Azure Cloud

Question 1

Which tool is used by Azure Active Directory to provide access to resources based on organizational policies?

A. multi-factor authentication (MFA)
B. single sign-on (SSO)
C. administrative units
D. Conditional Access

Answer 1

D. Conditional Access

Conditional Access is the tool used by Azure Active Directory to allow (or deny) access to resources based on identity signals. Conditional access ia a more refined MFA (multifactor authentication method.

Question 2

Single Sign On (SSO) is a ______________ method that enables users to sign in the first time and access various applications and resource by using the same password.

A. a validation
B. an authentication
C. a configuration
D. an authorization

Answer 2

B. an authentication.

Single Sign-On is an authentication method that allows users to sign in using one set of credentials to login across applications. Single sign-on makes it easier to manage passwords and increases security capabilities.

Question 3

Describe the Azure Pricing Calculator Service.

1. Estimates workload costs
2. Estimates the cost savings by comparing datacenter costs to running the same workload on Azure.
3. Helps control, analyze and optimize workload costs.

Answer 3

Pricing Calculator

1. Helps you estimate workload costs.

Question 4

Describe the Azure TCO Calculator Service.

1. Estimates workload costs
2. Estimates the cost savings by comparing datacenter costs to running the same workload on Azure.
3. Helps control, analyze and optimize workload costs.

Answer 4

Total Cost of Ownership.

2. Estimates the cost savings by comparing datacenter costs to running the same workload on Azure.

Provided approximate cost savings of operating similar workload on Azure to on premise datacenter.

Question 5

Describe the Azure Cost Management Service.

1. Estimates workload costs
2. Estimates the cost savings by comparing datacenter costs to running the same workload on Azure.
3. Helps control, analyze and optimize workload costs.

Answer 5

Cost Management

3. Helps to control, analyze and optimize workload costs.

Azure Cost Management helps to understand Azure bill, managed account.

Question 6

____________ is a repeatable set of governance tools that helps development teams quickly build out and create new environments while adhering to organizational compliance to speed up development and deployment.

A. Azure DevOps
B. A Continuous Integration / Continuous Deployment (CI/CD) pipeline configuration.
C. Azure Blueprints
D. Azure Policy

Answer 6

Azure Blueprints

Sometimes cloud environment grows beyond just one subscription. In that case Azure Blueprints help to scale the configuration. Azure Blueprints help with repeatable tasks so that development teams rapidly build and deploy new environments and speed the overall development and deployment phases.

Blueprints are a declarative way to orchestrate the deployment of various resource templates.

Question 7

Infrastructure as a Service (IAAS) is described as:

1. Provides hosting and management of an application and its underlying infrastructure, as well as any maintenance, upgrades and security patching.
2. Provides a fully managed environment for developing, testing, delivering and managing cloud based applications.
3. Provides servers and virtual machines, storage, networks and operating systems on a pay-as-you-go basis.

Answer 7

3. IAAS offers necessary compute, storage and networking assets on demand on a pay-as-you-go basis.

Question 8

Platform as a Service (PAAS) is described as:

1. Provides hosting and management of an application and its underlying infrastructure, as well as any maintenance, upgrades and security patching.
2. Provides a fully managed environment for developing, testing, delivering and managing cloud based applications.
3. Provides servers and virtual machines, storage, networks and operating systems on a pay-as-you-go basis.

Answer 8

2. PAAS provides complete development and deployment environment in the cloud, with assets that enable to deliver simple cloud-based apps to cloud-enabled enterprise applications.

Question 9

Software as a Service (SAAS) is described as:

1. Provides hosting and management of an application and its underlying infrastructure, as well as any maintenance, upgrades and security patching.
2. Provides a fully managed environment for developing, testing, delivering and managing cloud based applications.
3. Provides servers and virtual machines, storage, networks and operating systems on a pay-as-you-go basis.

Answer 9

1. SAAS - Host and manage the software application and underlying infrastructure.

Question 10

Which cloud approach is used by organizations to take full advantage of on-premise technology investments and allows data and applications to be shared between two environments?

A. public cloud
B. private cloud
C. hybrid cloud
D. on-premise datacenter

Answer 10

C. hybrid cloud

Public clouds, such as MS Azure, owned and operated by third party cloud service providers, to deliver their computing resources such as servers and storage over the internet. Cloud providers manage all hardware, software and other supporting infrastructure.

A Private Cloud refers to cloud computing resources used exclusively by an individual business. A private cloud can be located on the company’s on site datacenter.

A Hybrid Cloud is a type of cloud computing that combines on premise infrastructure or a private cloud with a public cloud. Hybrid clouds allow data and apps to move between the two environments.

Question 10

_______________ copies data to a secondary region from the primary region across multiple datacenters that are located many miles apart.

A. Read-access geo-redundant storage (RA_GRS)
B. Zone Redundant Storage (ZRS)
C. Geo-Redundant Storage (GRS)
D. Locally Redundant Storage (LRS)

Answer 10

C. Geo-Redundant Storage Replicates your data to a secondary region that is in different geographic locations from the primary region.

Question 11

What option is used to set the communication between an on premise VPN device and an Azure VPN gateway through an encrypted tunnel over the internet?

A. ExpressRoute
B. Point to Site (P25) VPN
C. Site to Site VPN

Answer 11

C. Site to Site VPN. Established between on premise VPN device and an Azure VPN Gateway that is deployed in a virtual network. This connection type allows communication between any on premise authorize resource to access a virtual network through an encrypted tunnel.

Question 12

____________ enables the secure communication of messages between millions of IOT devices and a cloud based solution.

A. Azure IoT Hub
B. Azure Digital Twins
C. Azure IoT Edge
D. Azure IoT Central

Answer 12

A. Azure IoT Hub

The Azure IoT Hub service enables reliable two way message communications between IoT devices and a cloud based solution. These capabilities enable customers to provision millions of devices in a secure and scalable manner.

Question 13

Which Azure service protects against attacks in which an attacker sends multiple requests to a web resource to exceed a website’s capacity and prevent the web resource from functioning correctly?

A. Azure Defender
B. Azure DDOS Protection
C. Azure Sentinel
D. Azure Firewall

Answer 13

B. DDOS Protection

Distributed denial of service, or DDOS, is a type of attack where an attacker sends multiple requests to an application. This results into the resources becoming exhausted, impacting the application’s availability. DDOS attacks can be targeted at any endpoint that is publicly reachable through the internet.

Question 14

What serverless computing technology provides the ability to execute workflows to automate business scenarios by using triggers without writing any code?

A. Azure Functions
B. Azure Logic Apps
C. Azure Front Door
D. Azure DevOps

Answer 14

B. Azure Logic Apps

Logic Apps are designed in a web based designer and can execute logic triggered by Azure services without writing any code.

Question 15

A team is developing a new cloud based application that leverages the Gremlin API. Which Azure database option is the most suitable for the new application?

A. Azure Cosmos DB
B. Azure SQL Managed Instance
C. Azure Database for PostgreSQL
D. Azure Database for MySQL

Answer 15

A. Azure Cosmos DB

Azure Cosmos DB is the best colution. It supports Gremlin API as well as SQL, Cassandra, MongoDB and Tables.

Question 16

_____________ enables you to scale to thousands of virtual machines for high performance computing and large scale parallel jobs.

A. An Azure virtual machine scale set
B. An availability set
C. Azure Batch
D. An availability zone

Answer 16

C. Azure Batch

Azure Batch allows you to scale to thousands of virtual machines for high performance computing (HPC) and large scale parallel jobs. Other functionalities allow you to scale multiple VMs but only Azure Batch will allow for thousands of VMs for HPC.

Question 17

Azure IoT Central is described as:

1. Used to quickly create a web based dashboard to enable reporting and communication with IoT devices.
2. Used to communicate to IoT devices by sending and receiving messages.
3. Used to provide the highest degree of security to ensure that the device was not tempered with.

Answer 17

1. Azure IoT Central

To quickly create a web based dashboard to enable reporting and communication with IoT devices.

Question 18

Azure IoT Hub is described as:

1. Used to quickly create a web based dashboard to enable reporting and communication with IoT devices.
2. Used to communicate to IoT devices by sending and receiving messages.
3. Used to provide the highest degree of security to ensure that the device was not tempered with.

Answer 18

2. Azure IoT Hub

To communicate with IoT devices by sending and receiving messages.

Question 19

Azure Sphere is described as:

1. Used to quickly create a web based dashboard to enable reporting and communication with IoT devices.
2. Used to communicate to IoT devices by sending and receiving messages.
3. Used to provide the highest degree of security to ensure that the device was not tempered with.

Answer 19

3. Azure Sphere

Used to provide the highest degree of security to ensure that the device was not tempered with.

Question 20

____________ enables you to provision a group of matching and load balanced virtual machines in Azure.

A. Azure Logic Apps
B. An Availability set
C. An Azure virtual machine scale set
D. Azure Load Balancer

Answer 20

C. Azure virtual machine scale set

Enables you to provision a group of matching and load balanced virtual machines in Azure.

Question 21

Azure Machine Learning is described as:

1. Used to predict future results by using historical data and training models.
2. Used to implement a virtual agent that can respond to human inquiries by using natural language.
3. Used to identify content based on images.

Answer 21

1. Azure Machine Learning

To predict future results by using historical data and training models.

Azure machine learning allows you to connect to data to train and test models to find one that will most accurately predict a future result.

Question 22

Azure bot Service is described as:

1. Used to predict future results by using historical data and training models.
2. Used to implement a virtual agent that can respond to human inquiries by using natural language.
3. Used to identify content based on images.

Answer 22

2. Azure bot Service

To implement a virtual agent that can respond to human inquiries by using natural language.

Azure bot service allows you to create a virtual agent solution that uses natural language to respond to customer inquiries.

Question 23

Azure Cognitive Services are described as:

1. Used to predict future results by using historical data and training models.
2. Used to implement a virtual agent that can respond to human inquiries by using natural language.
3. Used to identify content based on images.

Answer 23

3. Azure Cognitive Services

To identify content based on images.

The vision services in Azure Cognitive services add recognition and identification capabilities when you are analyzing pictures and other visual content.

Question 24

___________ is NOT supported by ExpressRoute for connecting an on premise network to Azure.

A. A Point-to-Site VPN
B. A Point-to-Point Ethernet Connection
C. A Site-to-Site VPN
D. Azure Peering Service

Answer 24

C. A Site-to_Site VPN

The three models that ExpressRoute supports are:
CloudExchange colocation
Point-to-Point Ethernet Connection
Any-to-Any Connection

Question 25

Which Azure feature enables you to organize multiple subscriptions into hierarchies for unified policies and compliance?

A. Resource Groups
B. Management Groups
C. Azure Active Directory (Azure AD)
D. Azure Container Instances

Answer 25

B. Management Groups

Management Groups help you manage access, policy and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

Question 26

Alerts you when service issues occur in an Azure environment, such as a regional Azure outage that affects all Azure customers.

A. Azure Monitor
B. Azure Advisor
C. Azure Service Health
D. Azure Application Insights

Answer 26

C. Azure Service Health

Azure Service Health alerts you about service issues that happen in Azure itself such as a regional Azure outage.

Question 27

Authorization is described as:

1. Confirms the identity of a person who wants access.
2. Grants the proper access to a legitimate user.

Answer 27

2. Grants the proper access to a legitimate user.

Authorization is the process of understanding what level of access a legitimate user or service should have.

Question 28

Authentication is described as:

1. Confirms the identity of a person who wants access.
2. Grants the proper access to a legitimate user.

Answer 28

1. Confirms the identity of a person who wants access.

Authentication is the process of establishing the identity of a person or service that wants access to a resource.

Question 29

Which of the following statements is NOT tue about Cloud Computing?

1. All cloud computing resources are usually limited to specific geographic regions.
2. IAAS, PAAS, SAAS are examples of cloud computing service models.
3. IAAS, PAAS, SAAS are common cloud computing service models and are respectively infrastructure as a service, platform as a service and software as a service.

Answer 29

1. All cloud computing resources are usually limited to specific geographic regions.

Most cloud computing resources can be distributed to global datacenters.

Question 30

True or False. You need to purchase an Azure Account before you can use any Azure resources.

Answer 30

False. You can use a free account or a Microsoft Learn Sandbox to create resources.

Question 31

True or False. In an IAAS environment, the cloud tenant is responsible for routine hardware maintenance.

Answer 31

False. In a IAAS environment the cloud provider is responsible for any hardware maintenance.

Question 32

Which of the following is NOT a cloud computing category?

1. Platform as a Service (PAAS)
2. Networking as a Service (NAAS)
3. Infrastructure as a Service (IAAS)
4. Software as a Service (SAAS)

Answer 32

2. Networking as a Service (NAAS) is not a cloud computing category.

Question 33

Which of the following options is NOT a type cloud computing?

1. Hybrid Cloud
2. Private Cloud
3. Public Cloud
4. Distributed Cloud

Answer 33

4. Distributed Cloud is not a valid type of cloud computing.

Question 34

Which of the following choices is NOT a benefit of using cloud services?

1. Scalability
2. Disaster Recovery
3. Geographic Isolation
4. High Availability

Answer 34

3. Geographic Isolation. You can choose to create resources in a single region; however, one of the primary advantages to cloud computing is geographic distribution.

Question 35

Which of the following is a logical unit of Azure services that links to an Azure account?

1. Management Group
2. Resource Group
3. Azure Subscription

Answer 35

3. Azure Subscription is a logical unit of Azure services that links to an Azure account.

Question 36

Which of the following statements is True?

1. With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.
2. With Operating Expenses (OpEx), you are responsible for purchasing and maintaining your computing resources.
3. With Capital Expenses (CapEx), you are only responsible for the computing resources that you use.

Answer 36

1. With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.

Question 37

What is meant by LAMP Stack?

Answer 37

One of the oldest and most utilized software development methods, the LAMP stack allows web developers to build, deploy, and manage web applications. LAMP is an acronym that stands for Linux, Apache, MySQL, and PHP, and provides the components needed to host and manage web content

Question 38

Tailwind Traders uses the LAMP Stack for several of its websites. Which option would be ideal for migration?

1. Azure Database for MySQL?
2. Azure Cosmos DB
3. Azure SQL Database
4. Azure Database for PostgreSQL

Answer 38

1. Azure Database for MySQL?

Azure Database for MySQL is the logical choice for existing LAMP stack applications.

Question 39

Which Azure compute resource can be deployed to manage a set of identical virtual machines?

1. Virtual machine availability sets
2. Virtual machine scale sets
3. Virtual machine availability zones.

Answer 39

2. Virtual machine scale sets lets you deploy and manage a set of identical virtual machines.

Question 40

Which of the following services should be used when the primary concern is to perform work in response to an event (often vis a REST command) that needs a response in a few seconds?

1. Azure Functions
2. Azure App Service
3. Azure Container Instances

Answer 40

1. Azure Functions is used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.

Question 41

Your company has a team of remote workers that need to use Windows based software to develop your company’s applications, but your team members are using various operating systems like MacOS, Linux and Windows. Which Azure compute service would help resolve this scenario?

1. Azure App Service
2. Windows Virtual Desktop
3. Azure Container Instance

Answer 41

2. Windows Virtual Desktop enables your team members to run Windows in the cloud, with access to the required applications for your company’s needs.

Question 42

What is the first step you would take in order to share an image file as a blob in Azure Storage?

1. Create an Azure Storage Container to store the image.
2. Upload the image file and create a container
3. Use a Shared Access Signature (SAS) token to restrict access to the image.
4. Create an Azure Storage account.

Answer 42

4. Create an Azure Storage account.

You must create an Azure Storage account before you can use any Azure Storage features.

Question 43

Which Azure Storage option is better for storing data for backup and restore, disaster recovery and archiving?

1. Azure Blob storage
2. Azure Files storage
3. Azure Disk Storage

Answer 43

1. Azure Blob storage is your best option for for storing disaster recovery files and archives.

Question 44

Tailwind Traders wants to create a secure communication tunnel between its branch offices. Which of the following technologies CANNOT be used?

1. Point-to-Site virtual private network
2. Implicit FTP over SSL
3. Azure ExpressRoute
4. Site-to-Site virtual private network

Answer 44

2. Implicit FTP over SSL CANNOT be used to create a secure communication tunnel

Question 45

Tailwinds Traders wants to use Azure ExpressRoute to connect to its on premise network to the Microsoft Cloud. Which of the following choices isn’t an ExpressRoute model that Tailwind Traders can use?

1. Site-to-Site virtual private network
2. Any-to-Any connection
3. Point-to-Point Ethernet connection
4. CloudExchange colocation

Answer 45

1. Site-to-Site virtual private network is NOT an ExpressRoute model.

Question 46

Which of the following options can you use to link virtual networks?

1. Network Address Translation
2. Multi-chassis link aggregation
3. Dynamic Host Control Protocol
4. Virtual Network Peering

Answer 46

4. Virtual Network Peering can be used to link virtual networks.

Question 47

Which of the following is NOT a benefit of ExpressRoute?

1. Redundant Connectivity
2. Consistent network throughput
3. Encrypted network communication
4. Access to Microsoft Cloud Services

Answer 47

3. Encrypted network communication

ExpressRoute does provide private communications but it is NOT encrypted.

Question 48

You need to predict future behavior based on previous actions. Which product option should you eliminate as a candidate?

1. Azure Machine Learning
2. Azure Bot Service
3. Azure Cognitive Services

Answer 48

2. Azure Bot Service will not help with prediction. It should be eliminated as a candidate.

Question 49

You need to create a computer-human interface that uses natural language to answer customer questions. Which product option should you eliminate as a candidate?

1. Azure Machine Learning
2. Azure Cognitive Services
3. Azure Bot Service

Answer 49

1. Azure Machine Learning

Although Azure Machine Learning could be used to create a natural language model it would likely be cost and time prohibitive. It should be eliminated as a candidate.

Question 50

You need to identify the content of product images to automatically create alt tags for images formatted properly. Which production option is the best candidate?

1. Azure Machine Learning
2. Azure Cognitive Services
3. Azure Bot Services

Answer 50

2. Azure Cognitive Services includes Vision services that can identify the content of an image. Azure Cognitive Services is the best candidate.

Question 51

Which of the following choices would NOT be used to automate a (CI/CD) process?

1. Azure Pipelines
2. GitHub Actions
3. Azure Boards

Answer 51

3. Azure Boards is an Agile project management tool. It would not be used to automate a CI/CD process.

Question 52

Which service could help you manage the VMs that your developers and testers need to ensure that your new app works across various operating systems?

1. Azure DevTest Labs
2. Azure Test Labs
3. Azure Repos

Answer 52

1. Azure DevTest Labs is used to manage VMs for testing, including configuration, provisioning, and automatic deprovisioning.

Question 53

Which service lacks features to assign individual developers tasks to work on?

1. Azure Boards
2. GitHub
3. Azure Pipelines

Answer 53

3. Azure Pipelines is a CI/CD tool for building an automated tool chain. It lacks the features to assign tasks for individual developers to work on. However, it can automate other tools to assign tasks to users.

Question 54

You want to be alerted when new recommendations to improve your cloud environment are available. Which service will do this?

1. Azure Advisor
2. Azure Monitor
3. Azure Service Health

Answer 54

1. Azure Advisor can alert you when new recommendations are available.

Question 55

Which service provides official outage root cause analyses (RCAs) for Azure incidents?

1. Azure Advisor
2. Azure Monitor
3. Azure Service Health

Answer 55

3. Azure Service Health provides incident history and RCAs to share with your stakeholders.

Question 56

Which service is a platform that powers Application insights, monitoring for VMs. containers and Kubernetes?

1. Azure Advisor
2. Azure Monitor
3. Azure Service Health

Answer 56

2. Azure Monitor is the platform used by Application Insights.

Question 57

As an administrator you need to retrieve the IP address from a particular VM by using Bash. Which of the following tools should you use?

1. ARM Templates
2. Azure Powershell
3. The Azure Portal
4. The Azure CLI

Answer 57

4. The Azure CLI enables you to use Bash to run one-off tasks on Azure

Question 58

You’re a developer that needs to set up your first VM to host a process that runs nightly. Which of the following tools is your best choice?

1. ARM Templates
2. Azure Powershell
3. The Azure Portal
4. The Azure CLI

Answer 58

3. The Azure Portal is a great place for newcomers to learn about Azure and set up their first resources.

Question 59

What is the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively?

1. ARM Templates
2. Azure Powershell
3. The Azure Portal
4. The Azure CLI

Answer 59

1. ARM Templates are the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively.

Question 60

You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third party API. Which serverless option should you choose?

1. Azure Functions
2. Azure Logic Apps

Answer 60

1. Azure Functions is the correct choice because you can use existing Java code with minimal modification.

Question 61

You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario?

1. Azure Functions
2. Azure Logic Apps

Answer 61

2. Azure Logic Apps makes it easy to create a workflow across well know services with less effort than writing code and manually orchestrating all the steps yourself.

Question 62

Your team has limited experience with writing custom code but it sees tremendous value in automating several important business processes. Which of the following options is your team’s best option?

1. Azure Functions
2. Azure Logic Apps

Answer 62

2. Azure Logic Apps is best suited for users who are more comfortable in a visual environment that allows them to automate their business process. Logic Apps is the best option in this scenario.

Question 63

A company wants to build a new voting kiosk for sale to governments around the world. Which IoT technologies should the company chose to ensure the highest degree of security?

1. IoT Hub
2. IoT Central
3. Azure Sphere

Answer 63

3. Azure Sphere provides the highest degree of security to ensure the device has not been tampered with.

Question 64

A company wants to quickly manage its individual IoT devices by using a web based user interface. Which IoT technology should it choose?

1. IoT Hub
2. IoT Central
3. Azure Sphere

Answer 64

2. IoT Central quickly creates a web based management portal to enable reporting and communication with IoT devices.

Question 65

You want to send messages from the IoT device to the cloud and vice versa. Which IoT technology can send and receive messages?

1. IoT Hub
2. IoT Central
3. Azure Sphere

Answer 65

1. IoT Hub communicates to IoT devices by sending and receiving messages.

Question 66

How can Tailwind Traders enforce having only certain applications run on its VMs?

1. Connect your VMs to Microsoft Sentinel
2. Create an application control rule in Microsoft Defender for Cloud
3. Periodically run a script that lists the running processes on each VM. The IT Manager can then shut down any applications that shouldn’t be running.

Answer 66

2. Create an application control rule in Microsoft Defender for Cloud

With Microsoft Defender for Cloud you can define a list of allowed applications to ensure that only applications that you allow can run. Microsoft Defender for Cloud can also detect and block malware from being installed on your VMs.

Question 67

What is the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on?

1. Collect security data in Microsoft Sentinel
2. Build a custom tool that collects data and displays a report through a web application
3. Look through each security log daily and email a summary to your team

Answer 67

1. Collect security data in Microsoft Sentinel

Microsoft Sentinel is Microsoft’s cloud based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.

Question 68

What is the best way for Tailwind Traders to safely store its certificates so that they’re accessible to cloud VMs?

1. Place the certificates on a network share
2. Store them on a VM that’s protected by a password
3. Store the certificates in Azure Key Vault

Answer 68

3. Store the certificates in Azure Key Vault

Azure Key Vault enables you to store your secrets in a single, secure location. Key Vault also makes it easier to enroll and renew certificates from public Certificate Authorities (CA’s)

Question 69

How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers?

1. Configure the network to ensure that VMs on the same physical host are separated.
2. This is not possible. These workloads need to be run on premise.
3. Run the VMs on Azure Dedicated Host

Answer 69

3. Run the VMs on Azure Dedicated Host

Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

Question 70

An attacker can bring down your website by sending a large volume of network traffic to your servers. What Azure service can help companies protect its App Service instance from this kind of attack?

1. Azure Firewall
2. Network Security Groups
3. Azure DDOS Protection

Answer 70

3. Azure DDOS Protection

DDOS protection helps protect your Azure resources from DDOS attacks. A DDOS attack attempts to overwhelm and exhaust an applications resources, making the application slow or unresponsive to legitimate users.

Question 71

What is the best way for companies to limit all outbound traffic from VMs to known hosts?

1. Configure Azure DDOS protection to limit network access to trusted ports and hosts
2. Create application rules in Azure Firewall
3. Ensure that all running applications communicate with only trusted ports and hosts

Answer 71

2. Create application rules in Azure Firewall

Azure Firewall enables you to limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDN’s)

Question 72

How can companies most easily implement a deny by default policy so that VMs can’t connect to each other?

1. Allocate each VM on its own virtual network
2. Create a network security group rule that prevents access from another VM on the same network
3. Configure Azure DDOS protection to limit network access within the virtual network.

Answer 72

2. Create a network security group rule that prevents access from another VM on the same network

A network security group rule enables you to filter traffic to and from resources by source and destination IP address, port and protocol.

Question 73

How can the IT Department ensure that employees at the company’s retail store can access company applications only from approved tablet devices?

1. SSO
2. Conditional Access
3. Multifactor Authentication

Answer 73

2. Conditional Access

Conditional Access enables you to require users to access your applications only from approved or managed devices.

Question 74

How can the IT Department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?

1. SSO
2. Conditional Access
3. Multifactor Authentication

Answer 74

3. Multifactor Authentication

Authenticating through Multifactor Authentication can include something the user knows. something the user has and something the user is.

Question 75

How can the IT Department reduce the number of times users must authenticate to access multiple applications?

1. SSO
2. Conditional Access
3. Multifactor Authentication

Answer 75

1. SSO

SSO enables a user to remember only one ID and one Password to access multiple applications.

Question 76

What is the best way for companies to ensure they can only deploy cost-effective virtual machine SKU sizes?

1. Create a policy in Azure Policy that specifies the allowed SKU sizes.
2. Periodically inspect the deployment manually to see which SKU sizes are used.
3. Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.

Answer 76

1. Create a policy in Azure Policy that specifies the allowed SKU sizes.

After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current machines in your environment.

Question 77

What is likely the best way for companies to identify which billing department each Azure resource belongs to?

1. Track resource usage in a spreadsheet?
2. Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.
3. Apply a tag to each resource that includes the associated billing department.

Answer 77

3. Apply a tag to each resource that includes the associated billing department.

Tags provide extra information, or metadata, about your resources. They might create a tag that’s named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

Question 78

Where can the company access details about the personal data Microsoft processes and how the company processes it, including for Cortana?

1. Microsoft Privacy Statement
2. The Azure Compliance Documentation
3. Microsoft compliance offerings.

Answer 78

1. Microsoft Privacy Statement

The Microsoft Privacy Statement provides information that’s relevant to specific services, including Cortana.

Question 79

Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with the applicable laws and regulations?

1. Microsoft Privacy Statement
2. Trust Center
3. Online Services Team

Answer 79

2. Trust Center

The Trust Center is a great resource for people in your organization who might play a role in security, privacy and compliance.

Question 80

Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions?

1. Online Services Terms
2. Azure compliance documentation
3. Microsoft Privacy Statement

Answer 80

2. Azure compliance documentation

The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.

Question 81

Which is the best first step a team should take to compare the cost of running these environments on Azure versus in their datacenter?

1. They’re just test environments. Spin them up and check the bill at the end of the month.
2. Assume that running in the cloud costs about the same as running in the datacenter.
3. Run the Total Cost of Ownership Calculator

Answer 81

3. Run the Total Cost of Ownership Calculator

Running the Total Cost of Ownership Calculator is a great first step because it can provide an accurate comparison of running workloads in the datacenter versus on Azure, certified by an independent research company.

Question 82

What’s the best way to ensure a development team doesn’t provision too many virtual machines at the same time?

1. Do nothing, Let the development team use what they need.
2. Apply spending limit’s to the development team’s Azure subscription
3. Verbally give the development lead a budget and hold them accountable for their overages.

Answer 82

2. Apply spending limit’s to the development team’s Azure subscription

If you exceed your spending limit active resources are deallocated. You can then decide whether to increase or limit your provision fewer resources.

Question 83

What is the most efficient way for a testing team to save costs on virtual machines on weekends, when testers are not at work?

1. Delete the virtual machines before the weekend and create a new set the following week.
2. Deallocate virtual machines when they’re not in use
3. Just let everything run. Azure bills you only for the CPU time that you use.
   .

Answer 83

2. Deallocate virtual machines when they’re not in use.

When you deallocate virtual machines the associated hard disks and data are still kept in Azure. But you don’t pay for CPU or network consumption, which can help save costs.

Question 84

Resources in the Dev and Test environments are each paid for by different departments. What’s the best way to categorize costs by department?

1. Apply a tag to each virtual machine that identifies the appropriate billing department.
2. Split the cost evenly between departments.
3. Keep a spreadsheet that lists each team’s resources.

Answer 84

1. Apply a tag to each virtual machine that identifies the appropriate billing department.

You can apply tags to groups of Azure resources to organize billing data.

Question 85

What’s the SLA for Azure Maps in terms of guaranteed uptime?

1. 99 percent
2. 99.9 percent
3. 99.99 percent

Answer 85

2. 99.9 percent

Question 86

What’s the new composite SLA for Azure Maps? Remember the new SLA includes a third VM and Azure Maps.

1. 99.58 percent
2. 99.78 percent
3. 99.99 percent

Answer 86

1. 99.58 percent

To compute the SLA for a set of services you multiply the SLA of each individual service.

Question 87

Adding a third VM reduces the composite SLA. How can companies offset this reduction?

1. Increase the size of each VM.
2. Deploy extra instances of the same VM across the different availability zones in the same Azure region.
3. Do nothing. Using Load Balancer increases the SLA for virtual machines.

Answer 87

2. Deploy extra instances of the same VM across the different availability zones in the same Azure region.

If one availability zone is affected, your virtual machine instance in the other availability zone should be unaffected.

Question 88

What approach might the company take in adding the augmented reality (AR) preview service to its architecture?

1. The Special Orders app is already in Production. The company shouldn’t look into the AR service until the service reaches general availability (GA).
2. The Special Orders app is mainly for use by retail employees. The company can integrate the AR service now because potential downtime or failures aren’t an important factor.
3. The development team can create a prototype version of the app that includes the AR service that it tests out with select retail employees.

Answer 88

3. The development team can create a prototype version of the app that includes the AR service that it tests out with select retail employees.

After the AR service reaches general availability (GA), the team can roll it out to production.

Question 89

What is Serverless Computing?

Answer 89

Serverless computing provides INBUILT INFRASTRUCTURES and a RUNTIME ENVIRONMENT to develop applications rapidly.

It is the next generation evolution of Platform as a Service. There is no need to worry about infrastructure, scaling, management, and provisioning at all.

You can manage real life applications also and pay for the resources you consume. Whenever the application is in an idle state, you are not charged for it.

Question 90

What is important about an Azure Function?

Answer 90

The Azure Function is a bit of INDEPENDENT CODE that is ready to get executed. It is cutting edge SERVERLESS design based on an EVENT DRIVEN approach. Independent of the infrastructure or the platform where the function is running.

Users are only billed when the function is running and not billed when in an idle state.

The Azure Function can begin with various triggers such as BLOB being embedded in a compartment or an HTTP demand. Outer administration can also trigger the Azure function.

Developers can code in any language of their choice

Question 91

Where do you find virtual machine images provided by third party companies within the Azure Portal?

Answer 91

In the Azure Marketplace

Question 92

What types of attacks can a Web Application Firewall (WAF) protect from?

1. DDOS Denial of service attack
2. Cross Site Scripting (XSS) attacks
3. Throttling of requests based on the authentication key being used.

Answer 92

2. Cross Site Scripting (XSS) attacks

Question 93

What is Microsoft’s preferred solution for identity management in the cloud for application users?

1. Azure Active Directory
2. Identity Access Management (IAM)
3. Social media sites such as Facebook Connect, Microsoft Live, Google, Yahoo

Answer 93

1. Azure Active Directory

Question 93

What benefit does Multi-Factor Authentication give to enhance user security?

1. It requires you to change your password every few days which enhances security.
2. It provides an alternative way to log in besides having to type your password every time.
3. It requires you to have your mobile phone with you to get the code, making it way more difficult for someone to impersonate you.

Answer 93

3. It requires you to have your mobile phone with you to get the code, making it way more difficult for someone to impersonate you.

Question 94

How does Azure Advisor enhance security of your account?

1. Azure Advisor makes specific recommendations unique to you, based on their analysis of your account.
2. Azure Advisor makes generic best-practice recommendations, which you probably already follow but it’s good to double check.
3. Azure Advisor automatically protects your account from common attack vectors.

Answer 94

1. Azure Advisor makes specific recommendations unique to you, based on their analysis of your account.

Question 95

What Azure service is specifically designed for you to keep your application secrets such as API keys, signed certificates, and security key?

1. Azure Recovery Services
2. Azure Key Vault
3. Azure Active Directory
4. Azure Information Protection

Answer 95

2. Azure Key Vault

Question 96

What would be a good reason to have multiple subscriptions?

1. To separate out billing of resources among several payers
2. As a way to clearly separate resources between different teams and departments
3. For an additional form of security to separate out development servers from production
4. All of these answers are true

Answer 96

4. All of these answers are true

Question 97

Scenario: You have an application in the cloud that has 10 servers with various roles. Six servers are D2S machines, two servers are D4S, and two are D8S instance types. This application is expected to run for years, but the business has concerns about the cost. What is the one thing you can do almost immediately to reduce the cost of this solution by at least 50%?

1. See if you can consolidate some of the machines so that 10 servers can become 7 or 8
2. Implement an autoscaling function that will add and remove servers depending on actual user demand
3. Use Azure Reserved Instances with Hybrid benefit
4. Investigate your use of storage to implement cool tier and archive tier storage

Answer 97

3. Use Azure Reserved Instances with Hybrid benefit

Yes, you can get 80% savings without a single change to your application at all

Question 98

What is the concept of Total Cost of Ownership?

1. It’s the total cost of owning and operating a machine including up front hardware costs, labor, electricity, internet access, real estate, security, cooling, etc…
2. It is the cost of buying the server up front, amortized over 10 years
3. It is the estimate of your future monthly cloud computing bills

Answer 98

1. It’s the total cost of owning and operating a machine including up front hardware costs, labor, electricity, internet access, real estate, security, cooling, etc…

Question 99

What is Microsoft’s Service Level Agreement for single instance Virtual Machines running with premium OS disks and data disks?

1. 99.9%
2. 99.99%
3. 99.95%
4. 99.999%

Answer 99

1. 99.9%

Question 100

Is it wise to use Azure “Preview Features” in Production?

1. Yes, why not?
2. No, don’t do that

Answer 100

2. No, don’t do that

Correct. Preview Features can change and even go away without notice.

Question 101

What two types of DDoS protection services does Azure provide? Select two.

1. Basic
2. Advanced
3. Premium
4. Standard

Answer 101

1. Basic
2. Standard

Azure DDos Protection Basic is free, while you can upgrade to Standard for a fee.

Question 102

Which of the following elements is considered part of the “network” layer of network security?

1. Locks on the data center doors
2. Separate servers into distinct subnets by role
3. Use a firewall
4. Keep operating systems up to date with patches

Answer 102

2. Separate servers into distinct subnets by role

Subnets is part of network security

Question 103

Where do you go within the Azure Portal to find all of the third-party virtual machines and other offers?

1. Azure Mobile App
2. Bing
3. Azure Marketplace
4. Choose an image when creating a VM

Answer 103

3. Azure Marketplace

Azure Marketplace contains thousands of services you can rent within the cloud

Question 104

Which of the following scenarios would Azure Policy be a recommended method for enforcement?

1. Require a virtual machine to always update to the latest security patches
2. Add an additional prompt when creating a resource without a specific tag to ask the user if they are really sure they want to continue?
3. Allow only one specific roles of users to have access to a resource group
4. Prevent certain Azure Virtual Machine Instance types from being used in a resource group

Answer 104

4. Prevent certain Azure Virtual Machine Instance types from being used in a resource group

Azure Policy can add restrictions on storage account SKUs, virtual machine instance types, and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if they are sure.

Question 105

How does Multi-Factor Authentication make a system more secure?

1. It doesn’t make it more secure
2. It is another password the user has to remember, making it more secure
3. It requires the user to have access to an additional device for identity verification
4. It allows the user to log in without a password because they have already previously been validated using a browser cookie

Answer 105

3. It requires the user to have access to an additional device for identity verification

Multi-Factor Authentication (MFA) - the concept of having something additional to a “password” that is required to log in; passwords are findable or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for a unknown hacker to get

Question 106

What is the recommended way within Azure to store secrets such as private cryptographic keys?

1. Azure Key Vault
2. In an Azure Storage Account private blob container
3. Azure Advanced Threat Protection (ATP)
4. Within the application code

Answer 106

1. Azure Key Vault

Azure Key Vault - the modern way to store cryptographic keys, signed certificates and secrets in Azure

Question 107

What types of resources are defined as “compute resources”?

1. Resources that perform some type of task that requires CPU cycles to perform the work
2. Only virtual machines
3. All resources that are listed in the Azure Marketplace

Answer 107

1. Resources that perform some type of task that requires CPU cycles to perform the work

Compute Services - a category of services in Azure that provides CPU cycles for rent. Virtual Machines are only one type of compute resource. The Marketplace contains many types of resources, not just compute.

Question 108

True or false: Azure Cloud Shell allows access to the CLI and Powershell consoles in the Azure Portal

1. False
2. True

Answer 108

2. True

Cloud Shell - allows access to the CLI and Powershell consoles in the Azure Portal

Question 109

With Azure public cloud, anyone with a valid credit card can sign up and get services immediately

1. False
2. True

Answer 109

2. True

Yes, Azure public cloud is open to the public in all countries that Azure supports.

Question 110

True or false: Azure charges for bandwidth used “inbound” to Azure

1. False
2. True

Answer 110

1. False

Ingress bandwidth is free. You pay for egress (outbound).

Question 111

What does ARM an abbreviation for in Azure?

1. Advances RISC Machine
2. Availability, Reliability, Maintainability
3. Account Resource Manager
4. Azure Resource Manager

Answer 111

4. Azure Resource Manager

Azure Resource Manager (ARM) - this is the common resource deployment model that underlies all resource creation or modification; no matter whether you use the portal, PowerShell or the SDK, the Azure Resource Manager takes those commands and executes them

Question 112

Which of the following is something that Azure Cognitive Services API can currently do?

1. Recognize faces in a picture
2. Translate text from one language to another
3. Recognize text in an image
4. All of these! Azure can do it all!
5. Speak text in an extremely realistic way
6. Create text from audio

Answer 112

4. All of these! Azure can do it all!

Azure can do all of them, of course.

Question 113

True or False: Azure is a public cloud, and has no private cloud offerings

1. True
2. False

Answer 113

2. False

Some aspects of Azure are not open to the public and require a private agreement with Microsoft such as Azure Government and DoD services

Question 114

Which tool within the Azure Portal will make specific recommendations based on your actual usage for how you can improve your use of Azure?

1. Azure Advisor
2. Azure Dashboard
3. Azure Service Health
4. Azure Monitor

Answer 114

1. Azure Advisor

Azure Advisor - a tool that will analyze your use of Azure and make you specific recommendations based on your usage across availability, security, performance and cost categories

Question 115

What are Azure Availability Zones?

1. A feature of Azure that allows you to manually specify into which datacenter your virtual machines are placed, which allows you to achieve higher availability than any other option.
2. A folder structure in Azure in which you organize resources like databases, virtual machines, virtual networks or almost any resource
3. Within each individual datacenter, certain racks of servers have been architected by Azure to have higher uptime than others. If you place your apps into this rack, you’ll get higher uptime than if you let Azure do it.
4. This is the same as region.

Answer 115

1. A feature of Azure that allows you to manually specify into which datacenter your virtual machines are placed, which allows you to achieve higher availability than any other option.

Availability Zones - Unique physical locations within an Azure region, made up of one or more data centers; there is a minimum of three zones in each region; you can manually place your resources in an availability zone for highest availability

Question 116

Which Azure AD licenses (select two) are made available through Azure?

1. Azure Active Directory Free
2. Enterprise Tier 2
3. Business Tier 1
4. Basic
5. Officer 365

Answer 116

1. Azure Active Directory Free
2. Officer 365

Azure Active Directory provides the following licenses: Free, Office 365, Premium P1, and Premium P2.

Question 117

What is the concept of Big Data?

1. A small sensor or a similar device that constantly sends its status and other data to the cloud
2. A for of Artificial Intelligence (AI) that allows systems to automatically learn and improve from experience without being explicitly programmed.
3. A set of Azure services that allow you to use execute code in the cloud but don’t require (or even allow) you yo manage the underlying server
4. An extremely large set of data that you want to ingest and do analysis on; traditional software like SQL Server cannot handle Big Data as efficiently as specialized products.

Answer 117

4. An extremely large set of data that you want to ingest and do analysis on; traditional software like SQL Server cannot handle Big Data as efficiently as specialized products.

Big Data - a set of open-source (Apache Hadoop) products that can do analysis on millions and billions of rows of data; current tools like SQL Server are not good for this scale

Question 118

What does it mean if a service is in Private Preview mode?

1. Anyone can use this service for any reason
2. Anyone can use the service but it must not be for production use
3. You have to apply to get selected in order to use that service
4. This service is generally available for use and Microsoft will provide support for it.

Answer 118

3. You have to apply to get selected in order to use that service

Private Preview means you have to apply to use a service, and you may or may not be selected

Question 119

Why would someone prefer a Consumption-based pricing model as opposed to a Time-based (Fixed) pricing model?

1. It is always cheaper to pay for consumption that to pay by the hour
2. The pricing model is simpler and easier to understand
3. You can save alot of money if you don’t use the resource often as opposed to having it available for use 24/7
4. You can easily predict the cost of the service into the future.

Answer 119

3. You can save alot of money if you don’t use the resource often as opposed to having it available for use 24/7

Consumption-Based Model - paying for something based on how much you used, as opposed to paying for something no matter if you use it or not.

Question 120

Which of the following would be an example of an Internet of Things (IoT) device?

1. A video game, installed on Windows clients around the world, that keeps user scores in the cloud
2. A web application that people use to perform their banking tasks
3. A refrigeration that monitors how much milk you have left and sends you a message when you are running low
4. A mobile application that is used to watch online video games

Answer 120

3. A refrigeration that monitors how much milk you have left and sends you a message when you are running low

An IoT device is not a standard computing device but connects to a network to report data on a regular basis. A web server, a personal computer, or a mobile app is not an IoT device.

Question 121

What is Azure’s preferred Identity/authentication service?

1. Network Security Group
2. Live Connect
3. Facebook Connect
4. Azure Active Directory

Answer 121

4. Azure Active Directory

Azure Active Directory (Azure AD) - Microsoft’s preferred Identity as a Service solution

Question 122

What happens if Azure does not meet its own Service Level Agreement guarantee (SLA)?

1. It’s not possible, Azure will always meet it’s SLA
2. The resource that did not meet the SLA will be free for the remaining month and the next
3. A discount will be applied to the customer’s Azure bill (as a service credit), which is a compensation for an underperforming Azure product or service
4. The service will be free that month

Answer 122

3. A discount will be applied to the customer’s Azure bill (as a service credit), which is a compensation for an underperforming Azure product or service

Microsoft offers a service credit percentage depending on the missed SLA.

Question 123

Why is Azure App Services considered Platform as a Service?

1. Azure App Service is not PAAS, It is a SAAS
2. You can decide on what type of virtual machine runs it - A series, D series or even H series
3. You are responsible for keeping the operating system up to date with the latest patches
4. You give Azure the code and the configuration and you have no access to the underlying hardware

Answer 123

4. You give Azure the code and the configuration and you have no access to the underlying hardware

PaaS - You give Azure the code and the configuration, and you have no access to the underlying hardware

Question 124

What is Single Sign-On?

1. When you sign in to an application it remembers who you are the next time you go there.
2. When an application outsources (federates) it’s identity service to a third party platform
3. The ability to log in once and use the existing userid and password to sign in other applications, and not have to create/memorize a new one.

Answer 124

3. The ability to log in once and use the existing userid and password to sign in other applications, and not have to create/memorize a new one.

Single-Sign On - the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD

Question 125

What does it mean if a service is in Public Preview mode?

1. You have to apply to get selected in order to use that service
2. Anyone can use the service but normal service level agreements do not apply
3. Anyone can use the service for any reason
4. The service is generally available for use and Microsoft will provide support for it.

Answer 125

2. Anyone can use the service but normal service level agreements do not apply

Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be available

Question 126

True or false: Azure Active Directory is a network gateway that load balances user logins using a CDN (Content Delivery Network).

1. False
2. True

Answer 126

1. False

No, Azure Active Directory is an enterprise identity service that provides single sign-on and multi-factor authentication.

Question 127

What is the basic way of protecting an Azure Virtual Network subnet?

1. Application Gateway with WAF
2. Azure Firewall
3. Azure DDOS Standard Protection
4. Network Security Group

Answer 127

4. Network Security Group

Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations and ports are allowed to travel through from outside the virtual network to inside the virtual network

Question 128

Within the context of privacy and compliance, what does the acronym ISO stand for, in English?

1. Instead of
2. Information Systems Officer
3. International Organization for Standardization
4. Intelligence and Security Office

Answer 128

3. International Organization for Standardization

Question 129

What operating systems does Microsoft supply Azure Virtual Machine images for?

1. Windows, Linux, macOS
2. Linux
3. Windows and Linux
4. Windows
5. macOS

Answer 129

3. Windows and Linux

Question 130

What type of documents does the Microsoft Service Trust Portal provide?

1. A tool that helps you manage your compliance to various standards
2. Specific recommendations about your usage of Azure and ways you can improve
3. Documentation on the Individual services and solutions
4. A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft’s compliance efforts.

Answer 130

4. A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft’s compliance efforts.

A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft’s compliance efforts

Question 131

Which of the following elements is considered part of the “perimeter” layer of security?

1. Keep operating systems up to date with patches
2. Separate servers into distinct subnets by role
3. Use a Firewall
4. Locks on the data center doors

Answer 131

3. Use a Firewall

Firewall is part of the perimeter security

Question 132

What benefit does a Content Delivery Network (CDN) provide its users?

1. Allows you to reduce the traffic coming into a web server for static, unchanging files such as images, videos and PDFs
2. For a small fee Azure will take over management of your virtual machine, perform OS updates and ensure its running well
3. Allows you to keep temporary session information on the web visitor such as their login ID or their name
4. Allows you to store data that can be retrieved later in an extremely fast and inexpensive manner

Answer 132

1. Allows you to reduce the traffic coming into a web server for static, unchanging files such as images, videos and PDFs

Content Delivery Network - allows you to improve performance by removing the burden of serving static, unchanging files from the main server to a network of servers around the globe; a CDN can reduce traffic to a server by 50% or more, which means you can serve more users or serve the same users faster; SaaS

Question 133

Which feature within Azure alerts you to service issues that happen in Azure itself, not specifically related to your own resources?

1. Azure Service Health
2. Azure Portal Dashboard
3. Azure Security Center
4. Azure Monitor

Answer 133

1. Azure Service Health

Azure Service Health - lets you know about any Azure-related service issues including region-wide downtime

Question 134

What feature of a system makes it elastic?

1. The ability of it to add and reduce capacity based on actual demand
2. The ability to heal itself after a crash
3. The ability to withstand denial of service attacks
4. The ability of it to stay up (available) while updates are being made to the system

Answer 134

1. The ability of it to add and reduce capacity based on actual demand

Elasticity - the ability of a system to automatically grow when maximum capacity is reached, and automatically shrink to minimize waste

Question 135

True of false: Azure Powershell scripts and Command Line Interface (CLI) scripts are entirely compatible with each other?

1. False
2. True

Answer 135

1. False

No, PowerShell is it’s own language, different than CLI

Question 136

True or false: You cannot have more than one Azure subscription per company

1. False
2. True

Answer 136

1. False

You can have multiple subscriptions, as a way to separate out resources between billing units, business groups, or for any reason you wish.

Question 137

What are the two features that Azure AD provides? Choose two.

1. Azure DDOS Protection
2. Authentication
3. Functions
4. Application Management
5. Logic Apps
6. Logs Analytics

Answer 137

2. Authentication
3. Application Management

Azure AD provides many features, but only the two are listed.

Question 138

For tax optimization, which type of expense is preferable?

1. Capex
2. Opex

Answer 138

2. Opex

Operating Expenditure is thought to be preferable because you can fully deduct expenses when they are incurred

Question 139

True or false: you can create your own policies if built-in Azure Policy is not sufficient to your needs

1. False
2. True

Answer 139

2. True

True, you can create custom policies using JSON

Question 140

True or False: Under the Infrastructure as a Service model, Azure is responsible for managing the physical host, physical network, and physical datacenter.

1. True
2. False

Answer 140

1. True

Yes, Azure still manages the hardware itself, the hypervisor and all of the physical elements behind the scenes

Question 141

Which of the following services would NOT be considered Infrastructure as a Service?

1. Virtual Network
2. Azure Functions Apps
3. Virtual Network Interface Card (NIC)
4. Virtual Machine

Answer 141

2. Azure Functions Apps

Functions are small pieces of code that you give to Azure to run for you, and you have no access to the underlying infrastructure.

Question 142

Approximately how many regions does Azure have around the world?

1. was 54 now 60+
2. 25
3. 10
4. 100

Answer 142

1. was 54 now 60+

They keep adding them all the time. There are now over 60 Azure regions, in 10 geographies

Question 143

What does it mean if a service is in General Availability (GA) mode?

1. You have to apply to get selected in order to use that service.
2. The service is available for use by some and Microsoft will provide support for it
3. Anyone can use the service for any reason
4. Anyone can use the service but it must not be for production use

Answer 143

3. Anyone can use the service for any reason

Anyone can use a GA service. It is fully supported and can be used for production.

Question 144

What Azure tool gives you the ability to manage multiple subscriptions into nested hierarchies?

1. Resource Groups
2. Azure Active Directory
3. RBAC
4. Management Groups

Answer 144

4. Management Groups

Management Groups - a hierarchy of subscriptions; can have many subscriptions, and group them, and put those groups into other groups

Question 145

Which two options can you use to connect Azure Virtual Networks (VNets) to each other?

1. VNet Peering
2. Azure Front Door
3. VPN Gateways
4. Azure Traffic Manager
5. Azure Express Route

Answer 145

1. VNet Peering

3. VPN Gateways