Describe Azure Management and Governance (Dojo) Flashcards
Which Azure service is application insights a feature of?
A. Azure Advisor
B. Azure Service Health
C. Azure Resource Manager templates
D. Azure Monitor
D. Azure Monitor
Explanation:
Azure Monitor helps you maximize the availability and performance of your applications and services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. This information helps you understand how your applications are performing and proactively identify issues that affect them and the resources they depend on.
Application Insights is a feature of Azure Monitor that provides extensible application performance management (APM) and monitoring for live web apps. It also supports a wide variety of platforms, including .NET, Node.js, Java, Python and works for apps hosted on-premises, hybrid, or on any public cloud.
Application Insights provides other features including, but not limited to:
– Live Metrics: observe activity from your deployed application in real time with no effect on the host environment
– Availability: also known as Synthetic Transaction Monitoring, probe your application’s external endpoint(s) to test the overall availability and responsiveness over time
– GitHub or Azure DevOps integration: create GitHub or Azure DevOps work items in context of Application Insights data
– Usage: understand which features are popular with users and how users interact and use your application
– Smart Detection – automatic failure and anomaly detection through proactive telemetry analysis
Therefore, the correct answer is: Azure Monitor.
Azure Service Health, Azure Advisor and Azure Resource Manager templates are all incorrect because these are not features of Azure Monitor. They are standalone services by Microsoft Azure.
Your company is currently hosting a web application in an Azure virtual machine.
The application is processing mission-critical workloads.
They plan to reduce the costs by migrating it to a new instance.
Solution: Purchase a reserved instance.
Does the solution meet the goal?
A. No
B. Yes
B. Yes
Explanation:
Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.
By purchasing a reserved instance, you can significantly reduce costs up to 72 percent compared to pay-as-you-go pricing. A reserved instance has a one-year or three-year term on Windows and Linux virtual machines. You can pay for a reservation upfront or monthly. The total cost of up-front and monthly reservations is the same and you don’t pay any extra fees when you choose to pay monthly.
Hence, the correct answer is: Yes.
A company has a Windows Server running in an Azure Virtual Machine hosted in the South Central US Azure region. You have to view the planned maintenance, incidents, and other service outages in Azure that may affect your virtual machine and other related services.
What service should you use to accomplish the above requirement?
A. Azure Monitor
B. Azure Service Health
C. Azure Advisor
D. Azure Service Fabric
B. Azure Service Health
Explanation:
Azure offers a suite of experiences to keep you informed about the health of your cloud resources. This information includes current and upcoming issues such as service-impacting events, planned maintenance, and other changes that may affect your availability.
Azure Service Health is a combination of three separate smaller services: Azure Status, Service Health, and Resource Health.
Azure Status informs you of service outages in Azure on the Azure Status page. The page is a global view of the health of all Azure services across all Azure regions. The status page is a good reference for incidents with widespread impact, but we strongly recommend that current Azure users leverage Azure service health to stay informed about Azure incidents and maintenance.
Service Health provides a personalized view of the health of the Azure services and regions you’re using. This is the best place to look for service-impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use. The best way to use Service Health is to set up Service Health alerts to notify you via your preferred communication channels when service issues, planned maintenance, or other changes may affect the Azure services and regions you use.
Resource Health provides information about the health of your individual cloud resources, such as a specific virtual machine instance. Using Azure Monitor, you can also configure alerts to notify you of availability changes to your cloud resources. Resource Health along with Azure Monitor notifications, will help you stay better informed about the availability of your resources minute by minute and quickly assess whether an issue is due to a problem on your side or related to an Azure platform event.
Together, these experiences provide you with a comprehensive view into the health of Azure, at the granularity that is most relevant to you.
Therefore, the correct answer is: Azure Service Health.
Azure Advisor is incorrect because this service only analyzes your configurations and usage telemetry to offer personalized and actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost. It doesn’t provide information about the planned maintenance, incidents, and other service outages in Azure that may affect your virtual machine and other related services.
Azure Service Fabric is incorrect because this is just a distributed systems platform in Azure that makes it easy for you to package, deploy, and manage scalable and reliable microservices and containers.
Azure Analysis Services is incorrect because this is simply a fully managed platform as a service (PaaS) that provides enterprise-grade data models in the cloud and not a monitoring service.
Your company is currently hosting a web application in an Azure virtual machine.
The application is processing mission-critical workloads.
They plan to reduce the costs by migrating it to a new instance.
Solution: Purchase a reserved capacity.
Does the solution meet the goal?
A. No
B. Yes
A. No
Explanation:
Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.
A reserved capacity is different from a reserved instance. A reserved capacity is mainly used for Azure database services such as Azure SQL Database, Azure Cosmos DB, Azure Synapse Analytics, and Azure Cache for Redis. Also, the scenario stated that the company will migrate to a new instance and not to a reserved capacity.
By purchasing a reserved instance, you can significantly reduce costs up to 72 percent compared to pay-as-you-go pricing. A reserved instance has a one-year or three-year term on Windows and Linux virtual machines. You can pay for a reservation upfront or monthly. The total cost of up-front and monthly reservations is the same, and you don’t pay any extra fees when you choose to pay monthly.
Hence, the correct answer is: No.
You are migrating all of the data from your on-premises data center to Azure. You have to ensure that your Azure environment adheres to the regional compliance requirements of the company.
What service should you use?
A. Service Trust Portal
B. Azure Advisor
C. Azure Marketplace
D. Microsoft Entra ID
A. Service Trust Portal
Explanation:
The Microsoft Service Trust Portal is a portal that provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices.
The Service Trust Portal contains details about Microsoft’s implementation of controls and processes that protect our cloud services and the customer data therein. To access some of the resources on the Service Trust Portal, you must sign in as an authenticated user with your Microsoft Cloud services account (Microsoft Entra ID organization account).
You can access the Service Trust Portal at https://servicetrust.microsoft.com/
https://media.tutorialsdojo.com/azure-vertical-scaling.png
Microsoft has developed a wealth of resources to help answer your questions that can be found in the Trust Center. Whether it’s privacy law requirements that apply across all industries or sector-specific outsourcing guidelines in financial services, the interactive guides, documents, and resources found in the Trust Center provide key information organized by industry, region, and country.
The goal of this service is to help demystify cloud technology and provide a framework for understanding the legal and regulatory landscape and how it may be evolving.
Hence, the correct answer is Service Trust Portal.
Microsoft Entra ID is incorrect because this is just a cloud-based identity and access management service, which helps your employees sign in and access resources in both internal and external resources.
Azure Advisor is incorrect because this is simply a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments.
Azure Marketplace is incorrect because this is only a channel to market and sell your cloud solutions that are certified to run on Azure.
A company needs to configure its Microsoft Entra ID to automatically prompt a user to change the password if the user signs in from an anonymous IP address.
Which Azure service should you use?
A. Azure Service Health
B. Microsoft Defender for Identity
C. Microsoft Entra Privileged Identity Management
D. Microsoft Entra ID Protection
D. Microsoft Entra ID Protection
Explanation:
Identity Protection is a tool that allows organizations to accomplish three key tasks:
– Automate the detection and remediation of identity-based risks.
– Investigate risks using data in the portal.
– Export risk detection data to third-party utilities for further analysis.
Identity Protection uses the learnings Microsoft has acquired from its position in organizations with Microsoft Entra ID, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users. Microsoft analyses 6.5 trillion signals per day to identify and protect customers from threats.
The signals generated by and fed to Identity Protection can be further fed into tools like Conditional Access to make access decisions or fed back to a security information and event management (SIEM) tool for further investigation based on your organization’s enforced policies.
You can detect sign-ins that are made via anonymous IP addresses using Microsoft Entra ID Protection. Signs in from an anonymous IP address could originate from a Tor browser or an anonymizer VPNs.
It can be exported to other tools for archive and further investigation and correlation. The Microsoft Graph-based APIs allow organizations to collect this data for further processing in a tool such as their SIEM.
Hence, the correct answer is: Microsoft Entra ID Protection.
Microsoft Defender for Identity is incorrect because this is only a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. This service doesn’t apply any metadata or visual markings to your documents or emails.
Microsoft Entra Privileged Identity Management is incorrect because this just provides a time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. This service doesn’t automate the detection and remediation of identity-based risks.
Azure Service Health is incorrect because this is simply a suite of experiences that provide personalized guidance and support when issues in Azure services affect you. It is not capable of detecting sign-ins that are made via anonymous IP addresses, unlike Microsoft Entra ID Protection.
An organization has successfully migrated its SQL Database to Azure and they want to prevent other users in the organization from accidentally deleting or modifying critical resources.
What Azure feature should they use?
A. Azure Resource Manager Locks
B. Azure Policy
C. Microsoft Entra ID
D. Azure role-based access control
A. Azure Resource Manager Locks
Explanation:
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. With Azure Resource Manager Locks, you can set the lock level to CanNotDelete or ReadOnly.
In the portal, the locks are called Delete and Read-only, respectively. When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even the resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.
Hence, the correct answer is: Azure Resource Manager Locks.
Azure Policy is incorrect because this simply helps you enforce organizational standards and assess compliance at scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. However, you cannot use this to restrict user permissions.
Microsoft Entra ID is incorrect because this service is Microsoft’s cloud-based identity and access management service, which just helps employees sign in and access resources from external resources, such as Microsoft Office 365, the Azure portal, and your corporate network.
Azure role-based access control is incorrect because this feature only helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. It is not capable of preventing users, even with appropriate permissions from accidentally deleting critical resources.
A company has several Windows virtual machines deployed in Microsoft Azure and Linux servers in their on-premises datacenter as part of their hybrid cloud strategy.
The company plans to manage their on-premises Linux servers using the Azure portal.
What should the company use to monitor and manage the Linux servers as if they are running in Azure?
A. Azure Migrate
B. Azure App Service
C. Azure Arc
D. Azure Site Recovery
C. Azure Arc
Explanation:
Companies struggle to control and govern increasingly complex environments that extend across data centers, multiple clouds, and edge. Each environment and cloud possesses its own set of management tools, and new DevOps and ITOps operational models can be hard to implement across resources.
Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
Azure Arc provides a centralized, unified way to:
– Manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager.
– Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
– Use familiar Azure services and management capabilities, regardless of where they live.
– Continue using traditional ITOps while introducing DevOps practices to support new cloud-native patterns in your environment.
– Configure custom locations as an abstraction layer on top of Azure Arc
Hence, the correct answer is: Azure Arc.
Azure Migrate is incorrect because this service provides a simplified migration, modernization, and optimization service for Azure. You do not need to migrate the Linux servers. You need a solution that will allow you to manage and govern on-premises servers using the Azure portal.
Azure Site Recovery is incorrect because this simply helps ensure business continuity by keeping business apps and workloads running during outages by replicating workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. This service is mainly used for disaster recovery plans.
Azure App Service is incorrect because it only enables you to build and host web apps, mobile backends, and RESTful APIs in the programming language of your choice without managing infrastructure. The requirement states that you need to manage the servers from the on-premises datacenter.
A company has several Azure resources across different regions. The support engineers need to manage the Azure cloud environments of the company using the Azure CLI.
Which tools below can the engineers use to install and run the Azure CLI? (Select TWO.)
A. Azure Resource Explorer
B. Azure Storage Explorer
C. Microsoft Entra Seamless SSO
D. Windows Command Prompt (CMD)
E. Windows PowerShell
D. Windows Command Prompt (CMD)
E. Windows PowerShell
Explanation:
The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation.
Azure CLI capabilities make it easy to work with different programming languages and software environments. For example, Azure CLI:
– Is available to install in Windows, macOS, and Linux environments.
– Can also be run in Docker and Azure Cloud Shell.
– Offers command-line flexibility when managing an Azure solution.
– Supports long-running operations.
– Has the ability to use one subscription for all commands or vary subscriptions per command.
– Allows for querying of command-line results with query output returned in your format of choice.
– Has the flexibility to work with multiple clouds.
– Provides configurable settings for logging, data collection, and default argument values.
– Is deployed with Resource Manager deployment templates.
For Windows, the Azure CLI is installed via an MSI, which gives you access to the CLI through the Windows Command Prompt (CMD) or PowerShell. The packages are also available for your Linux distribution if you are using Windows Subsystem for Linux (WSL).
Hence, the correct answers are:
– Windows Command Prompt (CMD)
– Windows PowerShell
Microsoft Entra Seamless SSO is incorrect because you can’t use this service to run Azure CLI. It’s just an identity service that automatically signs users in when they are on their corporate devices connected to their corporate network.
Azure Storage Explorer is incorrect because this is simply a cross-platform, standalone application that you can use to manage your Azure cloud storage resources. It’s not capable of installing or running the Azure CLI.
Azure Resource Explorer is incorrect because this is primarily used to view the available Azure Resource Management APIs and make actual API calls directly to your own Azure subscriptions.
Which service enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements?
A. Azure Monitor
B. Compliance Manager
C. Azure Advisor
D. Azure Blueprints
D. Azure Blueprints
Explanation:
Azure Blueprints makes it possible for development teams to rapidly build and launch new environments with the reliability that they’re building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery. Just as a blueprint allows an engineer or an architect to sketch a project’s design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
– Role Assignments
– Policy Assignments
– Azure Resource Manager templates (ARM templates)
– Resource Groups
The Azure Blueprints service is backed by the globally distributed Azure Cosmos DB. Blueprint objects are replicated to multiple Azure regions. This replication provides low latency, high availability, and consistent access to your blueprint objects, regardless of which region Azure Blueprints deploy your resources to.
Hence, the correct answer is: Azure Blueprints.
Compliance Manager is incorrect because this service doesn’t define a repeatable set of Azure resources. It is simply a free workflow-based risk assessment tool in the Microsoft Service Trust Portal for managing regulatory compliance activities related to Microsoft cloud services.
Azure Monitor is incorrect because this service is primarily used to maximize the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Azure Advisor is incorrect because this is a service that analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.
