AZ-900 : Microsoft Azure Fundamentals Practice Tests 2025 6 Flashcards

Question

Purchasing your own infrastructure and deploying it in your own data center is an example of CapEx. Yes No

Answer 1

Yes Explanation: Deploying your own datacenter is definitely an example of CapEx. This is because you need to purchase all the infrastructure upfront before you can use it.

Answer 2

Billing is applied to each subscription separately Subscription is dependent on a region Trial subscription can be converted to paid Explanation: Billing is applied to each subscription separately - Yes! It is one of the many reasons why people use separate subscriptions. Trial subscription can be converted to paid - Of course. When you sign up for an Azure free account, you get $200 credit. In the first 30 days, any services you use beyond their free amounts will be deducted from that $200 credit. When you’ve used up your $200 credit or 30 days have passed (whichever happens first), you’ll need to upgrade by moving to pay-as-you-go pricing. That way, you can keep getting free amounts of services and purchase services beyond their free amounts as needed. The cost of those services is charged to the payment method you provide. Subscription is dependent on a region - Yes, when you create a subscription in Azure, you need to specify a certain region for that Subscription. Hence, this choice is valid as well. All other options are invalid and don't stand true.

Answer 3

Containers Explanation: While virtual machines are an excellent way to reduce costs versus the investments that are necessary for physical hardware, they're still limited to a single operating system per virtual machine. If you want to run multiple instances of an application on a single host machine, containers are an excellent choice. What are containers? Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you don't manage the operating system for a container. Virtual machines appear to be an instance of an operating system that you can connect to and manage, but containers are lightweight and designed to be created, scaled out, and stopped dynamically. While it's possible to create and deploy virtual machines as application demand increases, containers are designed to allow you to respond to changes on demand. With containers, you can quickly restart in case of a crash or hardware interruption. One of the most popular container engines is Docker, which is supported by Azure. Containers are managed through a container orchestrator, which can start, stop, and scale out application instances as needed. There are two ways to manage both Docker and Microsoft-based containers in Azure: Azure Container Instances and Azure Kubernetes Service (AKS).

Answer 4

To extend Azure data services to on-premises and multi-cloud environments. Explanation: Azure Arc-enabled data services extend Azure data services to on-premises and multi-cloud environments, enabling consistent data management and integration across different locations.q

Answer 5

Data between Azure Storage accounts Explanation: AzCopy is a command-line utility specifically designed to copy data between Azure Storage accounts or between an on-premises location and Azure Storage. It supports Blob Storage, Table Storage, and File Storage transfers. Other options - Virtual machines - AzCopy is not designed to copy virtual machines; it focuses on data transfers for Azure Storage services. Data between on-premises file servers - Although AzCopy can copy data between an on-premises location and Azure Storage, it is not intended for transferring data directly between on-premises file servers without involving Azure Storage. Database schema - AzCopy is not designed for copying database schema; it focuses on data transfers for Azure Storage services, such as Blob Storage, Table Storage, and File Storage.

Answer 6

It helps classify and protect sensitive data and ensures compliance policies are followed. Explanation: Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview helps organizations classify and label data, apply data protection policies, and manage access controls. This ensures that sensitive data is properly protected and that compliance with data regulations is maintained, contributing to data security and compliance efforts.

Answer 7

No Explanation: Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world, by using a URL that points to the file. You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time. Here's an example of a service SAS URI, showing the resource URI and the SAS token: Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-storage-fundamentals/azure-file-storage

Answer 8

False Explanation: Azure Storage offers multiple redundancy options, including locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), and read-access geo-redundant storage (RA-GRS). LRS and ZRS provide redundancy within a datacenter or within a single zone, respectively, and create three copies of the data. GRS and RA-GRS provide additional redundancy across multiple datacenters or regions, respectively, and create six copies of the data (three copies in the primary region and three copies in the secondary region). However, none of these redundancy options provide only two copies of the data by default.

Answer 9

By offering a unified solution to manage and govern data across various cloud and on-premises sources. Explanation: Microsoft Purview provides a unified solution for managing and governing data across various sources, including multi-cloud and on-premises environments. It helps organizations maintain consistent data governance practices and policies regardless of where the data resides.

Answer 10

Azure Policy Explanation: Azure Policy can be used to enforce company-wide policies across multiple Azure subscriptions, including policies related to Azure Disk Encryption. By creating a policy definition that requires all virtual machines to have Azure Disk Encryption enabled, you can ensure that this policy is applied consistently across your entire Azure environment. Other options - Azure Security Center: This is a service that helps customers protect their Azure and on-premises resources from threats, but it is not designed specifically for enforcing policies related to Azure Disk Encryption. Azure Active Directory: This is a cloud-based identity and access management service, and while it can be used to manage access to Azure resources, it is not designed to enforce policies related to Azure Disk Encryption. Azure Resource Manager: This is a service that allows customers to manage resources in their Azure subscription, but it is not designed to enforce policies related to Azure Disk Encryption. multiple subscriptions.

Answer 11

Elastic Pools Explanation: Just like Azure VM Scale Sets are best friends with Azure VMs, for Azure SQL Databases, we have Azure SQL Database elastic pools . These are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a set number of resources at a set price. Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.

Answer 12

Private DNS zone Explanation: To enable private connectivity via a private endpoint, you need to configure a Private DNS zone. This Private DNS zone allows you to resolve the hostname of the private endpoint to its private IP address within your virtual network.

Answer 13

The Cloud Adoption Framework for Azure Explanation: The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud. Cloud Adoption Framework consists of tools, documentation, and proven practices. The Cloud Adoption Framework includes these stages: Define your strategy. Make a plan. Ready your organization. Adopt the cloud. Govern and manage your cloud environments. Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/9-accelerate-cloud-adoption-framework

Answer 14

Availability Zones Explanation: Availability Zones is the correct answer. It is an Azure service that provides high availability by replicating applications and data across multiple data-centers within a region. By using availability zones, your virtual machines are deployed in separate physical locations with independent power, cooling, and networking, ensuring that they remain available even if there is a failure in one of the zones. This feature provides automatic failover in case of a hardware failure, making it a suitable solution for ensuring highly available virtual machines.

Answer 15

A way to package and deploy a collection of policy definitions as a single entity. Explanation: The correct answer is : A way to package and deploy a collection of policy definitions as a single entity. An initiative definition is a group of policy definitions that are designed to achieve a specific objective. The purpose of initiative definitions is to streamline the management and assignment of policy definitions by grouping them together as a single entity. An example of an initiative could be "Enable Monitoring in Microsoft Defender for Cloud," which aims to monitor all the available security recommendations in a Microsoft Defender for Cloud instance.

Answer 16

Additional subscriptions Explanation: Creating additional subscriptions is a suitable approach for setting up separate environments for development and testing, and security in Azure. By having separate subscriptions for different environments, you can manage and control access to the resources provisioned within each subscription, and it helps you track costs and apply different access-management policies more effectively.

Answer 17

AAD provides identity and access management services, while RBAC provides granular access control within Azure resources. Explanation: The correct option is : Azure Active Directory (AAD) provides identity and access management services, while Role-Based Access Control (RBAC) provides granular access control within Azure resources. Other options: AAD is used for managing access to Azure resources, while RBAC is used for managing access to on-premises resources : This is incorrect because AAD can be used for managing access to on-premises resources as well as cloud resources. AAD is a cloud-based directory service, while RBAC is a feature within the Azure portal: This is incorrect because AAD is a cloud-based directory service, but RBAC is not a feature within the Azure portal. Rather, RBAC is a built-in feature of the Azure platform for managing access to Azure resources. AAD is only used for managing access to Microsoft applications, while RBAC is used for managing access to any Azure resource: This is incorrect because AAD can be used to manage access to both Microsoft and non-Microsoft applications, while RBAC is used only for managing access to Azure resources. Overall, AAD and RBAC have different but complementary roles in managing access to Azure resources. AAD is primarily used for managing user identities and authentication, while RBAC is used for managing granular access control within Azure resources by assigning permissions to specific roles rather than individual users.

Answer 18

False Explanation: At the beginning of any cloud governance implementation, you identify a cloud organization structure that meets your business needs. This step often involves forming a cloud center of excellence team (also called a cloud enablement team or a cloud custodian team). This team is empowered to implement governance practices from a centralized location for the entire organization. Teams often start their Azure governance strategy at the subscription level. Subscriptions also have some resource limitations. For example, the maximum number of network Azure ExpressRoute circuits per subscription is 10. Those limits should be considered during your design phase. If you'll need to exceed those limits, you might need to add more subscriptions. If you hit a hard limit maximum, there's no flexibility to increase it. Management groups are also available to assist with managing subscriptions. A management group manages access, policies, and compliance across multiple Azure subscriptions. You'll learn more about management groups later in this module.

Answer 19

It provides controlled access to specified resources while maintaining security. Explanation: Azure AD B2B Collaboration enables organizations to securely collaborate with external partners by granting them controlled access to specific resources. This allows external partners to work on shared projects without compromising security.

Answer 20

Moving a media library from offline tapes to Azure One-time migration of a large amount of on-premises data Explanation: One-time migration of a large amount of on-premises data: Azure Data Box is an ideal solution for importing large volumes of data to Azure when network connectivity is limited or insufficient. It is suitable for one-time migration scenarios where you need to move a large amount of data from on-premises to Azure. Moving a media library from offline tapes to Azure: Data Box can be used to move media libraries from offline tapes to Azure, creating an online media library. It provides a secure and efficient way to transfer large amounts of media files to Azure storage services. Other options - Configuring real-time data synchronization between Azure and on-premises servers: Data Box is designed for offline data transfers and is not meant for real-time data synchronization between Azure and on-premises servers. For real-time data synchronization, you might consider Azure File Sync or other data synchronization services. Incremental backups of Azure virtual machines: Data Box is used for transferring data to or from Azure, not specifically for incremental backups of Azure virtual machines. To perform incremental backups of Azure VMs, you can use Azure Backup service, which is designed for that purpose. Reference: https://learn.microsoft.com/en-us/training/modules/describe-azure-storage-services/6-identify-azure-data-migration-options

Answer 21

Azure Active Directory (Azure AD) Explanation: Please note that the question asks us "To retrieve security tokens". You might be thinking about Azure Key Vaults here. A service such as Azure Key Vault can keep security token, however to access/retrieve something from the Key Vault , we need to be authenticated to retrieve them. To authenticate, we can use "managed identity" that gives Azure services an automatically managed identity in Azure AD. So the answer is Azure AD. Remember that Azure AD provides access tokens. Azure Key vault is used to securely store passwords, secrets, certificates and tokens.

Answer 22

Tags Explanation: Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for the following reasons: Resource management: Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management. Operations management: Visibility for the operations management team about business commitments and SLAs is an important aspect of ongoing operations. For operations to be managed well, tagging for mission criticality is required. Security: Classification of data and security impact is a vital data point for the team, when breaches or other security issues arise. To operate securely, tagging for data classification is required. Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/?toc=%2Fazure%2Fazure-resource-manager%2Fmanagement%2Ftoc.json

Answer 23

Access control boundary Billing boundary Explanation: In Azure, you can use two types of subscription boundaries: Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

Answer 24

40 TB Explanation: Data Box is an Azure service designed for offline data transfer when dealing with large data sizes and limited or no network connectivity. The recommendation for using Data Box is for data sizes larger than 40 TB. This is because, at such large data sizes, transferring data over the network can be slow, unreliable, or costly due to bandwidth limitations. In scenarios with limited network connectivity, using Data Box helps avoid the challenges of slow data transfer speeds, potential data corruption, and high costs associated with transferring massive amounts of data over the network. By opting for Data Box, you ensure a secure, efficient, and cost-effective solution for moving large volumes of data to or from Azure.

Answer 25

Azure Virtual Machine Scale Sets Explanation: Azure Virtual Machine Scale Sets is Automated virtual machine scaling that helps you cost-effectively simplify the deployment, management, and availability of your applications. Reference : https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/

Answer 26

Deploy the SQL Database to a different Virtual Network Explanation: Overall explanation Deploy the SQL Database to a different Virtual Network explains network segmentation. You can deploy the SQL database to a new Virtual Network and filter any traffic using a Network Security Group on top of it. From the Official Azure Documentation: Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you'd operate in your own data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation. Communicate between Azure resources You'll want to enable Azure resources to communicate securely with each other. You can do that in one of two ways: Virtual networks Virtual networks can connect not only VMs but other Azure resources, such as the App Service Environment for Power Apps, Azure Kubernetes Service, and Azure virtual machine scale sets. Service endpoints You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources. Filter network traffic Azure virtual networks enable you to filter traffic between subnets by using the following approaches: Network security groups A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol. Network virtual appliances A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.

Answer 27

Through any 3rd Party Vendor Explanation: There are three main ways to purchase services on Azure. They are: Through an Enterprise Agreement Larger customers, known as enterprise customers, can sign an Enterprise Agreement with Microsoft. This agreement commits them to spending a predetermined amount on Azure services over a period of three years. The service fee is typically paid annually. As an Enterprise Agreement customer, you'll receive the best customized pricing based on the kinds and amounts of services you plan on using. Directly from the web Here, you can purchase Azure services directly from the Azure portal website and pay standard prices. You're billed monthly, either as a credit card payment or through an invoice. This purchasing method is known as Web Direct. Through a Cloud Solution Provider A Cloud Solution Provider (CSP) is a Microsoft Partner that helps you build solutions on top of Azure. Your CSP bills you for your Azure usage at a price they determine. They also answer your support questions and escalate them to Microsoft, as needed.

Answer 28

Blueprints Explanation: When you form a cloud center of excellence team or a cloud custodian team, that team can use Azure Blueprints to scale their governance practices throughout the organization. Implementing a blueprint in Azure Blueprints involves these three steps: Create an Azure blueprint. Assign the blueprint. Track the blueprint assignments. With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments. Blueprints are also versioned. Versioning enables you to track and comment on changes to your blueprint. Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/8-govern-subscriptions-azure-blueprints

Answer 29

public preview Explanation: Public preview means that the service is available to everyone with an Azure subscription but the normal SLAs don't apply. This is different from general availability when the service is available to all Azure customers with SLA backed guarantees! Example - Reference: https://azure.microsoft.com/en-ca/support/legal/preview-supplemental-terms/

Answer 30

The user's device health and security posture. Explanation: The correct answer is - The user's device health and security posture is one of the factors that Azure AD Identity Protection uses to assess the risk level of a user's sign-in attempt or activity. Azure AD Identity Protection uses machine learning algorithms and various risk factors, such as device health and security posture, to identify potential risks and take appropriate action to protect the user's identity and the organization's resources.

Answer 31

Data discovery, classification, and governance. Explanation: Microsoft Purview focuses on data discovery, classification, and governance. It helps organizations understand what data they have, where it resides, and how it's being used. It also provides tools for classifying and protecting sensitive data, ensuring compliance with data regulations.

Answer 32

No Explanation: A reserved instance is where you pay upfront for the use of a virtual machine for a period of time (1 or 3 years). This can save you money as you receive a discount on the cost of a VM if you pay upfront for a reserved instance. However, as this is an upfront payment, it will be classed as CapEx, not OpEx. Simple way to remember : Upfront payment = Capex, Pay as you go = Opex!

Answer 33

Azure Policy Explanation: Azure Policy is the Azure service used to enforce policies for resource consistency and compliance. It allows administrators to create and enforce policies that ensure resources deployed in Azure adhere to specific rules, such as the requirement to have a specific set of tags. Azure Policy can evaluate resources against these policies and, if necessary, take actions to remediate non-compliant resources. In this scenario, Azure Policy can be used to automatically enforce the policy that requires all resources to be deployed with a specific set of tags.

Answer 34

False Explanation: You can create one billing report per subscription. If you have multiple departments and need to do a "chargeback" of cloud costs, one possible solution is to organize subscriptions by department or by project. Resource tags can also help.

Answer 35

Tags Explanation: Tags help you manage costs associated with the different groups of Azure products and resources. You can apply tags to groups of Azure resources to organize billing data. For example, if you run several VMs for different teams, you can use tags to categorize costs by department, such as Human Resources, Marketing, or Finance; or by environment, such as Test or Production. Tags make it easier to identify groups that generate the biggest Azure costs, which can help you adjust your spending accordingly.

Answer 36

By using Azure PowerShell, Azure CLI, or the Azure portal Explanation: ARM templates can be deployed using various tools, including Azure PowerShell, Azure CLI, and the Azure portal. These tools interpret the template and orchestrate the resource provisioning process.

Answer 37

Azure App service Explanation: Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. For Linux-based environments, see App Service on Linux.

Answer 38

Azure Cosmos DB Explanation:

Answer 39

Azure Migrate Explanation: Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate’s extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases. It provides the following: Unified migration platform: A single portal to start, run, and track your migration to Azure. Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Azure Migrate: Discovery and assessment and Azure Migrate: Server Migration. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings. Reference: https://docs.microsoft.com/en-us/azure/migrate/migrate-services-overview

Answer 40

Infrastructure as a Service (IaaS) Explanation:

Answer 41

YAML Explanation: YAML (Yet Another Markup Language) is a common choice for writing code to define and manage infrastructure in IaC. It provides a human-readable format for specifying configurations and settings for various resources.

Answer 42

Azure Files Explanation: Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. Azure file shares can be mounted concurrently by cloud or on-premises deployments. SMB Azure file shares are accessible from Windows, Linux, and macOS clients. NFS Azure file shares are accessible from Linux or macOS clients. Additionally, SMB Azure file shares can be cached on Windows servers with Azure File Sync for fast access near where the data is being used. Containerization: Azure file shares can be used as persistent volumes for stateful containers. Containers deliver "build once, run anywhere" capabilities that enable developers to accelerate innovation. For the containers that access raw data at every start, a shared file system is required to allow these containers to access the file system no matter which instance they run on. Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

Answer 43

An ARM template defines the desired state of Azure resources and their configuration. Explanation: An ARM template is used to declare the desired configuration of Azure resources. It defines the properties, settings, and dependencies of resources in order to achieve a specific deployment.

Answer 44

Recover from the Azure File share using Azure Backup Explanation: The correct answer is Recover from the Azure File share using Azure Backup. When you deploy Azure File Sync, the data is synchronized with Azure Files, and you can create a backup of the file share using Azure Backup. In case of accidental deletion, you can restore the deleted files from the Azure File share backup. Other options - Recovering from the local file server's backup may be a valid option, but it is not the best solution in the context of Azure File Sync. Azure File Sync keeps a centralized copy of the data in Azure Files, which can be backed up and restored using Azure Backup. Azure Site Recovery is a disaster recovery solution and is not intended for file recovery. It is designed to protect virtual machines and physical servers by replicating them to a secondary location, but it is not suitable for restoring individual files. Restoring the files from Azure Blob Storage is not relevant because Azure File Sync synchronizes data with Azure Files, not Azure Blob Storage.

Answer 45

Azure Update Management Explanation: Azure Update Management is the correct answer, and it is a service that provides a solution for automatically patching and updating virtual machines in Azure. It enables you to schedule and track updates across your entire Azure environment, including virtual machines, hybrid machines, and servers. You can also assess the compliance of your virtual machines against security baselines and audits. Other options: Azure Virtual Machine Scale Sets: This is a service that allows you to create and manage a group of identical virtual machines in Azure. While this service can help you scale your applications horizontally to meet increased demand, it does not provide a solution for automatically patching and updating virtual machines. Azure Virtual Machine Configuration Management: This is a feature that allows you to configure and manage virtual machine settings and applications using PowerShell DSC (Desired State Configuration). While this feature can help you maintain consistency and enforce configuration standards across your virtual machines, it does not provide a solution for automatically patching and updating virtual machines. Azure Virtual Machine Extensions: This are small applications that provide post-deployment configuration and automation tasks for virtual machines. While some extensions can help you with patching and updating virtual machines, they do not provide a comprehensive solution for this task.

Answer 46

Service Trust Portal Explanation: The Microsoft Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services. Reference: https://servicetrust.microsoft.com

Answer 47

Platform as a service (PaaS) Explanation: Azure Kubernetes Service (AKS) offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. This falls under the PaaS category!

Answer 48

A customized set of rules and behaviors for customer identity interactions. Explanation: In Azure AD B2C, a policy is a collection of predefined rules and behaviors that define how customers interact with your applications. It helps you customize the user journey, authentication methods, and user flows during sign-up, sign-in, and profile management.

Answer 49

No Explanation: The following forms of verification can be used with Azure Multi-Factor Authentication: Multi-factor authentication provides additional security for your identities by requiring two or more elements to fully authenticate. These elements fall into three categories: Something the user knows This might be an email address and password. Something the user has This might be a code that's sent to the user's mobile phone. Something the user is This is typically some sort of biometric property, such as a fingerprint or face scan that's used on many mobile devices.

Answer 50

Extend Azure Resource Manager templates to on-premises environments. Explanation: Azure Arc-enabled servers allow you to extend Azure Resource Manager templates to on-premises environments. This enables consistent deployment and management practices across both cloud and on-premises resources. Reference: https://learn.microsoft.com/en-us/azure/azure-arc/overview

Answer 51

Scope Explanation: When you have multiple IT and engineering teams, how can you control what access they have to the resources in your cloud environment? It's a good security practice to grant users only the rights they need to perform their job, and only to the relevant resources. Instead of defining the detailed access requirements for each individual, and then updating access requirements when new resources are created, Azure enables you to control access through Azure role-based access control (Azure RBAC). Azure provides built-in roles that describe common access rules for cloud resources. You can also define your own roles. Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions. Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to. Here's a diagram that shows the relationship between roles and scopes.

Answer 52

Azure Private DNS Explanation: Azure Private DNS is the service that allows you to manage and control the DNS settings for private endpoints in your virtual network. It enables you to map the private endpoint's hostname to its private IP address within the virtual network, ensuring proper resolution.

Answer 53

No Explanation: It is possible to assign multiple administrators to a particular subscription, however there is ONLY 1 account administrator. From the Official Azure Documentation: To manage access to Azure resources, you must have the appropriate administrator role. Azure has an authorization system called Azure role-based access control (Azure RBAC) with several built-in roles you can choose from. You can assign these roles at different scopes, such as management group, subscription, or resource group. By default, the person who creates a new Azure subscription can assign other users administrative access to a subscription (account Admin). Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator

Answer 54

Azure Service Health Explanation: Azure Service Health provides personalised alerts and guidance for Azure service issues. Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. You can also configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates. IMPORTANT! Reference: https://azure.microsoft.com/en-ca/features/service-health/

Answer 55

Yes Explanation: By deploying the virtual machines to two or more regions, you are deploying the virtual machines to multiple datacenters. This will ensure that the services running on the virtual machines are available if a single data center fails. Azure operates in multiple datacenters around the world. These datacenters are grouped in to geographic regions, giving you flexibility in choosing where to build your applications. You create Azure resources in defined geographic regions like 'West US', 'North Europe', or 'Southeast Asia'. You can review the list of regions and their locations. Within each region, multiple datacenters exist to provide for redundancy and availability. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions

Answer 56

Azure Table Storage Explanation:

Answer 57

No Explanation: Azure resources deployed to a single resource group can be located in different regions. The resource group only contains metadata about the resources it contains. When creating a resource group, you need to provide a location for that resource group. You may be wondering, "Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

Answer 58

All of the above Explanation: The correct answer is All of the Above. In Azure, subscriptions serve as a unit of management, billing, and scale. They help you organize your resource groups, manage access to resources, and facilitate billing for the resources used in Azure. Reference: https://learn.microsoft.com/en-us/training/modules/describe-core-architectural-components-of-azure/6-describe-azure-management-infrastructure

Answer 59

Disk Storage Explanation: Disk Storage provides disks for Azure virtual machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk.

Answer 60

Shutting down Virtual Machines at night Explanation: Shutting down Virtual Machines at night is not a cost saving solution.