az900 Flashcards
You want your virtual machines to survive a data center failure. Which one of these options will meet the requirement?
Use Availability Sets
Deploy VM in Two or more Availability Zones
None of the above
Deploy VM in Two or more Availability Zones
Explanation
The best approach to survive a data center failure is to deploy your VMs to multiple AZs.
You do not want to allow creation of an Azure Cosmos DB instances in specific resource groups. Which of these options would you recommend?
Resource Group Lock
Request Azure Customer service
Configure a Azure Policy
Configure a Azure Policy
Explanation
Azure Policy helps you create, assign, and manage policies. You can automatically ensure that resources stay compliant with defined standards and SLAs.
You are concerned about encryption and security of documents and emails created by your team. You want a flexible service to protect and encrypt document and emails. Which of these services would you recommend?
Azure Security center
Azure Information Protection
Azure Storage account
Azure Information Protection
Explanation
Azure Information Protection helps you classify and protect your documents and emails. You can add labels indicating what kind of protection/encryption you want. It uses Azure Rights Management (Azure RMS) - Integrates with Office 365, Azure Active Directory etc.
You have several virtual machines running on-premises with Windows 10. You are planning to map a shared network drive for sharing configuration between all these virtual machines. Which of these Azure services would you recommend?
Virtual Machine Data Disk
Azure Blob Containers
Azure Files
Azure Files
Explanation
Azure Files: Managed File Shares. Connect from multiple devices concurrently.
You are running a web application on an Azure VM. You want to ensure that the application is accessible from internet by opening up access to ports 80 and 443 on the VM. Which of these would you need to configure?
Network Security Groups
Subnet
VPN
Network Security Groups
Explanation
Network Security Groups allow you to configure multiple inbound and outbound security rules. You can allow or block traffic based on source/destination IP address, protocol and port. You can restrict traffic between resources such as virtual machines and subnets.
TRUE or FALSE: All virtual machines in a Virtual Network can communicate with other machines inside the same Virtual Network irrespective of the subnets they are in.
TRUE
FALSE
True
Explanation
Resources in the same VNet can communicate using private IP addresses even if they are in different subnets
TRUE or FALSE: You have created a Virtual Network with two subnets - WebSubnet for deploying your VMs, DbSubnet for deploying your databases. By default, all VMs in WebSubnet can access databases created in DbSubnet.
TRUE
FALSE
TRUE
Explanation
Resources in the same VNet can communicate using private IP addresses even if they are in different subnets
__________ ensures business continuity by keeping business apps and workloads running during outages. When an outage occurs at your primary site, you fail over to secondary location, and access apps from there.
Azure Site Recovery
Azure Backup
Azure High Availability
Azure Fault Tolerance
Azure Site Recovery
TRUE or FALSE: A resource can have multiple locks like Read Lock and Delete Lock.
True
False
True
Explanation
Resource Locks prevent accidental deletion/modification of resources. You can have multiple locks on a resource.
What is the name of the local windows tool that syncs local active directory to Azure active directory?
Azure AD Connect
explain how many availability zones is a subscription mapped to in 1 region, plus how many ms between availability zones, how many buildings per az and how many regions in world aproximately and how many regions in usa,
Azure Regions A region consists of multiple datacenters located within a specific area, chosen for low-latency connections and linked through a specialized network. All Azure resources are created within an Azure region and subscription. Some regions may have default access restrictions.
3 availability zones in one az region. Each subscription is mapped to 3 availability zones but they are not the exact same availability zones as another subscription. Each availability zone is basically a separate building with own power, cooling, network etc. but is within the one region. Then there is multiple regions in USA and around world that are paired for updates etc.
52+ 6 coming regions world wide
9 USA specific regions
Think of resource groups of things that have a common _________
Life cycle.
network, servers, storage etc all belong to one resource group during it’s “life cycle”
Proving who you are vs what you have access to is _____ vs _____
authentication vs authorization
RBAC is ____
Policy is _____
Budget is ______
RBAC is who I am
Policy is what I can do
Budget is how much I can spend
What are the two permissions that I can set with a resource lock
CanNotDelete
ReadOnly
Application Insights, VM insights, Container insights and Log Analytics are features of:
Azure Monitor
Application Insights, VM insights, Container insights and Log Analytics are features of Azure Monitor.
Logic apps, functions, and service fabric are all examples of what model of compute within Azure?
SaaS Model
Serverless Model
IaaS Model
App Services Model
Serverless Model
Explanation
The serverless model of compute removes all responsibility to selecting or even managing the server and makes Azure responsible for running your code including scaling
See: https://azure.microsoft.com/en-us/solutions/serverless/
What is the name of the group of services inside Azure that hosts the Apache Hadoop big data analysis tools?
HDInsight
Explanation
HDInsight is a collection of open-source Apache Hadoop tools
See: https://azure.microsoft.com/en-us/services/hdinsight/
——Fake answers——
Azure Data Factory
Azure Hadoop Services
Azure Kubernetes Services
True or False: Azure is a public cloud, and has no private cloud offerings
False
Explanation
Some aspects of Azure are not open to the public and require a private agreement with Microsoft such as Azure Government and DoD services
True or false: Formal support is not included in private preview mode.
True
Explanation
True. Preview features are not fully ready and this phase does not include formal support.
Your organization has implemented an Azure Policy that restricts the type of Virtual Machine instances you can use. How can you create a VM that is blocked by the policy?
Use an account that has Contributor or above permissions to the resource group
The only way is to remove the policy, create the resource and add the policy back
Subscription Owners (Administrators) can create resources regardless of what the policy restricts
The only way is to remove the policy, create the resource and add the policy back
Explanation
You cannot perform a task that violates policy, so you have to remove the policy in order to perform the task.
Which Azure feature is specifically designed to help companies get their in-house developed code from the code repository, through automated unit testing, and onto Azure using a service called Pipelines?
GitHub
Virtual Machines
Azure DevOps
Azure Monitor
Azure DevOps
Explanation
Azure DevOps contains many services, one of which is Pipelines. Pipelines allows you to build an automation that moves code (and all related dependencies) through various stages from the development environment into deployment.
a virtual network cannot span regions or subscriptions - True or False
Can it span Availability zones 1-3?
True
yes, it definitely can span az 1-3
Virtual networks cannot span regions or subscriptions
what are 3 non routable ip address ranges
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
What type of container is used to collect log and metric data from various Azure Resources?
Managed Storage
Append Blob Storage
Log Analytics Workspace
Azure Monitor account
Log Analytics Workspace
Which of the following is not a feature of Azure Functions?
Can edit the code right in the Azure Portal using a code editor
Can trigger the function based off of Azure events such as a new file being saved to a storage account blob container
Designed for backend batch applications that are continuously running
Can possibly cost you nothing as there is a generous free tier
Designed for backend batch applications that are continuously running is not a feature of Azure Functions because
Functions are designed for short pieces of code that start and end quickly.
For more info: https://docs.microsoft.com/en-us/azure/azure-functions/
What is the Azure SLA for two or more Virtual Machines in an Availability Set?
100%
99.95%
99.90%
99.99%
99.95%
For more info: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
What is the minimum charge for having an Azure Account each month, even if you don’t use any resources?
?
$1
Negotiated with your enterprise manager
$200
$0
$0
Explanation
An Azure account can cost nothing if you don’t use any resources or only use free resources
For more info: https://azure.microsoft.com/en-us/pricing/
Select all features part of Azure AD
Smart lockout
Single sign-on
Custom banned password list
Log Alert Rule
Device Management
Smart lockout
(Correct)
Single sign-on
(Correct)
Custom banned password list
(Correct)
Log Alert Rule
(Incorrect)
Device Management
(Correct)
What makes estimating the cost of an unmanaged storage account difficult?
?
You are charged for data leaving Azure, and it’s difficult to predict that
(Correct)
There is a cost for egress (bandwidth out) and it’s hard to estimate how many bytes will be counted leaving an Azure network
The cost of storage changes frequently
(Incorrect)
There is no way to predict the amount of data in the account
(Incorrect)
You are charged for data coming into Azure, and it’s difficult to predict that
(Incorrect)
For more info: https://azure.microsoft.com/en-us/pricing/details/storage/page-blobs/
Which tool within Azure is comprised of : Azure Status, Service Health and Resource Health?
Azure Service Health
Azure Dashboard
Azure Monitor
Azure Advisor
Azure Service Health
Explanation
Azure Service Health - lets you know about any Azure-related service issues including region-wide downtime
For more info: https://docs.microsoft.com/en-us/azure/service-health/
What is the benefit of using Powershell over CLI?
Quicker to deploy VMs
No benefit, it’s the same
Cheaper
More powerful commands
No benefit, it’s the same
Explanation
There is no benefit, only a matter of personal choice.
For more info on Azure CLI: https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?view=azure-cli-latest
For more info on Azure Powershell: https://docs.microsoft.com/en-us/powershell/azure/?view=azps-4.5.0
What types of files can a Content Delivery Network speed up the delivery of?
PDFs
JavaScript files
Videos
Images
All are useable
PDFs
(Correct)
JavaScript files
(Correct)
Videos
(Correct)
Images
(Correct)
Can JavaScript types of files be used in Content Delivery Network to speed up the delivery of?
Yes.
JavaScript CAN be used
Explanation
Any static file that doesn’t change.
For more info: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Also videos, images, PDFs
What would be a good reason to have multiple Azure subscriptions?
There is one person/credit card paying for resources, but many people who have accounts in Azure, and you need to separate out resources between clients so that there is absolutely no chance of resources being exposed between them.
There is one person/credit card paying for resources, and only one person who logs into Azure to manage the resources, but you want to be able to know which resources are used for which client project.
There is one person/credit card paying for resources, but many people who have accounts in Azure, and you need to separate out resources between clients so that there is absolutely no chance of resources being exposed between them.
Explanation
Having multiple subscriptions can technically be done for any reason, but it only makes sense if you have to separate billing directly, or have actual clients logging into the Portal to manage their resources.
For more info: https://docs.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide
What is the maximum amount of Azure Storage space a single subscription can store?
Virtually unlimited
500 GB
5 PB
2 TB
Virtually unlimited
Explanation
A single Azure subscription can have up to 250 storage accounts per region, and each storage account can store up to 5 Petabytes. That is 31 million Terabytes. This is probably 15-20 times what Google, Amazon, Microsoft and Facebook use combined. That’s a lot.
For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#storage-limits
What does it mean if a service is in Public Preview mode?
Anyone can use the service for any reason
The service is generally available for use, and Microsoft will provide support for it
You have to apply to get selected in order to use that service
Anyone can use the service but it must not be for production use
Anyone can use the service but it must not be for production use. Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be available
Explanation
Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be available
For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/
How many hours are available free when using the Azure B1S General Purpose Virtual Machines under a Azure free account in the first 12 months?
750 hrs
300 hrs
Indefinite amount of hrs
500 hrs
750 hours
Each Azure free account includes 750 hours free for Azure B1S General Purpose Virtual Machines for the first 12 months.
For more info: https://azure.microsoft.com/en-us/free/free-account-faq/
Which style of computing is easiest when migrating an existing hosted application from your own data center into the cloud?
FaaS
PaaS
Serverless
IaaS
IaaS
Explanation
Infrastructure as a service is the easiest to migrate into, from an existing hosted app - lift and shift
For more info: https://azure.microsoft.com/en-us/overview/what-is-iaas/
Which storage access tier is the MOST EXPENSIVE to store files per GB?
?
Archive tier
Premium tier
Hot tier
Cool tier
Premium tier
Explanation
Premium storage tier is around $0.15/GB at the current time, well above the $0.02/GB of the hot tier.<br></br>See: https://azure.microsoft.com/en-us/pricing/details/storage/blobs/
__________ allows your private virtual network to access Azure services such as Storage, Cosmos DB, and SQL Database privately, allowing you to disable public access.
.
Private endpoints
Site-to-site VPN
Public endpoints
SQL Firewall
Private endpoints
Explanation
A private endpoint is a network interface that uses a private IP address from your virtual network. This network interface connects you privately and securely to a service that’s powered by Azure Private Link. By enabling a private endpoint, you’re bringing the service into your virtual network.<br></br>See: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
True or false: A resource group must be in the same region as the resources inside of it.
False
Explanation
A resource group does not have to be in the same region as the resources inside of it. A resource group is a logical grouping, not a physical one.
