big group Flashcards
Which cloud model should be used in this instance?
A company wants to deploy multiple servers to host web applications but wants to keep hardware cost and manageable cost to a minimum. The solution should be highly scaleable
public model
Which cloud model should be used in this instance?
A company needs to implement a solution where it maintains management control over hardware and infrastructure. The solution can be physically deployed offsite
Private model
Which cloud model should be used in this instance?
A company plans to use a custom software as a service application and wants to minimize cost. The company is legally required to maintain and secure all data onsite.
Hybrid model
Which cloud model should be used in this instance?
Your company wants to create a virtual network with 10 virtual machines and no capital expenditure costs
public
Which cloud model should be used in this instance?
Your company wants to control the methods used to have a high level of security for its resources
private
Which cloud model should be used in this instance?
Your company does not have IT experts or the money to purchase its own servers
Public
A private cloud requires
the infrastructure to be on a private network
Your company plans to migrate applications and services to the cloud. You recommend for a hybrid cloud to be deployed. Why would you make this recommendation?
To augment on-premise resources by providing overflow capacity.
Your company deploys resources in Azure. According to the shared responsibility model, which task will you be required to perform?
Install critical updates on virtual machines
Benefits of moving the infrastructure to the cloud
(T/F) You can use horizontal scaling for the web server
True
Benefits of moving the infrastructure to the cloud
(T/F) You can resize the disk on demand on mail server if email messages increase
True
What is an advantage of using public cloud over a private cloud?
Costs are lower and spread among multiple tenants
Manually increasing or decreasing resources to meet a predictable workload is called
scalability
Automatically increasing or decreasing resources to meet spikes and drops in demand is called
Elasticity
Speed and flexibility in allocation and deallocation of required resources is called
Agility
(T/F) Azure active directory is used to manage API cryptographic keys
False
(T/F) Azure Storage encryption is enabled by default and cant be disabled
True
(T/F) Azure ExpressRo7ute is used to secure traffic between virtual networks
False
In infrastructure as a service cloud model, the subscriber is responsible for the management of what?
operating system
application
runtime
middleware
data
In Iaas the service provider is responsible for
virtualization
servers
storage
physical networking
(T/F) The service provider is responsible for all infrastructure hardware in SaaS, PaaS, and IaaS
True
(T/F) Creating a virtual machine running Windows server 2016 is a example of PaaS
False
(T/F) SaaS gives you a way to give users access to sophisticated applications in a pay-as-you-go enviornment
True
(T/F) IaaS allows you to rent hardware and have control over the operating system
True
(T/F) PaaS allows you to manage applications without controlling the underlying OS
True
(T/F) SaaS allows you to subscribe to software
True
In a Platform as a Service, the customer service is in responsible for
Data, application
In Platform as Service, the provider is responsible for
Operating system, storage, virtualization
Which cloud service model should be used in this instance?
A company needs to deploy an Ubuntu Linux virtual machine to run a resource-intensive data analysis application
IaaS
Which cloud service model should be used in this instance?
A company needs to make productivity applications available to all employees, including those that work from home, on a pay-as- you-go basis
SaaS
Which cloud service model should be used in this instance?
A company needs to develop a web app designed to ruin on both computers and mobile devices and manage the application lifecycle
PaaS
Which cloud service model should be used in this instance?
A company needs to transition an on-premise data center to the cloud with minimal impact on users
IaaS
(T/F) about shared responsibility in the cloud
the customer always retain responsiblity for the data
True
(T/F) about shared responsibility in the cloud
The responsibility for the management of accounts is transferred to the cloud provider
False
(T/F) about shared responsibility in the cloud
The responsibility for the operating system in Platform as a service is retained by the customer
False
You need to deploy serverless solution that meets the following requirements
-executution is triggered through an https request
-you pay only for the time that the code runs
-you do not have to manage the application infrastructure
Azure functions
with __________ developers deploy code and pay for its runtime only, without worrying about the provisioning configuration and management of the underlying infrastructure
serverless computing
(T/F) Azure IaaS provides and manages container orchestrators
False
(T/F) Resources can be allocated on a pay as you go basis whenever needed in IaaS
True
(T/F) you are responsible for managing application and middleware while azure manages operating system in Iaas
False
Which cloud service model should be used in this instance?
Use provider managed hardware to run a customized database
IaaS
Which cloud service model should be used in this instance? use a provider managed calender to schedule appointments and meetings
Software as a Service
Which cloud service model should be used in this instance? User provider managed business intelligence services to analyze marketing trends
Paas
Which cloud service model should be used in this instance?
You need to find a cloud solution that allows the highly customized web application to run without requiring management of operating system settings or services. However, the company’s web developers must be able to maintain customizations
Deploy the web app functionality using PaaS
A company is deploying a critical business application on two virtual machines. The deployment needs to support:
-highly available access
-separate fault and update zones
-minimal latency between instances
most users who needs to access the application are in Azure East US2 region
Separate availability zones
(T/F) Locking a resource group as read-only locks all resources contained in the group
True
(T/F) A resource group contain resources from the same region as the resource group only
false
(T/F) You can add a resource to remove a resource group from a resource from a resources group as long as the resource group is not locked
True
(T/F) Resources can interact with other resources in a different resource group
True
A company wants to expand its cloud presance by deploying additional resources to Azure. The company plans to use templates based on existing resources to automate the deployment process. Ensuring consistent deployment is critical. What should the company use?
Azure Resource manager
What describes regions
-regions are always paired with other regions
-regions contain one or more datacenters
-regions specify the location of resources
Description of containers
-container can be accessed over the internet by IP address or domain name
-a container can run on windows or linux
-a container can scale out as needed
-a container represents a single app and its dependencies
What is the purpose of a resource group?
it serves as a container for azure resources like virtual machines and web apps
(T/F) You can transfer an existing subscription to a new Azure active directory tenant
True
(T/F)Quotas for resource in Azure resource group are per region rather than per subscription
True
(T/F) All users and groups with role-based acces to manage the subscription lose their accesss
True
(T/F) System-assigned managed identities are re=enabled automatically
False
(T/F) moving a subscription that owns an azure kubernetes services cluster causes the cluster to lose functionality
True
You need to ensure that your resources are replicated and hosted 200 miles away within the same geographic area, to minimize impact on your solutions’ avaiability in case of disaster
Region pairs
Management groups let you organize mutiple
subscriptions as a single management entity to facilitate easier management
You want to allow inbound traffic to an azure virtual machine from only specific ip address
network security group
you want to prevent a malicious flood of http traffic to a vm that host internet information services
distributed denial of service protection
you want to create a rule that restricts network traffic across subscriptions
azure firewall
(T/F) Azure virtual desktop supports remote desktop clients on MacOS and iOS
True
(T/F) you are in charge for the use of azure virtual desktop for a monthly basis according to active users
false
(T/F) azure virtual desktop users should exisit in the same windows server active directory that is linked to azure ad
true
Which azure resource fits this scenario
migrate a workload from an on-premise hyper v host to azure, still retaining full control over the operating system
azure virtual machine
Which azure resource fits this scenario
deploy a web application using platform as a service for scalability and security
azure app services
Which azure resource fits this scenario
build an event driven solution and pay only for the time you spent running your code
azure funcitons
Which two options can you use to connect azure virtual networks to each other?
VPN Gateways
VNet Peering
_____ is a service that enables private connectivity between your on-premise network and microsoft azure or microsoft 365
Azure expressroute
_________ is a global endpoint that works at layer 7(https/’http) to enable fast, secure, and widely scalable web applications
azure front door
___________ azure traffic manager is a DNS based traffic load balancer that allows optimal distribution of traffic to azure services spread across global azure region
azure traffic manger
(T/F) Expressroute traffic is routed through a private connection
True
(T/F) Traffic between peered virtual network is routed over the public internet
False
(T/F) A vnet is created within the scope of the region
True
________ enables you to perform automated deployment from azure devops
Azures App service
________is a cloud-based set of tools and services for software developers
Azure Devops
_______is a data management tool that enables you to connect to and quert data stores, build visually stunning reports, and custom analytics solutions
Azure Data Studio
_______is a family of cloud based relational database services built on microsoft sql server technology
Azure sQL
Creating highly portable, scalable app instances that includes the binaries and libraries required to run can be done using ______
containers
(T/F) Virutal network peering can be sued to connect virtual networks across azure regions
True
(T/F) Virtual netwrok peering can be used to transfer data between azure active directory tenants
True
(T/F) Configuring peering requires a short downtime for the peered virtual network
False
You manage a developed team that needs to focus all its efforts on creating and maintaining application code. Your team does not have the resources to provision and scale the infrastructure your applications required to run. What should you do?
Create an azure function subscription and upload your code
_____typically contain only the binaries and libraries to run a single app or service
containers
_____is a stored virtual machine machine configuration. used to speed up deployment of frequently used operating system configurations
template
_____provides an automated way to control and automate many of the same tasks that can be performed through azure portal such as creating and managing machines, networking, storage, and more. can also be used to manage multiple azure subscriptions and save time by avoiding the manual entry of repetitive commands
Azure command line interface
you need to bring azure storage into your virutal network with a dedicated ip address what do you do?
create a private endpoint with azure private link
a company wants to host data disks in the azure cloud. The data disk must be available to other on-premise machines running windows, linux, and mac os using network sharing via server message block protocol . data must be secure both at rest and in transit. Which storage product solution?
File storage
___ stores data as a virtual hard disk that is available to the vm to which the disk is attached. does not provide any outside access
disk storage
_____ designed for storing large quantities of unstructured data.
blob storage
____ provides storage to retrieve and persist state
Azure files
planning to deploy and need to meet the following requirements:
-up to 10 tb of storage
-azure premium storage
-point in time restore for up to 35 days
need to select deployment and pricing tier
Azure database for Postgres SQL SIngle Server General purpose tier( supports up to 16tb and uses azure premium storage. point in time is met by all azure database for postgres SQL deployments
you need to ensure that your database can scale horizontally and suport the query parallelization for faster response on a large dataset, without your teams involvement in database or operating system. which deployment option of postgres should you use?”
Azure database for postgres sql hyperscale (citus)
Which resource fit this scenario?
fast migration of sql server from on-premise to azure with retention of operating system access
sql server on azure vms
Which resource fit this scenario?
cost-effective, serverless database with an intermittent usage pattern and a low compute utilization over time
azure sql databricks
Which resource fit this scenario?
live=and shift of on premise sql server with minimal changes to an azure platform as a service solution
azure sql managed instances
which two solutions should you use to transfer an on-premise virtual hard disk to azure?
Azure storage explorer
azCopy
match azure storage blob with associated desc
incurs penalties for data deleted within days
cool
match azure storage blob with associated desc
is not available at account level
archive
match azure storage blob with associated desc
incurs highest rehydration cost
archive
blob storage:
____ offers highest performance and lowest access latencies but is more expensive storage tier. intend to hold data that is accessed frequently
hot
blob storage:
____ tier is designed to hold data that only requires infrequent access. must be stored for at least 30 days
cool
blob storage:
___designed to hold data that is rarely requires access. not available at account level
archive
_________ storage account supports blob, queue, and table storage services
standard general-purpose v2
(T/F) azure file can be access using the server mesasge block protocol
True
(T/F) azure files can be accessed using the network file system protocol
True
(T/F) a share access signature is required to access azure files
False
as part of a cloud migration, your azure cloud implementation has been initially seeded with 100tb of data. as the migration cointinues you need to periodically migrate data to azure using server message block. what two solutions meet this requirement?
Azure files
azure data box gateway
(T/F) virtual network from multiple subscriptions in your organization can link to the same azure ddos protection plan
True
which license should you use?
you want to publish on premise web apps using azure ad
premium
Which license should you use?
you want to use an on premise directory synchronization
free
Which license should you use?
you want on premise users to be able to reset their own passwrods
premium
(T/F) azure ad authentication and authorization support required integration with an on premise ad
false
(T/F) web apps must be registered with azure ad to support authentication and authorization services
True
(T/F) azure ad supports authorization through the use of role based access control
True
What does Azure ad premium p1 edition support?
Rolebased access control and conditional access
Included in azure ad p2 license
identity protection, service entitlement management, and privileged identity management, just in time access
authentication types supported by both sspr and mfa are
password
sms
voicecall
sspr authentication supports
passwrod, sms, voicecall, security question, email address
you need a security solution that helps provision, manage, and deploy secure socket layer/ transport layer security certificates. what should you use?
key vault
key vault features
-store cryptographic keys
-secure storage and controlled access to token ,password, certificates, api keys
-created and controlling encryption keys used to encrypt data
-provisioning, managing and deploying both public and private ssl/tls certificates
-secrets and keys protected by software or federal information processing standard
microsoft defender for identity helps
-advance threats and protect hybrid computing enviornment
-monitor users, entity behavior and credentials stored in active directory
-provide clear incident information
(T/F) microsoft defender for cloud supports monitoring, security recommendations, and advanced threat protection for cloud and on-premise virtual machine resources
True
(T/F) Microsoft defender for cloud provides native integration with microsoft defender antivirus in windows
True
(T/F) microsoft defender for cloud support is limited to windows operating system only
false
(T/F) microsoft defender for cloud can automatically discover and assess security for new azure resources as they are deployed
True
your azure tenaants include several internet facing web services. the web servers reply on data stored on azure sql database servers. the web servers are located in different virtual network subnets. the database servers have their endpoints exposed to subnets. you need to implement detailed controls over the type of connections supported between teh web servers and databse serves. you want to minimize the efforts and cost necessary to implement and paintain your solution
application security groups
network security groups
which azure security solution provides general security recommendation and suggest remidies to better secure your resoruces?
microsoft defender for cloud
is it true about azure dedicated host? a provided physical server is dedicated to your organizations workload only
true
is it true about azure dedicated host? you can share a provided physical server across you rmutiple azure subscriptions
false
is it true about azure dedicated host? you are charged per number of virtual machines deployed
false
which two organiztion-level insights can you derive from the regulatory compliance dashboard of microsoft defender for cloud?
number of passing and failing assignments
overall compliance score
azure intergrates with ____ to help prevent, detect , and respond to threats to azure resources
microsoft defender for cloud
application security groups lets you
organize simialr services so you can easily define and implement security policies based on those groups
factors that affect cost of an app service
instance type
number of instances
operating system
region
tier
select appropiate cost control mechanism:
your company plans to commit to a three year plan for virtual machines and storage resources to recieve a reduction in pay as you go prices
azure reservations
select appropiate cost control mechanism
your company plans ot make use of a free saas solution that lets your company monitor, allocate and optimize cloud spend in multi cloud enviornment
azure cost management
select appropiate cost control mechanism
your company wants to increase defauly limit on how many select resources of each type can be provisioned per azure region
azure resource manager
(t/f) spot pricing provides access to discounted azure compute resources
false
(t/f) spot virtual machines use the standard service level agreement for azure vms
true
(t/f) you can set the maximum price that you agree to pay
True
billing zone is a geographical grouping of azure regions used to determine billing based on _______
data transfers
(t/f) azure advisor makes shutdown recommendation based on cpu and memory utilization over the last seven days
false
(t/f) you can use azure advisor to reduce cost by resizing underutilized virtual machines
true
(t/f) tags can aid in cost management for your subscription, and each tag consist of a name, location, and value
false
you need to compare the cost of running an application workload in azure vs on premise. what should you do to ensure that you can use azure tco calculator to complete the task?
define server, database, storage, and networking workload
what resource or features fit this scenario?
you want to ensure that only virtual machines of a specific size are deployed to a resource group
policy
what resource or features fit this scenario?
you want to manage a collection of policy definitions
initiative
what resource or features fit this scenario?
you want to prevent virtual machines from being deleted by anyone after they are deployed
lock
what resource or features fit this scenario?
you want to prevent virtual machines from being deployed in a subscription
policy
what resource or features fit this scenario?
you want to review security recommendations related to deploying your resources
advisor
what resource or features fit this scenario?
you want to control the users who are allowed to create virtual network
rbac
what resource or features fit this scenario?
you want to ensure that only sql database instances can be added to a resourced named database-rg
policy
what resource or features fit this scenario? you want to ensure that only members of the sales group can access virtual machines in the sales-rg resource group
rbac
(T/F) locks can be applied in the context of specific users and roles
false
(T/F) when multiple locks are applied at different scopes, the most restrictive inherited lock applies
true
(T/F) a lock applies to all the resource contained in a scope and any new resources added to the scope
True
(T/F) role based access control roles takes precedence over locks
false
your company wants to ensure that it meets its internal compliance goals and that azure resource are compliant with company standards. this will include ongoing evaluation for compliance and the identification of non-compliant resources. what should you use?
azure policy
What should you use in this scenario?
you need to use information from azure security center to develop best practices recommendation for optimization
azure advisor
What should you use in this scenario?
you need to define a set of policies to help ensure compliance for resources contained in a resource group
initiative
your company uses azure blueprints to assist with its migration to azure. should be able to assign and publish blueprints what role should they be assigned?
blueprint operator
(T/F) when a blueprint is updated and the updated version is published, any assignment of the blueprints are updated automatically
false
(T/F) when a blueprint is unassigned, all of the resources assigned by the blueprint remains in place, but blueprint resource locking is removed
true
(T/F) when you delete a core blueprint, any assigned versions of the blueprint remains in place
true
(T/F) an initative is limited to being assigned to resource group or subscription only
false
(T/F) when an ititiative assignment is evaluated, all of the policies in that initiative are evaluated
true
(T/F) an initiative can only contain policies that are located in the same subscription
true
an azure initiative
is a collection of azure policies targeted toward reaching a single overall goal
which azure management tool provides a graphic interface for deploying, managing, and monitoring azure reosurces?
azure protal
(T/F)azure powershell can be used to create scripts to automate azure management tasks
true
(T/F) azure powershell virtual machine management is limtied to windows vm only
false
(T/F) azure powershell can be run in a browser in the azure cloud shell
true
(T/F) azure resource manager templates use azure powershell syntax
false
which ui elements best match the descriptions
a collection of customizable tiles that are displayed in the portal
dashboard
which ui elements best match the descriptions
a panel that slides out in a navigation sequesnce
blade
which ui elements best match the descriptions
a service that provides recommendation on high availability
azure advisor
(T/F) when running azure powershell with cloud shell, both linux specific and windows specific functionality is available
false
(T/F) cloud shell times out after 20 min of inactivity
true
(T/F) cloud shell provides a way to run azure command line interface and azure powershell on ios and android mobile devices
True
you deploy a new linux virtual machine and then manually adjust its configuration in azure portal to meet the requirements of your department vms configuration after the original deployment, so that you can reuse it as a template in the deployment of test an production vms
which two actions can you perform to achieve your goal?
export the azure resource manager templates from a resource
export the azure resource manager template from a resource group
what cases is service health beneficial?
-you want to be notified if your app service usage exceeds the usage quota
-you want to respond to planned service outage in virginia
-you want to implement a webhook on you website to display health incidents
which feature of azure monitor allows you to visually analyze telemetry data
application isnights
which monitoring features should you use for each scenario?
you want you and your team members to receive a text message when azure maintenance is planned
health alerts
which monitoring features should you use for each scenario?
you want to view the azure features that are planned to be deprecated
health advisories
which azure service can use autoscale to add or remove resources as appropriate to minimize cost and ensure optimum performance levels
azure monitor
which azure component provides information about planned maintenance and advisories such as deprecated offerings?
azure service health
a coworker informs you of a planned azure maintenance window. you attempt to verify this information using the tools shown. You are still uncertain if the maintenance will impact the services you use. What should you do to determine how this maintenance might impact your organization?
verify any planned maintenance via the service health dashboard
