Microsoft Azure Fundamentals Exam Flashcards

Question 1

Q

What is Azure Storage?

Answer

A

A service to store files, messages, and tables.

Question 2

Q

You can create an Azure Storage account by using the following (3 Options)?

Answer

A

Azure Portal
Azure CLI
PowerShell

Question 3

Q

What is Azure Blob Storage?

Answer

A

An object storage solution for the cloud; unstructured, stores massive amounts of data.

Question 4

Q

What is Blob Storage Ideal For (4 options)?

Answer

A

Storing up to 8 TB of data for virtual machines.
Storing data for backup and restore disaster recovery, and archiving.
Storing data for analysis by an on-premises or Azure-hosted service.
Streaming video and audio.

Question 5

Q

T/F: With Azure File Share, you can write data to a file share, and process or analyze the data later.

Answer

A

TRUE - This is typically done with diagnostic logs, metrics, and crash dumps.

Question 6

Q

T/F: With Azure File Share, you can store configuration files on a file share.

Answer

A

TRUE - Configuration files can be stored on a file share and accessed from multiple VM. Tools and utilities used by multiple developers in a group can be stored on a file share, ensuring that everybody can find them and that they use the same version.

Question 7

Q

What is Azure File Share?

Answer

A

Azure Files makes it easier to migrate on-premises applications that share data to Azure. You can access the files from anywhere in the world.

Question 8

Q

What are the three Blob (Azure Storage for data) access tiers?

Answer

A

Hot
Cool
Archive

Question 9

Q

What is a Hot Access Tier?

Answer

A

Optimized for storing data accessed frequently, i.e. images for your website for at least 3o days.

Question 10

Q

What is a Cool Access Tier?

Answer

A

Optimized for storing data accessed infrequently, i.e. invoices for your client, and stored for at least 30 days.

Question 11

Q

What is Archive Access Tier (Azure Storage?

Answer

A

Data that is rarely accessed and stored for at least 180 days.

Question 12

Q

T/F: Only Hot and Cool Access Tiers can be set at the account level.

Question 13

Q

T/F: Hot, Cool & Archive Access Tiers can be set up at the blob level during or after upload.

Question 14

Q

T/F: Archive stores data offline and offers the lowest cost.

Question 15

Q

Azure storage is used by both Infrastructure as a Service (IaaS) virtual machines, and Platform as a Service (PaaS) cloud services.

Answer

A

TRUE - You can use Azure Storage on its own. For example, you can use it as a file share. Developers also often use it as a repository for working data. These repositories can be used by websites, mobile apps, desktop applications, and many other types of custom solutions. Azure Storage is also used by Infrastructure as a Service (IaaS) virtual machines, and Platform as a Service (PaaS) cloud services.

Question 16

Q

True or False?

Azure Files are accessible via the industry standard Server Message Block (SMB) protocol.

Answer

A

TRUE - Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.

Question 17

Q

True or False?

Azure Files can be accessed from anywhere in the world using a URL that points to the file.

Answer

A

TRUE - One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world using a URL that points to the file.

Question 18

Q

True or False?

Shared Access Signature (SAS) tokens allow access to a private asset for a specific amount of time.

Answer

A

TRUE - You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time.

Question 19

Q

What is Azure Virtual Network?

Answer

A

(IaaS) resource; An Azure Virtual Network (VNet) is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. Also allows for segmentation.

Question 20

Q

True or False?

A virtual network needs to exist in a resource group.

Answer

A

TRUE - you can create a new one or select an existing resource group.

Question 21

Q

What is a VPN (Virtual Private Network)?

Answer

A

A private, interconnected network that uses an encrypted tunnel within another network.

Question 22

Q

True or False?

You can deploy many VPN gateways in each virtual network, but you can use one gateway to connect to multiple locations.

Answer

A

FALSE - You can deploy only one VPN gateway in each virtual network, but you can use one gateway to connect to multiple locations.

Question 23

Q

What are the two VPN types to specify when you deploy a VPN gateway?

Answer

A

Policy Based

2. Route Based

Question 24

Q

What is a Policy Based VPN type?

Answer

A

Specifies statically the IP address of packets that should be encrypted through each tunnel (static routing); includes support for IKEV1.
Must be used in specific scenarios that require them, such as for compatibility with legacy on-premises VPN devices.

Question 25

Q

What is a Route Based VPN type?

Answer

A

VPN type lets routing/forwarding tables direct traffic to different IPsec tunnels. It is typically built on router platforms where each IPsec tunnel is modeled as a network interface or VTI (virtual tunnel interface).

Question 26

Q

What is Azure ExpressRoute?

Answer

A

Allows you to create private connections between Azure datacenters and infrastructure on your premises or in a colocation environment. ExpressRoute connections don’t go over the public internet, and they offer more reliability, faster speeds, and lower latencies than typical internet connections.

Question 27

Q

T/F: A VM in Azure can connect out to the Internet by default.

Question 28

Q

What are the two valid filtering approaches in Azure virtual networks?

Answer

A

Network Virtual Appliances

2. Network Security Groups

Question 29

Q

What is a network security group?

Answer

A

A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.

Question 30

Q

What fields must be configured when you set up an Azure virtual network?

Answer

A

Name - You must provide a name for the virtual network.
Subscription - All resources must be associated with a valid subscription.
Resource Group - All resources must be associated with a resource group.

Question 31

Q

You can create a connection between your on-premises network and the Microsoft cloud in four different ways?

Answer

A

Cloud Exchange colocation
Point-to-point Ethernet Connection
Any-to-any (IPVPN) Connection
ExpressRoute Direct

Question 32

Q

What are service endpoints?

Answer

A

You use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks, thereby improving security and providing optimal routing between resources.

Question 33

Q

What is Network virtual appliances?

Answer

A

A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing Wide Area Network (WAN) optimization.

Question 34

Q

What is static routing?

Answer

A

Combinations of address prefixes from both networks control how traffic is encrypted and decrypted through the VPN tunnel. The source and destination of the tunneled networks are declared in the policy and don’t need to be declared in routing tables.

Question 35

Q

What is Cloud Exchange colocation?

Answer

A

Co-located providers can normally offer both Layer 2 and Layer 3 connections between your infrastructure, which might be located in the colocation facility, and the Microsoft cloud.

Question 36

Q

What is Point-to-point Ethernet Connection?

Answer

A

Point-to-point Ethernet providers can offer Layer 2 connections, or managed Layer 3 connections between your site and the Microsoft cloud.

Question 37

Q

A VPN gateway is a type of Virtual Network Gateway. To connect on-premises data centers to Azure virtual networks you need to configure

Question 38

Q

What three resources are required before you can deploy a VPN gateway between Azure and on-premises resources?

Answer

A

Virtual network
Virtual network gateway
Public IP address - You must create a Basic-SKU dynamic public IP address if using a non-zone-aware gateway. This address provides a public-routable IP address as the target for your on-premises VPN device.

Question 39

Q

Azure Machine Learning

Answer

A

a platform for making predictions. It consists of tools and services that allow you to connect to data, to train and test models, to find one that would most accurately predict a future result. After you’ve run experiments to test the model, you can deploy and use it in real time via a web API endpoint. With Azure Machine Learning, you can build a process that defines how to obtain data, how to handle missing or bad data, how to split the data into either a training session, or test set, and deliver the data to the training process.

*Azure Machine Learning requires you to bring your own data and train models over that data

Question 40

Q

Azure Cognitive Services

Answer

A

Used to solve general problems such as analyzing text for emotional sentiment, or analyzing images to recognize objects or faces. You don’t need special machine learning or data science knowledge to use the services. Developers access Azure Cognitive Services via APIs and can easily include these features in just a few lines of code.

Azure Cognitive Services, for the most part, provides pre-trained models so that you can bring in your live data to get predictions on.

Question 41

Q

Azure Cognitive Services can be divided into the following 4 categories:

Answer

A

Language Services - process natural language with pre-built scripts.
Speech services - converts speech into text and text into natural sounding speech. Translate from one language to another and enables speaker verification and recognition.
Vision services - add recognition and identification capabilities when you’re analyzing pictures, videos, and other visual content.
Decision services - add personalized recommendations for each user that automatically improve each time they’re used. Moderate content to monitor and remove offensive or risky content.

Question 42

Q

When should you choose Azure ML?

Answer

A

Choose Azure Machine Learning when your data scientists need complete control over the design and training of an algorithm using your own data. Second, Azure Cognitive Services provide pre-built machine learning models that enable applications to see, hear, speak, understand, and even begin to reason.

Question 43

Q

Azure Bot Service and Bot Framework

Answer

A

platforms for creating virtual agents that understand and reply to questions just like a human. Azure Bot Service is a bit different from Azure Machine Learning and Azure Cognitive Services, in that, it has a specific use case. Namely, it creates a virtual agent that can intelligently communicate with humans. Behind the scenes, the bot you build uses other Azure services, such as Azure Cognitive Services to understand what their human counterparts are asking for.

Question 44

Q

What is a Bot?

Answer

A

Bots can be used to shift simple repetitive tasks such as taking dinner reservations, or gathering profile information onto automated systems that might no longer require direct human intervention. Users converse with a bot by using text, interactive cards, and speech. A bot interaction can be a quick question and answer, or it can be as sophisticated conversation that intelligently provides access to services.

Question 45

Q

You need to create a human-computer interface that uses natural language to answer customer questions; cost and time are important factors in your selection. Which product option should you select?

A. Azure Bot Service
B. Azure Machine Learning
C. Azure Cognitive Services

Answer

A

A. Azure Bot Service - creates virtual agent solutions that utilize natural language and is a cost-effective option.

Question 46

Q

One approach to AI is a technique that uses existing data to train and test a model, then apply that model to new data to forecast future behaviors, outcomes, and trends. What is this referred to as?

A. Machine Learning
B. Deep Learning

Answer

A

A. Machine Learning

Question 47

Q

There are three primary AI offerings from Microsoft Azure, each of which is designed for a specific audience and use case. Which of the following features are offered by Azure Cognitive Services?

Select all options that apply.

A. The ability to train and evaluate predictive models using tools and programming languages familiar to data scientists.

B. The ability to add recognition and identification capabilities when analyzing pictures, videos, and other visual content.

C. The ability to create virtual agents that understand and reply to questions just like a human.

D. The ability to convert speech into text and text into natural-sounding speech. Translate from one language to another and enable speaker verification and recognition.

Answer

A

B. The ability to add recognition and identification capabilities when analyzing pictures, videos, and other visual content.

D. The ability to convert speech into text and text into natural-sounding speech. Translate from one language to another and enable speaker verification and recognition.

Question 48

Q

Your organization requires the development of an app that will predict future outcomes based on private historical data. Which Azure service do you think is the most appropriate to use in this scenario?

A. Azure Cognitive Services
B. Azure Bot Service
C. Azure Machine Learning

Answer

A

C. Azure Machine Learning

Question 49

Q

Your organization requires the development of an app that can understand the content and meaning of images, video, audio, or translate text into a different language. Which Azure services do you think is the most appropriate to use in this scenario?

A. Azure Cognitive Services
B. Azure Machine Learning
C. Azure Bot Service

Answer

A

A. Azure Cognitive Services

Question 50

Q

Azure Boards

Answer

A

Azure boards is an agile project management suite that includes Kanban boards, reporting and tracking ideas, and work from high-level epics to work items and issues. Like Kanban boards,
it visually displays work at various stages of a process.

Question 51

Q

Azure DevOps Services

Answer

A

A suite of services that address every stage of the software
development life cycle. Azure DevOps is a centralized
source code repository where software development, DevOps, Engineering, and documentation professionals can publish their code for review and collaboration.

Question 52

Q

Azure Pipelines

Answer

A

Azure Pipelines is a continuous integration and continuous delivery
pipeline automation tool. As your test plans is an automated test tool that can be used in a CICD pipeline to ensure quality before
a software release. As your artifacts is a repository for hosting artifacts such as compiled source code, which can be fed into testing or Deployment Pipeline steps.

Question 53

Q

Azure DevTest labs

Answer

A

*helps organizations to manage the VMs that developers
and testers need to ensure a new app works across
various operating systems. Azure DevTest Labs provides an automated means of managing the process of building, setting up, and tearing down virtual machines that contain bills of your software projects.

*Anything you can deploy in Azure VM, Azure Resource Manager template can be provisioned through DevTest Labs.

Question 54

Q

DevOps is a new approach that helps to align technical teams to work towards their common goal. Which of the following provides a suite of services that addresses each stage of the Software Development Lifecycle (SDL)?

A. GitHub and GitHub Actions
B. Azure DevOps Services
C. Azure DevTest Labs

Answer

A

B. Azure DevOps Services

Question 55

Q

T/F: Azure DevTestLabs provide automated provisioning of pre-created lab environments with required configurations and tools already installed.

Question 56

Q

In your organization software development teams work on many different projects and they are required to provide project sponsors and managers with reports, progress tracking, bug reports etc. Management wants to ensure that individuals have access to only the information they need to do their work.

Which of the following in your opinion would be the most suitable solution to implement?

A. GitHub and GitHub Actions
B. Azure DevOps Services
C. Azure DevTest Labs

Answer

A

B. Azure DevOps Services

Question 57

Q

Your company wants to publish an open-source API that allows third-parties to integrate their own inventories of new and used items. They also want to use the API to offer a wider variety of products directly from your ecommerce site. You need a platform to share example code, collect feedback on the API, allow contributors to report issues, and build a community around feature requests.

Which of the following do you think is the most suitable solution to implement?

A. GitHub and GitHub Actions
B. Azure DevOps Services
C. Azure DevTest Labs

Answer

A

A. GitHub and GitHub Actions - With GitHub, your company can publish its code, accept community contributions to improve the code examples, accept feedback, and bug reports. Because this scenario involves open-source code, GitHub is a leading candidate.

Question 58

Q

Azure Advisor

Answer

A

Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. It is not used to set up alerts for outages

Question 59

Q

Which of Azure’s three primary monitoring offerings are most useful for collecting, analyzing, visualizing, and possibly taking actions based on the collected data from your entire Azure and on-premises environment?

A. Azure Monitor
B. Azure Advisor
C. Azure Service Health

Answer

A

A. Azure Monitor

Question 60

Q

Which of Azure’s three primary monitoring offerings are most useful for providing a personalized view of the health of the Azure services, regions, and resources?

A. Azure Monitor
B. Azure Service Health
C. Azure Advisor

Answer

A

B. Azure Service Health

Question 61

Q

You need to optimize your cloud services for reliability, security, performance, costs, and operations based on expert best practices. Which Azure monitoring tool would you recommend to best satisfy this requirement?

A. Azure Monitor
B. Azure Service Health
C. Azure Advisor

Answer

A

C. Azure Advisor

Question 62

Q

Your company has recently moved to Azure cloud services. Management are concerned that they may be spending too much and have also highlighted how well their new environment meet security best practices. They would like to analyze their use of the cloud analyzed against industry best practices. Which monitoring tool would you recommend using for this?

A. Azure Monitor
B. Azure Advisor
C. Azure Service Health

Answer

A

B. Azure Advisor

Question 63

Q

T/F: The two broad categories of management tools are visual

tools and code based tool’s.

Question 64

Q

T/F: Visual tools might be less useful when you’re trying to set up a large deployment of resources with interdependencies and
configuration options.

Answer 57

A

each individual step should be performed to achieve a desired outcome.

Answer 58

A

only a desired outcome, and it allows an interpreter to decide how to best achieve that outcome. This distinction is important because tools that are based on declarative code can provide a more robust
approach to deploying dozens or hundreds of resources simultaneously and reliably.

Answer 59

A

Azure Portal

Given the requirement to view data visually and create custom reports the Azure portal is the best choice. You can quickly find answers to questions using a range of reporting options.

Answer 60

A

Azure Mobile App

The Azure mobile app running on a phone or tablet could help key employees keep an eye on the health of the cloud environment. The Azure mobile app is a good compromise in this scenario, it allows employees the freedom to be away from the office while still being able to perform one-off management and administrative tasks.

Answer 61

A

Azure CLI is more beneficial to those with a Linux administration and scripting background who wish to perform one-off management or administrative actions.

Answer 62

A

Azure Functions and Azure Logic Apps

Answer 63

A

You are concerned only with the code that’s running your service and not the underlying platform or infrastructure. You use functions most commonly when you need to perform work in response to an event. You do this often via a rest request, timer, or message from another Azure service and when that work can be completed quickly within seconds or less.

Answer 64

A

A low code development platform hosted as a cloud service. This service helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.

Logic Apps simplifies how you design and build scalable solutions, whether in the cloud, on-premises, or both. This solution covers app integration, data integration, system integration, enterprise application integration, and business-to-business integration.

Azure Logic Apps is designed in a web-based designer and can execute a logic that’s triggered by Azure services without your having to write any code, you build an app by linking triggers to actions with connectors.

There are logic actions, such as those you would find in most programming languages. Examples of actions include working with variables, decision statements, and loops, and tasks that parse and modify data. To build enterprise integration solutions with Azure logic apps, you can choose from a growing gallery of over 200 connectors. The gallery includes services such as Salesforce, SAP, Oracle DB, and file shares.

Answer 65

A

FALSE

*There is a server (or a group of servers) that execute your code or desired functionality. The key idea is that you are not responsible for setting up or maintaining that server. You don’t have to worry about scaling the server or dealing with outages. The cloud vendor takes care of all the maintenance and scaling concerns for you.

Answer 66

A

FALSE

*Serverless computing is used to handle backend scenarios. It is responsible for sending messages from one system to another, or processing messages that were sent from other systems. It’s not used for end-user facing systems.

Answer 67

A

Azure Functions

Answer 68

A

Azure Logic Apps

Answer 69

A

Azure Functions allows you to host a single method or function using a popular programming language in the cloud that runs in response to an event such as an HTTP request, a new message on a queue, or on a timer.

Answer 70

A

A managed service that’s hosted in the cloud
and that acts as a central message hub for
bidirectional communication between your IoT application
and the devices it manages. You can use Azure IoT Hub
to build IoT solutions with reliable and secure communications
between millions of IoT devices and a cloud-hosted
solution back-end. You can connect virtually
any device to your IoT Hub. The IoT Hub service supports
communications both from the device to the cloud and
from the cloud to the device. It also supports multiple
messaging patterns, such as device-to-cloud
telemetry, file upload from devices, and request to reply methods to control your devices
from the cloud. After an IoT Hub receives
messages from a device, it can route that message
to other Azure services. From a cloud-to-device
perspective, IoT Hub allows for
Command and Control. That is, you can have either manual or automated
remote control of connected devices so you can instruct the device
to open valves, set target temperatures, restart stuck devices, and so on. IoT Hub monitoring helps
you maintain the health of your solution by tracking
events such as device creation, device failures, and
device connections.

Answer 71

A

builds on top of IoT Hub by adding a dashboard
that allows you to connect, monitor, and manage
your IoT devices. The visual user interface makes it easy to quickly connect new devices and
watch as they begin sending telemetry or messages. You can watch the
overall performance across all devices in aggregate. You can set up alerts
that send notifications when a specific device
needs maintenance. Finally, you can push hardware
updates to the device. To help you get up
and running quickly, IoT Central provides
starter templates for common scenarios
across various industries, such as retail, energy,
healthcare, and government. You then customize the
design starter templates directly in the UI by choosing from existing themes or creating your
own custom theme, setting the logo, and so on. With IoT Central, you can tailor the starter templates for the specific data that’s
sent from your devices, the reports you want to see, and the alerts you want to send. You can use the UI to control
your devices remotely. This feature allows you to push a software update or modify
a property of the device. You can adjust the desired
temperature for one or all of your refrigerated
vending machines from directly inside of IoT Central. A key part of IoT Central is
the use of device templates. By using a device template, you can connect a device without
any service site coding. IoT central uses the templates to construct the dashboards, alerts, and so on. Device developers still need to create code to run
on the devices, and that code must match the device template
specification.

Answer 72

A

Azure Sphere creates
an end-to-end, highly secure IoT solution for
customers that encompasses everything from the hardware
and operating system on the device to the secure method
of sending messages from the device to
the message hub. Azure Sphere has built-in communication and
security features for internet-connected devices. Azure Sphere comes
in three parts. The first part is the Azure Sphere
Micro-controller Units, or MCU, which is responsible
for processing the operating system and
signals from attached sensors. This image displays the Seed Azure Sphere
MT3620 Development Kit MCU, one of several
different starter kits that are available for prototyping and developing
Azure Sphere applications. The second part is a customized Linux
Operating System that handles communication
with the security service and can run the
vendor’s software. The third part is Azure
Sphere Security Service, also known as AS3. Its job is to make sure that the device has not been
maliciously compromised. AS3 is Microsoft’s
cloud-based service that communicates with
Azure Sphere chips to enable maintenance,
update, and control. When the device attempts
to connect to Azure, it first must authenticate
itself per device, which it does by using
certificate-based authentication. If it authenticates successfully, AS3 checks to ensure that the device hasn’t
been tampered with. After it has established a secure channel
of communication, AS3 pushes any OS or approved customer-developed software
updates to the device. After the Azure Sphere
system has validated the authenticity of the
device and authenticated it, the device can interact with other Azure IoT services by sending telemetry and
other information.

Answer 73

A

TRUE - As we mentioned previously, Azure Sphere ensures a secure channel of communication between the device and azure by controlling everything from the hardware to the operating system and the authentication process. This ensures that the integrity of the devices uncompromised. After a secure channel is established, messages can be received from the device securely and messages air software updates can be sent to the device remotely.

Answer 74

A

TRUE - Programmers can still create a customized set of management tools and reports by using the IoT Hub Rest ful, API.

Answer 75

A

Azure Sphere creates an end-to-end highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device, to the secure method of sending messages from the device to the message hub.

Answer 76

A

Azure IoT Hub is the best choice in this scenario. It is a managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can connect virtually any device to your IoT Hub.

Answer 77

A

TRUE

It would make sense to copy existing logic written in C#, from the Windows Service and port it to an Azure Function. It’s possible that the same logic could be implemented in Azure Logic Apps. However, since the service already exists in C#, it can be leveraged for use in an Azure Function.

Answer 78

A

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises.

The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

Provide security recommendations that are based on your current configurations, resources, and networks. Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited.

Answer 79

A

TRUE

You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run.

Answer 80

A

A SIEM system aggregates security data from many different sources as long as those sources support an open standard logging format. It also provides capabilities for threat detection and response.

Answer 81

A

Azure sentinel is Microsoft’s cloud-based SIEM system, it uses intelligence security analytics and threat analysis Azure sentinel enables you to collect cloud data at scale across all users, devices, applications, and infrastructure both on-premises and from multiple clouds. Detect previously undetected threats while minimizing false positives by using Microsoft’s Comprehensive Analytics and Threat Intelligence. Investigate threats with artificial intelligence and examined suspicious activities at scale.

Answer 82

A

Azure Key Vault is a centralized cloud service for storing application secrets in a single central location.

It provides secure access to sensitive information by providing access control and logging capabilities.

Azure Key Vault can help you manage secrets. You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.

Manage encryption keys, you could use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data.

Manage SSL/TLS certificates, Key Vault enables you to provision, manage, and deploy your public and private secure sockets layer, transport layer security, or SSL/TLS certificates for both your Azure resources and your internal resources.

Answer 83

A

Centralizing the storage for your application’s secrets enables you to control their distribution and reduces the chances that secrets are accidentally leaked.
Securely stores secrets and keys: Azure uses industry-standard algorithms, key lengths, and HSMs. Access to Key Vault requires proper authentication and authorization.
Access monitoring and access control: by using Key Vault, you can monitor and control access to your application secrets.
Simplified administration of application secrets: Key Vault makes it easier to enroll and renew certificates from public certificate authorities, RCAs. You can also scale up and replicate content within regions and use standard certificate management tools.
Integration with other Azure services: you can integrate key vault with storage accounts, container registries, event hubs, and many more Azure services. These services can then securely reference the secrets stored in Key Vault.

Answer 84

A

TRUE

A dedicated host is mapped to a physical server in an Azure data center, and a host group is a collection of dedicated hosts.

Answer 85

A

Azure Security Center is a monitoring service that provides visibility of your security posture across all your services on Azure and on-premises.

Answer 86

A

Implement an application control rule in Azure Security Center.

With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.

Answer 87

A

Azure Sentinel

Azure Sentinel is Microsoft’s cloud based SIEM solution and can combine and report on security data from different sources

Answer 88

A

Configure the VM’s to run on Azure Dedicated Host.

By default, virtual machines (VMs) on Azure run on shared hardware that’s managed by Microsoft. Although the underlying hardware is shared, VM workloads are isolated from workloads being run by other Azure customers.

However, some organizations must follow regulatory compliance that requires them to be the only customer using the physical machine that hosts their virtual machines.

Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

Answer 89

A

The objective of defense and depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it. A defense and death strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data. Each layer provides protection, so that if one layer is breached, a subsequent layer is already in place to prevent further exposure. This approach removes reliance on any single layer of protection. It slows down an attack and provides alert telemetry that security teams can act upon either automatically or manually.
Play video starting at ::58 and follow transcript0:58
The physical security layer is the first line of defense to protect computing hardware in the data center. The identity and access layer controls access to infrastructure and change control. The perimeter layer uses distributed denial of service protection to filter large scale attacks before they can cause a denial of service for users. The network layer limits communication between resources through segmentation and access controls. The compute layer secures access to virtual machines. The application layer helps ensure that applications are secure and free of security vulnerabilities. And the data layer controls access to business and customer data that you need to protect. These layers provide a guideline for you to help make security configuration decisions in all of the layers of your applications. Azure provides security tools and features at every level of the defense and death concept. Let’s take a closer look at each layer.

Answer 90

A

physical security layer
identity and access layer
perimeter layer
network layer
compute layer
application layer
data layer

These layers provide a guideline for you to help make security configuration decisions in all of the layers of your applications. Azure provides security tools and features at every level of the defense and death concept.

Answer 91

A

The objective is to protect information and prevent it from being stolen by those who aren’t authorized to access it. A defense and death strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure. This approach removes reliance on any single layer of protection. It slows down an attack and provides alert telemetry that security teams can act upon either automatically or manually.

Answer 92

A

The physical security layer is the first line of defense to protect computing hardware in the data center.

Physically securing access to buildings and controlling access to computing hardware within the data center, are the first line of defense. With physical security, the intent is to provide physical safeguards against access to assets. These safeguards ensure that other layers can be bypassed and last or theft is handled appropriately.

Answer 93

A

The identity and access layer controls access to infrastructure and change control. At the identity and access layer, it’s important to control access to infrastructure and change control. Use single sign on, and multi factor authentication and ordered events and changes.

Answer 94

A

The perimeter layer uses distributed denial of service protection to filter large scale attacks before they can cause a denial of service for users. At the perimeter layer, it’s important to use DDoS protection to filter large-scale attacks before they can affect the availability of a system for users. Use perimeter firewalls to identify an alert on malicious attacks against your network at the network perimeter.

Answer 95

A

The network layer limits communication between resources through segmentation and access controls.

At the network layer, it’s important to limit communication between resources, deny by default, restrict inbound Internet access and limit outbound access where appropriate, and implement secure connectivity to on-premises networks. At this layer, the focuses on limiting the network connectivity across all your resources to allow only what’s required. By limiting this communication, you reduce the risk of an attack spreading to other systems in your network.

Answer 96

A

The compute layer secures access to virtual machines. At the compute layer, it’s important to secure access to virtual machines and implement in-point protection on devices and keep systems patched and current malware unpatched systems and improperly secured systems. Open your environment to attacks. The focus in this layer is on making sure that your compute resources are secure and that you have the proper controls in place to minimize security issues.

Answer 97

A

The application layer helps ensure that applications are secure and free of security vulnerabilities.

It’s important to ensure that applications are secure and free of vulnerabilities, store sensitive application secrets in a secure storage medium makes security a design requirement for all application development. Integrating security into the application development lifecycle helps reduce the number of vulnerabilities introduced in cold. Every development team should ensure that its applications are secure by default. In almost all cases, Attackers are after data stored in a database stored on disk inside virtual machines stored in software as a service.

Answer 98

A

And the data layer controls access to business and customer data that you need to protect. Those who store and control access to data are responsible for ensuring that it’s properly secured. Often, regulatory requirements dictate the controls and processes that must be in place to ensure the confidentiality, integrity, and availability of the data - common principles used to define a security posture (CIA).

Integrity prevents unauthorized changes to information at rest when it’s stored and in transit when it’s being transferred from one place to another, including from a local computer to the cloud.

Answer 99

A

A Firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. You can create firewall rules that specify ranges of IP addresses.

Azure Firewall is a managed cloud-based network security service that helps protect resources in your Azure virtual networks.

Azure Firewall is a Stateful Firewall. A Stateful Firewall analyzes the complete context of a network connection, not just an individual package of network traffic. Azure Firewall features high availability and unrestricted cloud scalability. Azure Firewall provides a central location to create, enforce and log application and network connectivity policies across subscriptions and virtual networks. It uses a static, unchanging public IP address for your virtual and network resources, which enables outside Firewalls to identify traffic coming from your virtual network. The service is integrated with Azure Monitor to enable logging and analytics. You typically deploy Azure Firewall on a central virtual network to control general network access.

Answer 100

A

built-in high availability
unrestricted cloud scalability
inbound and outbound filtering rules
inbound destination network address translation or DNAT support
Azure Monitor logging

Answer 101

A

Network rules define source, address, protocol, destination port, and destination address.

Answer 102

A

NAT defines destination IP addresses and ports to translate inbound requests.

Answer 103

A

Azure DDoS Protection helps protect your Azure resources from DDoS attacks.

DDoS protection uses the scale and elasticity of Microsoft’s global network to bring DDoS mitigation capacity to every Azure region. The DDoS Protection Service helps protect your azure applications by analyzing and discarding DDoS traffic at the azure network edge before it can affect your services availability.

Answer 104

A

DDoS attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users. DDoS attacks can target any resource that’s publicly reachable through the Internet, including websites.

When you combine DDoS protection with recommended application design practices, you help provide a defense against DDoS attacks.

Answer 105

A

A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of in NSGs like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port and protocol. A network security group can contain as many rules as you need within Azure subscription limits. When you create a network security group, Azure creates a series of default rules to provide a baseline level of security. You can’t remove the default rules, but you can overwrite them by creating new rules with higher priorities.

Answer 106

A

The Standard service tier provides additional mitigation capabilities that are tuned specifically to Azure Virtual Network resources. The Standard tier also provides always-on traffic monitoring and real-time mitigation of common network-level attacks.
The Basic service tier is automatically enabled for free as part of your Azure subscription. Always-on traffic monitoring and real-time mitigation of common network-level attacks provide the same defenses that Microsoft’s online services use. The Basic service tier ensures that Azure infrastructure itself is not impacted during a large-scale DDoS attack. Azure’s global network is used to distribute and mitigate attack traffic across Azure regions.

Answer 107

A

Network Security Groups - enables you to filter network traffic to and from Azure resources within an Azure Virtual Network. Azure firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Answer 108

A

Azure Firewall

Answer 109

A

Secure Score

Answer 110

A

Authentication, which is sometimes referred to as AuthN, is the process of establishing the identity of a person or service that wants to access a resource. It involves a process of call and response where the end-user or service is challenged for a set of credentials. These credentials are then used as the basis to create a security principle, and this security principle is used to establish the user’s Identity and Access Control. You can think of this as the digital version of a person showing an identity card to a doorman prior to being granted access to an office building. By using authentication, you can establish whether the user is who they say they are.

Answer 111

A

Sometimes referred to as AuthZ, authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they’re allowed to access, and what they can do with it. Once again, let’s look at our doorman example. Once you show your identity card to the doorman, and you have been successfully identified, the doorman may only allow you to access one room in the building based on the information on your identity card.

This process of access based on Identity credentials is an authorization. Once authenticated, authorization defines what kinds of applications, resources, and data the user can access.

Answer 112

A

Azure Active Directory is Microsoft’s cloud-based Identity and Access Management Service. Azure AD enables an organization’s employees to sign in and access both internal and external resources, while also keeping them secure. In doing so, users can sign in and access external resources such as Microsoft 365, the Azure portal, and thousands of others Software as a Service or SaaS applications, internal resources such as apps on the organization’s corporate network and intranet, along with any Cloud apps developed by the organization.

Answer 113

A

A tenant represents an organization in Azure Active Directory. It’s a dedicated Azure AD instance that an organization receives an ohms when it signs up for a Microsoft Cloud service, such as Azure, Microsoft Intune, or Microsoft 365. You can think of a tenant as an instance of your organization with isolated data which is separated from other tenants or organizations. Each Microsoft 365, Office 365, Azure and Dynamic CRM Online tenant is automatically an Azure AD tenant.

Answer 114

A

Authentication
Registration of devices
Device Management
Application Management

Answer 115

A

Single sign-on enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. With SSO, you need to remember only one ID and one password. Access across applications is granted to a single identity that’s tied to the user, which simplifies the security model.

Answer 116

A

Multi-factor authentication is a process where users are prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

Multi-factor authentication is important as it provides an additional level of security for your identities by requiring two or more elements to fully authenticate. These elements fall into three categories. Something the user knows, this might be an email address and password. Something the user has, this might be a code that’s sent to the user’s mobile phone. Something the user is, this is typically some sort of biometric property, such as a fingerprint or face scan that’s used on many mobile devices. Azure AD multi-factor authentication or MFA is a Microsoft service that provides multi-factor authentication capabilities. Azure AD MFA enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.

Answer 117

A

Conditional access is a tool that Azure Active Directory uses to allow or deny access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from. Conditional access helps IT administrators empower users to be productive wherever and whenever, and protect the organization’s assets. Conditional access also provides a more granular multi-factor authentication experience for users. For example, a user may not be challenged for a second authentication factor if they’re at a known location. However, they might be challenged for a second authentication factor if they’re sign-in signals are unusual, or they’re at an unexpected location. During sign-in, conditional access collect signals from the user, makes decisions based on those signals, and then enforces that decision by allowing or denying the access request, or challenging for a multi-factor authentication response.

*Conditional access is useful when you require multi-factor authentication to access an application. You can configure whether all users require multi-factor authentication or only certain users, such as administrators.

Answer 118

A

Azure Active Directory free edition

2. Azure Active Directory Premium, P1 or P2

Answer 119

A

Azure AD helps users access both external and internal resources. External resources might include Microsoft Office 365, the Azure portal, and thousands of other software as a service (SaaS) applications. Internal resources might include apps on your corporate network and intranet, along with any cloud applications developed within your organization.

Answer 120

A

Single Sign On (SSO) - users sign in one time and use that credential to access multiple resources and applications from different providers.

Answer 121

A

The term governance describes the general process of establishing rules and policies and ensuring that those rules and policies are enforced. When running in the cloud, a good governance strategy helps you maintain control over the applications and resources that you manage in the cloud. Maintaining control over your environment ensures that you stay compliant with industry standards, like the payment card industry data security standard, PCIDSS. In corporate or organizational standards, such as ensuring that network data is encrypted. Governance can be beneficial to organizations in a wide range of areas such as multiple engineering teams working in Azure, multiple subscriptions to manage.

Answer 122

A

The Cloud Adoption Framework for Azure provides you with proven guidance to help with your Cloud Adoption journey. It helps you create and implement the Business and Technology strategies needed to succeed in the Cloud. The Cloud Adoption Framework consists of tools, documentation, and proven practices which can help you create and implement the Business and Technology strategies needed to succeed in the Cloud.

Answer 123

A

define your strategy
make a plan
ready your organization
adopt the Cloud
govern and manage your cloud environments

Answer 124

A

In the first stage, you define your strategy using the Cloud Adoption framework, which includes tools, documentation, and proven practices. You answer questions such as, why you’re moving to the cloud and what you want to get out of cloud migration, do you need to scale to meet demand or reach new markets? Will it reduce costs or increased business agility.

*Let’s take a look at the steps in this stage.

Define a document your motivations. Meeting with stakeholders and leadership can help you answer why you’re moving to the Cloud.
Document business outcomes, meet with leadership from your finance, marketing, sales, and human resource groups to help you document your goals.
Develop a business case - validate that moving to the cloud gives you the right return on investment ROI for your efforts.
Choose the right first Project. Choose a project that’s achievable but also shows progress toward your cloud migration goals.

Answer 125

A

In the second stage, you build a plan that maps your aspirational goals to specific actions. A good plan helps ensure that your efforts map to the desired business outcomes.

Let’s walk through the steps in this stage.
1. First, digital estate. This is when you create an inventory of the existing digital assets and workloads that you plan to migrate to the cloud.
2. Second, initial organizational alignment. In this step, you ensure that the right people are involved in your migration efforts, both from a technical standpoint as well as from a cloud governance standpoint.
3. Third, skills readiness plan. Here, you build a plan that helps individuals build the skills they need to operate in the cloud.
4. Last Cloud adoption plan. In this final step, you build a comprehensive plan that brings together the development operations and business teams toward a shared Cloud Adoption goal.

Answer 126

A

Here, you build a plan that helps individuals build the skills they need to operate in the cloud. In the third stage, you get your organization ready by creating a landing zone. A landing zone is an environment in the cloud that helps you begin hosting your workloads. Begin to build out the Azure subscriptions that support each of the major areas of your business. A landing zone includes: cloud Infrastructure, as well as governance, accounting and security capabilities.

Answer 127

A

Build a comprehensive plan that brings together the development operations and business teams toward a shared Cloud Adoption goal. In the fourth stage, you begin to migrate your applications to the cloud. Use the Azure Migration Guide to deploy your first project to the cloud. Use Azure innovation guide to accelerate development and build a minimum viable product MVP for your idea. Verify that your progress maps to recommended best-practices before you move forward. Create feedback loops by checking in frequently with your customers to verify that you’re building what they need.

Answer 128

A

Form your Cloud governance and Cloud management strategies. As the cloud state changes over time, so too will your cloud governance processes and policies.

Let’s look at the steps in the govern phase of this stage.
1. Methodology: Consider your end state solution, then define a methodology that incrementally takes you from your first steps all the way to full Cloud governance.
2. Use the governance benchmark tool to assess your current state and future state to establish a vision for applying the framework.
3. Create a minimally viable product that captures the first steps of your governance plan.
4. Iteratively add governance controls that address tangible risks as you progress towards your end state solution.

Now for the steps in the manage phase of this stage, it is here that you define your minimum commitment to Operations management. A management baseline is the minimum set of tools and processes that should be applied to every asset in an environment. Document supported workloads to establish operational commitments with the business and agree on cloud management investments for each workload. Apply recommended best-practices to iterate on your initial management baseline.

Answer 129

A

Resources
resource groups
subscriptions
management groups

Answer 130

A

Resources are instances of services that you create, like virtual machines, storage, or SQL databases. Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.

Answer 131

A

A subscription, groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas, on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.

Answer 132

A

Management groups help you manage access, policy, and compliance, from multiple subscriptions. All subscriptions in a management group, automatically inherit the conditions applied to that management group.

Answer 133

A

Azure blueprints enables you to define the set of standard Azure resources that your organization requires. For example, you can define a blueprint that specifies that a certain resource lock must exist. Azure blueprints can automatically replace the resource lock if the lock is removed. You learn more about Azure blueprints later in this module. To make the protection process more robust, you can combine resource locks with Azure blueprints.

Answer 134

A

CanNotDelete - means authorized people can still read and modify a resource, but they can’t delete the resource without first removing the lock.
ReaderOnly - means authorized people can read a resource, but they can’t delete or change the resource.

Answer 135

A

Earlier, you learned that you can organize related resources by

Placing them in their own subscriptions.
Using them to manage related resources.

Answer 136

A

Resource tags are another way to organize resources. Tags provide extra information or metadata about your resources. Metadata is useful for a variety of purposes including Resource Management. Tags enable you to locate and act on resources that are associated with specific workloads, environments, business units, and owners.

Tags enable you to group resources so that you can report on costs, allocate internal cost centers, track budgets and forecast estimated cost.

Tags enable you to group resources according to how critical their availability is to your business. This grouping helps you formulate service-level agreements, SLAs. An SLA is an uptime or performance guarantee between you and your users.

Tags enable you to classify data by its security level, such as public or confidential.

Tags enable you to identify resources that align with governance or regulatory compliance requirements, such as ISO 27001. Tags can also be part of your standards enforcement efforts.

Tags can help you visualize all of the resources that participate in complex deployments.

Answer 137

A

Azure Policy is a service in Azure that enables you to create a sign and manage policies that control or audit your resources. These policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards. Azure Policy enables you to define both individual policies and groups of related policies known as initiatives. Azure Policy evaluates your resources and highlights resources that aren’t compliant with the policies you’ve created. Azure Policy can also prevent non-compliant resources from being created. Azure Policy comes with a number of built-in policy and initiative definitions that you can use under categories such as storage, networking, Compute, Security Center, and monitoring.

Answer 138

A

To implement your policy definitions, you assign definitions to resources. A policy assignment is a policy definition that takes place within a specific scope. This scope could be a management group, a collection of multiple subscriptions, a single subscription, or a resource group. Policy assignments are inherited by all child resources within that scope. If a policy is applied to a resource group, that policy is applied to all resources within that resource group. You can exclude a sub-scope from the policy assignment. If there are specific child resources, you need to be exempt from the policy assignment. When a condition is evaluated against her existing resources, each resource is marked as compliant or non-compliant.

Answer 139

A

Tags provide extra information, or metadata, about your resources. You might create a tag that’s named Sales whose value is the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

Answer 140

A

Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.

Answer 141

A

CanNotDelete - means authorized people can still read and modify a resource, but they can’t delete the resource without first removing the lock.
ReadOnly

Answer 142

A

Resource Groups
ARM template
Policy Assignment
Role Assignment

Answer 143

A

Create an Azure Policy

Answer 144

A

Create a new Azure Policy that only displays the preferred SKU sizes.
After you enable this policy, it will be effective when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your existing environment.

Answer 145

A

Think of a control as a known good standard that you can compare your solution against to ensure security. These controls address today’s regulations and adapt as regulations evolve.

Answer 146

A

Global
US Government
Industry
Regional

Answer 147

A

Azure government is a separate instance of the Microsoft Azure service, it addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure government offers physical isolation from non-US government deployments and provide screened US personnel. Azure government services handle data that is subject to certain government regulations and requirements. To provide the highest level of security and compliance, Azure government uses physically isolated data centers and networks located only in the US. Azure government customers, such as the US federal, state, and local government, or their partners, are subject to validation of eligibility.

Answer 148

A

In order to comply with government regulation, Azure services in China are operated by 21Vianet, which is based on the technology licensed from Microsoft. Azure China 21Vianet is a physically separated instance of cloud services located in China. Azure China 21 Vianet is independently operated and transacted by Shanghai Blue Cloud Technology Company, or 21Vianet

Answer 149

A

Microsoft Trust Center

Answer 150

A

Online Services Terms

The Online Services Terms (OST) is a legal agreement between Microsoft and the customer that details the obligations by both parties with respect to the processing and security of customer data and personal data. The OST applies specifically to Microsoft’s online services that you license through a subscription including Azure, Dynamics 365, Office 365, and Bing Maps.

Answer 151

A

The Microsoft Privacy Statement provides information that’s relevant to specific services, including Cortana.

Answer 152

A

Azure Advisor

Answer 153

A

Define your workload
Adjust assumptions
View the report.

Answer 154

A

The first step, define your workloads, Is where you enter the specification of your on-premises infrastructure into the TCO calculator based on these four categories. The service category includes operating systems, virtualization methods, CPU cores, and memory RAM. The databases category includes database types, server hardware, and the Azure service you want to use, which includes the expected maximum concurrent users sign-ins. The storage category includes storage type and capacity, which includes any backup or archive storage. The networking category includes the amount of network bandwidth you currently consume in your on-premises environment.

Answer 155

A

In Step 2, you adjust your assumptions about your operating costs. Here you specify whether your current on-premises licenses are enrolled for software assurance. If they are, you can save money by reusing those licenses on Azure. You can also specify whether you need to replicate your storage to another Azure region for greater redundancy. Then, you can also see the key operating cost assumptions across several different areas. You might need to adjust these to more accurately reflect your situation. These costs have been certified by Nucleus Research, an independent research company. For example, these costs include electricity price per kilowatt-hour, network maintenance cost as a percentage of network hardware and software costs, hourly pay rate for IT administration. To improve the accuracy of the TCO calculator results, you adjust the values so that they match the costs of your current on-premises infrastructure.

Answer 156

A

In Step 3, you generate a report based on your answers in Steps 1 and 2. You start by choosing a time-frame between one and five years. The TCO calculator generates a report that’s based on the information you’ve entered. For each category, compute, data center, networking, storage, and IT labor, you can also view a side-by-side comparison of the cost breakdown of operating those workloads on-premises versus operating them on Azure.

Answer 157

A

Among these factors that affect your costs are resource type, usage meters, resource usage, Azure subscription types, and Azure Marketplace.

Answer 158

A

A CSP is a Microsoft partner who helps you build solutions on top of Azure. Your CSP bills you for your Azure usage at a price they determine. They also answer your support questions, escalating them to Microsoft as needed.

Answer 159

A

An Enterprise Agreement

Larger customers (known as Enterprise customers) can sign an Enterprise Agreement with Microsoft that commits them to spend a predetermined amount on Azure services over a period of 3 years, which is typically paid annually. As an Enterprise Agreement customer, you will receive the best, customized pricing based on the kinds and amounts of services you plan on using.

Answer 160

A

When you spend all the credit included with your Azure free account, Azure resources that you deployed are removed from production and your Azure virtual machines are stopped and deallocated. The data in your storage accounts are available as read-only. At this point, you can upgrade your subscription to a pay-as-you-go subscription.

Answer 161

A

False

You don’t need an Azure subscription to review service SLAs. You can access SLAs from the Service Level Agreements page on azure.microsoft.com.

Answer 162

A

52.56 mins

Answer 163

A

A Virtual Network Gateway

To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network. The Azure VPN device is known as a Virtual Network Gateway.

Answer 164

A

With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell.

Answer 165

A

No.

Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure servers, storage, and networking as well as middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating. However, virtual machines are examples of Infrastructure as a service (IaaS). IaaS is an instant computing infrastructure, provisioned and managed over the internet. Try going back and reviewing Microsoft Azure Fundamental Concepts & Architectural Components.

Answer 166

A

Azure Files Storage offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Diagnostic logs, metrics, and crash dumps are just three examples of data that can be written to a file share and processed or analyzed later. Try going back and reviewing Microsoft Azure Fundamental Concepts & Architectural Components.

Answer 167

A

An Azure virtual machine is an example of Infrastructure as a Service (IaaS).

Answer 168

A

In a consumption-based model, you don’t need to purchase and manage a costly infrastructure that they may or may not use to its full capacity.
You only pay for additional resources when they are needed.

Answer 169

A

To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network. The Azure VPN device is known as a Virtual Network Gateway.

Answer 170

A

Azure HDInsight is a fully managed, open-source analytics service for enterprises. It is a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data. HDInsight allows you to run popular open-source frameworks and create cluster types.

Answer 171

A

DevTest Labs allows for the creation of labs consisting of pre-configured bases or Azure Resource Manager templates.

Answer 172

A

Azure virtual machine scale sets let you create and manage a group of load-balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications and allow you to centrally manage, configure, and update many VMs. However, this question does not specify that the scale set will be configured across multiple datacenters so this solution does not meet the goal.

Answer 173

A

Computing capacity can be increased by adding additional RAM or CPUs to a virtual machine.

Answer 174

A

The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud.

Answer 175

A

Create a hybrid cloud - a combination of a private cloud and a public cloud. With a hybrid cloud, you can continue to use the on-premises servers while adding new servers in the public cloud. Adding new servers in Azure minimizes the capital expenditure costs

Answer 176

A

Create a subscription - an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue. You get billed per subscription. Try going back and reviewing Microsoft Azure Fundamental Concepts & Architectural Components.

Answer 177

A

Cosmos DB

Answer 178

A

No.

Azure App Service is a PaaS (Platform as a Service) service. However, Azure Storage accounts are an IaaS (Infrastructure as a Service) service. Therefore, this design does not meet the requirements. Try going back and reviewing Microsoft Azure Storage and Networking Services.

Answer 179

A

Point-to-site Virtual Private Networks
Azure ExpressRoute
Site-to-site Virtual Private Networks

Answer 180

A

You use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks, thereby improving security and providing optimal routing between resources.

Answer 181

A

Azure DevOps Services has a much more granular set of permissions that allow organizations to refine who can perform most operations across the entire toolset. Also, Azure DevOps is highly customizable, allowing an administrator to add custom fields to capture metadata and other information alongside each work item. By contrast, GitHub Issues uses tags as its primary means of helping a team categorize issues.

Answer 182

A

Azure Sphere

Answer 183

A

Azure Monitor

Answer 184

A

Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several components including MLlib which is a Machine Learning library consisting of common learning algorithms and utilities, including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as underlying optimization primitives.

Answer 185

A

Azure DevOps Repos is a set of version control tools that you can use to manage your code. Azure DevOps repos are a set of repositories that allow you to version control and manage your project code. It helps to work and coordinate code changes across a team.

Answer 186

A

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group.

Answer 187

A

Premier, Professional Direct, Standard, and Developer only

Answer 188

A

Multiple subscriptions; There are different payment options in Azure including pay-as-you-go (PAYG), Enterprise Agreement (EA), and Microsoft Customer Agreement (MCA) accounts. Your Azure costs are per subscription. You are charged monthly for all resources in a subscription. Therefore, to use different payment options per department, you will need to create a separate subscription per department.

Answer 189

A

12 months; The Modern Lifecycle Policy covers products and services that are serviced and supported continuously. For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months’ notification before ending support if no successor product or service is offered.

Answer 190

A

Your existing Azure resources are removed from production and your Azure virtual machines are stopped and deallocated.

Brainscape's Knowledge GenomeTM

Microsoft Azure Fundamentals Exam Flashcards

Brainscape's Knowledge Genome^TM