Knowledge check Flashcards by Rod Wellmann

Which of the following can be used to manage governance across multiple Azure subscriptions?

Azure initiatives

Management groups

Resource groups

Management groups

How well did you know this?

Not at all

Perfectly

Which of the following is a logical unit of Azure services that links to an Azure account?

Azure subscription

Management group

Resource group

Public cloud

Azure subscription

How well did you know this?

Not at all

Perfectly

Which of the following features does NOT apply to resource groups?

Resources can be in only one resource group.

Role-based access control can be applied to the resource group.

Resource groups can be nested.

Resource groups can be nested. (They can’t!)

How well did you know this?

Not at all

Perfectly

Which of the following statements is a valid statement about an Azure subscription?

Using Azure doesn’t require a subscription.

An Azure subscription is a logical unit of Azure services.

How well did you know this?

Not at all

Perfectly

Which Azure compute resource can be deployed to manage a set of identical virtual machines?

Virtual machine scale sets

Virtual machine availability sets

Virtual machine availability zones

Virtual machine scale sets

How well did you know this?

Not at all

Perfectly

Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds?

Azure Functions

Azure App Service

Azure Container Instances

Azure Functions

How well did you know this?

Not at all

Perfectly

Your company has a team of remote workers that need to use Windows-based software to develop your company’s applications, but your team members are using various operating systems like macOS, Linux, and Windows. Which Azure compute service would help resolve this scenario?

Azure Virtual Desktop

How well did you know this?

Not at all

Perfectly

Tailwind Traders wants to create a secure communication tunnel between its branch offices. Which of the following technologies can’t be used?

Point-to-site virtual private network

Implicit FTP over SSL

Azure ExpressRoute

Site-to-site virtual private network

Implicit FTP over SSL

How well did you know this?

Not at all

Perfectly

Tailwind Traders wants to use Azure ExpressRoute to connect its on-premises network to the Microsoft cloud. Which of the following choices isn’t an ExpressRoute model that Tailwind Traders can use?

Any-to-any connection

Site-to-site virtual private network

Point-to-point Ethernet connection

CloudExchange colocation

Site-to-site virtual private network

How well did you know this?

Not at all

Perfectly

Which of the following options can you use to link virtual networks?

Network address translation

Multi-chassis link aggregation

Dynamic Host Configuration Protocol

Virtual network peering

How well did you know this?

Not at all

Perfectly

Which of the following options isn’t a benefit of ExpressRoute?

Redundant connectivity

Consistent network throughput

Encrypted network communication

Access to Microsoft cloud services

Encrypted network communication

How well did you know this?

Not at all

Perfectly

What is the first step that you would take in order to share an image file as a blob in Azure Storage?

Create an Azure Storage container to store the image.

Create an Azure Storage account.

Upload the image file and create a container.

Use a Shared Access Signature (SAS) token to restrict access to the image.

Create an Azure Storage account.

How well did you know this?

Not at all

Perfectly

Which Azure Storage option is better for storing data for backup and restore, disaster recovery, and archiving?

Azure Files Storage

Azure Disk Storage

Azure Blob Storage

How well did you know this?

Not at all

Perfectly

Your development team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which option would be ideal for that scenario?

Azure Cosmos DB

Azure SQL Database

Azure Databricks

Azure Database for PostgreSQL

Azure Cosmos DB

How well did you know this?

Not at all

Perfectly

Tailwind Traders uses the LAMP stack for several of its websites. Which option would be ideal for migration?

Azure Cosmos DB

Azure Database for MySQL

Azure Database for PostgreSQL

Azure Database for MySQL

How well did you know this?

Not at all

Perfectly

Tailwind Traders has millions of log entries that it wants to analyze. Which option would be ideal for analysis?

Azure Cosmos DB

Azure SQL Database

Azure Database for PostgreSQL

Azure Synapse Analytics

How well did you know this?

Not at all

Perfectly

A company wants to build a new voting kiosk for sales to governments around the world. Which IoT technologies should the company choose to ensure the highest degree of security?

IoT Hub

IoT Central

Azure Sphere

How well did you know this?

Not at all

Perfectly

A company wants to quickly manage its individual IoT devices by using a web-based user interface. Which IoT technology should it choose?

IoT Hub

IoT Central

Azure Sphere

IoT Central

How well did you know this?

Not at all

Perfectly

You want to send messages from the IoT device to the cloud and vice versa. Which IoT technology can send and receive messages?

IoT Hub

IoT Central

Azure Sphere

IoT Hub

How well did you know this?

Not at all

Perfectly

You need to predict future behavior based on previous actions. Which product option should you select as a candidate?

Azure Machine Learning

Azure Bot Service

Azure Cognitive Services

Azure Machine Learning

How well did you know this?

Not at all

Perfectly

You need to create a human-computer interface that uses natural language to answer customer questions. Which product option should you select as a candidate?

Azure Machine Learning

Azure Cognitive Services

Azure Bot Service

How well did you know this?

Not at all

Perfectly

You need to identify the content of product images to automatically create alt tags for images formatted properly. Which product option is the best candidate?

Azure Machine Learning

Azure Cognitive Services

Azure Bot Service

Azure Cognitive Services

How well did you know this?

Not at all

Perfectly

You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third-party API. Which serverless option should you choose?

Azure Functions

Azure Logic Apps

Azure Functions

You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario?

Azure Functions

Azure Logic Apps

Your team has limited experience with writing custom code, but it sees tremendous value in automating several important business processes. Which of the following options is your team's best option? Azure Functions Azure Logic Apps

Azure Logic Apps

Which of the following choices would not be used to automate a CI/CD process? Azure Pipelines GitHub Actions Azure Boards

Azure Boards

Which service could help you manage the VMs that your developers and testers need to ensure that your new app works across various operating systems? Azure DevTest Labs Azure Test Labs Azure Repos

Azure DevTest Labs

Which service lacks features to assign individual developers tasks to work on? Azure Boards GitHub Azure Pipelines

Azure Pipelines

As an administrator, you need to retrieve the IP address from a particular VM by using Bash. Which of the following tools should you use? ARM templates Azure PowerShell The Azure portal The Azure CLI

The Azure CLI

You're a developer who needs to set up your first VM to host a process that runs nightly. Which of the following tools is your best choice? ARM templates Azure PowerShell The Azure portal The Azure CLI

The Azure portal

What is the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively? ARM templates Azure PowerShell The Azure portal The Azure CLI

ARM templates

You want to be alerted when new recommendations to improve your cloud environment are available. Which service will do this? Azure Advisor Azure Monitor Azure Service Health

Azure Advisor

Which service provides official outage root cause analyses (RCAs) for Azure incidents? Azure Advisor Azure Monitor Azure Service Health

Azure Service Health

Which service is a platform that powers Application Insights, monitoring for VMs, containers, and Kubernetes? Azure Advisor Azure Monitor Azure Service Health

Azure Monitor

An attacker can bring down your website by sending a large volume of network traffic to your servers. Which Azure service can help Tailwind Traders protect its App Service instance from this kind of attack? Azure Firewall Network security groups Azure DDoS Protection

Azure DDoS Protection

What's the best way for Tailwind Traders to limit all outbound traffic from VMs to known hosts? Configure Azure DDoS Protection to limit network access to trusted ports and hosts. Create application rules in Azure Firewall. Ensure that all running applications communicate with only trusted ports and hosts.

Create application rules in Azure Firewall.

How can Tailwind Traders most easily implement a deny by default policy so that VMs can't connect to each other? Allocate each VM on its own virtual network. Create a network security group rule that prevents access from another VM on the same network. Configure Azure DDoS Protection to limit network access within the virtual network.

Create a network security group rule that prevents access from another VM on the same network.

How can Tailwind Traders enforce having only certain applications run on its VMs? Connect your VMs to Azure Sentinel. Create an application control rule in Azure Security Center. Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn't be running.

Create an application control rule in Azure Security Center. That's correct. With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.

What's the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on? Collect security data in Azure Sentinel. Look through each security log daily and email a summary to your team.

Collect security data in Azure Sentinel. That's correct. Azure Sentinel is Microsoft's cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.

Which is the best way for Tailwind Traders to safely store its certificates so that they're accessible to cloud VMs? Place the certificates on a network share. Store them on a VM that's protected by a password. Store the certificates in Azure Key Vault.

Store the certificates in Azure Key Vault. That's correct. Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs).

How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers? Configure the network to ensure that VMs on the same physical host are isolated. This is not possible. These workloads need to be run on-premises. Run the VMs on Azure Dedicated Host.

Run the VMs on Azure Dedicated Host. That's correct. Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

True or false: You need to purchase an Azure account before you can use any Azure resources. False True

False That's correct. You can use a free Azure account or a Microsoft Learn sandbox to create resources.

What is meant by cloud computing? Delivery of computing services over the internet. Setting up your own datacenter. Using the internet

Delivery of computing services over the internet.

Which of the following is not a feature of Cloud computing? Faster innovation A limited pool of services Speech recognition and other cognitive services

A limited pool of services That's correct. The cloud offers a nearly limitless pool of raw compute, storage, and networking components to help you deliver innovative and novel user experiences quickly.

Which of the following choices isn't a cloud computing category? Networking-as-a-Service (NaaS) Platform-as-a-Service (PaaS) Infrastructure-as-a-Service (IaaS) Software-as-a-Service (SaaS)

Networking-as-a-Service (NaaS)

Which of the following statements is true? With Operating Expenses (OpEx), you are responsible for purchasing and maintaining your computing resources. With Operating Expenses (OpEx), you are only responsible for the computing resources that you use. With Capital Expenses (CapEx), you are only responsible for the computing resources that you use.

With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.

Which of the following options isn't a type of cloud computing? Distributed cloud Hybrid cloud Private cloud Public cloud

Distributed cloud

Which of the following choices isn't a benefit of using cloud services? Scalability Disaster recovery High availability Geographic isolation

Geographic isolation

How can the IT department ensure that employees at the company's retail stores can access company applications only from approved tablet devices? SSO Conditional Access Multifactor authentication

Conditional Access Conditional Access enables you to require users to access your applications only from approved, or managed, devices.

How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities? SSO Conditional Access Multifactor authentication

Multifactor authentication Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is.

How can the IT department reduce the number of times users must authenticate to access multiple applications? SSO Conditional Access Multifactor authentication

SSO SSO enables a user to remember only one ID and one password to access multiple applications.

How can Tailwind Traders allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription? Create a role assignment through Azure role-based access control (Azure RBAC). Create a policy in Azure Policy that audits resource usage. Split the environment into separate resource groups.

Create a role assignment through Azure role-based access control (Azure RBAC). That's correct. Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.

Which is the best way for Tailwind Traders to ensure that the team deploys only cost-effective virtual machine SKU sizes? Create a policy in Azure Policy that specifies the allowed SKU sizes. Periodically inspect the deployment manually to see which SKU sizes are used. Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.

Create a policy in Azure Policy that specifies the allowed SKU sizes. That's correct. After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.

Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to? Track resource usage in a spreadsheet. Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department. Apply a tag to each resource that includes the associated billing department.

Apply a tag to each resource that includes the associated billing department. That's correct. Tags provide extra information, or metadata, about your resources. The team might create a tag that's named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

Where can the team access details about the personal data Microsoft processes and how the company processes it, including for Cortana? Microsoft Privacy Statement The Azure compliance documentation Microsoft compliance offerings

Microsoft Privacy Statement That's correct. The Microsoft Privacy Statement provides information that's relevant to specific services, including Cortana.

Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations? Microsoft Privacy Statement Trust Center Online Services Terms

Trust Center That's correct. The Trust Center is a great resource for people in your organization who might play a role in security, privacy, and compliance..

Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions? Online Services Terms Azure compliance documentation Microsoft Privacy Statement

Azure compliance documentation That's correct. The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.