at-rest encryption
Firewall protection
Multi-factor authentication
Data-at-rest encryption
Explanation:
The correct answer is : Data-at-rest encryption. This is a key security feature of Azure Data Box devices that ensures data is unreadable if intercepted during the shipping process. Data-at-rest encryption ensures that data is encrypted when it is stored on the device, making it impossible for anyone to access the data without the encryption key. This is an important security measure that protects against data theft or loss during the shipping process.
Other options:
Firewall protection: This is incorrect because it refers to a network security measure that protects against unauthorized access to a network, but it is not directly related to the security of data during the shipping process. Multi-factor authentication: This is also incorrect because it is a security measure that verifies a user's identity using multiple methods, such as a password and a fingerprint or a security token. This is not directly related to the security of data during the shipping process. Data transfer over HTTPS: This is incorrect because it refers to a network protocol that encrypts data during transmission between a web server and a client, but it does not protect data during the shipping process.
A startup is looking to deploy a tool that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Which of the following would you recommend?
A Hub
A Router
A Resource Group
A Firewall
A Gateway
A Filter
A Firewall
Explanation:
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. You can create firewall rules that specify ranges of IP addresses. Only clients granted IP addresses from within those ranges are allowed to access the destination server. Firewall rules can also include specific network protocol and port information.
Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks. A virtual network is similar to a traditional network that you’d operate in your own datacenter. It’s a fundamental building block for your private network that enables virtual machines and other compute resources to securely communicate with each other, the internet, and on-premises networks.
Which of the following Azure plans should you choose for Trial and non-production environments?
Developer
Premier
Standard
Professional Direct
Developer
Explanation:
Reference: https://azure.microsoft.com/en-in/pricing/#product-pricing
How does Azure Arc enable governance across hybrid environments?
By restricting all management operations to Azure regions only.
By extending Azure Policy and Blueprints to on-premises and multi-cloud environments.
By enforcing limitations on network connectivity both on-premises and in a multi-cloud environment.
By providing exclusive access to on-premises resources and extra security through NSGs.
By extending Azure Policy and Blueprints to on-premises and multi-cloud environments.
Explanation:
Azure Arc extends Azure Policy and Blueprints to on-premises and multi-cloud environments, allowing you to enforce governance policies consistently across the entire hybrid environment.
What is the key benefit of Azure Arc-enabled Kubernetes clusters?
They eliminate the need for container orchestration using Kubernetes.
They limit your deployments to Azure regions only, savings costs.
They provide additional storage options for Azure VMs, reducing the chances of failures.
They enable you to manage and configure Kubernetes clusters across multiple environments
They enable you to manage and configure Kubernetes clusters across multiple environments
Explanation:
Azure Arc-enabled Kubernetes clusters allow you to manage and configure Kubernetes clusters consistently across multiple environments, including on-premises and multi-cloud, using Azure management tools.
By default, only the ________ can delete or modify an Azure Lock.
Contributor
Owner
User
Reader
Owner
Explanation:
By default, only the owner of an Azure subscription or resource group can delete or modify an Azure Lock. The owner role is the most privileged built-in role in Azure, allowing full access to all resources and management operations within a subscription or resource group.
What is the primary purpose of Azure Arc?
To enable AI-powered analytics for Azure resources.
To provide virtual machine hosting services in Azure.
To facilitate communication between Azure regions.
To manage and monitor on-premises and multi-cloud environments from a single Azure portal.
To manage and monitor on-premises and multi-cloud environments from a single Azure portal.
Explanation:
Azure Arc allows organizations to manage and monitor not only Azure resources but also on-premises and multi-cloud environments using the Azure portal. It extends Azure management capabilities to a broader range of resources and locations.
Which of the following can you use to track resource usage and manage costs across all of your clouds with a single, unified view?
Azure Monitor
Azure Trust Center
Azure Pricing Calculator
Azure Cost Management + Billing
Azure Cost Management + Billing
Explanation:
If you want to keep tabs on Azure itself, especially the services and regions you depend on, you should to choose __________________.
Azure Advisor
Azure Service Health
Azure Arc
Azure Monitor
Azure Service Health
Explanation:
If you want to keep tabs on Azure itself, especially the services and regions you depend on, you want to choose Azure Service Health. You can view the current status of the Azure services you rely on, upcoming planned outages, and services that will be sunset. You can set up alerts that help you stay on top of incidents and upcoming downtime without having to visit the dashboard regularly.
However, if you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, you want to visit Azure Monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage.
What is the primary goal of Infrastructure as Code (IaC) in cloud computing?
To manage and provision infrastructure using code.
To eliminate the need for network security measures.
To automate the creation of virtual machines.
To manage cloud billing and cost optimization.
To manage and provision infrastructure using code.
Explanation:
Infrastructure as Code (IaC) is a key DevOps practice that involves the management of infrastructure, such as networks, compute services, databases, storages, and connection topology, in a descriptive model. IaC allows teams to develop and release changes faster and with greater confidence. Infrastructure as Code (IaC) allows you to define and manage infrastructure resources such as virtual machines, networks, and storage using code. This approach enhances consistency, repeatability, and scalability in deploying and managing resources.
Upon creating a new Virtual Machine in Azure, will you be billed separately for its local disk storage?
No
Yes
No
Explanation:
All new virtual machines have an operating system disk and a local disk (or “resource disk”). Azure doesn’t charge for local disk storage. The operating system disk is charged at the standard rate for disks. See all virtual machine configurations.
You can link virtual networks together by using virtual network _________________.
seeding
peering
cloning
connectivity
peering
Explanation:
You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other. These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.
User-defined routes (UDR) are a significant update to Azure’s Virtual Networks that allows for greater control over network traffic flow. This method allows network administrators to control the routing tables between subnets within a VNet, as well as between VNets.
Which of the following is designed for enterprise big data analytics and includes a hierarchical namespace to Blob storage?
Azure Stack Edge
Azure Data Lake Storage Gen2
Azure Files
Azure Data Box Gateway
Azure Blob Storage
Azure Data Lake Storage Gen2
Explanation:
Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob Storage. Data Lake Storage Gen2 converges the capabilities of Azure Data Lake Storage Gen1 with Azure Blob Storage.
Designed for enterprise big data analytics
Data Lake Storage Gen2 makes Azure Storage the foundation for building enterprise data lakes on Azure. Designed from the start to service multiple petabytes of information while sustaining hundreds of gigabits of throughput, Data Lake Storage Gen2 allows you to easily manage massive amounts of data.
A fundamental part of Data Lake Storage Gen2 is the addition of a hierarchical namespace to Blob storage. The hierarchical namespace organizes objects/files into a hierarchy of directories for efficient data access.
Data Lake Storage Gen2 builds on Blob storage and enhances performance, management, and security in the following ways:
Performance is optimized because you do not need to copy or transform data as a prerequisite for analysis. Compared to the flat namespace on Blob storage, the hierarchical namespace greatly improves the performance of directory management operations, which improves overall job performance.
Management is easier because you can organize and manipulate files through directories and subdirectories.
Security is enforceable because you can define POSIX permissions on directories or individual files.
A startup has deployed a set of Virtual Machines which are critical for their day-to-day operations. They need to ensure their availability even if a single data center goes down. An intern has suggested that deploying the virtual machines to two or more scale sets will solve the problem.
Is this suggestion correct?
No
Yes
No
Explanation:
This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal. For this question, deploying the VMs to multiple data centers / availability zones would make more sense.
From the Official Azure Documentation:
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.
You can use _________________ to create private connections between Azure datacenters and infrastructure on your premises or in a colocation environment.
Azure Firewall
Azure ExpressRoute
Azure DNS
Azure Network Security Groups
Azure ExpressRoute
Explanation:
Which of the following is a key benefit of using Role-Based Access Control (RBAC) in Azure?
RBAC provides authentication and authorization services for Azure resources.
RBAC allows you to assign permissions to specific roles rather than individual users.
RBAC allows you to manage user identities and access to cloud resources.
RBAC provides a centralized directory for managing user accounts and access to resources.
RBAC allows you to assign permissions to specific roles rather than individual users.
Explanation:
The correct option is : RBAC allows you to assign permissions to specific roles rather than individual users.
Other options -
RBAC allows you to manage user identities and access to cloud resources: This is incorrect because while RBAC is used for managing access to cloud resources, it specifically provides granular access control by allowing you to assign permissions to specific roles rather than individual users. Manage user identities are the keywords here.
RBAC provides authentication and authorization services for Azure resources : This is incorrect because RBAC provides authorization services, but not authentication services. Authentication is provided by Azure AD!
RBAC provides a centralized directory for managing user accounts and access to resources : This is incorrect because while RBAC does provide a centralized management interface for managing access to Azure resources, it specifically allows you to assign permissions to roles rather than manage user accounts. Again, managing user accounts is the keyword here.
What is the benefit of utilizing Microsoft Purview for regulatory compliance?
It automatically generates reports for financial audits.
It provides a compliance score for Azure subscriptions.
It helps classify and manage data to meet regulatory requirements.
It integrates with external cloud providers for data storage.
It helps classify and manage data to meet regulatory requirements.
_________________ enables large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs.
Azure Parallel
Azure Kubernetes
Azure Virtual Machines
Azure Batch
Azure Container Instances
Azure Batch
Explanation:
Azure Batch enables large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs.
When you’re ready to run a job, Batch does the following:
Starts a pool of compute VMs for you.
Installs applications and staging data.
Runs jobs with as many tasks as you have.
Identifies failures.
Requeues work.
Scales down the pool as work completes
Which cloud benefit ensures that a system or application can continue to operate without disruption in the event of a failure?
Fault tolerance
Elasticity
High availability
Scalability
Fault tolerance
Explanation:
The correct answer is Fault tolerance.
Fault tolerance refers to the ability of a system or application to continue operating without disruption in the event of a failure. This is achieved through redundancy and failover mechanisms that ensure that if one component fails, another component takes over seamlessly, without any downtime or interruption of service.
Scalability refers to the ability to increase or decrease resources as needed to meet changing demands, while elasticity refers to the ability to dynamically provision and de-provision resources based on demand.
High availability refers to the ability of a system or application to remain operational and accessible for a high percentage of time, typically measured as a percentage of uptime over a given period.
Which of the following is a private connection from your on-premises infrastructure to your Azure infrastructure wherein the data does not travel through the internet?
Azure ExpressRoute
Azure Arc
Azure DNS
Azure VPN Gateway
Azure ExpressRoute
Explanation:
With ExpressRoute, your data doesn’t travel over the public internet, so it’s not exposed to the potential risks associated with internet communications. ExpressRoute is a private connection from your on-premises infrastructure to your Azure infrastructure. However, even if you have an ExpressRoute connection, DNS queries, certificate revocation list checking, and Azure Content Delivery Network requests are still sent over the public internet.
Your Cloud Security team is looking to block any access from untrusted sources, such as access from unknown or unexpected locations. Which of the following can they use?
Blueprints
Resource Locks
Multifactor Authentication
Policies
Conditional Access
Conditional Access
Explanation:
Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.
Data that is stored in the Archive access tier of an Azure Storage account ________________.
Your answer is incorrect
must be recovered before the data can be accessed
must be requested from Azure by calling the helpline.
can only be read by using Azure Instant Access
must be rehydrated before the data can be accessed
must be rehydrated before the data can be accessed
Explanation:
Azure storage offers different access tiers: hot, cool and archive.
The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve.
While a blob is in archive storage, the blob data is offline and can’t be read, overwritten, or modified. To read or download a blob in archive, you must first rehydrate it to an online tier.
Example usage scenarios for the archive access tier include: Long-term backup, secondary backup, and archival datasets
Original (raw) data that must be preserved, even after it has been processed into final usable form.
Compliance and archival data that needs to be stored for a long time and is hardly ever accessed.
Which cloud benefit allows you to rapidly deploy applications or systems across multiple regions or locations?
Fault tolerance
Scalability
Elasticity
Geographic distribution
Geographic distribution
Explanation:
One of the major benefits of cloud computing is the ability to quickly and easily deploy applications or systems across multiple regions or locations. This is often referred to as geographic distribution, and it allows organizations to better serve customers in different regions by providing faster response times and reduced latency.
For example, imagine a company that has customers in both North America and Europe. By using a cloud provider’s infrastructure, the company can deploy its application in data centers located in both regions, allowing customers to access the application with minimal latency. Additionally, if one data center experiences an outage or other issue, the application can fail over to another data center, ensuring that customers are still able to access the application without interruption. This is an example of the fault tolerance aspect of cloud computing.
Scalability is incorrect because scalability refers to the ability to increase or decrease resources as needed to meet changing demands, but it does not necessarily enable rapid deployment across multiple locations.
Fault tolerance is incorrect because fault tolerance refers to the ability of a system to continue operating in the event of a hardware or software failure. While fault tolerance is important for ensuring system availability, it does not necessarily enable rapid deployment across multiple locations.
Elasticity is incorrect because elasticity refers to the ability to automatically adjust resources in response to changing demand. While elasticity is related to scalability, it does not necessarily enable rapid deployment across multiple locations.
Geographic distribution is the correct answer because it refers to the ability to deploy applications or systems across multiple regions or locations, which can help improve performance, reduce latency, and provide redundancy in case of a disaster or outage.
