Knowledge check

Question 1

1. Which of the following can be used to manage governance across multiple Azure subscriptions?

Azure initiatives

Management groups

Resource groups

Answer 1

Management groups

Question 2

Which of the following is a logical unit of Azure services that links to an Azure account?

Azure subscription

Management group

Resource group

Public cloud

Answer 2

Azure subscription

Question 3

Which of the following features does NOT apply to resource groups?

Resources can be in only one resource group.

Role-based access control can be applied to the resource group.

Resource groups can be nested.

Answer 3

Resource groups can be nested. (They can’t!)

Question 4

Which of the following statements is a valid statement about an Azure subscription?

Using Azure doesn’t require a subscription.

An Azure subscription is a logical unit of Azure services.

Answer 4

An Azure subscription is a logical unit of Azure services.

Question 5

Which Azure compute resource can be deployed to manage a set of identical virtual machines?

Virtual machine scale sets

Virtual machine availability sets

Virtual machine availability zones

Answer 5

Virtual machine scale sets

Question 6

Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds?

Azure Functions

Azure App Service

Azure Container Instances

Answer 6

Azure Functions

Question 7

Your company has a team of remote workers that need to use Windows-based software to develop your company’s applications, but your team members are using various operating systems like macOS, Linux, and Windows. Which Azure compute service would help resolve this scenario?

Answer 7

Azure Virtual Desktop

Question 8

Tailwind Traders wants to create a secure communication tunnel between its branch offices. Which of the following technologies can’t be used?

Point-to-site virtual private network

Implicit FTP over SSL

Azure ExpressRoute

Site-to-site virtual private network

Answer 8

Implicit FTP over SSL

Question 9

Tailwind Traders wants to use Azure ExpressRoute to connect its on-premises network to the Microsoft cloud. Which of the following choices isn’t an ExpressRoute model that Tailwind Traders can use?

Any-to-any connection

Site-to-site virtual private network

Point-to-point Ethernet connection

CloudExchange colocation

Answer 9

Site-to-site virtual private network

Question 10

Which of the following options can you use to link virtual networks?

Network address translation

Multi-chassis link aggregation

Dynamic Host Configuration Protocol

Virtual network peering

Answer 10

Virtual network peering

Question 11

Which of the following options isn’t a benefit of ExpressRoute?

Redundant connectivity

Consistent network throughput

Encrypted network communication

Access to Microsoft cloud services

Answer 11

Encrypted network communication

Question 12

What is the first step that you would take in order to share an image file as a blob in Azure Storage?

Create an Azure Storage container to store the image.

Create an Azure Storage account.

Upload the image file and create a container.

Use a Shared Access Signature (SAS) token to restrict access to the image.

Answer 12

Create an Azure Storage account.

Question 13

Which Azure Storage option is better for storing data for backup and restore, disaster recovery, and archiving?

Azure Files Storage

Azure Disk Storage

Azure Blob Storage

Answer 13

Azure Blob Storage

Question 14

Your development team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which option would be ideal for that scenario?

Azure Cosmos DB

Azure SQL Database

Azure Databricks

Azure Database for PostgreSQL

Answer 14

Azure Cosmos DB

Question 15

Tailwind Traders uses the LAMP stack for several of its websites. Which option would be ideal for migration?

Azure Cosmos DB

Azure Database for MySQL

Azure Database for PostgreSQL

Answer 15

Azure Database for MySQL

Question 16

Tailwind Traders has millions of log entries that it wants to analyze. Which option would be ideal for analysis?

Azure Cosmos DB

Azure SQL Database

Azure Database for PostgreSQL

Azure Synapse Analytics

Answer 16

Azure Synapse Analytics

Question 17

A company wants to build a new voting kiosk for sales to governments around the world. Which IoT technologies should the company choose to ensure the highest degree of security?

IoT Hub

IoT Central

Azure Sphere

Answer 17

Azure Sphere

Question 18

A company wants to quickly manage its individual IoT devices by using a web-based user interface. Which IoT technology should it choose?

IoT Hub

IoT Central

Azure Sphere

Answer 18

IoT Central

Question 19

You want to send messages from the IoT device to the cloud and vice versa. Which IoT technology can send and receive messages?

IoT Hub

IoT Central

Azure Sphere

Answer 19

IoT Hub

Question 20

You need to predict future behavior based on previous actions. Which product option should you select as a candidate?

Azure Machine Learning

Azure Bot Service

Azure Cognitive Services

Answer 20

Azure Machine Learning

Question 21

You need to create a human-computer interface that uses natural language to answer customer questions. Which product option should you select as a candidate?

Azure Machine Learning

Azure Cognitive Services

Azure Bot Service

Answer 21

Azure Bot Service

Question 22

You need to identify the content of product images to automatically create alt tags for images formatted properly. Which product option is the best candidate?

Azure Machine Learning

Azure Cognitive Services

Azure Bot Service

Answer 22

Azure Cognitive Services

Question 23

You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third-party API. Which serverless option should you choose?

Azure Functions

Azure Logic Apps

Answer 23

Azure Functions

Question 24

You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario?

Azure Functions

Azure Logic Apps

Answer 24

Azure Logic Apps

Question 25

Your team has limited experience with writing custom code, but it sees tremendous value in automating several important business processes. Which of the following options is your team’s best option?

Azure Functions

Azure Logic Apps

Answer 25

Azure Logic Apps

Question 26

Which of the following choices would not be used to automate a CI/CD process?

Azure Pipelines

GitHub Actions

Azure Boards

Answer 26

Azure Boards

Question 27

Which service could help you manage the VMs that your developers and testers need to ensure that your new app works across various operating systems?

Azure DevTest Labs

Azure Test Labs

Azure Repos

Answer 27

Azure DevTest Labs

Question 28

Which service lacks features to assign individual developers tasks to work on?

Azure Boards

GitHub

Azure Pipelines

Answer 28

Azure Pipelines

Question 29

As an administrator, you need to retrieve the IP address from a particular VM by using Bash. Which of the following tools should you use?

ARM templates

Azure PowerShell

The Azure portal

The Azure CLI

Answer 29

The Azure CLI

Question 30

You’re a developer who needs to set up your first VM to host a process that runs nightly. Which of the following tools is your best choice?

ARM templates

Azure PowerShell

The Azure portal

The Azure CLI

Answer 30

The Azure portal

Question 31

What is the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively?

ARM templates

Azure PowerShell

The Azure portal

The Azure CLI

Answer 31

ARM templates

Question 32

You want to be alerted when new recommendations to improve your cloud environment are available. Which service will do this?

Azure Advisor

Azure Monitor

Azure Service Health

Answer 32

Azure Advisor

Question 33

Which service provides official outage root cause analyses (RCAs) for Azure incidents?

Azure Advisor

Azure Monitor

Azure Service Health

Answer 33

Azure Service Health

Question 34

Which service is a platform that powers Application Insights, monitoring for VMs, containers, and Kubernetes?

Azure Advisor

Azure Monitor

Azure Service Health

Answer 34

Azure Monitor

Question 35

An attacker can bring down your website by sending a large volume of network traffic to your servers. Which Azure service can help Tailwind Traders protect its App Service instance from this kind of attack?

Azure Firewall

Network security groups

Azure DDoS Protection

Answer 35

Azure DDoS Protection

Question 36

What’s the best way for Tailwind Traders to limit all outbound traffic from VMs to known hosts?

Configure Azure DDoS Protection to limit network access to trusted ports and hosts.

Create application rules in Azure Firewall.

Ensure that all running applications communicate with only trusted ports and hosts.

Answer 36

Create application rules in Azure Firewall.

Question 37

How can Tailwind Traders most easily implement a deny by default policy so that VMs can’t connect to each other?

Allocate each VM on its own virtual network.

Create a network security group rule that prevents access from another VM on the same network.

Configure Azure DDoS Protection to limit network access within the virtual network.

Answer 37

Create a network security group rule that prevents access from another VM on the same network.

Question 38

How can Tailwind Traders enforce having only certain applications run on its VMs?

Connect your VMs to Azure Sentinel.

Create an application control rule in Azure Security Center.

Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn’t be running.

Answer 38

Create an application control rule in Azure Security Center.

That’s correct. With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.

Question 39

What’s the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on?

Collect security data in Azure Sentinel.

Look through each security log daily and email a summary to your team.

Answer 39

Collect security data in Azure Sentinel.

That’s correct. Azure Sentinel is Microsoft’s cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.

Question 40

Which is the best way for Tailwind Traders to safely store its certificates so that they’re accessible to cloud VMs?

Place the certificates on a network share.

Store them on a VM that’s protected by a password.

Store the certificates in Azure Key Vault.

Answer 40

Store the certificates in Azure Key Vault.

That’s correct. Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs).

Question 41

How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers?

Configure the network to ensure that VMs on the same physical host are isolated.

This is not possible. These workloads need to be run on-premises.

Run the VMs on Azure Dedicated Host.

Answer 41

Run the VMs on Azure Dedicated Host.

That’s correct. Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

Question 42

True or false: You need to purchase an Azure account before you can use any Azure resources.

False

True

Answer 42

False

That’s correct. You can use a free Azure account or a Microsoft Learn sandbox to create resources.

Question 43

What is meant by cloud computing?

Delivery of computing services over the internet.

Setting up your own datacenter.

Using the internet

Answer 43

Delivery of computing services over the internet.

Question 44

Which of the following is not a feature of Cloud computing?

Faster innovation

A limited pool of services

Speech recognition and other cognitive services

Answer 44

A limited pool of services

That’s correct. The cloud offers a nearly limitless pool of raw compute, storage, and networking components to help you deliver innovative and novel user experiences quickly.

Question 45

Which of the following choices isn’t a cloud computing category?

Networking-as-a-Service (NaaS)

Platform-as-a-Service (PaaS)

Infrastructure-as-a-Service (IaaS)

Software-as-a-Service (SaaS)

Answer 45

Networking-as-a-Service (NaaS)

Question 46

Which of the following statements is true?

With Operating Expenses (OpEx), you are responsible for purchasing and maintaining your computing resources.

With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.

With Capital Expenses (CapEx), you are only responsible for the computing resources that you use.

Answer 46

With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.

Question 47

Which of the following options isn’t a type of cloud computing?

Distributed cloud

Hybrid cloud

Private cloud

Public cloud

Answer 47

Distributed cloud

Question 48

Which of the following choices isn’t a benefit of using cloud services?

Scalability

Disaster recovery

High availability

Geographic isolation

Answer 48

Geographic isolation

Question 49

How can the IT department ensure that employees at the company’s retail stores can access company applications only from approved tablet devices?

SSO

Conditional Access

Multifactor authentication

Answer 49

Conditional Access

Conditional Access enables you to require users to access your applications only from approved, or managed, devices.

Question 50

How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?

SSO

Conditional Access

Multifactor authentication

Answer 50

Multifactor authentication

Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is.

Question 51

How can the IT department reduce the number of times users must authenticate to access multiple applications?

SSO

Conditional Access

Multifactor authentication

Answer 51

SSO

SSO enables a user to remember only one ID and one password to access multiple applications.

Question 52

How can Tailwind Traders allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?

Create a role assignment through Azure role-based access control (Azure RBAC).

Create a policy in Azure Policy that audits resource usage.

Split the environment into separate resource groups.

Answer 52

Create a role assignment through Azure role-based access control (Azure RBAC).

That’s correct. Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.

Question 53

Which is the best way for Tailwind Traders to ensure that the team deploys only cost-effective virtual machine SKU sizes?

Create a policy in Azure Policy that specifies the allowed SKU sizes.

Periodically inspect the deployment manually to see which SKU sizes are used.

Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.

Answer 53

Create a policy in Azure Policy that specifies the allowed SKU sizes.

That’s correct. After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.

Question 54

Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to?

Track resource usage in a spreadsheet.

Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.

Apply a tag to each resource that includes the associated billing department.

Answer 54

Apply a tag to each resource that includes the associated billing department.

That’s correct. Tags provide extra information, or metadata, about your resources. The team might create a tag that’s named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

Question 55

Where can the team access details about the personal data Microsoft processes and how the company processes it, including for Cortana?

Microsoft Privacy Statement

The Azure compliance documentation

Microsoft compliance offerings

Answer 55

Microsoft Privacy Statement
That’s correct. The Microsoft Privacy Statement provides information that’s relevant to specific services, including Cortana.

Question 56

Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations?

Microsoft Privacy Statement

Trust Center

Online Services Terms

Answer 56

Trust Center

That’s correct. The Trust Center is a great resource for people in your organization who might play a role in security, privacy, and compliance..

Question 57

Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions?

Online Services Terms

Azure compliance documentation

Microsoft Privacy Statement

Answer 57

Azure compliance documentation
That’s correct. The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.