Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AZ-900 > MS Official Questions > Flashcards

MS Official Questions Flashcards

1
Q

Which two attributes are characteristics of the private cloud deployment model? Each correct answer presents a complete solution.

Applications can be provisioned and deprovisioned quickly.
Hardware must be purchased.
Organizations only pay for what they use.
The company has complete control over physical resources and security.

A

The correct answers are Hardware must be purchased and The company has complete control over physical resources and security. In a private cloud model, the organization owns and maintains the hardware, which requires upfront investment. Since the infrastructure is dedicated to a single organization, it has full control over security, compliance, and resource management.

The other options are incorrect because “Applications can be provisioned and deprovisioned quickly” is more commonly associated with public and hybrid clouds, where resources can be scaled rapidly. “Organizations only pay for what they use” is a characteristic of the public cloud’s pay-as-you-go model, whereas private clouds require upfront capital expenses regardless of usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are two characteristics of the public cloud deployment model? Each correct answer presents a complete solution.

Select all answers that apply.

Computing resources are used exclusively by users from one organization.
Hardware is physically located in an organization’s on-site datacenter.
Servers and storage are owned and operated by a third-party cloud service provider.
Services are offered over the internet and are available to anyone who wants to purchase them.

A

The correct answers are “Servers and storage are owned and operated by a third-party cloud service provider” and “Services are offered over the internet and are available to anyone who wants to purchase them.” In the public cloud model, a cloud provider owns and manages the infrastructure, while customers access services remotely over the internet on a pay-as-you-go basis. This allows for scalability, cost efficiency, and ease of access.

The other options are incorrect because “Computing resources are used exclusively by users from one organization” describes a private cloud, which is dedicated to a single organization. “Hardware is physically located in an organization’s on-site datacenter” is also a characteristic of private or on-premises deployments, not the public cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are two characteristics of a consumption-based model? Each correct answer presents a complete solution.

Select all answers that apply.

high capital expenditures
no upfront costs
requires the purchase and management of the physical infrastructure
the ability to stop paying for resources that are no longer used

A

The correct answers are “no upfront costs” and “the ability to stop paying for resources that are no longer used.” A consumption-based model allows organizations to pay only for the resources they use, eliminating large upfront capital expenditures. Additionally, resources can be scaled up or down, and users stop paying for unused services, making it a flexible and cost-effective approach.

The other options are incorrect because “high capital expenditures” applies to traditional on-premises or private cloud models, where companies must invest in hardware upfront. “Requires the purchase and management of the physical infrastructure” is also incorrect, as a consumption-based model relies on cloud providers managing the infrastructure, reducing the burden on the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Select the answer that correctly completes the sentence.
[Answer choice] is the logical container used to combine and organize Azure resources.

a management group
a resource group
Azure Resource Manager (ARM)
an Azure region

A

The correct answer is “a resource group.” A resource group is a logical container in Azure used to organize and manage related resources, such as virtual machines, databases, and storage accounts. It helps with resource management, access control, and cost tracking.

The other options are incorrect because “a management group” is used to organize multiple subscriptions, not individual resources. “Azure Resource Manager (ARM)” is the service that manages deployments and infrastructure but is not a container for resources. “An Azure region” refers to a geographical location where Azure data centers are located, not a logical grouping of resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Select the answer that correctly completes the sentence.
[Answer choice] are physically separate datacenters within an Azure region.

Availability zones
Geographies
Region pairs
Resource groups

A

The correct answer is “Availability zones.” Availability zones are physically separate data centers within an Azure region, each with independent power, cooling, and networking. They provide high availability and fault tolerance by ensuring that workloads remain operational even if one zone fails.

The other options are incorrect because “Geographies” are large areas that contain multiple regions to meet compliance and data residency requirements. “Region pairs” are two Azure regions within the same geography that are paired for disaster recovery and redundancy. “Resource groups” are logical containers used to organize and manage Azure resources, not physical data centers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Select the answer that correctly completes the sentence.
In a region pair, a region is paired with another region in the same [answer choice].

availability zone
datacenter
geography
resource group

A

The correct answer is “geography.” In a region pair, a region is paired with another region within the same geography to ensure data residency, compliance, and disaster recovery capabilities. This setup helps protect against outages by allowing replication and failover between the two paired regions.

The other options are incorrect because “availability zone” refers to separate data centers within a single region, not across regions. “Datacenter” is too specific, as multiple data centers make up an Azure region. “Resource group” is a logical container for organizing resources, not a physical or geographic concept.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an Azure Storage account named storage001 an example of?

a resource
a resource group
a resource manager
a subscription

A

The correct answer is “a resource.” In Azure, a storage account like storage001 is an individual resource that provides storage services, such as Blob, File, Queue, and Table storage.

The other options are incorrect because “a resource group” is a logical container that holds multiple resources, including storage accounts. “A resource manager” refers to Azure Resource Manager (ARM), the service that manages Azure resources, not a specific resource itself. “A subscription” is a billing and access management entity that contains multiple resource groups and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

For which resource does Azure generate separate billing reports and invoices by default?

accounts
management groups
resource groups
subscriptions

A

The correct answer is “subscriptions.” Azure generates separate billing reports and invoices at the subscription level by default. A subscription defines the billing boundary for Azure resources and is used to track costs, apply policies, and manage access.

The other options are incorrect because “accounts” refer to Azure user accounts, which can have multiple subscriptions but are not billing boundaries themselves. “Management groups” are used to organize multiple subscriptions but do not generate separate invoices. “Resource groups” are logical containers for resources within a subscription, but billing is aggregated at the subscription level, not per resource group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which resource can you use to manage access, policies, and compliance across multiple subscriptions?

administrative units
management groups
resource groups

A

The correct answer is “management groups.” Management groups allow you to organize multiple subscriptions under a single structure to apply access controls, policies, and compliance rules consistently across all included subscriptions.

The other options are incorrect because “administrative units” are used in Microsoft Entra ID (Azure AD) to delegate management of users and groups, not subscriptions. “Resource groups” are used to organize and manage resources within a single subscription but do not apply policies or access controls across multiple subscriptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which Azure compute service can you use to deploy and manage a set of identical virtual machines?

availability sets
availability zones
Azure Container Instances
Azure Virtual Machine Scale Sets

A

The correct answer is “Azure Virtual Machine Scale Sets.” This service allows you to deploy and manage a group of identical virtual machines that can automatically scale up or down based on demand, ensuring high availability and performance.

The other options are incorrect because “availability sets” only provide redundancy within a single data center but do not handle automatic scaling. “Availability zones” are physically separate data centers within a region for high availability but do not manage VM scaling. “Azure Container Instances” is a service for running containers without managing virtual machines, which is different from scaling VMs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which scenario is a use case for a VPN gateway?

communicating between Azure resources
connecting an on-premises datacenter to an Azure virtual network
filtering outbound network traffic
partitioning a virtual network’s address space

A

The correct answer is “connecting an on-premises datacenter to an Azure virtual network.” A VPN gateway is used to establish a secure connection between an on-premises network and an Azure Virtual Network (VNet) using encrypted tunnels over the internet.

The other options are incorrect because “communicating between Azure resources” is typically handled by Azure Virtual Network (VNet) peering or private endpoints. “Filtering outbound network traffic” is a function of network security groups (NSGs) or Azure Firewall, not a VPN gateway. “Partitioning a virtual network’s address space” is done using subnets within a VNet, not a VPN gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You need to allow resources on two different Azure virtual networks to communicate with each other.
What should you configure?

a network security group (NSG)
a point-to-site VPN
peering
service endpoints

A

The correct answer is “peering.” Azure Virtual Network (VNet) peering enables direct communication between two virtual networks while maintaining low latency and high bandwidth, as if they were part of the same network.

The other options are incorrect because “a network security group (NSG)” controls inbound and outbound traffic rules but does not connect separate VNets. “A point-to-site VPN” is used to connect individual devices to an Azure VNet, not to link two VNets. “Service endpoints” allow Azure resources to connect securely to Azure services but do not enable communication between VNets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?

ExpressRoute
network security groups (NSGs)
peering
service endpoints

A

The correct answer is “service endpoints.” Service endpoints allow Azure resources, such as Azure SQL databases, to connect securely to an Azure virtual network by extending the VNet’s private IP address space to specific Azure services.

The other options are incorrect because “ExpressRoute” is used for private, dedicated connections between on-premises networks and Azure, not for connecting Azure resources within Azure. “Network security groups (NSGs)” control inbound and outbound traffic but do not create connections to services. “Peering” connects two virtual networks but does not directly integrate Azure services like databases with a VNet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are two services that allow you to run applications in containers? Each correct answer presents a complete solution.

Azure Container Instances
Azure Functions
Azure Logic Apps
Azure Kubernetes Service (AKS)

A

The correct answers are “Azure Container Instances” and “Azure Kubernetes Service (AKS).” Both services allow you to run applications in containers. Azure Container Instances provides a quick and easy way to run containers without needing to manage the underlying infrastructure, while Azure Kubernetes Service (AKS) offers a more advanced, scalable platform for orchestrating containers using Kubernetes.

The other options are incorrect because “Azure Functions” is a serverless compute service that runs event-driven code, but it is not specifically designed for containerized applications. “Azure Logic Apps” is a service for automating workflows and integrating services, not for running containerized applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which Azure Blob storage tier stores data offline and offers the lowest storage costs and the highest costs to access data?

Archive
Cool
Hot

A

The correct answer is “Archive.” The Archive tier in Azure Blob storage is designed for storing data that is rarely accessed and offers the lowest storage costs. However, it has the highest costs associated with data access, as retrieving data from the Archive tier requires rehydrating it, which takes time and incurs additional fees.

The other options are incorrect because “Cool” is designed for infrequently accessed data but offers a balance between storage and access costs. “Hot” is for data that is frequently accessed and has the highest storage costs but lower access costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which two scenarios are common use cases for Azure Blob storage? Each correct answer presents a complete solution.

hosting ASPX files for a website
mounting a file storage share to be accessed as a virtual drive on multiple virtual machines
serving images or documents directly to a browser
storing data for backup and restore

A

The correct answers are “serving images or documents directly to a browser” and “storing data for backup and restore.” Azure Blob storage is commonly used to store large amounts of unstructured data, such as images, documents, and backups, which can be accessed directly by applications or users. It is ideal for serving static content like images or documents over the web and storing backups for recovery purposes.

The other options are incorrect because “hosting ASPX files for a website” is typically done using a web server like Azure App Services or Azure Virtual Machines, not Blob storage. “Mounting a file storage share to be accessed as a virtual drive on multiple virtual machines” is a use case for Azure Files, not Blob storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which Azure Storage service should you use to store unstructured files, such as images, that will be served on webpages?

Azure Blob storage
Azure Disk Storage
Azure Queue Storage
Azure Table storage

A

The correct answer is “Azure Blob storage.” Azure Blob storage is specifically designed to store unstructured data, such as images, videos, and documents, making it an ideal choice for serving files on webpages. It is optimized for storing large amounts of data that can be accessed via HTTP or HTTPS.

The other options are incorrect because “Azure Disk Storage” is used for persistent disks attached to virtual machines, not for serving files on webpages. “Azure Queue Storage” is used for message-based communication between applications, and “Azure Table storage” is a NoSQL key-value store for structured data, neither of which are suitable for serving unstructured files like images.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the purpose of defense in depth?

to enable you to locate and act on resources that are associated with specific workloads, environments, business units, and owners
to evaluate resources and make recommendations to help improve reliability and performance
to manage policies that control or audit resources so that the configurations stay compliant with corporate standards
to use several layers of protection to prevent information from being accessed by unauthorized users

A

The correct answer is “to use several layers of protection to prevent information from being accessed by unauthorized users.” Defense in depth is a security strategy that involves implementing multiple layers of security controls to protect data and resources, reducing the likelihood of a successful attack. Each layer provides a different type of defense, such as firewalls, encryption, access controls, and monitoring, to strengthen the overall security posture.

The other options are incorrect because they describe different concepts: “locating and acting on resources” is more about resource management and organization, “evaluating resources for reliability and performance” is part of performance optimization, and “managing policies to ensure compliance” refers to governance and policy management, not security layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What enables a user to sign in one time and use that credential to access multiple resources and applications from different providers?

Conditional Access
device management
multi-factor authentication (MFA)
single sign-on (SSO)

A

The correct answer is “single sign-on (SSO).” Single sign-on allows a user to authenticate once and gain access to multiple resources and applications across different systems or providers without needing to re-enter credentials for each one. This simplifies the user experience and improves security by reducing the need to remember multiple passwords.

The other options are incorrect because “Conditional Access” is used to enforce access policies based on conditions like user location or device compliance, “device management” refers to managing devices within an organization, and “multi-factor authentication (MFA)” requires users to provide additional verification factors (e.g., a code sent to a phone) to access resources but does not enable access to multiple applications with a single sign-in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What can you use to ensure that a user can only access applications from compliant devices?

Conditional Access
hybrid identity
multi-factor authentication (MFA)
single sign-on (SSO)

A

The correct answer is “Conditional Access.” Conditional Access is used to enforce policies that control access to applications based on conditions such as device compliance. It allows administrators to specify that users can only access applications from devices that meet certain security requirements, such as being enrolled in device management or having up-to-date security patches.

The other options are incorrect because “hybrid identity” is a solution that integrates on-premises directories with Azure Active Directory, “multi-factor authentication (MFA)” adds an additional layer of verification but does not specifically ensure compliance, and “single sign-on (SSO)” simplifies authentication but does not control device compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What Microsoft Entra feature can you use to configure security authentication that requires users to use their mobile phone to sign in?

Azure Information Protection (AIP)
Microsoft Defender for Cloud
Microsoft Entra Verified ID
multi-factor authentication (MFA)

A

The correct answer is “multi-factor authentication (MFA).” Multi-factor authentication (MFA) is a security feature that requires users to provide two or more verification factors to sign in. One common method is using a mobile phone for verification, such as receiving a one-time passcode via SMS or using an authentication app for approval.

The other options are incorrect because “Azure Information Protection (AIP)” is used to classify and protect sensitive data, “Microsoft Defender for Cloud” focuses on security management and threat protection for cloud resources, and “Microsoft Entra Verified ID” is a feature for managing digital identities but does not specifically focus on mobile phone-based authentication.

22
Q

What can you use to ensure that users authenticate by using multi-factor authentication (MFA) when they attempt to sign in from a specific location?

administrative units
Azure role-based access control (RBAC)
Conditional Access
single sign-on (SSO)

A

The correct answer is “Conditional Access.” Conditional Access allows you to create policies that require multi-factor authentication (MFA) based on specific conditions, such as the user’s location. You can set up policies to require MFA when users sign in from untrusted locations or specific geographic areas, enhancing security.

The other options are incorrect because “administrative units” are used for delegating administrative permissions in Azure AD, “Azure role-based access control (RBAC)” controls user access to resources based on roles but does not enforce MFA, and “single sign-on (SSO)” simplifies authentication but does not require MFA based on location.

23
Q

Why is cloud computing often less expensive than on-premises datacenters?

Cloud service offerings have limited functionality.
Network bandwidth is free.
Services are only offered in a single geographic location.
You are only billed for what you use.

A

The correct answer is “You are only billed for what you use.” Cloud computing follows a pay-as-you-go model, meaning that you only pay for the resources and services you actually use. This helps avoid the high upfront costs and ongoing maintenance expenses associated with owning and managing on-premises data centers.

The other options are incorrect because “Cloud service offerings have limited functionality” is not true—cloud services offer extensive functionality. “Network bandwidth is free” is inaccurate, as bandwidth often incurs costs. “Services are only offered in a single geographic location” is also incorrect because cloud providers offer services in multiple regions globally.

24
Q

What is an advantage of cloud computing compared to on-premises deployments?

You can scale more quickly.
You can work from multiple workstations.
You have full access in case of internet outage.
You own your CPUs.

A

The correct answer is “You can scale more quickly.” Cloud computing allows you to quickly scale resources up or down based on demand, which is a major advantage over on-premises deployments where scaling requires time and significant investment in hardware and infrastructure.

The other options are incorrect because “You can work from multiple workstations” is not unique to cloud computing, as this can be done in both cloud and on-premises environments. “You have full access in case of internet outage” is not an advantage of cloud computing, as cloud services depend on internet connectivity. “You own your CPUs” is also not an advantage of the cloud, as cloud computing involves renting resources rather than owning them.

25
Which cloud deployment model are you using if you have servers physically located at your organization’s on-site datacenter, and you migrate a few of the servers to the cloud? hybrid cloud private cloud public cloud
The correct answer is **"hybrid cloud."** A hybrid cloud deployment model combines on-premises infrastructure with cloud resources, allowing organizations to run some workloads in their on-site datacenter while migrating others to the cloud. This approach provides flexibility, scalability, and the ability to leverage cloud services while maintaining some local control over critical systems. The other options are incorrect because **"private cloud"** refers to a cloud environment that is fully dedicated to a single organization, either on-premises or hosted by a third party, without using public cloud resources. **"Public cloud"** means that all resources are hosted in a cloud provider’s infrastructure, with no on-premises components remaining.
26
Select the answer that correctly completes the sentence. Increasing compute capacity for an app by adding instances of resources such as virtual machines is called [answer choice]. disaster recovery high availability horizontal scaling vertical scaling
The correct answer is **"horizontal scaling."** Horizontal scaling, also known as "scaling out," involves increasing compute capacity by adding more instances of resources, such as virtual machines or containers, to distribute the workload. This approach improves performance and availability without increasing the power of individual instances. The other options are incorrect because **"disaster recovery"** refers to strategies for restoring services after a failure, **"high availability"** is about ensuring minimal downtime through redundancy and failover mechanisms, and **"vertical scaling"** (scaling up) involves increasing the power of an existing instance rather than adding more instances.
27
What is high availability in a public cloud environment dependent on? capital expenditures cloud-based backup retention limits the service-level agreement (SLA) that you choose the vertical scalability of an app
The correct answer is **"the service-level agreement (SLA) that you choose."** High availability in a public cloud environment is dependent on the SLA provided by the cloud provider, which defines the guaranteed uptime and reliability of a service. Choosing a higher SLA ensures better availability through redundancy, failover mechanisms, and geographically distributed resources. The other options are incorrect because **"capital expenditures"** refer to upfront hardware investments, which are minimized in cloud computing. **"Cloud-based backup retention limits"** affect data recovery but do not determine overall availability. **"The vertical scalability of an app"** improves performance by increasing resource capacity per instance but does not directly ensure high availability, which requires redundancy and failover strategies.
28
Select the answer that correctly completes the sentence. In cloud computing, [answer choice] allows you to deploy applications to regional datacenters around the world. disaster recovery elasticity geo-location high availability
The correct answer is **"geo-location."** In cloud computing, geo-location allows you to deploy applications to regional datacenters around the world, ensuring lower latency, compliance with regional data regulations, and improved user experience by placing resources closer to end users. The other options are incorrect because **"disaster recovery"** focuses on restoring services after a failure, **"elasticity"** refers to automatically scaling resources based on demand, and **"high availability"** ensures minimal downtime but does not specifically relate to deploying applications in multiple global locations.
29
Which cloud service model provides you with the most control over the hardware that runs applications? infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
The correct answer is **"infrastructure as a service (IaaS)."** IaaS provides the most control over hardware because it offers virtualized computing resources, such as virtual machines, networking, and storage, while allowing users to manage the operating system and applications. This model is closest to traditional on-premises infrastructure but without the need to maintain physical hardware. The other options are incorrect because **"platform as a service (PaaS)"** abstracts much of the underlying infrastructure, providing a managed environment for application development and deployment. **"Software as a service (SaaS)"** offers fully managed applications with no control over the underlying hardware or infrastructure.
30
In a platform as a service (PaaS) model, which two components are the responsibility of the cloud service provider? Each correct answer presents a complete solution. information and data operating system physical network user access
The correct answers are **"operating system"** and **"physical network."** In a Platform as a Service (PaaS) model, the cloud service provider manages the underlying infrastructure, including the physical network, servers, storage, and the operating system. This allows developers to focus on building and deploying applications without worrying about system maintenance, patching, or hardware failures. The other options are incorrect because **"information and data"** are the responsibility of the customer, who must secure and manage their own application data. **"User access"** is also managed by the customer, who controls authentication and authorization for their applications.
31
Which type of cloud service model is typically licensed through a monthly or annual subscription? Infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
The correct answer is **"software as a service (SaaS)."** SaaS is typically licensed through a monthly or annual subscription model, allowing users to access fully managed applications over the internet without worrying about underlying infrastructure or maintenance. Examples include Microsoft 365, Google Workspace, and Dropbox. The other options are incorrect because **"Infrastructure as a Service (IaaS)"** and **"Platform as a Service (PaaS)"** often follow a pay-as-you-go pricing model based on resource consumption rather than a fixed subscription.
32
What is the customer responsible for in a software as a service (SaaS) model? data and access storage runtime virtual machines
The correct answer is **"data and access."** In a Software as a Service (SaaS) model, the cloud provider manages everything, including infrastructure, storage, runtime, and applications. The customer is only responsible for managing their own data, ensuring security, and controlling user access to the service. The other options are incorrect because **"storage," "runtime,"** and **"virtual machines"** are all managed by the SaaS provider, not the customer.
33
Your organization is building a custom application. You need to focus on application development rather than configuration and management of servers. Which cloud service model should you use? infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
The correct answer is **"platform as a service (PaaS)."** PaaS allows you to focus on application development while the cloud provider manages the underlying infrastructure, including servers, networking, and the operating system. This reduces the complexity of configuring and maintaining hardware and software environments, enabling faster development and deployment. The other options are incorrect because **"infrastructure as a service (IaaS)"** requires you to manage servers, networking, and operating systems, which adds more administrative overhead. **"Software as a service (SaaS)"** provides fully managed applications but does not allow for custom application development.
34
What uses the infrastructure as a service (IaaS) cloud service model? Azure App Services Azure Cosmos DB Azure virtual machines Microsoft Office 365
The correct answer is **"Azure virtual machines."** Azure Virtual Machines (VMs) are a key example of the Infrastructure as a Service (IaaS) cloud model, where the cloud provider manages the physical hardware, but customers are responsible for configuring, maintaining, and managing the virtual machines, including the operating system and applications. The other options are incorrect because **"Azure App Services"** is a Platform as a Service (PaaS) offering for hosting web applications, **"Azure Cosmos DB"** is a managed database service under PaaS, and **"Microsoft Office 365"** is a Software as a Service (SaaS) product where the provider fully manages the software and infrastructure.
35
Which are two common scenarios for using resource tags? Each correct answer presents a complete solution. associating costs with different environments categorizing costs by department identifying lower cost regions resizing underutilized virtual machines
The correct answers are **"associating costs with different environments"** and **"categorizing costs by department."** Resource tags in Azure are used to assign metadata to resources, which helps with organizing, managing, and tracking resources across subscriptions. For example, you can tag resources to track costs by environment (e.g., production, development) or by department (e.g., finance, marketing), allowing for easier cost allocation and reporting. The other options are incorrect because **"identifying lower cost regions"** is not a typical use case for tags; regions are already identifiable through the resource's location settings. **"Resizing underutilized virtual machines"** is a task related to resource optimization but is not directly associated with the use of tags.
36
You plan to build a new solution in Azure that will use platform as a service (PaaS) products. What should you use to estimate the monthly costs? Azure Advisor Azure Cost Management Azure Pricing calculator Total Cost of Ownership (TOC) Calculator
The correct answer is **"Azure Pricing calculator."** The Azure Pricing calculator helps you estimate the monthly costs for using Azure services, including Platform as a Service (PaaS) products. It allows you to select services, configure them according to your requirements, and get an estimated cost based on usage. The other options are incorrect because **"Azure Advisor"** provides personalized best practices and recommendations for optimizing your Azure resources, but it doesn't estimate costs. **"Azure Cost Management"** helps you monitor and manage your actual spending, not estimate future costs. **"Total Cost of Ownership (TOC) Calculator"** is used for comparing the cost of running workloads on Azure versus on-premises, rather than estimating service costs.
37
What can be applied to a resource to prevent accidental deletion? a resource lock a resource tag a policy an Azure Reservation
The correct answer is **"a resource lock."** A resource lock in Azure can be applied to prevent accidental deletion or modification of resources. There are two types of locks: **CanNotDelete** (which prevents deletion) and **ReadOnly** (which prevents both modifications and deletion). The other options are incorrect because **"a resource tag"** is used for organizing and categorizing resources, not for preventing deletion. **"A policy"** is used for enforcing governance rules and compliance but does not specifically prevent deletion. **"An Azure Reservation"** refers to a pricing model for reserving resources at a discounted rate, not for protecting resources from deletion.
38
What can you use to ensure that new and existing Azure resources stay in compliance with corporate standards? Azure Advisor Azure Policy resource locks resource tags
The correct answer is **"Azure Policy."** Azure Policy allows you to define and enforce rules that ensure resources comply with corporate standards, regulatory requirements, and best practices. It can automatically apply restrictions, audit configurations, and even remediate non-compliant resources. The other options are incorrect because **"Azure Advisor"** provides personalized recommendations for optimizing Azure resources but doesn't enforce compliance. **"Resource locks"** prevent accidental deletion or modification of resources, not compliance. **"Resource tags"** are used for organizing and managing resources, but they don't enforce compliance or standards.
39
You need to ensure that multi-factor authentication (MFA) is enabled on accounts with write permissions in an Azure subscription. What should you implement? Azure Policy resource locks resource tags Cloud Adoption Framework
The correct answer is **"Azure Policy."** Azure Policy can be used to enforce rules and ensure that multi-factor authentication (MFA) is enabled for accounts with write permissions in an Azure subscription. You can create a policy to require MFA for specific roles or actions to meet security and compliance standards. The other options are incorrect because **"resource locks"** prevent accidental deletion or modification of resources, but they don't enforce MFA. **"Resource tags"** are used for organizing and categorizing resources, not for enforcing authentication policies. **"Cloud Adoption Framework"** is a set of guidelines for cloud adoption, not a tool for enforcing MFA.
40
What can you use to ensure that a development team can only create virtual machines of a certain size? Azure Blueprints Azure Policy Cloud Adoption Framework Conditional Access
The correct answer is **"Azure Policy."** Azure Policy allows you to define and enforce rules on your Azure resources. In this case, you can create a policy to restrict the sizes of virtual machines that a development team can deploy, ensuring that only certain sizes are allowed. The other options are incorrect because **"Azure Blueprints"** are used to define a set of resources and configurations for deployment, not for enforcing size restrictions on specific resources. **"Cloud Adoption Framework"** is a guide for adopting Azure, not for implementing specific resource restrictions. **"Conditional Access"** is used to control access based on user conditions, such as location or device compliance, but does not govern resource creation restrictions.
41
What should you use to access Azure Cloud Shell? a web browser Azure Resource Manager (ARM) Microsoft Visual Studio Code the command-line on a local computer
The correct answer is **"a web browser."** Azure Cloud Shell is a browser-based shell environment that you can access directly from the Azure portal using a web browser. It provides access to a command-line interface where you can manage Azure resources without needing to install anything locally. The other options are incorrect because **"Azure Resource Manager (ARM)"** is a management framework for managing Azure resources, **"Microsoft Visual Studio Code"** is an editor for code development and doesn't provide direct access to Cloud Shell, and **"the command-line on a local computer"** would require Azure CLI or PowerShell to be installed locally, whereas Cloud Shell is accessible via the browser.
42
Which two tools can you use to create a new Azure virtual machine from a mobile device that runs Android? PowerShell in Azure Cloud Shell Remote Desktop SSH the Azure portal
The correct answers are **"PowerShell in Azure Cloud Shell"** and **"the Azure portal."** Both of these tools can be used from a mobile device (including Android) to create a new Azure virtual machine. - **PowerShell in Azure Cloud Shell** allows you to run Azure commands directly from a mobile browser by accessing the Cloud Shell within the Azure portal. It can be used to create and manage Azure resources, including virtual machines. - **The Azure portal** is a web-based interface that is fully accessible from mobile devices, including Android. You can use the portal to create and manage Azure virtual machines through an intuitive graphical interface. The other options are incorrect because **"Remote Desktop"** and **"SSH"** are used for accessing and managing virtual machines after they are created, not for creating them in the first place.
43
What can you use to manage servers across third party cloud platforms and on-premises environments? Azure Arc Azure CLI Azure Monitor Azure PowerShell
The correct answer is **"Azure Arc."** Azure Arc enables you to manage and govern resources across on-premises, multi-cloud, and edge environments, including third-party cloud platforms. It extends Azure management capabilities to these environments, allowing you to deploy and manage servers, Kubernetes clusters, databases, and other resources outside of Azure. The other options are incorrect because **"Azure CLI"** and **"Azure PowerShell"** are command-line tools for managing Azure resources but do not provide multi-cloud or on-premises management across third-party platforms. **"Azure Monitor"** is a monitoring service for collecting and analyzing data from Azure resources but does not specifically focus on managing resources across different environments.
44
What provides recommendations to reduce the cost of Azure resources? Azure Advisor Azure Dashboard Azure Service Health Microsoft Defender for Cloud
The correct answer is **"Azure Advisor."** Azure Advisor provides personalized recommendations based on your usage patterns and configuration of Azure resources. It suggests ways to optimize your resources, including cost-saving recommendations such as resizing or shutting down underutilized resources, and improving your overall efficiency. The other options are incorrect because **"Azure Dashboard"** is a customizable interface for monitoring Azure resources but doesn't provide cost-saving recommendations. **"Azure Service Health"** informs you of service issues affecting your resources but doesn't provide optimization advice. **"Microsoft Defender for Cloud"** focuses on security and compliance, not cost optimization.
45
You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration. Azure Blueprint Azure CLI Azure Powershell Azure Resource Manager (ARM) template
The correct answer is **"Azure CLI."** Azure CLI (Command-Line Interface) provides a set of commands for managing Azure resources, and it supports the Bash shell, which is commonly used by Linux administrators. The Azure CLI can be used across platforms, including Linux, to create, configure, and manage Azure resources. The other options are incorrect because **"Azure Blueprint"** is a tool for defining and deploying Azure environments based on predefined templates. **"Azure PowerShell"** is a command-line interface tailored for PowerShell users, which is more suited for Windows-based administrators. **"Azure Resource Manager (ARM) template"** is a declarative way to define Azure resources for deployment, not a command-line tool for management.
46
Which Azure service evaluates Azure resources and makes recommendations to help improve reliability, security, performance, and cost reduction? Azure Advisor Azure Monitor Azure Service Health Log Analytics
The correct answer is **"Azure Advisor."** Azure Advisor evaluates your Azure resources and provides personalized recommendations to improve reliability, security, performance, and cost efficiency. It analyzes your environment and offers advice on best practices for optimizing Azure resources. The other options are incorrect because **"Azure Monitor"** is a service for collecting and analyzing telemetry data to monitor the health and performance of your resources, but it doesn't provide personalized recommendations. **"Azure Service Health"** alerts you about service issues affecting your resources, and **"Log Analytics"** is part of Azure Monitor and focuses on collecting and analyzing log data, not making recommendations for optimization.
47
You need to be notified when there are new recommendations for reducing Azure costs. Azure Advisor Azure Monitor Azure Service Health Log Analytics
The correct answer is **"Azure Advisor."** Azure Advisor provides personalized recommendations to optimize your Azure resources, including cost reduction. It will notify you about new recommendations related to improving efficiency and reducing costs, helping you manage your Azure spending effectively. The other options are incorrect because **"Azure Monitor"** is used for monitoring the performance and health of Azure resources, not specifically for cost recommendations. **"Azure Service Health"** alerts you about issues affecting Azure services but doesn't provide cost optimization recommendations. **"Log Analytics"** is part of Azure Monitor and focuses on analyzing log data, not cost reduction suggestions.
48
You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand. Application insights Azure Advisor Azure Monitor Azure Service Health
The correct answer is **"Azure Monitor."** Azure Monitor allows you to set up autoscaling for your applications based on specific thresholds, such as CPU usage, memory usage, or other performance metrics. With Azure Monitor, you can configure scaling rules that automatically adjust resources to meet user demand, ensuring optimal performance and cost efficiency. The other options are incorrect because **"Application Insights"** is a service for monitoring the performance of applications and diagnosing issues, but it doesn't provide autoscaling functionality. **"Azure Advisor"** provides recommendations for optimizing resources but doesn't handle autoscaling. **"Azure Service Health"** monitors the health of Azure services, not the scaling of applications based on demand.
49
Which Azure service can generate an alert if virtual machine utilization is over 80% for five minutes? Azure Advisor Azure Monitor Azure Policy Azure Service Health
The correct answer is **"Azure Monitor."** Azure Monitor allows you to create alerts based on metrics like CPU utilization. You can configure it to trigger an alert if the virtual machine utilization exceeds a specific threshold (e.g., 80%) for a defined period (e.g., five minutes). The other options are incorrect because **"Azure Advisor"** provides recommendations to optimize resources, but it doesn't create alerts based on utilization metrics. **"Azure Policy"** enforces rules and compliance but doesn't handle alerts based on performance. **"Azure Service Health"** provides notifications about issues with Azure services, but it doesn't monitor resource-specific metrics like VM utilization.
50
What can you apply to an Azure virtual machine to ensure that users cannot change or delete the resource? a lock a tag a user-assigned managed identity Conditional Access
The correct answer is **"a lock."** You can apply a **resource lock** to an Azure virtual machine to prevent users from changing or deleting it. There are two types of locks: **CanNotDelete** (prevents deletion) and **ReadOnly** (prevents both changes and deletion). This helps ensure that the resource remains intact even if users have the necessary permissions to modify or delete other resources. The other options are incorrect because **"a tag"** is used for organizing and categorizing resources but does not provide protection against changes or deletion. **"A user-assigned managed identity"** is used for identifying and authenticating a virtual machine or service, but it doesn't prevent modification or deletion. **"Conditional Access"** controls user access based on conditions, such as location or device compliance, but it doesn't prevent changes to resources directly.
51
Which feature in the Microsoft Purview governance portal should you use to manage access to data sources and datasets? Data Catalog Data Estate Insights Data Policy Data Sharing
The correct answer is **"Data Policy."** In the Microsoft Purview governance portal, **Data Policy** allows you to manage and govern access to data sources and datasets. It enables you to define access control policies, ensuring that only authorized users and systems can access sensitive or regulated data. The other options are incorrect because **"Data Catalog"** is focused on data discovery and metadata management, not on governing access. **"Data Sharing"** is used for sharing data with others, both inside and outside the organization, but does not manage access control. **"Data Estate Insights"** provides visibility into the health of your data estate but does not govern access to data resources.

AZ-900 (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions