AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 6 Flashcards

1
Q

To begin using Azure Storage, you first create an Azure ________________ to store your data objects.

DNS

Resource Group

Storage Account

Storage Section

A

Storage Account

Explanation:
Azure Storage is a service that you can use to store files, messages, tables, and other types of information. Clients such as websites, mobile apps, desktop applications, and many other types of custom solutions can read data from and write data to Azure Storage. Azure Storage is also used by infrastructure as a service virtual machines, and platform as a service cloud services.

To begin using Azure Storage, you first create an Azure Storage account to store your data objects. You can create an Azure Storage account by using the Azure portal, PowerShell, or the Azure CLI. Your storage account will contain all of your Azure Storage data objects, such as blobs, files, and disks.

Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-storage-fundamentals/azure-storage-accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is a way that Azure AD Identity Protection helps to protect against identity-based attacks?

By automatically blocking all sign-in attempts from high-risk IP addresses

By requiring all users to use multi-factor authentication

By monitoring users’ device health and security posture

By enforcing strong passwords for all users

A

By monitoring users’ device health and security posture

Explanation:
Azure AD Identity Protection uses various signals, including device health and security posture, to detect identity-based attacks and suspicious activities. By monitoring these factors, it can assess the risk level of a user’s sign-in attempt or activity and take appropriate action, such as requiring additional authentication or blocking access.

Note that Azure AD Identity Protection is not a replacement for strong passwords, multi-factor authentication, or other security measures. Instead, it is an additional layer of security that helps to protect against identity-based attacks.

By enforcing strong passwords for all users: This is incorrect because enforcing strong passwords is not a specific feature of Azure AD Identity Protection, but rather a general best practice for secure password management.

By automatically blocking all sign-in attempts from high-risk IP addresses: This is incorrect because Azure AD Identity Protection does not automatically block sign-in attempts based on IP address, but instead uses a risk-based approach to evaluate sign-in attempts and assess the level of risk.

By requiring all users to use multi-factor authentication: This is incorrect because although Azure AD Identity Protection supports multi-factor authentication, it is not the only method used to protect against identity-based attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your team is planning to build a set of REST-based web APIs by using your choice of language and framework. The produced apps should be consumable from any HTTP or HTTPS based client.

Which of the following would be a great fit for this use case?

Azure App Service

Azure Kubernetes Service

Azure Container Instances

Azure Virtual Desktops

Azure Functions

A

Azure App Service

Explanation:
App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. This platform as a service (PaaS) environment allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is NOT an Azure Subscription type?

Pay As You Go

Pay For a Year

Member offers

Free Trial

A

Pay For a Year

Explanation:
You probably know that an Azure subscription provides you with access to Azure resources such as virtual machines (VMs), storage, and databases. The types of resources you use affect your monthly bill.

Azure offers both free and paid subscription options to fit your needs and requirements. They are:

Free trial

A free trial subscription provides you with 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free. Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription.

Pay-as-you-go

A pay-as-you-go subscription lets you pay for what you use by attaching a credit or debit card to your account. Organizations can apply for volume discounts and prepaid invoicing.

Member offers

Your existing membership to certain Microsoft products and services might provide you with credits for your Azure account, and reduced rates on Azure services. For example, member offers are available to Visual Studio subscribers, Microsoft Partner Network members, Microsoft for Startups members, and Microsoft Imagine members.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is NOT a compute service available in Azure?

Azure Functions

Azure CosmosDB

Azure App Service

Azure Kubernetes

A

Azure CosmosDB

Explanation:
CosmosDB is a Database and not a compute option in Azure.

From the Official Azure Documentation:

Azure offers a number of ways to host your application code. The term compute refers to the hosting model for the computing resources that your application runs on. The following flowchart will help you to choose a compute service for your application.

If your application consists of multiple workloads, evaluate each workload separately. A complete solution may incorporate two or more compute services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which feature of Azure AD External Identities enables customers to sign up, sign in, and manage their own profiles using social accounts?

Azure Multi-Factor Authentication

Azure B2B Collaboration

Azure Active Directory B2C

Azure Active Directory Domain Services

A

Azure Active Directory B2C

Explanation:
Azure Active Directory B2C is designed to handle customer identities and enables them to sign up, sign in, and manage their profiles using social accounts or other identity providers, enhancing their experience with your applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the Azure AD Identity Protection dashboard?

To provide an overview of all users’ activity logs.

To show a summary of the risk level of all users.

To enable administrators to manage and investigate risk events.

To allow administrators to manage users’ authentication methods.

A

To enable administrators to manage and investigate risk events.

Explanation:
The correct answer is - To enable administrators to manage and investigate risk events.

The purpose of the Azure AD Identity Protection dashboard is to provide administrators with a centralized view of all risky sign-ins, vulnerabilities, and compromised identities. It allows administrators to investigate and manage risk events by providing detailed information about the users, devices, and applications involved in the event. The dashboard also provides recommendations to improve the security posture of the organization, such as enabling multi-factor authentication for at-risk users.

To provide an overview of all users’ activity logs: This is incorrect because the Azure AD Identity Protection dashboard focuses on risk events, not activity logs.

To allow administrators to manage users’ authentication methods: This is incorrect because managing users’ authentication methods is a separate function that is not part of the Azure AD Identity Protection dashboard.

To show a summary of the risk level of all users: This is incorrect because while the dashboard provides a risk score for each user, its primary purpose is to enable administrators to investigate and manage risk events, not to provide a summary of the risk level of all users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which storage redundancy option offers the highest level of durability, with a remarkable 16 nines of durability?

Durable-redundant storage (DRS)

Geo-redundant storage (GRS)

Locally redundant storage (LRS)

Zone-redundant storage (ZRS)

A

Geo-redundant storage (GRS)

Explanation:
The storage redundancy option that provides the highest degree of durability, with 16 nines of durability, is “geo-redundant storage (GRS).” GRS copies your data synchronously within a single physical location in the primary region using locally redundant storage (LRS). It then copies your data asynchronously to a single physical location in the secondary region (the region pair) also using LRS. This combination of synchronous and asynchronous replication results in an extremely high level of durability, offering at least 16 nines (99.99999999999999%) of durability for Azure Storage data objects over a given year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A __________________ contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

Route filter

Network security group (NSG)

Network gateway

Domain Name Service

A

Network security group (NSG)

Explanation:
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Network security group security rules are evaluated by priority using the 5-tuple information (source, source port, destination, destination port, and protocol) to allow or deny the traffic. A flow record is created for existing connections. Communication is allowed or denied based on the connection state of the flow record. The flow record allows a network security group to be stateful. If you specify an outbound security rule to any address over port 80, for example, it’s not necessary to specify an inbound security rule for the response to the outbound traffic. You only need to specify an inbound security rule if communication is initiated externally. The opposite is also true. If inbound traffic is allowed over a port, it’s not necessary to specify an outbound security rule to respond to traffic over the port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

_______________ is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.

Azure Sentinel

Azure Arc

Microsoft Defender for Cloud

Azure Key Vault

A

Azure Sentinel

Explanation:
Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system. A SIEM system aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response.

Azure Sentinel is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.

Azure Sentinel enables you to:

Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.

Detect previously undetected threats Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.

Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.

Respond to incidents rapidly Use built-in orchestration and automation of common tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What benefit does Infrastructure as Code (IaC) provide for disaster recovery scenarios?

It enables version control for application code.

It automates the creation of virtual machines.

It ensures consistent infrastructure configuration replication.

It accelerates the download speed of cloud resources.

A

It ensures consistent infrastructure configuration replication.

Explanation:
Infrastructure as Code (IaC) is a key DevOps practice that involves the management of infrastructure, such as networks, compute services, databases, storages, and connection topology, in a descriptive model. IaC allows teams to develop and release changes faster and with greater confidence. Benefits of IaC include:

Increased confidence in deployments

Ability to manage multiple environments

Improved understanding of the state of infrastructure

With IaC, you can create infrastructure configurations as code. This enables consistent replication of infrastructure settings, reducing the risk of configuration errors during disaster recovery scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a scenario where you need to manage access, policies, and compliance for multiple subscriptions, which Azure service would you use?

Azure management groups

Azure resource groups

Azure Active Directory

Azure subscriptions

A

Azure management groups

Explanation:
Azure management groups is the correct answer.

In a scenario where you need to manage access, policies, and compliance for multiple subscriptions, you would use Azure management groups. Management groups provide a level of scope above subscriptions, allowing you to organize subscriptions into containers and apply governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group.

Other options -

Azure Active Directory: While Azure AD is used for identity and access management, it does not directly manage policies and compliance for multiple subscriptions.

Azure subscriptions: Subscriptions are a unit of management, billing, and scale in Azure, but they do not provide a higher level of scope for managing multiple subscriptions.

Azure resource groups: Resource groups are used to organize resources within a subscription, but they do not provide a higher level of scope for managing multiple subscriptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following would you use to deploy and manage containerised applications to provide an integrated continuous integration and continuous delivery (CI/CD) experience and enterprise-grade security and governance.

Azure Container Instances

Azure Kubernetes

Azure Functions

Azure Batch

A

Azure Kubernetes

Explanation:
You can deploy and manage containerised applications more easily with a fully managed Kubernetes service. Azure Kubernetes Service (AKS) offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience and enterprise-grade security and governance. You can also unite your development and operations teams on a single platform to rapidly build, deliver and scale applications with confidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Cool storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.

False

True

A

False

Explanation:
Azure Storage offers different access tiers for your blob storage, helping you store object data in the most cost-effective manner. The available access tiers include:

Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website).

Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers).

Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).

The following considerations apply to the different access tiers:

Only the hot and cool access tiers can be set at the account level. The archive access tier isn’t available at the account level.

Hot, cool, and archive tiers can be set at the blob level, during upload or after upload.

Data in the cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data. For cool data, a slightly lower availability service-level agreement (SLA) and higher access costs compared to hot data are acceptable trade-offs for lower storage costs.

Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.1`

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Azure Pay-As-You-Go pricing is an example of Capex.

No

Yes

A

No

Explanation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operational expenditure (paying for service as you use it).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the basic building block of Azure?

Resource groups

Subscriptions

Management groups

Resources

A

Resources

Explanation:
Resources are the basic building blocks of Azure. Anything you create, provision, deploy, etc. is a resource. Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all considered resources within Azure.

Other options -

Resource groups are logical containers for resources deployed within an Azure subscription. They do not represent the individual components created in Azure.

Subscriptions are a unit of management, billing, and scale in Azure. They are used to organize resource groups and facilitate billing but are not the basic building blocks themselves.

Management groups are a higher-level organizational structure used to manage access, policies, and compliance for multiple subscriptions. They are not the basic building blocks of Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the minimum number of Virtual Machines and minimum number of Availability Zones respectively that must be used to guarantee an SLA of 99.99%?

2 Virtual Machines , 2 Availability Zones

1 Virtual Machine, 1 Availability Zone

1 Virtual Machine, 2 Availability Zones

2 Virtual Machines, 1 Availability Zone

A

2 Virtual Machines , 2 Availability Zones

Explanation:
Azure offers industry best SLAs for VMs. However, to guarantee an SLA of 99.99%, you must have 2 or more instances deployed across 2 or more Availability Zones!

According to the official Azure documentation :

Reference : https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An Azure Web App that queries an on-prem Oracle SQL Database is an example of a ____________________ cloud architecture.

multi-vendor

hybrid

private

public

A

hybrid

Explanation:
Since you are using both Azure, as well as on-prem resources ( A combination of both ) -> This is an example of a hybrid cloud!

From the Official Azure Documentation:

Reference: https://azure.microsoft.com/en-in/overview/what-is-hybrid-cloud-computing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is an event driven, compute-on-demand service , with capabilities to implement code triggered by events occurring in Azure or third party service as well as on-premises systems?

Azure Kubernetes

Azure Serverless

Azure Machine Learning Studio

Azure Policies

Azure CosmosDB

Azure Functions

A

Azure Functions

Explanation:
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

You focus on the pieces of code that matter most to you, and Azure Functions handles the rest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Your organization needs to move all its data back to on-premises due to new government regulations. Which Azure service should you use to export data from Azure for this migration?

AzCopy

Azure Data Box

Azure Site Recovery

Azure Data Factory

A

Azure Data Box

Explanation:
The correct option is Azure Data Box. Azure Data Box is designed for transferring large amounts of data to and from Azure. In this scenario, where the organization needs to move all its data back to on-premises due to government regulations, Data Box is the most suitable choice. It provides a secure and efficient way to transfer large volumes of data without relying on limited or slow network connections.

Wrong options:

Azure Data Factory - Azure Data Factory is a cloud-based data integration service that allows you to create, schedule, and manage data workflows. While it can be used to move and transform data, it’s not the best option for large-scale data export to on-premises, especially with limited network connectivity.

Azure Site Recovery - Azure Site Recovery is a disaster recovery service that helps protect and recover on-premises and Azure-based virtual machines. It is not designed for exporting large amounts of data from Azure to on-premises environments.

AzCopy - AzCopy is a command-line utility for copying data to and from Azure Storage. While it can be used for data transfers, it relies on network connectivity, which may not be suitable for transferring large amounts of data back to on-premises locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You have an on-premises infrastructure and would like to extend its capabilities by making use of Azure services. Which type of cloud deployment is this an example of?

A Public Cloud

A private cloud

A hybrid cloud

An Internal cloud

A

A hybrid cloud

Explanation:
A hybrid cloud is a combination of a private cloud and a public cloud.

A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Hybrid cloud

Provides the most flexibility.

Organizations determine where to run their applications.

Organizations control security, compliance, or legal requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

_____________ helps you estimate the cost savings of operating your solution on Azure over time compared to operating in your on-premises datacenter.

Azure TCO Calculator

Azure Advisor

Azure Blueprints

Azure Pricing Calculator

A

Azure TCO Calculator

Explanation:
The TCO Calculator helps you estimate the cost savings of operating your solution on Azure over time compared to operating in your on-premises datacenter.

The term total cost of ownership is used commonly in finance. It can be hard to see all the hidden costs related to operating a technology capability on-premises. Software licenses and hardware are additional costs.

With the TCO Calculator, you’ll enter the details of your on-premises workloads. Then you can review the suggested industry-average cost (which you can adjust) for related operational costs. These costs include electricity, network maintenance, and IT labor. You’re then presented with a side-by-side report. Using the report, you can compare those costs with the same workloads running on Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A Senior Security Engineer in your company has enforced MFA for all users. How does MFA enhance security?

It requires a Password and a code through the Microsoft Authenticator App

It uses two passwords

It requires password complexity

It requires a Social Insurance Number and a Password

A

It requires a Password and a code through the Microsoft Authenticator App

Explanation:
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.

If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.

Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:

1) Something you know, typically a password.

2) Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key.

3) Something you are - biometrics like a fingerprint or face scan.

Users can register themselves for both self-service password reset and Azure AD Multi-Factor Authentication in one step to simplify the on-boarding experience. Administrators can define what forms of secondary authentication can be used. Azure AD Multi-Factor Authentication can also be required when users perform a self-service password reset to further secure that process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You can enforce Azure AD Multi-Factor Authentication for all users via the Microsoft Authenticator app, phone call, or SMS code.

No

Yes

A

No

Explanation:
Azure AD Multi-Factor Authentication is a Microsoft service that provides multifactor authentication capabilities. Azure AD Multi-Factor Authentication enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.

The Azure Active Directory free edition enables Azure AD Multi-Factor Authentication for administrators with the global admin level of access, via the Microsoft Authenticator app, phone call, or SMS code. You can also enforce Azure AD Multi-Factor Authentication for all users via the Microsoft Authenticator app only, by enabling security defaults in your Azure AD tenant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Purchasing your own infrastructure and deploying it in your own data center is an example of CapEx.

Yes

No

A

Yes

Explanation:
Deploying your own datacenter is definitely an example of CapEx. This is because you need to purchase all the infrastructure upfront before you can use it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following statements regarding Azure subscriptions are correct?

Billing is applied to each subscription separately

Subscription is dependent on a region

Trial subscription can be converted to paid

Azure subscription cannot have a trust relationship with an Azure Active Directory (AD) instance

Multiple subscriptions cannot be created within an Azure account

A

Billing is applied to each subscription separately

Subscription is dependent on a region

Trial subscription can be converted to paid

Explanation:
Billing is applied to each subscription separately - Yes! It is one of the many reasons why people use separate subscriptions.

Trial subscription can be converted to paid - Of course. When you sign up for an Azure free account, you get $200 credit. In the first 30 days, any services you use beyond their free amounts will be deducted from that $200 credit. When you’ve used up your $200 credit or 30 days have passed (whichever happens first), you’ll need to upgrade by moving to pay-as-you-go pricing. That way, you can keep getting free amounts of services and purchase services beyond their free amounts as needed. The cost of those services is charged to the payment method you provide.

Subscription is dependent on a region - Yes, when you create a subscription in Azure, you need to specify a certain region for that Subscription. Hence, this choice is valid as well.

All other options are invalid and don’t stand true.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following is an excellent choice if you want to run multiple instances of an application on a single host machine?

Functions

Blueprints

Scale Sets

Containers

A

Containers

Explanation:
While virtual machines are an excellent way to reduce costs versus the investments that are necessary for physical hardware, they’re still limited to a single operating system per virtual machine. If you want to run multiple instances of an application on a single host machine, containers are an excellent choice.

What are containers?

Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you don’t manage the operating system for a container. Virtual machines appear to be an instance of an operating system that you can connect to and manage, but containers are lightweight and designed to be created, scaled out, and stopped dynamically. While it’s possible to create and deploy virtual machines as application demand increases, containers are designed to allow you to respond to changes on demand. With containers, you can quickly restart in case of a crash or hardware interruption. One of the most popular container engines is Docker, which is supported by Azure.

Containers are managed through a container orchestrator, which can start, stop, and scale out application instances as needed. There are two ways to manage both Docker and Microsoft-based containers in Azure: Azure Container Instances and Azure Kubernetes Service (AKS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the primary role of Azure Arc-enabled data services?

To provide cloud-based virtual machines for data processing.

To manage and monitor data services exclusively within Azure regions.

To optimize network connectivity between Azure regions.

To extend Azure data services to on-premises and multi-cloud environments.

A

To extend Azure data services to on-premises and multi-cloud environments.

Explanation:
Azure Arc-enabled data services extend Azure data services to on-premises and multi-cloud environments, enabling consistent data management and integration across different locations.q

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

AzCopy is a command-line utility designed to copy ______________.

Data between Azure Storage accounts

Data between on-premises file servers

Database schemas

Virtual machines

A

Data between Azure Storage accounts

Explanation:
AzCopy is a command-line utility specifically designed to copy data between Azure Storage accounts or between an on-premises location and Azure Storage. It supports Blob Storage, Table Storage, and File Storage transfers.

Other options -

Virtual machines - AzCopy is not designed to copy virtual machines; it focuses on data transfers for Azure Storage services.

Data between on-premises file servers - Although AzCopy can copy data between an on-premises location and Azure Storage, it is not intended for transferring data directly between on-premises file servers without involving Azure Storage.

Database schema - AzCopy is not designed for copying database schema; it focuses on data transfers for Azure Storage services, such as Blob Storage, Table Storage, and File Storage.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

How does Microsoft Purview contribute to data security and compliance?

It encrypts data at rest and in transit.

It provides real-time monitoring of network traffic.

It enforces strict role-based access control for virtual machines.

It helps classify and protect sensitive data and ensures compliance policies are followed.

A

It helps classify and protect sensitive data and ensures compliance policies are followed.

Explanation:
Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview helps organizations classify and label data, apply data protection policies, and manage access controls. This ensures that sensitive data is properly protected and that compliance with data regulations is maintained, contributing to data security and compliance efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A unique characteristic of Azure Files from files on a corporate file share is that you cannot access the files from anywhere in the world, it has to be from a specific location.

No

Yes

A

No

Explanation:
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.

One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world, by using a URL that points to the file. You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time.

Here’s an example of a service SAS URI, showing the resource URI and the SAS token:

Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-storage-fundamentals/azure-file-storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

True or False: Data stored in an Azure Storage account is automatically copied twice.

False

True

A

False

Explanation:

Azure Storage offers multiple redundancy options, including locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), and read-access geo-redundant storage (RA-GRS).

LRS and ZRS provide redundancy within a datacenter or within a single zone, respectively, and create three copies of the data. GRS and RA-GRS provide additional redundancy across multiple datacenters or regions, respectively, and create six copies of the data (three copies in the primary region and three copies in the secondary region).

However, none of these redundancy options provide only two copies of the data by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

How does Microsoft Purview enhance data governance across multi-cloud environments?

By offering a unified solution to manage and govern data across various cloud and on-premises sources.

By offering virtual machine management capabilities.

By enabling cross-platform application deployment.

By providing a cloud-native development environment.

A

By offering a unified solution to manage and govern data across various cloud and on-premises sources.

Explanation:
Microsoft Purview provides a unified solution for managing and governing data across various sources, including multi-cloud and on-premises environments. It helps organizations maintain consistent data governance practices and policies regardless of where the data resides.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

You are a cloud administrator responsible for managing a large Azure environment with multiple subscriptions. You want to enforce a company-wide requirement that requires all virtual machines to be encrypted using Azure Disk Encryption. Which Azure service should you use to enforce this?

Azure Security Center

Azure Resource Manager

Azure Active Directory

Azure Policy

A

Azure Policy

Explanation:
Azure Policy can be used to enforce company-wide policies across multiple Azure subscriptions, including policies related to Azure Disk Encryption. By creating a policy definition that requires all virtual machines to have Azure Disk Encryption enabled, you can ensure that this policy is applied consistently across your entire Azure environment.

Other options -

Azure Security Center: This is a service that helps customers protect their Azure and on-premises resources from threats, but it is not designed specifically for enforcing policies related to Azure Disk Encryption.

Azure Active Directory: This is a cloud-based identity and access management service, and while it can be used to manage access to Azure resources, it is not designed to enforce policies related to Azure Disk Encryption.

Azure Resource Manager: This is a service that allows customers to manage resources in their Azure subscription, but it is not designed to enforce policies related to Azure Disk Encryption.

multiple subscriptions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A startup is planning to use multiple Azure SQL Databases. Which of the following will help them to reduce costs if the databases have unpredicatable usage demands?

Scale Sets

Azure Blueprints

Azure Policies

Elastic Pools

A

Elastic Pools

Explanation:
Just like Azure VM Scale Sets are best friends with Azure VMs, for Azure SQL Databases, we have Azure SQL Database elastic pools . These are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a set number of resources at a set price.

Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.

36
Q

When creating a private endpoint, which of the following components needs to be configured to enable private connectivity?

Network Security Group (NSG)

Azure Active Directory (Azure AD)

Private DNS zone

Public IP address

A

Private DNS zone

Explanation:
To enable private connectivity via a private endpoint, you need to configure a Private DNS zone. This Private DNS zone allows you to resolve the hostname of the private endpoint to its private IP address within your virtual network.

37
Q

A new startup needs to control its cloud environment so that it complies with several industry standards, but it’s not sure where to start. They have existing business requirements, and understand how these requirements relate to their on-premises workloads. These requirements also must be met by any workloads they run in the cloud.

Which of the following can help them in this case?
Your answer is incorrect

The Azure Blueprint for Cloud

Microsoft Defender for Cloud

The Cloud Adoption Framework for Azure

The Proven Roadmap for Azure

A

The Cloud Adoption Framework for Azure

Explanation:
The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud.

Cloud Adoption Framework consists of tools, documentation, and proven practices. The Cloud Adoption Framework includes these stages:

Define your strategy.

Make a plan.

Ready your organization.

Adopt the cloud.

Govern and manage your cloud environments.

Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/9-accelerate-cloud-adoption-framework

38
Q

Your company’s IT department wants to ensure that its virtual machines (VMs) are highly available and have automatic failover in case of a hardware failure. Which Azure Virtual Machines feature should you use to achieve this?

Azure Site Recovery

Azure Virtual Machine Resiliency

Availability Zones

Virtual Machine Scale Sets

A

Availability Zones

Explanation:
Availability Zones is the correct answer. It is an Azure service that provides high availability by replicating applications and data across multiple data-centers within a region. By using availability zones, your virtual machines are deployed in separate physical locations with independent power, cooling, and networking, ensuring that they remain available even if there is a failure in one of the zones. This feature provides automatic failover in case of a hardware failure, making it a suitable solution for ensuring highly available virtual machines.

39
Q

Which of the following is an accurate definition of an Azure Policy Initiative?

An Azure service that provides real-time monitoring of policy enforcement.

A type of virtual machine used for hosting policies in the Azure cloud.

A set of policy definitions that are applied individually for easy management and assignment.

A way to package and deploy a collection of policy definitions as a single entity.

A

A way to package and deploy a collection of policy definitions as a single entity.

Explanation:
The correct answer is : A way to package and deploy a collection of policy definitions as a single entity. An initiative definition is a group of policy definitions that are designed to achieve a specific objective. The purpose of initiative definitions is to streamline the management and assignment of policy definitions by grouping them together as a single entity. An example of an initiative could be “Enable Monitoring in Microsoft Defender for Cloud,” which aims to monitor all the available security recommendations in a Microsoft Defender for Cloud instance.

40
Q

You want to set up separate environments for development and testing, and security in Azure. What would you create to achieve this?

Additional resource groups

Additional subscriptions

Additional management groups

Additional Azure accounts

A

Additional subscriptions

Explanation:
Creating additional subscriptions is a suitable approach for setting up separate environments for development and testing, and security in Azure. By having separate subscriptions for different environments, you can manage and control access to the resources provisioned within each subscription, and it helps you track costs and apply different access-management policies more effectively.

41
Q

Which of the following is a key difference between Azure Active Directory (AAD) and Role-Based Access Control (RBAC)?

AAD is a cloud-based directory service, while RBAC is a feature within the Azure portal.

AAD provides identity and access management services, while RBAC provides granular access control within Azure resources.

AAD is only used for managing access to Microsoft applications, while RBAC is used for managing access to any Azure resource.

AAD is used for managing access to Azure resources, while RBAC is used for managing access to on-premises resources.

A

AAD provides identity and access management services, while RBAC provides granular access control within Azure resources.

Explanation:
The correct option is : Azure Active Directory (AAD) provides identity and access management services, while Role-Based Access Control (RBAC) provides granular access control within Azure resources.

Other options:

AAD is used for managing access to Azure resources, while RBAC is used for managing access to on-premises resources : This is incorrect because AAD can be used for managing access to on-premises resources as well as cloud resources.

AAD is a cloud-based directory service, while RBAC is a feature within the Azure portal: This is incorrect because AAD is a cloud-based directory service, but RBAC is not a feature within the Azure portal. Rather, RBAC is a built-in feature of the Azure platform for managing access to Azure resources.

AAD is only used for managing access to Microsoft applications, while RBAC is used for managing access to any Azure resource: This is incorrect because AAD can be used to manage access to both Microsoft and non-Microsoft applications, while RBAC is used only for managing access to Azure resources.

Overall, AAD and RBAC have different but complementary roles in managing access to Azure resources. AAD is primarily used for managing user identities and authentication, while RBAC is used for managing granular access control within Azure resources by assigning permissions to specific roles rather than individual users.

42
Q

An unlimited number of resources can be added to a Subscription.

False

True

A

False

Explanation:
At the beginning of any cloud governance implementation, you identify a cloud organization structure that meets your business needs. This step often involves forming a cloud center of excellence team (also called a cloud enablement team or a cloud custodian team). This team is empowered to implement governance practices from a centralized location for the entire organization.

Teams often start their Azure governance strategy at the subscription level.

Subscriptions also have some resource limitations. For example, the maximum number of network Azure ExpressRoute circuits per subscription is 10. Those limits should be considered during your design phase. If you’ll need to exceed those limits, you might need to add more subscriptions. If you hit a hard limit maximum, there’s no flexibility to increase it.

Management groups are also available to assist with managing subscriptions. A management group manages access, policies, and compliance across multiple Azure subscriptions. You’ll learn more about management groups later in this module.

43
Q

________________ help to enforce organizational standards, to assess compliance at-scale and implementing governance for resource consistency, regulatory compliance, security and management.

Resource Groups

Resource Locks

Templates
Your answer is correct

Policies

44
Q

How does Azure AD B2B Collaboration benefit organizations when collaborating with external partners?

It enables external partners to manage Azure subscriptions.

It grants full administrator access to external partners.

It provides controlled access to specified resources while maintaining security.

It integrates external partners into the organization’s on-premises network.

A

It provides controlled access to specified resources while maintaining security.

Explanation:
Azure AD B2B Collaboration enables organizations to securely collaborate with external partners by granting them controlled access to specific resources. This allows external partners to work on shared projects without compromising security.

45
Q

Which of the following scenarios are suitable for using Data Box to import data to Azure?

Configuring real-time data synchronization between Azure and on-premises servers

Moving a media library from offline tapes to Azure

One-time migration of a large amount of on-premises data

Incremental backups of Azure virtual machines

A

Moving a media library from offline tapes to Azure

One-time migration of a large amount of on-premises data

Explanation:
One-time migration of a large amount of on-premises data: Azure Data Box is an ideal solution for importing large volumes of data to Azure when network connectivity is limited or insufficient. It is suitable for one-time migration scenarios where you need to move a large amount of data from on-premises to Azure.

Moving a media library from offline tapes to Azure: Data Box can be used to move media libraries from offline tapes to Azure, creating an online media library. It provides a secure and efficient way to transfer large amounts of media files to Azure storage services.

Other options -

Configuring real-time data synchronization between Azure and on-premises servers: Data Box is designed for offline data transfers and is not meant for real-time data synchronization between Azure and on-premises servers. For real-time data synchronization, you might consider Azure File Sync or other data synchronization services.

Incremental backups of Azure virtual machines: Data Box is used for transferring data to or from Azure, not specifically for incremental backups of Azure virtual machines. To perform incremental backups of Azure VMs, you can use Azure Backup service, which is designed for that purpose.

Reference: https://learn.microsoft.com/en-us/training/modules/describe-azure-storage-services/6-identify-azure-data-migration-options

46
Q

Which of the following can an application retrieve security tokens from? Choose the Best possible answer.

A Certificate Store

An Azure Key Vault

An Azure SQL Database

Azure Active Directory (Azure AD)

A

Azure Active Directory (Azure AD)

Explanation:
Please note that the question asks us “To retrieve security tokens”. You might be thinking about Azure Key Vaults here.

A service such as Azure Key Vault can keep security token, however to access/retrieve something from the Key Vault , we need to be authenticated to retrieve them. To authenticate, we can use “managed identity” that gives Azure services an automatically managed identity in Azure AD. So the answer is Azure AD.

Remember that Azure AD provides access tokens. Azure Key vault is used to securely store passwords, secrets, certificates and tokens.

47
Q

Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Which of the following can you recommend?

Azure Advisor

Azure Security Center

Blueprints

Policies

Tags

A

Tags

Explanation:
Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for the following reasons:

Resource management: Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.

Operations management: Visibility for the operations management team about business commitments and SLAs is an important aspect of ongoing operations. For operations to be managed well, tagging for mission criticality is required.

Security: Classification of data and security impact is a vital data point for the team, when breaches or other security issues arise. To operate securely, tagging for data classification is required.

Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/?toc=%2Fazure%2Fazure-resource-manager%2Fmanagement%2Ftoc.json

48
Q

What are the two types of subscription boundaries that you can use in Azure?

Geographical boundary

Access control boundary

Organizational boundary

Billing boundary

A

Access control boundary
Billing boundary

Explanation:
In Azure, you can use two types of subscription boundaries:

Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.

Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

49
Q

What is the recommended minimum data size for using Data Box to transfer data in scenarios with limited network connectivity?

100 TB

20 TB

40 TB

10 TB

A

40 TB

Explanation:
Data Box is an Azure service designed for offline data transfer when dealing with large data sizes and limited or no network connectivity. The recommendation for using Data Box is for data sizes larger than 40 TB. This is because, at such large data sizes, transferring data over the network can be slow, unreliable, or costly due to bandwidth limitations.

In scenarios with limited network connectivity, using Data Box helps avoid the challenges of slow data transfer speeds, potential data corruption, and high costs associated with transferring massive amounts of data over the network. By opting for Data Box, you ensure a secure, efficient, and cost-effective solution for moving large volumes of data to or from Azure.

50
Q

Which of the following would you recommend for these given requirements?

1) Create thousands of identical virtual machines in minutes

2) Deploy across availability zones to protect against datacenter failures

Azure Container Instance

Azure Blueprints

Azure Virtual Machines

Azure Kubernetes

Azure Virtual Machine Scale Sets

Azure Resource Groups

A

Azure Virtual Machine Scale Sets

Explanation:
Azure Virtual Machine Scale Sets is Automated virtual machine scaling that helps you cost-effectively simplify the deployment, management, and availability of your applications.

Reference : https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/

51
Q

You plan to deploy an SQL database to Azure. One of the major requirements is resource isolation, i.e this database should not be accessible to other your other resources on Azure.

Which of the following can help with this?

Deploy the SQL Database to a different Virtual Network

Use an Azure ExpressRoute circuit

Setup custom rules in Azure Policies

Setup custom rules in Azure Blueprints

A

Deploy the SQL Database to a different Virtual Network

Explanation:
Overall explanation
Deploy the SQL Database to a different Virtual Network explains network segmentation. You can deploy the SQL database to a new Virtual Network and filter any traffic using a Network Security Group on top of it.

From the Official Azure Documentation:

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

Communicate between Azure resources

You’ll want to enable Azure resources to communicate securely with each other. You can do that in one of two ways:

Virtual networks Virtual networks can connect not only VMs but other Azure resources, such as the App Service Environment for Power Apps, Azure Kubernetes Service, and Azure virtual machine scale sets.

Service endpoints You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.

Filter network traffic

Azure virtual networks enable you to filter traffic between subnets by using the following approaches:

Network security groups A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.

Network virtual appliances A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.

52
Q

Which of the following is NOT a valid way to purchase Azure Services?

Through any 3rd Party Vendor

Through a Cloud Solution Provider

Directly from the Web

Through an Enterprise Agreement

A

Through any 3rd Party Vendor

Explanation:
There are three main ways to purchase services on Azure. They are:

Through an Enterprise Agreement

Larger customers, known as enterprise customers, can sign an Enterprise Agreement with Microsoft. This agreement commits them to spending a predetermined amount on Azure services over a period of three years. The service fee is typically paid annually. As an Enterprise Agreement customer, you’ll receive the best customized pricing based on the kinds and amounts of services you plan on using.

Directly from the web

Here, you can purchase Azure services directly from the Azure portal website and pay standard prices. You’re billed monthly, either as a credit card payment or through an invoice. This purchasing method is known as Web Direct.

Through a Cloud Solution Provider

A Cloud Solution Provider (CSP) is a Microsoft Partner that helps you build solutions on top of Azure. Your CSP bills you for your Azure usage at a price they determine. They also answer your support questions and escalate them to Microsoft, as needed.

53
Q

When you form a cloud center of excellence team or a cloud custodian team, that team can use Azure _______________ to scale their governance practices throughout the organization.

Blueprints

Compliance

Resource Groups

Subscriptions

A

Blueprints

Explanation:
When you form a cloud center of excellence team or a cloud custodian team, that team can use Azure Blueprints to scale their governance practices throughout the organization.

Implementing a blueprint in Azure Blueprints involves these three steps:

Create an Azure blueprint.

Assign the blueprint.

Track the blueprint assignments.

With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.

Blueprints are also versioned. Versioning enables you to track and comment on changes to your blueprint.

Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/8-govern-subscriptions-azure-blueprints

54
Q

An Azure service is said to be available to all Azure customers when it is in ______________.

fixed preview

general availability

public preview

private preview

A

public preview

Explanation:
Public preview means that the service is available to everyone with an Azure subscription but the normal SLAs don’t apply. This is different from general availability when the service is available to all Azure customers with SLA backed guarantees!

Example -

Reference: https://azure.microsoft.com/en-ca/support/legal/preview-supplemental-terms/

55
Q

Which of the following is a factor that Azure AD Identity Protection uses to assess the risk level of a user’s sign-in attempt or activity?

The user’s device health and security posture.

The user’s email address

The user’s job title

The user’s physical location

A

The user’s device health and security posture.

Explanation:
The correct answer is - The user’s device health and security posture is one of the factors that Azure AD Identity Protection uses to assess the risk level of a user’s sign-in attempt or activity. Azure AD Identity Protection uses machine learning algorithms and various risk factors, such as device health and security posture, to identify potential risks and take appropriate action to protect the user’s identity and the organization’s resources.

56
Q

Which aspect of data management does Microsoft Purview primarily address?

Data transformation for analytics purposes.

Data discovery, classification, and governance.

Data storage optimization.

Data migration between Azure regions.

A

Data discovery, classification, and governance.

Explanation:
Microsoft Purview focuses on data discovery, classification, and governance. It helps organizations understand what data they have, where it resides, and how it’s being used. It also provides tools for classifying and protecting sensitive data, ensuring compliance with data regulations.

57
Q

Azure Reserved VM Instances are an example of Opex.

Yes

No

A

No

Explanation:
A reserved instance is where you pay upfront for the use of a virtual machine for a period of time (1 or 3 years). This can save you money as you receive a discount on the cost of a VM if you pay upfront for a reserved instance.

However, as this is an upfront payment, it will be classed as CapEx, not OpEx.

Simple way to remember : Upfront payment = Capex, Pay as you go = Opex!

58
Q

Your company has a policy that requires all Azure resources to be deployed with a specific set of tags. You want to ensure that this mandate is enforced automatically for all new resources deployed in your Azure environment. Which Azure service should you use to accomplish this?

Azure Policy

Azure Security Center

Azure Resource Manager

Azure Advisor

A

Azure Policy

Explanation:
Azure Policy is the Azure service used to enforce policies for resource consistency and compliance. It allows administrators to create and enforce policies that ensure resources deployed in Azure adhere to specific rules, such as the requirement to have a specific set of tags. Azure Policy can evaluate resources against these policies and, if necessary, take actions to remediate non-compliant resources. In this scenario, Azure Policy can be used to automatically enforce the policy that requires all resources to be deployed with a specific set of tags.

59
Q

You can create multiple billing reports per subscription. This is handy when you have multiple departments and need to do a chargeback of cloud costs.

False

True

A

False

Explanation:
You can create one billing report per subscription. If you have multiple departments and need to do a “chargeback” of cloud costs, one possible solution is to organize subscriptions by department or by project.

Resource tags can also help.

60
Q

_____________ make it easier to identify groups that generate the biggest Azure costs, which can help you adjust your spending accordingly.

Tags

Blueprints

Policies

Mangement Groups

A

Tags

Explanation:
Tags help you manage costs associated with the different groups of Azure products and resources. You can apply tags to groups of Azure resources to organize billing data.

For example, if you run several VMs for different teams, you can use tags to categorize costs by department, such as Human Resources, Marketing, or Finance; or by environment, such as Test or Production.

Tags make it easier to identify groups that generate the biggest Azure costs, which can help you adjust your spending accordingly.

61
Q

How can you deploy an ARM template to Azure?

By manually configuring each resource through the Azure portal.

By running the ARM template on a local machine be it Windows or Mac.

By submitting the ARM template to a third-party service such as Dremio.

By using Azure PowerShell, Azure CLI, or the Azure portal

A

By using Azure PowerShell, Azure CLI, or the Azure portal

Explanation:
ARM templates can be deployed using various tools, including Azure PowerShell, Azure CLI, and the Azure portal. These tools interpret the template and orchestrate the resource provisioning process.

62
Q

Which of the following is an example of an Azure Application Platform?

Azure Cache for Redis

Azure App service

Azure DNS

Azure Firewall

Azure Load Balancer

A

Azure App service

Explanation:
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. For Linux-based environments, see App Service on Linux.

63
Q

Which of the following options would meet these requirements?

1) SDKs for popular languages, APIs for SQL, MongoDB, Cassandra and more

2) Guaranteed speed at any scale with instant and limitless elasticity, fast reads, and multi-region writes anywhere in the world

3) The ability to work with NoSQL data

Azure Table Storage

Azure Cosmos DB

Azure Files

Azure Queues

A

Azure Cosmos DB

Explanation:

64
Q

As part of its modernization strategy, your company has decided to move all its operations to the Azure cloud. It is looking for an advanced modernization, and optimization service for Azure with a wide range of tools for assessment.

Which of the following would you recommend?

Azure Cloud Adopter

Azure Migrate

Azure Advisor

Azure Data Box

A

Azure Migrate

Explanation:
Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate’s extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases. It provides the following:

Unified migration platform: A single portal to start, run, and track your migration to Azure.

Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Azure Migrate: Discovery and assessment and Azure Migrate: Server Migration. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings.

Reference: https://docs.microsoft.com/en-us/azure/migrate/migrate-services-overview

65
Q

Which of the following categories does Azure VPN Gateway belong to?

Software as a Service ( SaaS )

Network as a Service ( NaaS )

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

A

Infrastructure as a Service (IaaS)

Explanation:

66
Q

Which type of code/language is commonly used in Infrastructure as Code (IaC) to define and manage resources?

YAML

JavaScript

HTML

SQL

A

YAML

Explanation:
YAML (Yet Another Markup Language) is a common choice for writing code to define and manage infrastructure in IaC. It provides a human-readable format for specifying configurations and settings for various resources.

67
Q

A startup is planning to replace or supplement traditional on-premises network-attached storage (NAS) devices. More importantly, they are looking for a solution that supports multiple Operating Systems, and containerization.

Which of the following would you recommend?

Azure Kubernetes

Azure Data Lake Storage Gen2

Azure Container Instances

Azure Files

Azure Table Storage

Azure Blob Storage

A

Azure Files

Explanation:
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. Azure file shares can be mounted concurrently by cloud or on-premises deployments. SMB Azure file shares are accessible from Windows, Linux, and macOS clients. NFS Azure file shares are accessible from Linux or macOS clients. Additionally, SMB Azure file shares can be cached on Windows servers with Azure File Sync for fast access near where the data is being used.

Containerization:

Azure file shares can be used as persistent volumes for stateful containers. Containers deliver “build once, run anywhere” capabilities that enable developers to accelerate innovation. For the containers that access raw data at every start, a shared file system is required to allow these containers to access the file system no matter which instance they run on.

Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

68
Q

Which of the following best describes the relationship between an ARM template and Azure resources?

An ARM template defines the desired state of Azure resources and their configuration.

An ARM template is a virtual machine template.

An ARM template is a resource type in Azure.

An ARM template is another name for Resource Groups and provides direct access to Azure data centers.

A

An ARM template defines the desired state of Azure resources and their configuration.

Explanation:
An ARM template is used to declare the desired configuration of Azure resources. It defines the properties, settings, and dependencies of resources in order to achieve a specific deployment.

69
Q

You have deployed Azure File Sync for your organization. One of the interns accidentally deleted some important files on the local file server. How can you recover the deleted files?

Recover from the local file server’s backup

Recover from the Azure File share using Azure Backup

Restore the files from Azure Blob Storage

Use Azure Site Recovery to recover the files

A

Recover from the Azure File share using Azure Backup

Explanation:
The correct answer is Recover from the Azure File share using Azure Backup. When you deploy Azure File Sync, the data is synchronized with Azure Files, and you can create a backup of the file share using Azure Backup. In case of accidental deletion, you can restore the deleted files from the Azure File share backup.

Other options -

Recovering from the local file server’s backup may be a valid option, but it is not the best solution in the context of Azure File Sync. Azure File Sync keeps a centralized copy of the data in Azure Files, which can be backed up and restored using Azure Backup.

Azure Site Recovery is a disaster recovery solution and is not intended for file recovery. It is designed to protect virtual machines and physical servers by replicating them to a secondary location, but it is not suitable for restoring individual files.

Restoring the files from Azure Blob Storage is not relevant because Azure File Sync synchronizes data with Azure Files, not Azure Blob Storage.

70
Q

Your boss wants to ensure that your teams virtual machines are automatically patched and updated. Which Azure Virtual Machines feature should you use to achieve this?

Azure Update Management

Azure Virtual Machine Configuration Management

Azure Virtual Machine Scale Sets

Azure Virtual Machine Extensions

A

Azure Update Management

Explanation:
Azure Update Management is the correct answer, and it is a service that provides a solution for automatically patching and updating virtual machines in Azure. It enables you to schedule and track updates across your entire Azure environment, including virtual machines, hybrid machines, and servers. You can also assess the compliance of your virtual machines against security baselines and audits.

Other options:

Azure Virtual Machine Scale Sets: This is a service that allows you to create and manage a group of identical virtual machines in Azure. While this service can help you scale your applications horizontally to meet increased demand, it does not provide a solution for automatically patching and updating virtual machines.

Azure Virtual Machine Configuration Management: This is a feature that allows you to configure and manage virtual machine settings and applications using PowerShell DSC (Desired State Configuration). While this feature can help you maintain consistency and enforce configuration standards across your virtual machines, it does not provide a solution for automatically patching and updating virtual machines.

Azure Virtual Machine Extensions: This are small applications that provide post-deployment configuration and automation tasks for virtual machines. While some extensions can help you with patching and updating virtual machines, they do not provide a comprehensive solution for this task.

71
Q

Your legal team is requesting for documentation pertaining to Microsoft’s implementation of controls and processes, namely - Audit Reports, Compliance scores, Pen-Test and Security assessments, and Industry compliance.

Where can you obtain this information?

Azure Resources

Azure Advisor

Service Trust Portal

Microsoft Privacy Statement

Azure Support Docs

A

Service Trust Portal

Explanation:
The Microsoft Service Trust Portal contains details about Microsoft’s implementation of controls and processes that protect our cloud services.

Reference: https://servicetrust.microsoft.com

72
Q

Which of the following categories does Azure Kubernetes service belong to?

Platform as a service (PaaS)

Software as a service (SaaS)

Database as a service (DaaS)

Infrastructure as a service (IaaS)

A

Platform as a service (PaaS)

Explanation:
Azure Kubernetes Service (AKS) offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. This falls under the PaaS category!

73
Q

In the context of Azure AD B2C, what is a “policy”?

A predefined set of access permissions for internal employees.

A customized set of rules and behaviors for customer identity interactions.

A secure authentication method using multi-factor authentication.

An encryption key used to secure customer data.

A

A customized set of rules and behaviors for customer identity interactions.

Explanation:
In Azure AD B2C, a policy is a collection of predefined rules and behaviors that define how customers interact with your applications. It helps you customize the user journey, authentication methods, and user flows during sign-up, sign-in, and profile management.

74
Q

A Social Insurance Number and a Fingerprint scan are valid MFA options for Azure.

Yes
No

A

No

Explanation:
The following forms of verification can be used with Azure Multi-Factor Authentication:

Multi-factor authentication provides additional security for your identities by requiring two or more elements to fully authenticate.

These elements fall into three categories:

Something the user knows

This might be an email address and password.

Something the user has

This might be a code that’s sent to the user’s mobile phone.

Something the user is

This is typically some sort of biometric property, such as a fingerprint or face scan that’s used on many mobile devices.

75
Q

Which of the following do Azure Arc-enabled servers allow you to do?

Manage and govern Azure Active Directory.

Monitor Azure Logic Apps.

Extend Azure Resource Manager templates to on-premises environments.

Deploy virtual machines in Azure regions.

A

Extend Azure Resource Manager templates to on-premises environments.

Explanation:
Azure Arc-enabled servers allow you to extend Azure Resource Manager templates to on-premises environments. This enables consistent deployment and management practices across both cloud and on-premises resources.

Reference: https://learn.microsoft.com/en-us/azure/azure-arc/overview

76
Q

Role-based access control is applied to a _______________, which is a resource or set of resources that this access applies to.

Scope

Blueprint

Group

Resource Set

A

Scope

Explanation:
When you have multiple IT and engineering teams, how can you control what access they have to the resources in your cloud environment? It’s a good security practice to grant users only the rights they need to perform their job, and only to the relevant resources.

Instead of defining the detailed access requirements for each individual, and then updating access requirements when new resources are created, Azure enables you to control access through Azure role-based access control (Azure RBAC).

Azure provides built-in roles that describe common access rules for cloud resources. You can also define your own roles. Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions.

Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.

Here’s a diagram that shows the relationship between roles and scopes.

77
Q

Which Azure service allows you to control the DNS settings for private endpoints in your virtual network?

Azure DNS

Azure Traffic Manager

Azure DNS Zone

Azure Private DNS

A

Azure Private DNS

Explanation:
Azure Private DNS is the service that allows you to manage and control the DNS settings for private endpoints in your virtual network. It enables you to map the private endpoint’s hostname to its private IP address within the virtual network, ensuring proper resolution.

78
Q

Each Azure subscription can contain multiple account administrators.

No
Yes

A

No

Explanation:
It is possible to assign multiple administrators to a particular subscription, however there is ONLY 1

account administrator.

From the Official Azure Documentation:

To manage access to Azure resources, you must have the appropriate administrator role. Azure has an authorization system called Azure role-based access control (Azure RBAC) with several built-in roles you can choose from. You can assign these roles at different scopes, such as management group, subscription, or resource group. By default, the person who creates a new Azure subscription can assign other users administrative access to a subscription (account Admin).

Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator

79
Q

____________________ notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.

Azure Active Directory

Azure Trust Center

Azure Service Health

Azure Monitor

A

Azure Service Health

Explanation:
Azure Service Health provides personalised alerts and guidance for Azure service issues.

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. You can also configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

IMPORTANT!

Reference: https://azure.microsoft.com/en-ca/features/service-health/

80
Q

A startup has deployed a set of Virtual Machines which are critical for their day-to-day operations. They need to ensure their availability even if a single data center goes down. An intern suggests deploying the Virtual Machines to at least two regions.

Would this suggestion meet the goal?

No

Yes

A

Yes

Explanation:
By deploying the virtual machines to two or more regions, you are deploying the virtual machines to multiple datacenters. This will ensure that the services running on the virtual machines are available if a single data center fails.

Azure operates in multiple datacenters around the world. These datacenters are grouped in to geographic regions, giving you flexibility in choosing where to build your applications. You create Azure resources in defined geographic regions like ‘West US’, ‘North Europe’, or ‘Southeast Asia’. You can review the list of regions and their locations.

Within each region, multiple datacenters exist to provide for redundancy and availability.

Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions

81
Q

Which of the following solutions is the BEST to store web app user data, device information and other metadata?

Azure Table Storage

Azure Cosmos DB

Azure SQL Database

Azure Cache for Redis

A

Azure Table Storage

Explanation:

82
Q

All the resources residing in a Resource Group must belong to the same Region.

Yes

No

A

No

Explanation:
Azure resources deployed to a single resource group can be located in different regions. The resource group only contains metadata about the resources it contains.

When creating a resource group, you need to provide a location for that resource group. You may be wondering, “Why does a resource group need a location?

And, if the resources can have different locations than the resource group, why does the resource group location matter at all?”

The resource group stores metadata about the resources. When you specify a location for the resource group, you’re specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

83
Q

In Azure, subscriptions serve as a unit of:

Management

Scale

Billing

All of the above

A

All of the above

Explanation:
The correct answer is All of the Above.

In Azure, subscriptions serve as a unit of management, billing, and scale. They help you organize your resource groups, manage access to resources, and facilitate billing for the resources used in Azure.

Reference: https://learn.microsoft.com/en-us/training/modules/describe-core-architectural-components-of-azure/6-describe-azure-management-infrastructure

84
Q

____________ provides disks for Azure virtual machines. Applications and other services can access and use them as needed, similar to how they would in on-premises scenarios.

Disk Storage

Blob Storage

File Storage

SSD Storage

A

Disk Storage

Explanation:
Disk Storage provides disks for Azure virtual machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk.

85
Q

Which of the following is not a cost saving solution?

Deleting unused resources

Using Azure Reservations to prepay

Using spending limits to restrict your spending

Resize underutilized virtual machines

Using Azure Hybrid Benefit to repurpose software licenses on Azure

Shutting down Virtual Machines at night

Choosing low-cost locations and regions

A

Shutting down Virtual Machines at night

Explanation:
Shutting down Virtual Machines at night is not a cost saving solution.