AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 6 Flashcards
To begin using Azure Storage, you first create an Azure ________________ to store your data objects.
DNS
Resource Group
Storage Account
Storage Section
Storage Account
Explanation:
Azure Storage is a service that you can use to store files, messages, tables, and other types of information. Clients such as websites, mobile apps, desktop applications, and many other types of custom solutions can read data from and write data to Azure Storage. Azure Storage is also used by infrastructure as a service virtual machines, and platform as a service cloud services.
To begin using Azure Storage, you first create an Azure Storage account to store your data objects. You can create an Azure Storage account by using the Azure portal, PowerShell, or the Azure CLI. Your storage account will contain all of your Azure Storage data objects, such as blobs, files, and disks.
Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-storage-fundamentals/azure-storage-accounts
Which of the following is a way that Azure AD Identity Protection helps to protect against identity-based attacks?
By automatically blocking all sign-in attempts from high-risk IP addresses
By requiring all users to use multi-factor authentication
By monitoring users’ device health and security posture
By enforcing strong passwords for all users
By monitoring users’ device health and security posture
Explanation:
Azure AD Identity Protection uses various signals, including device health and security posture, to detect identity-based attacks and suspicious activities. By monitoring these factors, it can assess the risk level of a user’s sign-in attempt or activity and take appropriate action, such as requiring additional authentication or blocking access.
Note that Azure AD Identity Protection is not a replacement for strong passwords, multi-factor authentication, or other security measures. Instead, it is an additional layer of security that helps to protect against identity-based attacks.
By enforcing strong passwords for all users: This is incorrect because enforcing strong passwords is not a specific feature of Azure AD Identity Protection, but rather a general best practice for secure password management.
By automatically blocking all sign-in attempts from high-risk IP addresses: This is incorrect because Azure AD Identity Protection does not automatically block sign-in attempts based on IP address, but instead uses a risk-based approach to evaluate sign-in attempts and assess the level of risk.
By requiring all users to use multi-factor authentication: This is incorrect because although Azure AD Identity Protection supports multi-factor authentication, it is not the only method used to protect against identity-based attacks.
Your team is planning to build a set of REST-based web APIs by using your choice of language and framework. The produced apps should be consumable from any HTTP or HTTPS based client.
Which of the following would be a great fit for this use case?
Azure App Service
Azure Kubernetes Service
Azure Container Instances
Azure Virtual Desktops
Azure Functions
Azure App Service
Explanation:
App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. This platform as a service (PaaS) environment allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications.
Which of the following is NOT an Azure Subscription type?
Pay As You Go
Pay For a Year
Member offers
Free Trial
Pay For a Year
Explanation:
You probably know that an Azure subscription provides you with access to Azure resources such as virtual machines (VMs), storage, and databases. The types of resources you use affect your monthly bill.
Azure offers both free and paid subscription options to fit your needs and requirements. They are:
Free trial
A free trial subscription provides you with 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free. Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription.
Pay-as-you-go
A pay-as-you-go subscription lets you pay for what you use by attaching a credit or debit card to your account. Organizations can apply for volume discounts and prepaid invoicing.
Member offers
Your existing membership to certain Microsoft products and services might provide you with credits for your Azure account, and reduced rates on Azure services. For example, member offers are available to Visual Studio subscribers, Microsoft Partner Network members, Microsoft for Startups members, and Microsoft Imagine members.
Which of the following is NOT a compute service available in Azure?
Azure Functions
Azure CosmosDB
Azure App Service
Azure Kubernetes
Azure CosmosDB
Explanation:
CosmosDB is a Database and not a compute option in Azure.
From the Official Azure Documentation:
Azure offers a number of ways to host your application code. The term compute refers to the hosting model for the computing resources that your application runs on. The following flowchart will help you to choose a compute service for your application.
If your application consists of multiple workloads, evaluate each workload separately. A complete solution may incorporate two or more compute services.
Which feature of Azure AD External Identities enables customers to sign up, sign in, and manage their own profiles using social accounts?
Azure Multi-Factor Authentication
Azure B2B Collaboration
Azure Active Directory B2C
Azure Active Directory Domain Services
Azure Active Directory B2C
Explanation:
Azure Active Directory B2C is designed to handle customer identities and enables them to sign up, sign in, and manage their profiles using social accounts or other identity providers, enhancing their experience with your applications.
What is the purpose of the Azure AD Identity Protection dashboard?
To provide an overview of all users’ activity logs.
To show a summary of the risk level of all users.
To enable administrators to manage and investigate risk events.
To allow administrators to manage users’ authentication methods.
To enable administrators to manage and investigate risk events.
Explanation:
The correct answer is - To enable administrators to manage and investigate risk events.
The purpose of the Azure AD Identity Protection dashboard is to provide administrators with a centralized view of all risky sign-ins, vulnerabilities, and compromised identities. It allows administrators to investigate and manage risk events by providing detailed information about the users, devices, and applications involved in the event. The dashboard also provides recommendations to improve the security posture of the organization, such as enabling multi-factor authentication for at-risk users.
To provide an overview of all users’ activity logs: This is incorrect because the Azure AD Identity Protection dashboard focuses on risk events, not activity logs.
To allow administrators to manage users’ authentication methods: This is incorrect because managing users’ authentication methods is a separate function that is not part of the Azure AD Identity Protection dashboard.
To show a summary of the risk level of all users: This is incorrect because while the dashboard provides a risk score for each user, its primary purpose is to enable administrators to investigate and manage risk events, not to provide a summary of the risk level of all users.
Which storage redundancy option offers the highest level of durability, with a remarkable 16 nines of durability?
Durable-redundant storage (DRS)
Geo-redundant storage (GRS)
Locally redundant storage (LRS)
Zone-redundant storage (ZRS)
Geo-redundant storage (GRS)
Explanation:
The storage redundancy option that provides the highest degree of durability, with 16 nines of durability, is “geo-redundant storage (GRS).” GRS copies your data synchronously within a single physical location in the primary region using locally redundant storage (LRS). It then copies your data asynchronously to a single physical location in the secondary region (the region pair) also using LRS. This combination of synchronous and asynchronous replication results in an extremely high level of durability, offering at least 16 nines (99.99999999999999%) of durability for Azure Storage data objects over a given year.
A __________________ contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Route filter
Network security group (NSG)
Network gateway
Domain Name Service
Network security group (NSG)
Explanation:
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
Network security group security rules are evaluated by priority using the 5-tuple information (source, source port, destination, destination port, and protocol) to allow or deny the traffic. A flow record is created for existing connections. Communication is allowed or denied based on the connection state of the flow record. The flow record allows a network security group to be stateful. If you specify an outbound security rule to any address over port 80, for example, it’s not necessary to specify an inbound security rule for the response to the outbound traffic. You only need to specify an inbound security rule if communication is initiated externally. The opposite is also true. If inbound traffic is allowed over a port, it’s not necessary to specify an outbound security rule to respond to traffic over the port.
_______________ is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
Azure Sentinel
Azure Arc
Microsoft Defender for Cloud
Azure Key Vault
Azure Sentinel
Explanation:
Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system. A SIEM system aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response.
Azure Sentinel is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
Azure Sentinel enables you to:
Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.
Detect previously undetected threats Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.
Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
Respond to incidents rapidly Use built-in orchestration and automation of common tasks.
What benefit does Infrastructure as Code (IaC) provide for disaster recovery scenarios?
It enables version control for application code.
It automates the creation of virtual machines.
It ensures consistent infrastructure configuration replication.
It accelerates the download speed of cloud resources.
It ensures consistent infrastructure configuration replication.
Explanation:
Infrastructure as Code (IaC) is a key DevOps practice that involves the management of infrastructure, such as networks, compute services, databases, storages, and connection topology, in a descriptive model. IaC allows teams to develop and release changes faster and with greater confidence. Benefits of IaC include:
Increased confidence in deployments
Ability to manage multiple environments
Improved understanding of the state of infrastructure
With IaC, you can create infrastructure configurations as code. This enables consistent replication of infrastructure settings, reducing the risk of configuration errors during disaster recovery scenarios.
In a scenario where you need to manage access, policies, and compliance for multiple subscriptions, which Azure service would you use?
Azure management groups
Azure resource groups
Azure Active Directory
Azure subscriptions
Azure management groups
Explanation:
Azure management groups is the correct answer.
In a scenario where you need to manage access, policies, and compliance for multiple subscriptions, you would use Azure management groups. Management groups provide a level of scope above subscriptions, allowing you to organize subscriptions into containers and apply governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group.
Other options -
Azure Active Directory: While Azure AD is used for identity and access management, it does not directly manage policies and compliance for multiple subscriptions.
Azure subscriptions: Subscriptions are a unit of management, billing, and scale in Azure, but they do not provide a higher level of scope for managing multiple subscriptions.
Azure resource groups: Resource groups are used to organize resources within a subscription, but they do not provide a higher level of scope for managing multiple subscriptions.
Which of the following would you use to deploy and manage containerised applications to provide an integrated continuous integration and continuous delivery (CI/CD) experience and enterprise-grade security and governance.
Azure Container Instances
Azure Kubernetes
Azure Functions
Azure Batch
Azure Kubernetes
Explanation:
You can deploy and manage containerised applications more easily with a fully managed Kubernetes service. Azure Kubernetes Service (AKS) offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience and enterprise-grade security and governance. You can also unite your development and operations teams on a single platform to rapidly build, deliver and scale applications with confidence.
The Cool storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.
False
True
False
Explanation:
Azure Storage offers different access tiers for your blob storage, helping you store object data in the most cost-effective manner. The available access tiers include:
Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website).
Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers).
Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).
The following considerations apply to the different access tiers:
Only the hot and cool access tiers can be set at the account level. The archive access tier isn’t available at the account level.
Hot, cool, and archive tiers can be set at the blob level, during upload or after upload.
Data in the cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data. For cool data, a slightly lower availability service-level agreement (SLA) and higher access costs compared to hot data are acceptable trade-offs for lower storage costs.
Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.1`
Azure Pay-As-You-Go pricing is an example of Capex.
No
Yes
No
Explanation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operational expenditure (paying for service as you use it).
What are the basic building block of Azure?
Resource groups
Subscriptions
Management groups
Resources
Resources
Explanation:
Resources are the basic building blocks of Azure. Anything you create, provision, deploy, etc. is a resource. Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all considered resources within Azure.
Other options -
Resource groups are logical containers for resources deployed within an Azure subscription. They do not represent the individual components created in Azure.
Subscriptions are a unit of management, billing, and scale in Azure. They are used to organize resource groups and facilitate billing but are not the basic building blocks themselves.
Management groups are a higher-level organizational structure used to manage access, policies, and compliance for multiple subscriptions. They are not the basic building blocks of Azure.
What is the minimum number of Virtual Machines and minimum number of Availability Zones respectively that must be used to guarantee an SLA of 99.99%?
2 Virtual Machines , 2 Availability Zones
1 Virtual Machine, 1 Availability Zone
1 Virtual Machine, 2 Availability Zones
2 Virtual Machines, 1 Availability Zone
2 Virtual Machines , 2 Availability Zones
Explanation:
Azure offers industry best SLAs for VMs. However, to guarantee an SLA of 99.99%, you must have 2 or more instances deployed across 2 or more Availability Zones!
According to the official Azure documentation :
Reference : https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
An Azure Web App that queries an on-prem Oracle SQL Database is an example of a ____________________ cloud architecture.
multi-vendor
hybrid
private
public
hybrid
Explanation:
Since you are using both Azure, as well as on-prem resources ( A combination of both ) -> This is an example of a hybrid cloud!
From the Official Azure Documentation:
Reference: https://azure.microsoft.com/en-in/overview/what-is-hybrid-cloud-computing/
Which of the following is an event driven, compute-on-demand service , with capabilities to implement code triggered by events occurring in Azure or third party service as well as on-premises systems?
Azure Kubernetes
Azure Serverless
Azure Machine Learning Studio
Azure Policies
Azure CosmosDB
Azure Functions
Azure Functions
Explanation:
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
You focus on the pieces of code that matter most to you, and Azure Functions handles the rest.
Your organization needs to move all its data back to on-premises due to new government regulations. Which Azure service should you use to export data from Azure for this migration?
AzCopy
Azure Data Box
Azure Site Recovery
Azure Data Factory
Azure Data Box
Explanation:
The correct option is Azure Data Box. Azure Data Box is designed for transferring large amounts of data to and from Azure. In this scenario, where the organization needs to move all its data back to on-premises due to government regulations, Data Box is the most suitable choice. It provides a secure and efficient way to transfer large volumes of data without relying on limited or slow network connections.
Wrong options:
Azure Data Factory - Azure Data Factory is a cloud-based data integration service that allows you to create, schedule, and manage data workflows. While it can be used to move and transform data, it’s not the best option for large-scale data export to on-premises, especially with limited network connectivity.
Azure Site Recovery - Azure Site Recovery is a disaster recovery service that helps protect and recover on-premises and Azure-based virtual machines. It is not designed for exporting large amounts of data from Azure to on-premises environments.
AzCopy - AzCopy is a command-line utility for copying data to and from Azure Storage. While it can be used for data transfers, it relies on network connectivity, which may not be suitable for transferring large amounts of data back to on-premises locations.
You have an on-premises infrastructure and would like to extend its capabilities by making use of Azure services. Which type of cloud deployment is this an example of?
A Public Cloud
A private cloud
A hybrid cloud
An Internal cloud
A hybrid cloud
Explanation:
A hybrid cloud is a combination of a private cloud and a public cloud.
A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.
Hybrid cloud
Provides the most flexibility.
Organizations determine where to run their applications.
Organizations control security, compliance, or legal requirements
_____________ helps you estimate the cost savings of operating your solution on Azure over time compared to operating in your on-premises datacenter.
Azure TCO Calculator
Azure Advisor
Azure Blueprints
Azure Pricing Calculator
Azure TCO Calculator
Explanation:
The TCO Calculator helps you estimate the cost savings of operating your solution on Azure over time compared to operating in your on-premises datacenter.
The term total cost of ownership is used commonly in finance. It can be hard to see all the hidden costs related to operating a technology capability on-premises. Software licenses and hardware are additional costs.
With the TCO Calculator, you’ll enter the details of your on-premises workloads. Then you can review the suggested industry-average cost (which you can adjust) for related operational costs. These costs include electricity, network maintenance, and IT labor. You’re then presented with a side-by-side report. Using the report, you can compare those costs with the same workloads running on Azure.
A Senior Security Engineer in your company has enforced MFA for all users. How does MFA enhance security?
It requires a Password and a code through the Microsoft Authenticator App
It uses two passwords
It requires password complexity
It requires a Social Insurance Number and a Password
It requires a Password and a code through the Microsoft Authenticator App
Explanation:
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.
Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:
1) Something you know, typically a password.
2) Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key.
3) Something you are - biometrics like a fingerprint or face scan.
Users can register themselves for both self-service password reset and Azure AD Multi-Factor Authentication in one step to simplify the on-boarding experience. Administrators can define what forms of secondary authentication can be used. Azure AD Multi-Factor Authentication can also be required when users perform a self-service password reset to further secure that process.
You can enforce Azure AD Multi-Factor Authentication for all users via the Microsoft Authenticator app, phone call, or SMS code.
No
Yes
No
Explanation:
Azure AD Multi-Factor Authentication is a Microsoft service that provides multifactor authentication capabilities. Azure AD Multi-Factor Authentication enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.
The Azure Active Directory free edition enables Azure AD Multi-Factor Authentication for administrators with the global admin level of access, via the Microsoft Authenticator app, phone call, or SMS code. You can also enforce Azure AD Multi-Factor Authentication for all users via the Microsoft Authenticator app only, by enabling security defaults in your Azure AD tenant.
Purchasing your own infrastructure and deploying it in your own data center is an example of CapEx.
Yes
No
Yes
Explanation:
Deploying your own datacenter is definitely an example of CapEx. This is because you need to purchase all the infrastructure upfront before you can use it.
Which of the following statements regarding Azure subscriptions are correct?
Billing is applied to each subscription separately
Subscription is dependent on a region
Trial subscription can be converted to paid
Azure subscription cannot have a trust relationship with an Azure Active Directory (AD) instance
Multiple subscriptions cannot be created within an Azure account
Billing is applied to each subscription separately
Subscription is dependent on a region
Trial subscription can be converted to paid
Explanation:
Billing is applied to each subscription separately - Yes! It is one of the many reasons why people use separate subscriptions.
Trial subscription can be converted to paid - Of course. When you sign up for an Azure free account, you get $200 credit. In the first 30 days, any services you use beyond their free amounts will be deducted from that $200 credit. When you’ve used up your $200 credit or 30 days have passed (whichever happens first), you’ll need to upgrade by moving to pay-as-you-go pricing. That way, you can keep getting free amounts of services and purchase services beyond their free amounts as needed. The cost of those services is charged to the payment method you provide.
Subscription is dependent on a region - Yes, when you create a subscription in Azure, you need to specify a certain region for that Subscription. Hence, this choice is valid as well.
All other options are invalid and don’t stand true.
Which of the following is an excellent choice if you want to run multiple instances of an application on a single host machine?
Functions
Blueprints
Scale Sets
Containers
Containers
Explanation:
While virtual machines are an excellent way to reduce costs versus the investments that are necessary for physical hardware, they’re still limited to a single operating system per virtual machine. If you want to run multiple instances of an application on a single host machine, containers are an excellent choice.
What are containers?
Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you don’t manage the operating system for a container. Virtual machines appear to be an instance of an operating system that you can connect to and manage, but containers are lightweight and designed to be created, scaled out, and stopped dynamically. While it’s possible to create and deploy virtual machines as application demand increases, containers are designed to allow you to respond to changes on demand. With containers, you can quickly restart in case of a crash or hardware interruption. One of the most popular container engines is Docker, which is supported by Azure.
Containers are managed through a container orchestrator, which can start, stop, and scale out application instances as needed. There are two ways to manage both Docker and Microsoft-based containers in Azure: Azure Container Instances and Azure Kubernetes Service (AKS).
What is the primary role of Azure Arc-enabled data services?
To provide cloud-based virtual machines for data processing.
To manage and monitor data services exclusively within Azure regions.
To optimize network connectivity between Azure regions.
To extend Azure data services to on-premises and multi-cloud environments.
To extend Azure data services to on-premises and multi-cloud environments.
Explanation:
Azure Arc-enabled data services extend Azure data services to on-premises and multi-cloud environments, enabling consistent data management and integration across different locations.q
AzCopy is a command-line utility designed to copy ______________.
Data between Azure Storage accounts
Data between on-premises file servers
Database schemas
Virtual machines
Data between Azure Storage accounts
Explanation:
AzCopy is a command-line utility specifically designed to copy data between Azure Storage accounts or between an on-premises location and Azure Storage. It supports Blob Storage, Table Storage, and File Storage transfers.
Other options -
Virtual machines - AzCopy is not designed to copy virtual machines; it focuses on data transfers for Azure Storage services. Data between on-premises file servers - Although AzCopy can copy data between an on-premises location and Azure Storage, it is not intended for transferring data directly between on-premises file servers without involving Azure Storage. Database schema - AzCopy is not designed for copying database schema; it focuses on data transfers for Azure Storage services, such as Blob Storage, Table Storage, and File Storage.
How does Microsoft Purview contribute to data security and compliance?
It encrypts data at rest and in transit.
It provides real-time monitoring of network traffic.
It enforces strict role-based access control for virtual machines.
It helps classify and protect sensitive data and ensures compliance policies are followed.
It helps classify and protect sensitive data and ensures compliance policies are followed.
Explanation:
Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview helps organizations classify and label data, apply data protection policies, and manage access controls. This ensures that sensitive data is properly protected and that compliance with data regulations is maintained, contributing to data security and compliance efforts.
A unique characteristic of Azure Files from files on a corporate file share is that you cannot access the files from anywhere in the world, it has to be from a specific location.
No
Yes
No
Explanation:
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.
One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world, by using a URL that points to the file. You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time.
Here’s an example of a service SAS URI, showing the resource URI and the SAS token:
Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-storage-fundamentals/azure-file-storage
True or False: Data stored in an Azure Storage account is automatically copied twice.
False
True
False
Explanation:
Azure Storage offers multiple redundancy options, including locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), and read-access geo-redundant storage (RA-GRS).
LRS and ZRS provide redundancy within a datacenter or within a single zone, respectively, and create three copies of the data. GRS and RA-GRS provide additional redundancy across multiple datacenters or regions, respectively, and create six copies of the data (three copies in the primary region and three copies in the secondary region).
However, none of these redundancy options provide only two copies of the data by default.
How does Microsoft Purview enhance data governance across multi-cloud environments?
By offering a unified solution to manage and govern data across various cloud and on-premises sources.
By offering virtual machine management capabilities.
By enabling cross-platform application deployment.
By providing a cloud-native development environment.
By offering a unified solution to manage and govern data across various cloud and on-premises sources.
Explanation:
Microsoft Purview provides a unified solution for managing and governing data across various sources, including multi-cloud and on-premises environments. It helps organizations maintain consistent data governance practices and policies regardless of where the data resides.
You are a cloud administrator responsible for managing a large Azure environment with multiple subscriptions. You want to enforce a company-wide requirement that requires all virtual machines to be encrypted using Azure Disk Encryption. Which Azure service should you use to enforce this?
Azure Security Center
Azure Resource Manager
Azure Active Directory
Azure Policy
Azure Policy
Explanation:
Azure Policy can be used to enforce company-wide policies across multiple Azure subscriptions, including policies related to Azure Disk Encryption. By creating a policy definition that requires all virtual machines to have Azure Disk Encryption enabled, you can ensure that this policy is applied consistently across your entire Azure environment.
Other options -
Azure Security Center: This is a service that helps customers protect their Azure and on-premises resources from threats, but it is not designed specifically for enforcing policies related to Azure Disk Encryption. Azure Active Directory: This is a cloud-based identity and access management service, and while it can be used to manage access to Azure resources, it is not designed to enforce policies related to Azure Disk Encryption. Azure Resource Manager: This is a service that allows customers to manage resources in their Azure subscription, but it is not designed to enforce policies related to Azure Disk Encryption. multiple subscriptions.
A startup is planning to use multiple Azure SQL Databases. Which of the following will help them to reduce costs if the databases have unpredicatable usage demands?
Scale Sets
Azure Blueprints
Azure Policies
Elastic Pools
Elastic Pools
Explanation:
Just like Azure VM Scale Sets are best friends with Azure VMs, for Azure SQL Databases, we have Azure SQL Database elastic pools . These are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a set number of resources at a set price.
Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.
When creating a private endpoint, which of the following components needs to be configured to enable private connectivity?
Network Security Group (NSG)
Azure Active Directory (Azure AD)
Private DNS zone
Public IP address
Private DNS zone
Explanation:
To enable private connectivity via a private endpoint, you need to configure a Private DNS zone. This Private DNS zone allows you to resolve the hostname of the private endpoint to its private IP address within your virtual network.
A new startup needs to control its cloud environment so that it complies with several industry standards, but it’s not sure where to start. They have existing business requirements, and understand how these requirements relate to their on-premises workloads. These requirements also must be met by any workloads they run in the cloud.
Which of the following can help them in this case?
Your answer is incorrect
The Azure Blueprint for Cloud
Microsoft Defender for Cloud
The Cloud Adoption Framework for Azure
The Proven Roadmap for Azure
The Cloud Adoption Framework for Azure
Explanation:
The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud.
Cloud Adoption Framework consists of tools, documentation, and proven practices. The Cloud Adoption Framework includes these stages:
Define your strategy. Make a plan. Ready your organization. Adopt the cloud. Govern and manage your cloud environments.
Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/9-accelerate-cloud-adoption-framework
Your company’s IT department wants to ensure that its virtual machines (VMs) are highly available and have automatic failover in case of a hardware failure. Which Azure Virtual Machines feature should you use to achieve this?
Azure Site Recovery
Azure Virtual Machine Resiliency
Availability Zones
Virtual Machine Scale Sets
Availability Zones
Explanation:
Availability Zones is the correct answer. It is an Azure service that provides high availability by replicating applications and data across multiple data-centers within a region. By using availability zones, your virtual machines are deployed in separate physical locations with independent power, cooling, and networking, ensuring that they remain available even if there is a failure in one of the zones. This feature provides automatic failover in case of a hardware failure, making it a suitable solution for ensuring highly available virtual machines.
Which of the following is an accurate definition of an Azure Policy Initiative?
An Azure service that provides real-time monitoring of policy enforcement.
A type of virtual machine used for hosting policies in the Azure cloud.
A set of policy definitions that are applied individually for easy management and assignment.
A way to package and deploy a collection of policy definitions as a single entity.
A way to package and deploy a collection of policy definitions as a single entity.
Explanation:
The correct answer is : A way to package and deploy a collection of policy definitions as a single entity. An initiative definition is a group of policy definitions that are designed to achieve a specific objective. The purpose of initiative definitions is to streamline the management and assignment of policy definitions by grouping them together as a single entity. An example of an initiative could be “Enable Monitoring in Microsoft Defender for Cloud,” which aims to monitor all the available security recommendations in a Microsoft Defender for Cloud instance.
You want to set up separate environments for development and testing, and security in Azure. What would you create to achieve this?
Additional resource groups
Additional subscriptions
Additional management groups
Additional Azure accounts
Additional subscriptions
Explanation:
Creating additional subscriptions is a suitable approach for setting up separate environments for development and testing, and security in Azure. By having separate subscriptions for different environments, you can manage and control access to the resources provisioned within each subscription, and it helps you track costs and apply different access-management policies more effectively.
Which of the following is a key difference between Azure Active Directory (AAD) and Role-Based Access Control (RBAC)?
AAD is a cloud-based directory service, while RBAC is a feature within the Azure portal.
AAD provides identity and access management services, while RBAC provides granular access control within Azure resources.
AAD is only used for managing access to Microsoft applications, while RBAC is used for managing access to any Azure resource.
AAD is used for managing access to Azure resources, while RBAC is used for managing access to on-premises resources.
AAD provides identity and access management services, while RBAC provides granular access control within Azure resources.
Explanation:
The correct option is : Azure Active Directory (AAD) provides identity and access management services, while Role-Based Access Control (RBAC) provides granular access control within Azure resources.
Other options:
AAD is used for managing access to Azure resources, while RBAC is used for managing access to on-premises resources : This is incorrect because AAD can be used for managing access to on-premises resources as well as cloud resources. AAD is a cloud-based directory service, while RBAC is a feature within the Azure portal: This is incorrect because AAD is a cloud-based directory service, but RBAC is not a feature within the Azure portal. Rather, RBAC is a built-in feature of the Azure platform for managing access to Azure resources. AAD is only used for managing access to Microsoft applications, while RBAC is used for managing access to any Azure resource: This is incorrect because AAD can be used to manage access to both Microsoft and non-Microsoft applications, while RBAC is used only for managing access to Azure resources.
Overall, AAD and RBAC have different but complementary roles in managing access to Azure resources. AAD is primarily used for managing user identities and authentication, while RBAC is used for managing granular access control within Azure resources by assigning permissions to specific roles rather than individual users.
An unlimited number of resources can be added to a Subscription.
False
True
False
Explanation:
At the beginning of any cloud governance implementation, you identify a cloud organization structure that meets your business needs. This step often involves forming a cloud center of excellence team (also called a cloud enablement team or a cloud custodian team). This team is empowered to implement governance practices from a centralized location for the entire organization.
Teams often start their Azure governance strategy at the subscription level.
Subscriptions also have some resource limitations. For example, the maximum number of network Azure ExpressRoute circuits per subscription is 10. Those limits should be considered during your design phase. If you’ll need to exceed those limits, you might need to add more subscriptions. If you hit a hard limit maximum, there’s no flexibility to increase it.
Management groups are also available to assist with managing subscriptions. A management group manages access, policies, and compliance across multiple Azure subscriptions. You’ll learn more about management groups later in this module.
________________ help to enforce organizational standards, to assess compliance at-scale and implementing governance for resource consistency, regulatory compliance, security and management.
Resource Groups
Resource Locks
Templates
Your answer is correct
Policies
How does Azure AD B2B Collaboration benefit organizations when collaborating with external partners?
It enables external partners to manage Azure subscriptions.
It grants full administrator access to external partners.
It provides controlled access to specified resources while maintaining security.
It integrates external partners into the organization’s on-premises network.
It provides controlled access to specified resources while maintaining security.
Explanation:
Azure AD B2B Collaboration enables organizations to securely collaborate with external partners by granting them controlled access to specific resources. This allows external partners to work on shared projects without compromising security.
Which of the following scenarios are suitable for using Data Box to import data to Azure?
Configuring real-time data synchronization between Azure and on-premises servers
Moving a media library from offline tapes to Azure
One-time migration of a large amount of on-premises data
Incremental backups of Azure virtual machines
Moving a media library from offline tapes to Azure
One-time migration of a large amount of on-premises data
Explanation:
One-time migration of a large amount of on-premises data: Azure Data Box is an ideal solution for importing large volumes of data to Azure when network connectivity is limited or insufficient. It is suitable for one-time migration scenarios where you need to move a large amount of data from on-premises to Azure.
Moving a media library from offline tapes to Azure: Data Box can be used to move media libraries from offline tapes to Azure, creating an online media library. It provides a secure and efficient way to transfer large amounts of media files to Azure storage services.
Other options -
Configuring real-time data synchronization between Azure and on-premises servers: Data Box is designed for offline data transfers and is not meant for real-time data synchronization between Azure and on-premises servers. For real-time data synchronization, you might consider Azure File Sync or other data synchronization services.
Incremental backups of Azure virtual machines: Data Box is used for transferring data to or from Azure, not specifically for incremental backups of Azure virtual machines. To perform incremental backups of Azure VMs, you can use Azure Backup service, which is designed for that purpose.
Reference: https://learn.microsoft.com/en-us/training/modules/describe-azure-storage-services/6-identify-azure-data-migration-options
Which of the following can an application retrieve security tokens from? Choose the Best possible answer.
A Certificate Store
An Azure Key Vault
An Azure SQL Database
Azure Active Directory (Azure AD)
Azure Active Directory (Azure AD)
Explanation:
Please note that the question asks us “To retrieve security tokens”. You might be thinking about Azure Key Vaults here.
A service such as Azure Key Vault can keep security token, however to access/retrieve something from the Key Vault , we need to be authenticated to retrieve them. To authenticate, we can use “managed identity” that gives Azure services an automatically managed identity in Azure AD. So the answer is Azure AD.
Remember that Azure AD provides access tokens. Azure Key vault is used to securely store passwords, secrets, certificates and tokens.
Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Which of the following can you recommend?
Azure Advisor
Azure Security Center
Blueprints
Policies
Tags
Tags
Explanation:
Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for the following reasons:
Resource management: Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.
Operations management: Visibility for the operations management team about business commitments and SLAs is an important aspect of ongoing operations. For operations to be managed well, tagging for mission criticality is required.
Security: Classification of data and security impact is a vital data point for the team, when breaches or other security issues arise. To operate securely, tagging for data classification is required.
Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/?toc=%2Fazure%2Fazure-resource-manager%2Fmanagement%2Ftoc.json
What are the two types of subscription boundaries that you can use in Azure?
Geographical boundary
Access control boundary
Organizational boundary
Billing boundary
Access control boundary
Billing boundary
Explanation:
In Azure, you can use two types of subscription boundaries:
Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.
What is the recommended minimum data size for using Data Box to transfer data in scenarios with limited network connectivity?
100 TB
20 TB
40 TB
10 TB
40 TB
Explanation:
Data Box is an Azure service designed for offline data transfer when dealing with large data sizes and limited or no network connectivity. The recommendation for using Data Box is for data sizes larger than 40 TB. This is because, at such large data sizes, transferring data over the network can be slow, unreliable, or costly due to bandwidth limitations.
In scenarios with limited network connectivity, using Data Box helps avoid the challenges of slow data transfer speeds, potential data corruption, and high costs associated with transferring massive amounts of data over the network. By opting for Data Box, you ensure a secure, efficient, and cost-effective solution for moving large volumes of data to or from Azure.
Which of the following would you recommend for these given requirements?
1) Create thousands of identical virtual machines in minutes
2) Deploy across availability zones to protect against datacenter failures
Azure Container Instance
Azure Blueprints
Azure Virtual Machines
Azure Kubernetes
Azure Virtual Machine Scale Sets
Azure Resource Groups
Azure Virtual Machine Scale Sets
Explanation:
Azure Virtual Machine Scale Sets is Automated virtual machine scaling that helps you cost-effectively simplify the deployment, management, and availability of your applications.
Reference : https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/
You plan to deploy an SQL database to Azure. One of the major requirements is resource isolation, i.e this database should not be accessible to other your other resources on Azure.
Which of the following can help with this?
Deploy the SQL Database to a different Virtual Network
Use an Azure ExpressRoute circuit
Setup custom rules in Azure Policies
Setup custom rules in Azure Blueprints
Deploy the SQL Database to a different Virtual Network
Explanation:
Overall explanation
Deploy the SQL Database to a different Virtual Network explains network segmentation. You can deploy the SQL database to a new Virtual Network and filter any traffic using a Network Security Group on top of it.
From the Official Azure Documentation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
Communicate between Azure resources
You’ll want to enable Azure resources to communicate securely with each other. You can do that in one of two ways:
Virtual networks Virtual networks can connect not only VMs but other Azure resources, such as the App Service Environment for Power Apps, Azure Kubernetes Service, and Azure virtual machine scale sets.
Service endpoints You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.
Filter network traffic
Azure virtual networks enable you to filter traffic between subnets by using the following approaches:
Network security groups A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.
Network virtual appliances A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.
Which of the following is NOT a valid way to purchase Azure Services?
Through any 3rd Party Vendor
Through a Cloud Solution Provider
Directly from the Web
Through an Enterprise Agreement
Through any 3rd Party Vendor
Explanation:
There are three main ways to purchase services on Azure. They are:
Through an Enterprise Agreement
Larger customers, known as enterprise customers, can sign an Enterprise Agreement with Microsoft. This agreement commits them to spending a predetermined amount on Azure services over a period of three years. The service fee is typically paid annually. As an Enterprise Agreement customer, you’ll receive the best customized pricing based on the kinds and amounts of services you plan on using.
Directly from the web
Here, you can purchase Azure services directly from the Azure portal website and pay standard prices. You’re billed monthly, either as a credit card payment or through an invoice. This purchasing method is known as Web Direct.
Through a Cloud Solution Provider
A Cloud Solution Provider (CSP) is a Microsoft Partner that helps you build solutions on top of Azure. Your CSP bills you for your Azure usage at a price they determine. They also answer your support questions and escalate them to Microsoft, as needed.
When you form a cloud center of excellence team or a cloud custodian team, that team can use Azure _______________ to scale their governance practices throughout the organization.
Blueprints
Compliance
Resource Groups
Subscriptions
Blueprints
Explanation:
When you form a cloud center of excellence team or a cloud custodian team, that team can use Azure Blueprints to scale their governance practices throughout the organization.
Implementing a blueprint in Azure Blueprints involves these three steps:
Create an Azure blueprint.
Assign the blueprint.
Track the blueprint assignments.
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.
Blueprints are also versioned. Versioning enables you to track and comment on changes to your blueprint.
Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/8-govern-subscriptions-azure-blueprints
An Azure service is said to be available to all Azure customers when it is in ______________.
fixed preview
general availability
public preview
private preview
public preview
Explanation:
Public preview means that the service is available to everyone with an Azure subscription but the normal SLAs don’t apply. This is different from general availability when the service is available to all Azure customers with SLA backed guarantees!
Example -
Reference: https://azure.microsoft.com/en-ca/support/legal/preview-supplemental-terms/
Which of the following is a factor that Azure AD Identity Protection uses to assess the risk level of a user’s sign-in attempt or activity?
The user’s device health and security posture.
The user’s email address
The user’s job title
The user’s physical location
The user’s device health and security posture.
Explanation:
The correct answer is - The user’s device health and security posture is one of the factors that Azure AD Identity Protection uses to assess the risk level of a user’s sign-in attempt or activity. Azure AD Identity Protection uses machine learning algorithms and various risk factors, such as device health and security posture, to identify potential risks and take appropriate action to protect the user’s identity and the organization’s resources.
Which aspect of data management does Microsoft Purview primarily address?
Data transformation for analytics purposes.
Data discovery, classification, and governance.
Data storage optimization.
Data migration between Azure regions.
Data discovery, classification, and governance.
Explanation:
Microsoft Purview focuses on data discovery, classification, and governance. It helps organizations understand what data they have, where it resides, and how it’s being used. It also provides tools for classifying and protecting sensitive data, ensuring compliance with data regulations.
Azure Reserved VM Instances are an example of Opex.
Yes
No
No
Explanation:
A reserved instance is where you pay upfront for the use of a virtual machine for a period of time (1 or 3 years). This can save you money as you receive a discount on the cost of a VM if you pay upfront for a reserved instance.
However, as this is an upfront payment, it will be classed as CapEx, not OpEx.
Simple way to remember : Upfront payment = Capex, Pay as you go = Opex!
Your company has a policy that requires all Azure resources to be deployed with a specific set of tags. You want to ensure that this mandate is enforced automatically for all new resources deployed in your Azure environment. Which Azure service should you use to accomplish this?
Azure Policy
Azure Security Center
Azure Resource Manager
Azure Advisor
Azure Policy
Explanation:
Azure Policy is the Azure service used to enforce policies for resource consistency and compliance. It allows administrators to create and enforce policies that ensure resources deployed in Azure adhere to specific rules, such as the requirement to have a specific set of tags. Azure Policy can evaluate resources against these policies and, if necessary, take actions to remediate non-compliant resources. In this scenario, Azure Policy can be used to automatically enforce the policy that requires all resources to be deployed with a specific set of tags.
You can create multiple billing reports per subscription. This is handy when you have multiple departments and need to do a chargeback of cloud costs.
False
True
False
Explanation:
You can create one billing report per subscription. If you have multiple departments and need to do a “chargeback” of cloud costs, one possible solution is to organize subscriptions by department or by project.
Resource tags can also help.
_____________ make it easier to identify groups that generate the biggest Azure costs, which can help you adjust your spending accordingly.
Tags
Blueprints
Policies
Mangement Groups
Tags
Explanation:
Tags help you manage costs associated with the different groups of Azure products and resources. You can apply tags to groups of Azure resources to organize billing data.
For example, if you run several VMs for different teams, you can use tags to categorize costs by department, such as Human Resources, Marketing, or Finance; or by environment, such as Test or Production.
Tags make it easier to identify groups that generate the biggest Azure costs, which can help you adjust your spending accordingly.
How can you deploy an ARM template to Azure?
By manually configuring each resource through the Azure portal.
By running the ARM template on a local machine be it Windows or Mac.
By submitting the ARM template to a third-party service such as Dremio.
By using Azure PowerShell, Azure CLI, or the Azure portal
By using Azure PowerShell, Azure CLI, or the Azure portal
Explanation:
ARM templates can be deployed using various tools, including Azure PowerShell, Azure CLI, and the Azure portal. These tools interpret the template and orchestrate the resource provisioning process.
Which of the following is an example of an Azure Application Platform?
Azure Cache for Redis
Azure App service
Azure DNS
Azure Firewall
Azure Load Balancer
Azure App service
Explanation:
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. For Linux-based environments, see App Service on Linux.
Which of the following options would meet these requirements?
1) SDKs for popular languages, APIs for SQL, MongoDB, Cassandra and more
2) Guaranteed speed at any scale with instant and limitless elasticity, fast reads, and multi-region writes anywhere in the world
3) The ability to work with NoSQL data
Azure Table Storage
Azure Cosmos DB
Azure Files
Azure Queues
Azure Cosmos DB
Explanation:
As part of its modernization strategy, your company has decided to move all its operations to the Azure cloud. It is looking for an advanced modernization, and optimization service for Azure with a wide range of tools for assessment.
Which of the following would you recommend?
Azure Cloud Adopter
Azure Migrate
Azure Advisor
Azure Data Box
Azure Migrate
Explanation:
Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate’s extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases. It provides the following:
Unified migration platform: A single portal to start, run, and track your migration to Azure.
Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Azure Migrate: Discovery and assessment and Azure Migrate: Server Migration. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings.
Reference: https://docs.microsoft.com/en-us/azure/migrate/migrate-services-overview
Which of the following categories does Azure VPN Gateway belong to?
Software as a Service ( SaaS )
Network as a Service ( NaaS )
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS)
Explanation:
Which type of code/language is commonly used in Infrastructure as Code (IaC) to define and manage resources?
YAML
JavaScript
HTML
SQL
YAML
Explanation:
YAML (Yet Another Markup Language) is a common choice for writing code to define and manage infrastructure in IaC. It provides a human-readable format for specifying configurations and settings for various resources.
A startup is planning to replace or supplement traditional on-premises network-attached storage (NAS) devices. More importantly, they are looking for a solution that supports multiple Operating Systems, and containerization.
Which of the following would you recommend?
Azure Kubernetes
Azure Data Lake Storage Gen2
Azure Container Instances
Azure Files
Azure Table Storage
Azure Blob Storage
Azure Files
Explanation:
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. Azure file shares can be mounted concurrently by cloud or on-premises deployments. SMB Azure file shares are accessible from Windows, Linux, and macOS clients. NFS Azure file shares are accessible from Linux or macOS clients. Additionally, SMB Azure file shares can be cached on Windows servers with Azure File Sync for fast access near where the data is being used.
Containerization:
Azure file shares can be used as persistent volumes for stateful containers. Containers deliver “build once, run anywhere” capabilities that enable developers to accelerate innovation. For the containers that access raw data at every start, a shared file system is required to allow these containers to access the file system no matter which instance they run on.
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
Which of the following best describes the relationship between an ARM template and Azure resources?
An ARM template defines the desired state of Azure resources and their configuration.
An ARM template is a virtual machine template.
An ARM template is a resource type in Azure.
An ARM template is another name for Resource Groups and provides direct access to Azure data centers.
An ARM template defines the desired state of Azure resources and their configuration.
Explanation:
An ARM template is used to declare the desired configuration of Azure resources. It defines the properties, settings, and dependencies of resources in order to achieve a specific deployment.
You have deployed Azure File Sync for your organization. One of the interns accidentally deleted some important files on the local file server. How can you recover the deleted files?
Recover from the local file server’s backup
Recover from the Azure File share using Azure Backup
Restore the files from Azure Blob Storage
Use Azure Site Recovery to recover the files
Recover from the Azure File share using Azure Backup
Explanation:
The correct answer is Recover from the Azure File share using Azure Backup. When you deploy Azure File Sync, the data is synchronized with Azure Files, and you can create a backup of the file share using Azure Backup. In case of accidental deletion, you can restore the deleted files from the Azure File share backup.
Other options -
Recovering from the local file server’s backup may be a valid option, but it is not the best solution in the context of Azure File Sync. Azure File Sync keeps a centralized copy of the data in Azure Files, which can be backed up and restored using Azure Backup.
Azure Site Recovery is a disaster recovery solution and is not intended for file recovery. It is designed to protect virtual machines and physical servers by replicating them to a secondary location, but it is not suitable for restoring individual files.
Restoring the files from Azure Blob Storage is not relevant because Azure File Sync synchronizes data with Azure Files, not Azure Blob Storage.
Your boss wants to ensure that your teams virtual machines are automatically patched and updated. Which Azure Virtual Machines feature should you use to achieve this?
Azure Update Management
Azure Virtual Machine Configuration Management
Azure Virtual Machine Scale Sets
Azure Virtual Machine Extensions
Azure Update Management
Explanation:
Azure Update Management is the correct answer, and it is a service that provides a solution for automatically patching and updating virtual machines in Azure. It enables you to schedule and track updates across your entire Azure environment, including virtual machines, hybrid machines, and servers. You can also assess the compliance of your virtual machines against security baselines and audits.
Other options:
Azure Virtual Machine Scale Sets: This is a service that allows you to create and manage a group of identical virtual machines in Azure. While this service can help you scale your applications horizontally to meet increased demand, it does not provide a solution for automatically patching and updating virtual machines.
Azure Virtual Machine Configuration Management: This is a feature that allows you to configure and manage virtual machine settings and applications using PowerShell DSC (Desired State Configuration). While this feature can help you maintain consistency and enforce configuration standards across your virtual machines, it does not provide a solution for automatically patching and updating virtual machines.
Azure Virtual Machine Extensions: This are small applications that provide post-deployment configuration and automation tasks for virtual machines. While some extensions can help you with patching and updating virtual machines, they do not provide a comprehensive solution for this task.
Your legal team is requesting for documentation pertaining to Microsoft’s implementation of controls and processes, namely - Audit Reports, Compliance scores, Pen-Test and Security assessments, and Industry compliance.
Where can you obtain this information?
Azure Resources
Azure Advisor
Service Trust Portal
Microsoft Privacy Statement
Azure Support Docs
Service Trust Portal
Explanation:
The Microsoft Service Trust Portal contains details about Microsoft’s implementation of controls and processes that protect our cloud services.
Reference: https://servicetrust.microsoft.com
Which of the following categories does Azure Kubernetes service belong to?
Platform as a service (PaaS)
Software as a service (SaaS)
Database as a service (DaaS)
Infrastructure as a service (IaaS)
Platform as a service (PaaS)
Explanation:
Azure Kubernetes Service (AKS) offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. This falls under the PaaS category!
In the context of Azure AD B2C, what is a “policy”?
A predefined set of access permissions for internal employees.
A customized set of rules and behaviors for customer identity interactions.
A secure authentication method using multi-factor authentication.
An encryption key used to secure customer data.
A customized set of rules and behaviors for customer identity interactions.
Explanation:
In Azure AD B2C, a policy is a collection of predefined rules and behaviors that define how customers interact with your applications. It helps you customize the user journey, authentication methods, and user flows during sign-up, sign-in, and profile management.
A Social Insurance Number and a Fingerprint scan are valid MFA options for Azure.
Yes
No
No
Explanation:
The following forms of verification can be used with Azure Multi-Factor Authentication:
Multi-factor authentication provides additional security for your identities by requiring two or more elements to fully authenticate.
These elements fall into three categories:
Something the user knows
This might be an email address and password.
Something the user has
This might be a code that’s sent to the user’s mobile phone.
Something the user is
This is typically some sort of biometric property, such as a fingerprint or face scan that’s used on many mobile devices.
Which of the following do Azure Arc-enabled servers allow you to do?
Manage and govern Azure Active Directory.
Monitor Azure Logic Apps.
Extend Azure Resource Manager templates to on-premises environments.
Deploy virtual machines in Azure regions.
Extend Azure Resource Manager templates to on-premises environments.
Explanation:
Azure Arc-enabled servers allow you to extend Azure Resource Manager templates to on-premises environments. This enables consistent deployment and management practices across both cloud and on-premises resources.
Reference: https://learn.microsoft.com/en-us/azure/azure-arc/overview
Role-based access control is applied to a _______________, which is a resource or set of resources that this access applies to.
Scope
Blueprint
Group
Resource Set
Scope
Explanation:
When you have multiple IT and engineering teams, how can you control what access they have to the resources in your cloud environment? It’s a good security practice to grant users only the rights they need to perform their job, and only to the relevant resources.
Instead of defining the detailed access requirements for each individual, and then updating access requirements when new resources are created, Azure enables you to control access through Azure role-based access control (Azure RBAC).
Azure provides built-in roles that describe common access rules for cloud resources. You can also define your own roles. Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions.
Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.
Here’s a diagram that shows the relationship between roles and scopes.
Which Azure service allows you to control the DNS settings for private endpoints in your virtual network?
Azure DNS
Azure Traffic Manager
Azure DNS Zone
Azure Private DNS
Azure Private DNS
Explanation:
Azure Private DNS is the service that allows you to manage and control the DNS settings for private endpoints in your virtual network. It enables you to map the private endpoint’s hostname to its private IP address within the virtual network, ensuring proper resolution.
Each Azure subscription can contain multiple account administrators.
No
Yes
No
Explanation:
It is possible to assign multiple administrators to a particular subscription, however there is ONLY 1
account administrator.
From the Official Azure Documentation:
To manage access to Azure resources, you must have the appropriate administrator role. Azure has an authorization system called Azure role-based access control (Azure RBAC) with several built-in roles you can choose from. You can assign these roles at different scopes, such as management group, subscription, or resource group. By default, the person who creates a new Azure subscription can assign other users administrative access to a subscription (account Admin).
Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator
____________________ notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.
Azure Active Directory
Azure Trust Center
Azure Service Health
Azure Monitor
Azure Service Health
Explanation:
Azure Service Health provides personalised alerts and guidance for Azure service issues.
Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. You can also configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.
IMPORTANT!
Reference: https://azure.microsoft.com/en-ca/features/service-health/
A startup has deployed a set of Virtual Machines which are critical for their day-to-day operations. They need to ensure their availability even if a single data center goes down. An intern suggests deploying the Virtual Machines to at least two regions.
Would this suggestion meet the goal?
No
Yes
Yes
Explanation:
By deploying the virtual machines to two or more regions, you are deploying the virtual machines to multiple datacenters. This will ensure that the services running on the virtual machines are available if a single data center fails.
Azure operates in multiple datacenters around the world. These datacenters are grouped in to geographic regions, giving you flexibility in choosing where to build your applications. You create Azure resources in defined geographic regions like ‘West US’, ‘North Europe’, or ‘Southeast Asia’. You can review the list of regions and their locations.
Within each region, multiple datacenters exist to provide for redundancy and availability.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions
Which of the following solutions is the BEST to store web app user data, device information and other metadata?
Azure Table Storage
Azure Cosmos DB
Azure SQL Database
Azure Cache for Redis
Azure Table Storage
Explanation:
All the resources residing in a Resource Group must belong to the same Region.
Yes
No
No
Explanation:
Azure resources deployed to a single resource group can be located in different regions. The resource group only contains metadata about the resources it contains.
When creating a resource group, you need to provide a location for that resource group. You may be wondering, “Why does a resource group need a location?
And, if the resources can have different locations than the resource group, why does the resource group location matter at all?”
The resource group stores metadata about the resources. When you specify a location for the resource group, you’re specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.
In Azure, subscriptions serve as a unit of:
Management
Scale
Billing
All of the above
All of the above
Explanation:
The correct answer is All of the Above.
In Azure, subscriptions serve as a unit of management, billing, and scale. They help you organize your resource groups, manage access to resources, and facilitate billing for the resources used in Azure.
Reference: https://learn.microsoft.com/en-us/training/modules/describe-core-architectural-components-of-azure/6-describe-azure-management-infrastructure
____________ provides disks for Azure virtual machines. Applications and other services can access and use them as needed, similar to how they would in on-premises scenarios.
Disk Storage
Blob Storage
File Storage
SSD Storage
Disk Storage
Explanation:
Disk Storage provides disks for Azure virtual machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk.
Which of the following is not a cost saving solution?
Deleting unused resources
Using Azure Reservations to prepay
Using spending limits to restrict your spending
Resize underutilized virtual machines
Using Azure Hybrid Benefit to repurpose software licenses on Azure
Shutting down Virtual Machines at night
Choosing low-cost locations and regions
Shutting down Virtual Machines at night
Explanation:
Shutting down Virtual Machines at night is not a cost saving solution.