Knowledge check Flashcards
- Which of the following can be used to manage governance across multiple Azure subscriptions?
Azure initiatives
Management groups
Resource groups
Management groups
Which of the following is a logical unit of Azure services that links to an Azure account?
Azure subscription
Management group
Resource group
Public cloud
Azure subscription
Which of the following features does NOT apply to resource groups?
Resources can be in only one resource group.
Role-based access control can be applied to the resource group.
Resource groups can be nested.
Resource groups can be nested. (They can’t!)
Which of the following statements is a valid statement about an Azure subscription?
Using Azure doesn’t require a subscription.
An Azure subscription is a logical unit of Azure services.
An Azure subscription is a logical unit of Azure services.
Which Azure compute resource can be deployed to manage a set of identical virtual machines?
Virtual machine scale sets
Virtual machine availability sets
Virtual machine availability zones
Virtual machine scale sets
Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds?
Azure Functions
Azure App Service
Azure Container Instances
Azure Functions
Your company has a team of remote workers that need to use Windows-based software to develop your company’s applications, but your team members are using various operating systems like macOS, Linux, and Windows. Which Azure compute service would help resolve this scenario?
Azure Virtual Desktop
Tailwind Traders wants to create a secure communication tunnel between its branch offices. Which of the following technologies can’t be used?
Point-to-site virtual private network
Implicit FTP over SSL
Azure ExpressRoute
Site-to-site virtual private network
Implicit FTP over SSL
Tailwind Traders wants to use Azure ExpressRoute to connect its on-premises network to the Microsoft cloud. Which of the following choices isn’t an ExpressRoute model that Tailwind Traders can use?
Any-to-any connection
Site-to-site virtual private network
Point-to-point Ethernet connection
CloudExchange colocation
Site-to-site virtual private network
Which of the following options can you use to link virtual networks?
Network address translation
Multi-chassis link aggregation
Dynamic Host Configuration Protocol
Virtual network peering
Virtual network peering
Which of the following options isn’t a benefit of ExpressRoute?
Redundant connectivity
Consistent network throughput
Encrypted network communication
Access to Microsoft cloud services
Encrypted network communication
What is the first step that you would take in order to share an image file as a blob in Azure Storage?
Create an Azure Storage container to store the image.
Create an Azure Storage account.
Upload the image file and create a container.
Use a Shared Access Signature (SAS) token to restrict access to the image.
Create an Azure Storage account.
Which Azure Storage option is better for storing data for backup and restore, disaster recovery, and archiving?
Azure Files Storage
Azure Disk Storage
Azure Blob Storage
Azure Blob Storage
Your development team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which option would be ideal for that scenario?
Azure Cosmos DB
Azure SQL Database
Azure Databricks
Azure Database for PostgreSQL
Azure Cosmos DB
Tailwind Traders uses the LAMP stack for several of its websites. Which option would be ideal for migration?
Azure Cosmos DB
Azure Database for MySQL
Azure Database for PostgreSQL
Azure Database for MySQL
Tailwind Traders has millions of log entries that it wants to analyze. Which option would be ideal for analysis?
Azure Cosmos DB
Azure SQL Database
Azure Database for PostgreSQL
Azure Synapse Analytics
Azure Synapse Analytics
A company wants to build a new voting kiosk for sales to governments around the world. Which IoT technologies should the company choose to ensure the highest degree of security?
IoT Hub
IoT Central
Azure Sphere
Azure Sphere
A company wants to quickly manage its individual IoT devices by using a web-based user interface. Which IoT technology should it choose?
IoT Hub
IoT Central
Azure Sphere
IoT Central
You want to send messages from the IoT device to the cloud and vice versa. Which IoT technology can send and receive messages?
IoT Hub
IoT Central
Azure Sphere
IoT Hub
You need to predict future behavior based on previous actions. Which product option should you select as a candidate?
Azure Machine Learning
Azure Bot Service
Azure Cognitive Services
Azure Machine Learning
You need to create a human-computer interface that uses natural language to answer customer questions. Which product option should you select as a candidate?
Azure Machine Learning
Azure Cognitive Services
Azure Bot Service
Azure Bot Service
You need to identify the content of product images to automatically create alt tags for images formatted properly. Which product option is the best candidate?
Azure Machine Learning
Azure Cognitive Services
Azure Bot Service
Azure Cognitive Services
You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third-party API. Which serverless option should you choose?
Azure Functions
Azure Logic Apps
Azure Functions
You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario?
Azure Functions
Azure Logic Apps
Azure Logic Apps
Your team has limited experience with writing custom code, but it sees tremendous value in automating several important business processes. Which of the following options is your team’s best option?
Azure Functions
Azure Logic Apps
Azure Logic Apps
Which of the following choices would not be used to automate a CI/CD process?
Azure Pipelines
GitHub Actions
Azure Boards
Azure Boards
Which service could help you manage the VMs that your developers and testers need to ensure that your new app works across various operating systems?
Azure DevTest Labs
Azure Test Labs
Azure Repos
Azure DevTest Labs
Which service lacks features to assign individual developers tasks to work on?
Azure Boards
GitHub
Azure Pipelines
Azure Pipelines
As an administrator, you need to retrieve the IP address from a particular VM by using Bash. Which of the following tools should you use?
ARM templates
Azure PowerShell
The Azure portal
The Azure CLI
The Azure CLI
You’re a developer who needs to set up your first VM to host a process that runs nightly. Which of the following tools is your best choice?
ARM templates
Azure PowerShell
The Azure portal
The Azure CLI
The Azure portal
What is the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively?
ARM templates
Azure PowerShell
The Azure portal
The Azure CLI
ARM templates
You want to be alerted when new recommendations to improve your cloud environment are available. Which service will do this?
Azure Advisor
Azure Monitor
Azure Service Health
Azure Advisor
Which service provides official outage root cause analyses (RCAs) for Azure incidents?
Azure Advisor
Azure Monitor
Azure Service Health
Azure Service Health
Which service is a platform that powers Application Insights, monitoring for VMs, containers, and Kubernetes?
Azure Advisor
Azure Monitor
Azure Service Health
Azure Monitor
An attacker can bring down your website by sending a large volume of network traffic to your servers. Which Azure service can help Tailwind Traders protect its App Service instance from this kind of attack?
Azure Firewall
Network security groups
Azure DDoS Protection
Azure DDoS Protection
What’s the best way for Tailwind Traders to limit all outbound traffic from VMs to known hosts?
Configure Azure DDoS Protection to limit network access to trusted ports and hosts.
Create application rules in Azure Firewall.
Ensure that all running applications communicate with only trusted ports and hosts.
Create application rules in Azure Firewall.
How can Tailwind Traders most easily implement a deny by default policy so that VMs can’t connect to each other?
Allocate each VM on its own virtual network.
Create a network security group rule that prevents access from another VM on the same network.
Configure Azure DDoS Protection to limit network access within the virtual network.
Create a network security group rule that prevents access from another VM on the same network.
How can Tailwind Traders enforce having only certain applications run on its VMs?
Connect your VMs to Azure Sentinel.
Create an application control rule in Azure Security Center.
Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn’t be running.
Create an application control rule in Azure Security Center.
That’s correct. With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.
What’s the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on?
Collect security data in Azure Sentinel.
Look through each security log daily and email a summary to your team.
Collect security data in Azure Sentinel.
That’s correct. Azure Sentinel is Microsoft’s cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.
Which is the best way for Tailwind Traders to safely store its certificates so that they’re accessible to cloud VMs?
Place the certificates on a network share.
Store them on a VM that’s protected by a password.
Store the certificates in Azure Key Vault.
Store the certificates in Azure Key Vault.
That’s correct. Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs).
How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers?
Configure the network to ensure that VMs on the same physical host are isolated.
This is not possible. These workloads need to be run on-premises.
Run the VMs on Azure Dedicated Host.
Run the VMs on Azure Dedicated Host.
That’s correct. Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.
True or false: You need to purchase an Azure account before you can use any Azure resources.
False
True
False
That’s correct. You can use a free Azure account or a Microsoft Learn sandbox to create resources.
What is meant by cloud computing?
Delivery of computing services over the internet.
Setting up your own datacenter.
Using the internet
Delivery of computing services over the internet.
Which of the following is not a feature of Cloud computing?
Faster innovation
A limited pool of services
Speech recognition and other cognitive services
A limited pool of services
That’s correct. The cloud offers a nearly limitless pool of raw compute, storage, and networking components to help you deliver innovative and novel user experiences quickly.
Which of the following choices isn’t a cloud computing category?
Networking-as-a-Service (NaaS)
Platform-as-a-Service (PaaS)
Infrastructure-as-a-Service (IaaS)
Software-as-a-Service (SaaS)
Networking-as-a-Service (NaaS)
Which of the following statements is true?
With Operating Expenses (OpEx), you are responsible for purchasing and maintaining your computing resources.
With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.
With Capital Expenses (CapEx), you are only responsible for the computing resources that you use.
With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.
Which of the following options isn’t a type of cloud computing?
Distributed cloud
Hybrid cloud
Private cloud
Public cloud
Distributed cloud
Which of the following choices isn’t a benefit of using cloud services?
Scalability
Disaster recovery
High availability
Geographic isolation
Geographic isolation
How can the IT department ensure that employees at the company’s retail stores can access company applications only from approved tablet devices?
SSO
Conditional Access
Multifactor authentication
Conditional Access
Conditional Access enables you to require users to access your applications only from approved, or managed, devices.
How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?
SSO
Conditional Access
Multifactor authentication
Multifactor authentication
Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is.
How can the IT department reduce the number of times users must authenticate to access multiple applications?
SSO
Conditional Access
Multifactor authentication
SSO
SSO enables a user to remember only one ID and one password to access multiple applications.
How can Tailwind Traders allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?
Create a role assignment through Azure role-based access control (Azure RBAC).
Create a policy in Azure Policy that audits resource usage.
Split the environment into separate resource groups.
Create a role assignment through Azure role-based access control (Azure RBAC).
That’s correct. Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.
Which is the best way for Tailwind Traders to ensure that the team deploys only cost-effective virtual machine SKU sizes?
Create a policy in Azure Policy that specifies the allowed SKU sizes.
Periodically inspect the deployment manually to see which SKU sizes are used.
Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.
Create a policy in Azure Policy that specifies the allowed SKU sizes.
That’s correct. After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.
Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to?
Track resource usage in a spreadsheet.
Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.
Apply a tag to each resource that includes the associated billing department.
Apply a tag to each resource that includes the associated billing department.
That’s correct. Tags provide extra information, or metadata, about your resources. The team might create a tag that’s named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.
Where can the team access details about the personal data Microsoft processes and how the company processes it, including for Cortana?
Microsoft Privacy Statement
The Azure compliance documentation
Microsoft compliance offerings
Microsoft Privacy Statement
That’s correct. The Microsoft Privacy Statement provides information that’s relevant to specific services, including Cortana.
Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations?
Microsoft Privacy Statement
Trust Center
Online Services Terms
Trust Center
That’s correct. The Trust Center is a great resource for people in your organization who might play a role in security, privacy, and compliance..
Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions?
Online Services Terms
Azure compliance documentation
Microsoft Privacy Statement
Azure compliance documentation
That’s correct. The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.
