Azure Fundamentals: Describe Azure Architecture and Services

Question 1

You are required to deploy an app on two VMs. The following is required: High availability access, Separate fault and update zones, Minimal latency between instances.
Choose the best configuration below:
- Separate resource groups in the same region
- Separate availability sets
- Separate availability zones
- Separate regions in a regional pair.

Answer 1

Separate Availability Zones

Question 2

Where are availability zones deployed ?

Answer 2

In separate data centers in the same region

Question 3

What are the benefits of availability zones ?

Answer 3

Same region therefor low latency
Separate locations hence separate fault and update zones

Question 4

What is an availability set ?

Answer 4

Separate deployments in the same data center

Question 5

How do you lock all resource contained within a resource group ?

Answer 5

Set the lock to read-only

Question 6

Can a resource group contain resources from a different region ?

Answer 6

Yes

Question 7

Can resources from one resource group comunicate with another ?

Answer 7

Yes Resource groups are primarily for management purposes

Question 8

You need to deploy templates based on existing resources across some new additional resources. What should you use ?

Answer 8

Azure Resource manager to automate resource deployments using templates.

Question 9

What are Resource Groups used for ?

Answer 9

Managing resources as a set.

Question 10

What is Azure Monitor used for ?

Answer 10

Analyzing and acting on data.

Question 11

Are Regions always paired with other regions ?

Answer 11

Yes

Question 12

How may data centers will a region contain

Answer 12

One or more

Question 13

What specifies the location of resources ?

Answer 13

Regions

Question 14

What allows you to control the type of resources that can be deployed ?

Answer 14

Azure Policy

Question 15

When a resource group is deleted, what happens to the resources ?

Answer 15

They are deleted too.

Question 16

How many subscriptions can an Azure account create ?

Answer 16

Multiple. Billing occurs at the subscription level

Question 17

If you have three departments that must each receive a bill, how many subscriptions should you create ?

Answer 17

Three. Billing occurs at the subscription level.

Question 18

Can you transfer an existing subscription to a new Azure AD tenant ?

Answer 18

Yes

Question 19

How are quotas for resource groups managed ?

Answer 19

By Region

Question 20

How do you organize multiple subscriptions ?

Answer 20

Management Groups

Question 21

What is an organizations top level Azure Hierarchy category ?

Answer 21

Azure AD Tenants

Question 22

What does a Network Security Group do ?

Answer 22

It defines rules that allow or deny inbound/outbound traffic.

Question 23

What prevents excess, malicious HTTP traffic to Azure resources ?

Answer 23

DDoS Protection

Question 24

How do you restrict network traffic across subscriptions ?

Answer 24

Use Azure Firewall to create rules.

Question 25

What does the traffic manager do ?

Answer 25

Uses DNS to direct requests to the appropriate geographical location endpoint.

Question 26

What is an Application gateway

Answer 26

A load balancer that manages traffic to your web applications.

Question 27

What remote desktop clients does Azure Virtual Desktop support ?

Answer 27

MacOS, iOS, Windows, Web, Android.

Question 28

Name two things which you can use to connect Azure Virtual Networks to one another

Answer 28

VPN Gateways and VNet Peering

Question 29

What is VNet peering ?

Answer 29

The proccess to connect two or more VNets in Azure

Question 30

What is Azure Front Door ?

Answer 30

A global entry point for customers accessing web apps, APIs, content and cloud services.

Question 31

In what scope are Vnets created ?

Answer 31

The scope of a region

Question 32

Can Vnets from different regions be connected ?

Answer 32

Yes via Global Vnet peering

Question 33

What is a container instance ?

Answer 33

A lightweight, virtualized app enviroment

Question 34

What are Azure functions ?

Answer 34

A way to run small pieces of code in the cloud

Question 35

What kind of data transfer does Virtual network peering support ?

Answer 35

Transfer between:
Tenants
Subscriptions
Deployment models

Question 36

What should you use to provision virtual machines automatically ?

Answer 36

Scale Sets

Question 37

you need to bring azure storage into you virtual network with a dedicated IP address. Which solution should you use ?

Answer 37

Create a private endpoint (IP address) then connect to the azure storage with an Azure Private link.

Question 38

Why would file storage be beneficial for network sharing across Azure cloud, windows, linux and mac OS ?

Answer 38

File storage allows access via SMB protocol, REST and native client libraries. This meets the requirements.

Question 39

Do Azure SQL database and SQL Server (on VM) directly support NoSQL ?

Answer 39

No

Question 40

Which Azure database product supports key-value, document data models, native supports for NoSQL ?

Answer 40

Azure Cosmos DB

Question 41

What storage option supports persistent storage for Azure Container Instances ?

Answer 41

Azure Files

Question 42

What is AzCopy used for ?

Answer 42

A command line tool used to upload and download data to and from Azure Blob storage

Question 43

Can you use Azure Storage explorer to transfer an on premises virtual hard disk to azure ?

Answer 43

Yes

Question 44

How does Locally redundant storage replicate data ? DELETE

Answer 44

Writes locally to three disks within one datacenter

Question 45

How does Azure geo-redundant storage store data ? DELETE

Answer 45

Three copies of your data are written in two regions

Question 46

Is the archive storage tier available at the account level ?

Answer 46

No

Question 47

What type of storage incurs a penalty if data is deleted within 30 days ?

Answer 47

Cool

Question 48

What kind of storage account supports Blob, queue and table storage services ?

Answer 48

Standard general-purpose (v2)

Question 49

Is Azure DDoS Protection shield enabled automatically ?

Answer 49

No

Question 50

Does Azure DDoS protection cover multiple subscriptions ?

Answer 50

Yes

Question 51

What is authentication?

Answer 51

The process of proving that somebody is who they say they are.

Question 52

What is authorization ?

Answer 52

The process of verifying that an authenticated user has access to certain functions

Question 53

What license is required to publish on premises web apps ?

Answer 53

Premium

Question 54

What tier license allows users to reset their own passwords ?

Answer 54

Premium

Question 55

How does Azure AD support authorization ?

Answer 55

Role Based Access Control

Question 56

What authentication types are supported by SSPR and MFA ?

Answer 56

Password, SMS, Voice call

Question 57

What solution provides provisions, manages and deploys public and private SSL/TLS certificates ?

Answer 57

Key Vault stores cryptographic keys.

Question 58

Is Microsoft defender limited to just Windows OS ?

Answer 58

No. Works with Server 2008 and some Linux distros

Question 59

What does Microsoft sentinel do ?

Answer 59

Simplifies security operations.

Question 60

What is Azure dedicated Hosts ?

Answer 60

Isolated servers where you run your organizations workload only.

Question 61

Define Defense in depth

Answer 61

Implementing multiple layers of security to slow down an attack and provide early telemetry to act upon.

Question 62

What is a Application Security Group ?

Answer 62

Allows you to define network security policies based on groups of instances.

Question 63

Your company is planning on using Azure AD for authentication to the resources defined in Azure. Does Azure AD have built-in capabilities for securing authentication and authorization to resources?

Yes 
No

Answer 63

Yes

Question 64

A company is planning on purchasing Azure AD Basic for their Azure account. Does the Azure AD Basic tier come with an SLA of 99.9%?

Yes 
No

Answer 64

Yes

Question 65

A company wants to try out some services which are being offered by Azure in Public Preview. Do the services in Public Preview in Azure come with an SLA?

Yes 
No

Answer 65

No

Question 66

A company needs to create around 50 customized Virtual Machines. Out of these 20 are Windows based Virtual machines and 30 are Ubuntu Machines. Which of the following would help reduce the administrative effort required to deploy the machines?

Azure Load Balancer 
Azure Web Apps 
Azure Traffic Manager 
Azure ScaleSets

Answer 66

Azure Scale Sets

Question 67

An IT administrator for a company has been given a powershell script. This powershell script will be used to create several Virtual Machines in Azure. You have to provide a machine to the IT administrator for running the powershell script.You decide to provide a computer that has MacOS and Powershell Core 6.0 installed.Would this solution fit the requirement?

Yes 
No

Answer 67

Yes

Question 68

A company is planning on setting up a solution in Azure. The solution would have the following key requirement: A tool that provides guidance and recommendations to improve an Azure environment. Which of the following would be best suited for this requirement?

Azure Advisor 
Azure Cognitive Services 
Azure Application Insights 
Azure Devops

Answer 68

Azure advisor

Question 69

A company is planning on setting up a solution in Azure. The solution would have the following key requirement A tool used to monitor Web applications hosted in production based environments Which of the following would be best suited for this requirement?

Azure Advisor 
Azure Cognitive Services 
Azure Application Insights 
Azure Devops

Answer 69

Azure Application Insights

Question 70

A company needs to implement a solution in Azure. Below are the key requirements for this solution Ability to store JSON documents Ensure low latency access to data from around the world Which of the following data solution would you consider for this requirement?

Azure SQL Database 
Azure CosmosDB 
Azure SQL Datawarehouse 
SQL Server Stretch database

Answer 70

Azure CosmosDB

Question 71

When assigning tags to a resource groups, Would the resources in the resource group also inherit the same tags?

Yes 
No

Answer 71

NO

Question 72

Would resources in a resource group inherit the same permissions applied to a resource group?

Yes 
No

Answer 72

Yes
Heirachy

Question 73

A company has a requirement to deploy 10 Azure resources for several departments. All of the resource types and configurations are the same. Which of the following could be used to automate the deployment of the resources using infrastructure as code?

Azure Resource Manager templates 
Virtual machine scale sets 
Azure API Management service 
Management groups

Answer 73

Azure Resource Manager templates

Question 74

A company has deployed their solutions on to Azure. They have users that connect to Azure AD via the Internet. They have the requirement that if users try to login from an anonymous IP address, they are then prompted to change their password. Which of the following should the company consider for this requirement?

Azure AD Connect Health 
Azure AD Privileged Identity Management
Azure AD Identity Protection

Answer 74

Azure AD Identity Protection

Question 75

A company plans to setup multiple resources in their Azure subscription. They want to implement tagging of resources in Azure. But they want to ensure that when resource groups are created, they have to contain a tag with a name of “organization” and value of “ipspecialist”. You recommend using Azure policies for implementing this requirement Would this recommendation fulfil the requirement?

Answer 75

Yes

Question 76

You to ensure that resources within a resource group don’t get accidentally deleted. Which of the following would you use for this purpose?

Access Control 
Policies
Locks 
Diagnostics settings

Answer 76

Locks

Question 77

A company wants to purchase an Azure support plan. Below is a key requirement from the support plan Regular architecture reviews from Microsoft for the company’s Azure environment Which of the following plan would the company need to purchase to fulfil this requirement?

Premier 
Developer 
Professional Direct 
Standard

Answer 77

Premier

Question 78

A company wants to host a mission critical application on a set of Virtual Machines in Azure. They want to ensure they can setup the infrastructure in Azure to guarantee the maximum possible uptime for the application. Which of the following can you make use of in Azure to fulfil this requirement? Choose 2 answers from the options given below

Resource Groups 
Availability Zones 
Availability Sets 
Resource Tags

Answer 78

Availability Zones
Availability Sets

Question 79

A company wants to create multiple data stores in Azure. They want to have storage layers that can be used to store data that is infrequently used. Which of the following storage tiers for Azure BLOB storage would be suitable for this type of requirement? Choose 2 answers from the options given below

Premium storage 
Hot storage 
Cool storage 
Archive storage

Answer 79

Cool storage
Archive storage

Question 80

You have the following data storage requirements: Data must be stored on multiple nodes. Data must be stored on nodes in separate geographic locations. Data can be read from the secondary location as well as from the primary location Which of the following Azure stored redundancy options should you recommend?

A. Geo-redundant storage

B. Read-only geo-redundant storage

C. Zone-redundant storage

D. Locally redundant storage

Answer 80

Read-only geo-redundant storage

Must be read and seperate geographic locations

Question 81

The web tier plan must meet the following requirements: The web apps will use custom domains. The web apps each require 10 GB of storage. The web apps must each run in dedicated compute instances. Load balancing between instances must be included. Costs must be minimized. Which web tier plan should you use?

A. Standard

B. Basic

C. Free

D. Shared

Answer 81

Basic

Question 82

A company wants to setup users in their Azure Account. They have segregated their users into groups. They now want to ensure they set the right permissions for users and administrators accordingly. They need to manage the permissions effectively. You recommend using Azure Role Based Access Does this recommendation meet the requirement?

Answer 82

Yes

Question 83

A company wants to host their applications on Azure using serverless components. They don’t want to manage the underlying infrastructure for the application. Which of the following could be used to implement a workflow that could be run on a serverless infrastructure?

Azure Logic Apps 
Azure Service Bus 
Azure Function App 
Azure Storage

Answer 83

Azure Logic Apps

Question 84

An IT Engineer needs to create a Virtual Machine in Azure. Currently the IT Engineer has a Windows desktop and has installed the Azure Command Line interface. Which of the following would the IT engineer need to install and then use the Azure Command Line Interface? Choose 2 answers from the options given below

Powershell 
File and Print Explorer
 Command Prompt 
Control Panel

Answer 84

PowerShell
Command Prompt

Question 85

Does the Standard Support plan come along with the Azure Free Account?

Yes 
No

Answer 85

No

Question 86

A company is planning on purchasing Azure AD Premium for their Azure account. Does the Azure AD Premium tier come with an SLA of 99.9%?

Answer 86

Yes

Question 87

A company is planning on using Azure Storage Accounts. They have the following requirement Storage of 2 TB of data Storage of a million files Would using Azure Storage fulfil these requirements?

Yes 
No

Answer 87

Yes

Question 88

Can a Azure storage account automatically replicate data to another region?

Yes 
No

Answer 88

Yes

Question 89

A company wants to make use of Azure for deployment of various solutions. They want to ensure that suspicious attacks and threats to resources in their Azure account are prevented. Which of the following helps prevent such attacks by using in-built sensors in Azure?

Azure AD Identity Protection 
Azure DDoS attacks 
Azure privileged identity management 
Azure Advanced Threat protectio

Answer 89

Azure Advanced Threat protection

Question 90

Which of the following can assist the company in getting the required compliance reports?

Azure AD 
Microsoft Trust Center 
Azure Advisor 
Azure Security Center

Answer 90

Microsoft Trust Center

Question 91

Would the Azure Advisor tool give recommendations on how to configure Virtual Network settings?

Answer 91

No

Question 92

A company is planning on deploying resources to Azure. Which of the following in Azure provides a consistent management layer for deploying objects to the Azure Cloud Infrastructure?

Azure Resource Groups 
Azure policies 
Azure Management Groups 
Azure Resource Manager

Answer 92

Azure Resource Manager

Question 93

A company has a number of resources hosted in Azure. They want to have a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud. Which of the following service would you use for this requirement?

Azure Event Hubs 
Azure Analysis Services 
Azure Advisor 
Azure Monitor

Answer 93

Azure monitor

Question 94

A company has a virtual machine defined as demovm. This Virtual Machine was created with the standard settings. Now this virtual machine needs to communicate with other Azure resources within the Virtual Network You modify the Network Security Groups Would this solution fit the requirement?

Answer 94

Yes

Question 95

For high severity cases, a response within 15 minutes.
A recommendation is made to purchase the Premier Support plan. Would this recommendation fulfil the requirement?

Answer 95

Yes

Question 96

You have to ensure that traffic restrictions are in place so that the database server can only communicate with the web server.

Which of the following would you recommend for implementing these restrictions?

Network security groups (NSGs) 
Azure Service Bus 
A local network gateway 
A Virtual Private Gateway

Answer 96

NSG

Question 97

Are Azure services in public preview available to all customers?

Answer 97

Yes

Question 98

Is it possible to create resources in different subscriptions?

Answer 98

Yes

Question 99

A company is planning on setting up a solution in Azure. The solution would have the following key requirement:
Provide the ability to distribute user traffic to a set of backend Virtual Machines.

Azure Content Delivery Network 
Azure SQL Datawarehouse 
Azure Load Balancer 
Azure HD Insigh

Answer 99

Azure Load Balancer

Question 100

A company needs to deploy several virtual machines. Each of these virtual machines will have the same set of permissions. To minimize the administrative overhead, in which would you deploy the Azure Virtual Machines?

Azure policies 
Azure Virtual Machine Scale sets 
Azure Resource Groups 
Azure Tags

Answer 100

Azure Resource Groups

Question 101

The company would like to store the database password in a secure location. You recommend the usage of the Azure key vault for storage of the password. Would this fulfill the requirement?

Answer 101

yes

Question 102

A company needs to connect their On-premise data center to an Azure Virtual Network using a Site-to-Site connection. Which of the following would you create as part of this implementation?

Virtual Network 
Load Balancer 
Application Gateway 
Virtual Private Network Gateway

Answer 102

Virtual Private Network Gateway

Question 103

They want a way to manage identities in Azure. Which of the following is used as an Identity Management solution in Azure?

Azure AD 
Azure Advisor 
Azure Security Center 
Azure Monitor

Answer 103

Azure AD

Question 104

A company has several on-premise computers that run Windows 10. They want to map a network drive from these machines onto Azure Storage. Which of the following would you consider fulfilling this requirement?

An Azure SQL Database 
An Azure SQL Datawarehouse 
Azure Storage account – BLOB service 
Azure Storage account – File service

Answer 104

Azure Storage account – File service

Question 105

A company has a VPN device that will be used on a Site-to-Site connection from an on-premise location to Azure. Which of the following would be used to represent the VPN device?

DNS Zone 
Application gateway 
Local network gateway 
Virtual Network gateway

Answer 105

Local network gateway

Question 106

Would the Azure Advisor tool give recommendations on how to reduce the cost of running Azure Virtual Machines?

Answer 106

Yes

Question 107

IT engineers have a set of on-premise workstations that have the following flavors of operating systems

Windows 10

MacOS

Ubuntu

Which of the following tools can you use on the Windows 10 machines?

The Azure CLI and Azure Portal only 
The Azure CLI and Powershell only 
The Azure Portal and Powershell only 
The Azure CLI, Azure Powershell and Azure Portal

Answer 107

The Azure CLI, Azure Powershell and Azure Portal

Question 108

Provides a platform for creating workflows. Which of the following would be best suited for this requirement?

Azure Databricks 
Azure Logic Apps 
Azure App Service 
Azure Application Insights

Answer 108

Azure Logic Apps

Question 109

the ability to detect and diagnose anomalies in web apps Which of the following would be best suited for this requirement?

Azure Databricks 
Azure Logic Apps 
Azure App Service 
Azure Application Insights

Answer 109

Azure Application Insights

Question 110

Provide an option to contact Microsoft support engineers by phone or email. A recommendation is made to purchase the Standard Support plan Would this recommendation fulfill the requirement?

Answer 110

Yes

Question 111

You want to have the ability to manage the user access to resources across multiple subscriptions. Which of the following can help you achieve this requirement?

Resource Groups
Management Groups 
Azure Policies 
Azure App Service

Answer 111

Management Groups

Question 112

Most Azure services normally follow the below lifecycle First they are deployed in private preview Then are released in public preview And then finally they are released in General availability Is this true for the lifecycle for an Azure service?

Answer 112

Yes

Question 113

When it comes to the Service Level Agreement, does Microsoft provide an SLA of 99.99% uptime for Storage Accounts?

Answer 113

Yes

Question 114

You need to Provide a solution to create and manage a group of identical, load balanced Virtual Machines. Which of the following would be best suited for this requirement?

Azure Data Lake Analytics 
Azure Virtual Machine Scale Sets 
Azure Virtual Network 
Azure App Service

Answer 114

Azure Virtual Machine Scale Sets

Question 115

You need to ensure that traffic can flow into the Virtual Machine on port 8080. Which of the following must you modify to make this work?

Network Interface Card 
Network Security Group 
Route Tables 
Route Filters

Answer 115

Network Security Group

Question 116

You have an Azure environment that contains 10 virtual networks and 100 virtual machines. You need to limit the amount of inbound traffic to all the Azure virtual networks. What should you create?

One network security group (NSG) 
10 virtual network gateways 
10 Azure Express Route circuits 
One Azure firewall

Answer 116

One Azure Firewall
Inbound traffic coming from the outside

Question 117

Which Azure service should you use to correlate events from multiple resources into a centralized repository?

Azure Event Hubs 
Azure Analysis Services 
Azure Monitor 
Azure Log Analytics

Answer 117

Azure Log Analytics

Question 118

As a best practice, all resources that are part of an application and share the same lifecycle should exist in the same?

Availability set 
Region 
Resource group

Answer 118

Resource group

Question 119

Azure Resource Manager templates use which format?

HTML 
JSON 
XML

Answer 119

JSON

Question 120

Which of the following is used to ensure availability during maintenance events?

Availability Set 
Availability Zone 
Scale Set

Answer 120

Availability Set

Question 121

Which management tools would best allow you to do manage remotely from your Android phone with the least amount of administrative effort?

Azure CLI 
Azure portal 
Powershell

Answer 121

Azure CLI

Question 122

You plan to create an Azure virtual machine. You need to identify which storage service must be used to store the unmanaged data disks of the virtual machine. What should you identify?

Containers 
File shares 
Tables 
Queues

Answer 122

Containers

Question 123

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure firewall. Does this meet the goal?

Answer 123

Yes

Question 124

Which of the following could grant or deny access based on the originating IP address?

Azure Active Directory 
Azure Firewall 
VPN Gateway

Answer 124

Azure Firewall

Question 125

Which of the following services would you use to filter internet traffic in your Azure virtual network?

Azure Firewall 
Network Security Group 
VPN Gateway

Answer 125

Network Security Group

Question 126

Which of the following should you use to download published audit reports and how Microsoft builds and operates its cloud services?

Azure Policy 
Azure Service Health 
Service Trust Portal

Answer 126

Service Trust Portal

Question 127

Which of the following provides information about planned maintenance and changes that could affect the availability of your resources?

Azure Monitor 
Azure Security Center 
Azure Service Health

Answer 127

Azure Service Health

Question 128

Which of the following can be used to help you enforce resource tagging so you can manage billing?

Azure Policy 
Azure Service Health 
Compliance Manager

Answer 128

Azure Policy

Question 129

Which of the following lets you grant users only the rights they need to perform their jobs?

Azure Policy 
Compliance Manager 
Role-Based Access Control

Answer 129

Role-Based Access Control

Question 130

Which of the following items would be good use of a resource lock?

An ExpressRoute circuit with connectivity back to your on-premises network 
A non-production virtual machine used to test occasional application builds 
A storage account used to temporarily store images processed in a development environment

Answer 130

An ExpressRoute circuit with connectivity back to your on-premises network

Question 131

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.

What are two possible solutions?

Modify an Azure Traffic Manager profile
Modify a network security group (NSG)
Modify a DDoS protection plan
Modify an Azure firewal

Answer 131

Modify a network security group (NSG)
Modify an Azure firewal

Question 132

When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines…

To the same Azure region
By using the same Azure 
To the same resource group
To the same availability zone

Answer 132

to the same resource group

Question 133

How can the IT department ensure that employees at the company’s retail stores can access company applications only from approved tablet devices?

SSO 
Conditional Access 
Multifactor authentication

Answer 133

Conditional Access

Question 134

Which is likely the best way for companies to identify which billing department each Azure resource belongs to?

Track resource usage in a spreadsheet. 
Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department. 
Apply a tag to each resource that includes the associated billing department.

Answer 134

Apply a tag to each resource that includes the associated billing department.

Question 135

What are two possible techniques to segment Azure for the departments?

multiple subscriptions 
multiple Azure Active Directory (Azure AD) directories 
multiple regions 
multiple resource groups

Answer 135

multiple subscriptions
multiple resource groups

Question 136

You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines. You need to recommend which Azure resources must be created for the planned solution.

Which two Azure resources should you include in the recommendation?

a virtual network gateway 
a load balancer 
an application gateway 
a virtual network 
a gateway subnet

Answer 136

a virtual network gateway
a gateway subnet

Question 137

Which of the following is a logical unit of Azure services that links to an Azure account?

Azure Subscription 
Management Group 
Resource Group

Answer 137

Azure Subscription

Question 138

Can you use Availability Zones in Azure to protect Azure virtual machines from a datacenter failure

Answer 138

Yes

Question 139

What is the prime benefit of using region pairs ?

Answer 139

Reduces the likelihood of interruptions in both regions in event of a disaster

Question 140

Can NSG protect across subscriptions ?

Answer 140

No. Only protects resources within one subscription

Question 141

Which option of PostgreSQL should you use if you require to scale horizontally ?

Answer 141

Azure database for PostgreSQL HYPERSCALE (citus)

Question 142

Can a NSG be used to restrict apps on a VM ?

Answer 142

No. Only IT management

Question 143

Can you use NSG to restrict user account access to a VM ?

Answer 143

No. You must use RBAC for this.

Question 144

What do spot VMs/Instance provide ?

Answer 144

Reduce costs by taking advantage of un-utilized compute capacity.

Question 145

What is Azure Data Box Gateway ?

Answer 145

Allows you to periodically migrate large amounts of data to and from Azure Data Box (SMB)

Question 146

What service protocol does Azure Data Box Gateway use ?

Answer 146

Server Message Block (SMB)

Question 147

What is Azure Data Box Heavy ?

Answer 147

Physical data transfer service. Up to 100TB

Question 148

Is a Vnet a regional source ?

Answer 148

Yes

Question 149

Can you add or remove resources from a resource provide it’s not locked ?

Answer 149

Yes

Question 150

Can a resource reside in more than one resource group ?

Answer 150

No

Question 151

What must web apps be registered with to support authentication and authorization ?

Answer 151

Azure AD

Question 152

How does Azure Ad support authorization ?

Answer 152

RBAC

Question 153

What deploys public and private SSl/TLS certificates in Azure ?

Answer 153

Key Vault

Question 154

What is Microsoft defender ? DELETE

Answer 154

It monitors resources and
Provides advanced threat protection.
Gives recommendations.

Question 155

Will Microsoft defender automatically detect and assess new Azure resources ?

Answer 155

Yes

Question 156

What service provides an abstraction of servers, infrastructure and OS’s ?

Answer 156

Azure Functions

Question 157

Is shared access signature required to access Azure files ?

Answer 157

No

Question 158

What protects user identity and credentials within Azure AD ?

Answer 158

Microsoft defender for Identity

Question 159

What three key things will Microsoft Defender do ?

Answer 159

Prevent, detect and respond to security threats.

Question 160

Where should you verify any planned Azure maintenance ?

Answer 160

Service Health Dashboard

Question 161

What specifies the location of a resource ?

Answer 161

A region

*Although its a data center, you cannot chose the location exact location of the resource, only its region.

Question 162

What is Azure Storage Explorer ?

Answer 162

GUI tool that manages Azure Storage resources.

Question 163

Does the contributor role allow the ability to grant access to others?

Answer 163

No

Question 164

What is Azure Express route ?

Answer 164

A private connection between your organization and Microsoft Cloud services

Question 165

Can Azure Storage Encryption be disabled ?

Answer 165

No.
Enabled by default

Question 166

Are you charged for the use of Azure Virtual Desktop based on users ?

Answer 166

No

Question 167

Should Azure Virtual Desktop Users exist the the same Windows Server AD that is linked to Azure AD ?

Answer 167

Yes

Question 168

Where can a company automate resource deployments using templates ?

Answer 168

Azure Resource Manager

Question 169

Can you use Azure Files to periodically migrate data to Azure ?

Answer 169

Yes. Using SMB

Question 170

What redundant storage type allows replicated data to be accessed in two regions ?

Answer 170

Read Access Geo-Redundant Storage

Question 171

What is used to transfer data between Azure AD tenants ?

Answer 171

Azure Virtual Network Peering

Question 172

What Subscription allows you to evaluate Azure App services for 6 months ?

Answer 172

Free Subscription

Question 173

What does Defender for cloud do ?

Answer 173

Prevent, detect and respond to security threats.

Provides the tools needed to harden your resources, track your security posture, protect against cyberattacks

Question 174

What does Azure Information Protection do ?

Answer 174

Organize and protect documents/emails through use of labels.

Question 175

Does a container represent a single app and it’s dependencies ?

Answer 175

Yes

Question 176

How does Azure AD support authorization ?

Answer 176

RBAC

Question 177

What is a VPN gateway ?

Answer 177

Vnet gateway used to send encrypted traffic between an Azure Vnet and an on-premises location over the public Internet or Microsoft network.

Question 178

What does a site-to-site VPN connect your on premises network to ?

Answer 178

Azure Vnet

Question 179

You were tasked to look for a document sharing solution that you can map or mount in your on-premises Windows servers. What Azure service should you use?

Answer 179

Azure Files network file (SMB) protocol.

Question 180

What are managed disks ?

Answer 180

Managed disks are like a physical disk in an on-premises server but virtualized.

Question 181

What Azure service should you use if you want your application to have a higher level of availability and to evenly distribute internal traffic across virtual machines within a VNET?

Answer 181

Private Load Balancer

Question 182

What does a private load balancer do ?

Answer 182

Distributes traffic to resources that are inside a virtual network.

Question 183

What is a public load balancer ?

Answer 183

Provides outbound connections for virtual machines (VMs) inside a virtual network.
Also used to used to load balance Internet traffic to your VMs.

Question 184

What is Azure app service ?

Answer 184

Enables you to build and host:
web apps
mobile back ends
API’s in many languagesF

Question 185

What does azure logic apps do ?

Answer 185

Schedules, automates and orchestrate tasks, business processes, and workflows.

Question 186

What are the benefits of Azure Vnet ?

Answer 186

Utilizes Azure’s infrastructure to provide scalibility, availability, and isolation.

Question 187

What is blob storage optimized for ?

Answer 187

Storing massive amounts of unstructured data.

Question 188

What are Azure disks optimized for ?

Answer 188

Like physical disk in an on-premises server but virtualized

Question 189

What are Azure Tables optimized for ?

Answer 189

Storing large amounts of structured data. E.g. NoSQL

Question 190

What are Azure Files optimized for ?

Answer 190

Highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol.

Question 191

You plan on migrating several virtual machines to Azure for your frontend and backend applications. There is a compliance requirement wherein the back-end servers must be on a separate network segment. What Azure solution should you implement?

Answer 191

Azure Vnet fo both the front and back end servers,

Question 192

By default can Vnets communicate with one another ?

Answer 192

No. Should set up peering for comms.

Question 193

How many copies of data will be maintained by the Azure storage account that uses geo-zone-redundant storage (GZRS) at the minimum?

Answer 193

6

Question 194

LRS copy locations ?

Answer 194

Question 195

ZRS copy location

Answer 195

Question 196

GRS copy location ?

Answer 196

Question 197

GZRS copy location

Answer 197

Question 198

What layer does Azure front door work at ?

Answer 198

Layer 7

Question 199

What does Azure Load Balancer do ?

Answer 199

Distributes inbound flows that arrive at the load balancer’s front end to backend pool instances.

Question 200

A company is migrating its TDPortal to Azure. The website is accessed by users worldwide for video streaming services. You need to recommend a solution that will provide reduced load times and high transfer speeds. What Azure service should you recommend?

Answer 200

Azure Content Delivery Network is a distributed network of servers that can efficiently deliver web content to users.

Question 201

What are availibility zones ?

Answer 201

Unique physical locations within an Azure region. Each zone is made up of one or more data centers.

Question 202

A company has hundreds of virtual machines that are dispersedly hosted across multiple virtual networks and subscriptions. You are tasked to limit the amount of outbound HTTPS traffic to a specified list of fully qualified domain names (FQDN) as well as limit the inbound traffic to the virtual networks. What must be done to satisfy the above requirement?

Answer 202

Integrate Azure Firewall to your network architecture

Question 203

What does the service trust portal provide ?

Answer 203

Security, privacy and compliance practices

Question 204

Can a NSG manage VMs across multiple Vnets and scubscriptions ?

Answer 204

NO

Question 205

What is Azure cost management billing ?

Answer 205

Manage your spending and billing habbits

Question 206

What are NSGs attatched to ?

Answer 206

Subnet or network interface

Question 207

Where is the regulatory compliance dashboard located ?

Answer 207

Microsoft Defender for Cloud

Question 208

What is Azure Arc

Answer 208

multi-cloud and on-premises management platform.