Practice 5 (Udemy)

Question 1

Which of the following can you use to calculate your estimated hourly or monthly costs for using Azure?

A. Azure Pricing Calculator
B. Azure TCO Calculator
C. Azure Cost Management
D. Azure Advisor
E. Azure Billing

Answer 1

A. Azure Pricing Calculator

Explanation:
Disclaimer : Prices are estimates and are not intended as actual price quotes. Actual prices may vary depending on the date of purchase, currency of payment and type of agreement that you enter into with Microsoft. Contact a Microsoft sales representative for additional information on pricing.

Question 2

Select the valid options to pay for Azure? ( Choose 3 )

A. Azure Website
B. Azure Partner
C. Microsoft Representative
D. Microsoft Stores
E. Xbox Website

Answer 2

A. Azure Website
B. Azure Partner
C. Microsoft Representative

Explanation:

Question 3

Your Cloud Security team is looking to block any access from untrusted sources, such as access from unknown or unexpected locations. Which of the following can they use?

A. Conditional Access
B. MFA
C. Policies
D. Blueprints
D. Resource Locks

Answer 3

A. Conditional Access

Explanation:
From the Official Azure Documentation:

Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.

Conditional Access is useful when you need to:

Require multifactor authentication to access an application.

You can configure whether all users require multifactor authentication or only certain users, such as administrators.

You can also configure whether multifactor authentication applies to access from all networks or only untrusted networks.

Require access to services only through approved client applications.

For example, you might want to allow users to access Office 365 services from a mobile device as long as they use approved client apps, like the Outlook mobile app.

Require users to access your application only from managed devices.

A managed device is a device that meets your standards for security and compliance.

Block access from untrusted sources, such as access from unknown or unexpected locations.

Question 4

Which of the following are free?

A. Data ingress
B. Data transfer within the same region
C. Data Transfer from one region to another
D. Data transfer within the same Availability Zone

Answer 4

A. Data ingress
B. Data transfer within the same region
D. Data transfer within the same Availability Zone

Explanation
From the Official Azure Documentation:

Reference: https://azure.microsoft.com/en-ca/pricing/details/bandwidth/

Question 5

Which of the following is the most flexible category of cloud services?

A. IaaS
B. SaaS
C. PaaS

Answer 5

A. IaaS

Explanation:
From the Official Azure Documentation:

IaaS is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application. Instead of buying hardware, with IaaS, you rent it.

Reference: https://docs.microsoft.com/en-ca/learn/modules/fundamental-azure-concepts/categories-of-cloud-services

Question 6

Since your company has shifted to a fully-remote working model, they are looking to provide employees with the best virtualized experience while saving costs by using existing eligible Windows licences. They also want to enable Bring your own device (BYOD) to access their desktop and applications over the Internet.

Which of the following would you suggest?

A. Azure Virtual Desktop
B. Azure Kubernetes
C. Azure Arc
D. Azure Virtual Machines
E. Azure FileSync
F. Azure ExpressRoute

Answer 6

A. Azure Virtual Desktop

Explanation:
From the Official Azure Documentation:

Azure Virtual Desktop allows you to enable a secure remote desktop experience from virtually anywhere. You can set up Azure Virtual Desktop (formerly Windows Virtual Desktop) in minutes to enable secure remote work. It is also possible to provide the familiarity and compatibility of Windows 11 with the new scalable multi-session experience for your end users and save costs by using existing eligible Windows licences.

Reference: https://azure.microsoft.com/en-ca/services/virtual-desktop/#features

Question 7

_________________ enables large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs.

A. Azure Virtual Machines
B. Azure Batch

Answer 7

B. Azure Batch

Explanation:
From the Official Azure Documentation:

Azure Batch enables large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs.

When you’re ready to run a job, Batch does the following:

Starts a pool of compute VMs for you.

Installs applications and staging data.

Runs jobs with as many tasks as you have.

Identifies failures.

Requeues work.

Scales down the pool as work completes.

Question 8

Which of the following Azure plans should you choose for Trial and non-production environments?

A. Developer
B. Standard
C. Professional Direct
D. Premier

Answer 8

A. Developer

Explanation:

Question 9

Your ________________ is your organization’s ability to protect from and respond to security threats.

A. Security Posture
B. Security Standard
C. Security Response
D. Security Blueprint

Answer 9

A. Security Posture

Explanation:
From the Official Azure Documentation:

The objective of defense in depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it.

A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.

Your security posture is your organization’s ability to protect from and respond to security threats. The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA.

Confidentiality

The principle of least privilege means restricting access to information only to individuals explicitly granted access, at only the level that they need to perform their work. This information includes protection of user passwords, email content, and access levels to applications and underlying infrastructure.

Integrity

Prevent unauthorized changes to information:

    At rest: when it's stored.

    In transit: when it's being transferred from one place to another, including from a local computer to the cloud.

A common approach used in data transmission is for the sender to create a unique fingerprint of the data by using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The receiver recalculates the data's hash and compares it to the original to ensure that the data wasn't lost or modified in transit.

Availability

Ensure that services are functioning and can be accessed only by authorized users. Denial-of-service attacks are designed to degrade the availability of a system, affecting its users.

Question 10

A startup is looking to deploy a tool that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Which of the following would you recommend?

A. A Firewall
B. A Hub
C. A Router
D. A Gateway
E. A Filter
F. A Resource Group

Answer 10

A. A Firewall

Explanation:
From the Official Azure Documentation:

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. You can create firewall rules that specify ranges of IP addresses. Only clients granted IP addresses from within those ranges are allowed to access the destination server. Firewall rules can also include specific network protocol and port information.

What’s Azure Firewall?

Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks. A virtual network is similar to a traditional network that you’d operate in your own datacenter. It’s a fundamental building block for your private network that enables virtual machines and other compute resources to securely communicate with each other, the internet, and on-premises networks.

Here’s a diagram that shows a basic Azure Firewall implementation:

Question 11

A large organization plans to migrate all their On-Prem Virtual Machines to an Azure pay-as-you-go subscription. Which of the following expenditure models would this migration follow?

A. Operational
B. Elastic
C. Capital
D. Scalable

Answer 11

A. Operational

Explanation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it).

This switch also requires more careful management of your costs. The benefit of the cloud is that you can fundamentally and positively affect the cost of a service you use by merely shutting down or resizing it when it’s not needed.

Question 12

The Basic service tier is automatically enabled for free as part of your Azure subscription.

A. Yes
B. No

Answer 12

A. Yes

Explanation:
A distributed denial of service attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users. DDoS attacks can target any resource that’s publicly reachable through the internet, including websites.

What is Azure DDoS Protection?

Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS attacks.

When you combine DDoS Protection with recommended application design practices, you help provide a defense against DDoS attacks. DDoS Protection uses the scale and elasticity of Microsoft’s global network to bring DDoS mitigation capacity to every Azure region. The DDoS Protection service helps protect your Azure applications by analyzing and discarding DDoS traffic at the Azure network edge, before it can affect your service’s availability.

This diagram shows network traffic flowing into Azure from both customers and an attacker:

What service tiers are available to DDoS Protection?

DDoS Protection provides these service tiers:

Basic

The Basic service tier is automatically enabled for free as part of your Azure subscription.

Always-on traffic monitoring and real-time mitigation of common network-level attacks provide the same defenses that Microsoft's online services use. The Basic service tier ensures that Azure infrastructure itself is not affected during a large-scale DDoS attack.

The Azure global network is used to distribute and mitigate attack traffic across Azure regions.

Standard

The Standard service tier provides additional mitigation capabilities that are tuned specifically to Azure Virtual Network resources. DDoS Protection Standard is relatively easy to enable and requires no changes to your applications.

The Standard tier provides always-on traffic monitoring and real-time mitigation of common network-level attacks. It provides the same defenses that Microsoft's online services use.

Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses, which are associated with resources deployed in virtual networks such as Azure Load Balancer and Application Gateway.

The Azure global network is used to distribute and mitigate attack traffic across Azure regions.

Question 13

A company wants to deploy a set of Azure Virtual Machines and wants to understand their pricing. Which 2 of the following affect Virtual Machine (VM) costs in Azure?

A. The Size of the Virtual Machine (VM)
B. The Region the Virtual Machine is located in
C. The virtual network the VM belongs to
D. The resource group the VM belongs to
E. The branding of the VM
F. The Scale Set the VM belongs to
G. The Data Center the VM resides in

Answer 13

A. The Size of the Virtual Machine (VM)
B. The Region the Virtual Machine is located in

Explanation:

Question 14

You own a streaming-service website and notice extremely high spikes in traffic whenever a new movie is launched on your platform. However, during the rest of the month you experience moderate traffic.

Which of the following benefits does having your website hosted on Azure provide you given this scenario?

A. Fault Tolerance
B. High Latency
C. Elasticity
D. Load Balancing
E. Auto Rollovers

Answer 14

C. Elasticity

Explanation:
From the Official Azure Documentation:

Elasticity in this case is the ability to provide additional compute resource when needed and reduce the compute resource when not needed to reduce costs.

Autoscaling is an example of elasticity. Here you don’t need to provision lot of resources in advance. You will incur costs by allocating more resources only when demand increases!

Elastic computing is the ability to quickly expand or decrease computer processing, memory and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the amount of resources actually needed without disrupting operations. With cloud elasticity, a company avoids paying for unused capacity or idle resources and doesn’t have to worry about investing in the purchase or maintenance of additional resources and equipment.

Question 15

Data that is stored in the Archive access tier of an Azure Storage account ________________.

A can only be read by using Azure Instant Access
B. Must be recovered before the data can be accessed
C. must be rehydrated before data can be accessed
D. must be requested from Azure by calling the helpline

Answer 15

C. must be rehydrated before data can be accessed

Explanation:
From the Official Azure Documentation:

Azure storage offers different access tiers: hot, cool and archive.

The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve.

While a blob is in archive storage, the blob data is offline and can’t be read, overwritten, or modified. To read or download a blob in archive, you must first rehydrate it to an online tier.

Example usage scenarios for the archive access tier include: Long-term backup, secondary backup, and archival datasets

Original (raw) data that must be preserved, even after it has been processed into final usable form.

Compliance and archival data that needs to be stored for a long time and is hardly ever accessed.

Question 16

If you want to keep tabs on Azure itself, especially the services and regions you depend on, you should to choose __________________.

A. Azure Monitor
B. Azure Advisor
C. Azure Arc
D. Azure Service Health

Answer 16

D. Azure Service Health

Explanation:
From the Official Azure Documentation:

If you want to keep tabs on Azure itself, especially the services and regions you depend on, you want to choose Azure Service Health. You can view the current status of the Azure services you rely on, upcoming planned outages, and services that will be sunset. You can set up alerts that help you stay on top of incidents and upcoming downtime without having to visit the dashboard regularly.

However, if you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, you want to visit Azure Monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage.

Question 17

When a company thinks of migrating to the public cloud (like Azure), which of the following expense gets reduced?

A. Capital Expense
B. Operational Expense
C. Primary Expense
D. Secondary Expense

Answer 17

A. Capital Expense

Explanation:
Migrating to the public cloud saves a lot of Capex upfront and one of the biggest advantages is the ability to Pay as you go!

Question 18

Which of the following can you use to estimate the cost savings you can get by migrating your workloads to Azure?

A. Azure TCO Calculator
B. Azure Pricing Calculator
C. Azure Cost Management
D. Azure Advisor

Answer 18

A. Azure TCO Calculator

Explanation:
From the Official Azure Documentation:

Azure Total Cost of Ownership (TCO) Calculator helps you estimate the cost savings you can realise by migrating your workloads to Azure

Question 19

Which of the following can you use to track resource usage and manage costs across all of your clouds with a single, unified view?

A. Azure Pricing Calculator
B. Azure Cost Management + Billing
C. Azure Trust Center
D. Azure Monitor

Answer 19

B. Azure Cost Management + Billing

Explanation:
From the Official Azure Documentation:

The following depicts the single unified view to track resource usage as well as manage costs.

Reference : https://azure.microsoft.com/en-gb/services/cost-management/#overview

Question 20

You have to run business critical workloads using Azure Virtual Machines, SQL Databases, Data Explorer, and Blob Storage for the next 3 years. Which of the following would provide the MOST cost savings?

A. By Purchasing Reservations
B. By using Resources judiciously
C. Using a Pay as You Go Subscription
D. Stopping the Virtual Machines every night

Answer 20

A. By Purchasing Reservations

Explanation:
From the Official Azure Documentation:

Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.

You can pay for a reservation up front or monthly. The total cost of up-front and monthly reservations is the same and you don’t pay any extra fees when you choose to pay monthly. Monthly payment is available for Azure reservations, not third-party products.

Why buy a reservation?

If you have consistent resource usage that supports reservations, buying a reservation gives you the option to reduce your costs. For example, when you continuously run instances of a service without a reservation, you’re charged at pay-as-you-go rates. When you buy a reservation, you immediately get the reservation discount. The resources are no longer charged at the pay-as-you-go rates.

Question 21

Which of the following is a private connection from your on-premises infrastructure to your Azure infrastructure wherein the data does not travel through the internet?

A. Azure Arc
B. Azure ExpressRoute
C. Azure VPN Gateway
D. Azure DNS

Answer 21

B. Azure ExpressRoute

Explanation:
From the Official Azure Documentation:

With ExpressRoute, your data doesn’t travel over the public internet, so it’s not exposed to the potential risks associated with internet communications. ExpressRoute is a private connection from your on-premises infrastructure to your Azure infrastructure. However, even if you have an ExpressRoute connection, DNS queries, certificate revocation list checking, and Azure Content Delivery Network requests are still sent over the public internet.

Question 22

Upon creating a new Virtual Machine in Azure, will you be billed separately for its local disk storage?

A. Yes
B. No

Answer 22

B. No

Explanation:
From the Official Azure Documentation:

All new virtual machines have an operating system disk and a local disk (or “resource disk”). Azure doesn’t charge for local disk storage. The operating system disk is charged at the standard rate for disks. See all virtual machine configurations.

Question 23

If your workload can tolerate interruptions and its execution time is flexible, which of the following pricing plans would be BEST suited to save costs?

A. Pay as you go
B.Reserved Instances
C. Spot Pricing
D. Dedicated hosts

Answer 23

C. Spot Pricing

Explanation:

Question 24

Which of the following is the correct hierarchy for the Azure levels of scope?

A. Management Group –> Subscription –> Resource Group
B. Management Group –> Resource Group –> Subscription
C. Subscription –> Management Group –> Resource Group
D. Subscription –> Resource Group –> Management Group
E. Resource Group –> Management Group –> Subscription

Answer 24

A. Management Group –> Subscription –> Resource Group

Explanation:
Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. The following image shows an example of these layers. Though not labeled as such, the blue cubes are resources.

You apply management settings at any of these levels of scope. The level you select determines how widely the setting is applied. Lower levels inherit settings from higher levels. For example, when you apply a policy to the subscription, the policy is applied to all resource groups and resources in your subscription. When you apply a policy on the resource group, that policy is applied to the resource group and all its resources. However, another resource group doesn’t have that policy assignment.

You can deploy templates to management groups, subscriptions, or resource groups.

Question 25

A startup has deployed a set of Virtual Machines which are critical for their day-to-day operations. They need to ensure their availability even if a single data center goes down. An intern has suggested that deploying the virtual machines to two or more scale sets will solve the problem.

Is this suggestion correct?

A. Yes
B. No

Answer 25

B. No

Explanation:
This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal. For this question, deploying the VMs to multiple data centers / availability zones would make more sense.

From the Official Azure Documentation:

Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.

Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.

Question 26

Your company plans to migrate all on-premises data to Azure.

However, before this, the legal department has asked you to fetch all information such as Audit and Compliance Reports to identify whether Azure complies with the company’s regional requirements.

Which of the following can help with this?

A. The Knowledge Center
B. Azure Marketplace
C. The Azure Portal
D. The Trust Center

Answer 26

D. The Trust Center

Explanation:
You can use the Trust Center to check the Audit and Compliance requirements (compliance manager).

Reference: https://servicetrust.microsoft.com/

Question 27

Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system.

A. Yes
B. No

Answer 27

A. Yes

Explanation:
A few key differences between Azure Policy and RBAC exist. RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group. Azure Policy focuses on resource properties during deployment and for already-existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default-allow-and-explicit-deny system.

RBAC and Polices in Azure play a vital role in a governance strategy. While different, they both work together to ensure organizational business rules are followed be ensuring proper access and resource creation guidelines are met.

Reference: https://docs.microsoft.com/en-ca/learn/modules/enterprise-governance/7-azure-rbac-vs-azure-policies

Question 28

Yes or No:

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most unrestrictive lock in the inheritance takes precedence.

A. Yes
B. No

Answer 28

B. No

Explanation:
From the Official Azure Documentation:

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.

If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.

When you cancel an Azure subscription:

A resource lock doesn't block the subscription cancellation.

Azure preserves your resources by deactivating them instead of immediately deleting them.

Azure only deletes your resources permanently after a waiting period.

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json

Question 29

You can link virtual networks together by using virtual network _________________.

A. Connectivity
B. Peering
C. Seeding
D. Cloning

Answer 29

B. Peering

Explanation:
From the Official Azure Documentation:

You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other. These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.

User-defined routes (UDR) are a significant update to Azure’s Virtual Networks that allows for greater control over network traffic flow. This method allows network administrators to control the routing tables between subnets within a VNet, as well as between VNets.

Question 30

Which of the following is not a valid way to connect your on-premise data center to Azure?

A. Point to site virtual private networks
B. Site to site virtual private networks
C. Azure ExpressRoute
D. Network virtual applications

Answer 30

D. Network virtual applications

Explanation:
From the Official Azure Documentation:

Azure virtual networks enable you to filter traffic between subnets by using the following approaches:

Network security groups A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol.

Network virtual appliances A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.

Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments. There are three mechanisms for you to achieve this connectivity:

Point-to-site virtual private networks The typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network.

Site-to-site virtual private networks A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.

Azure ExpressRoute For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach. ExpressRoute provides a dedicated private connectivity to Azure that doesn't travel over the internet.

Question 31

All data that is copied to an Azure storage account is backed up automatically to another Azure data center.

A. Yes
B. No

Answer 31

B. No

Explanation:
Automatically is the key word in this question that most people miss.

Data is not backed up automatically to another Azure Data Center, although it can be backed up depending on the replication option configured for the account. Locally Redundant Storage (LRS) is the default which maintains three copies of the data in the data center.

Geo-redundant storage (GRS) has cross-regional replication to protect against regional outages. Data is replicated synchronously three times in the primary region, then replicated asynchronously to the secondary region.

Question 32

Which of the following does not affect a storage account billing?

A. Region
B. Account Type
C. Access Tier
C. Data Egress Outside a Region
E. Redundancy
F. Data Ingress within the same AZ

Answer 32

F. Data Ingress within the same AZ

Explanation:
From the Official Azure Documentation:

An Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that’s accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable.

Azure Storage bills based on your storage account usage. All objects in a storage account are billed together as a group. Storage costs are calculated according to the following factors:

Region refers to the geographical region in which your account is based.

Account type refers to the type of storage account you're using.

Access tier refers to the data usage pattern you’ve specified for your general-purpose v2 or Blob Storage account.

Capacity refers to how much of your storage account allotment you're using to store data.

Redundancy determines how many copies of your data are maintained at one time, and in what locations.

Transactions refer to all read and write operations to Azure Storage.

Data egress refers to any data transferred out of an Azure region. When the data in your storage account is accessed by an application that isn’t running in the same region, you're charged for data egress. For information about using resource groups to group your data and services in the same region to limit egress charges, see What is an Azure resource group?.

The Azure Storage pricing page provides detailed pricing information based on account type, storage capacity, replication, and transactions. The Data Transfers pricing details provides detailed pricing information for data egress. You can use the Azure Storage pricing calculator to help estimate your costs.

Question 33

A company can extend a private cloud by adding its own physical servers to the public cloud.

A. Yes
B. No

Answer 33

B. No

Explanation:
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.

Question 34

To utilize a hybrid cloud model, you must deploy resources to the public cloud while having some resources on-prem.

A. Yes
B. No

Answer 34

A. Yes

Explanation:
A hybrid cloud is a combination of a private cloud and public cloud. Therefore, to create a hybrid cloud, you must deploy resources to a public cloud.

Question 35

__________________ are often used to create solutions by using a microservice architecture. This architecture is where you break solutions into smaller, independent pieces.

A. Containers
B. Functions
C. Modules
D. Kubernetes

Answer 35

A. Containers

Explanations;
From the Official Azure Documentation:

Containers are often used to create solutions by using a microservice architecture. This architecture is where you break solutions into smaller, independent pieces. For example, you might split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.

Imagine your website back-end has reached capacity but the front end and storage aren’t being stressed. You could:

Scale the back end separately to improve performance.

Decide to use a different storage service.

Replace the storage container without affecting the rest of the application.

Question 36

You have a workload in Blob Storage that processes large datasets that need to be stored in a cost-effective way, while additional data is being gathered for processing. Which of the following Access Tiers would make the most sense?

A. Hot
B. Cold
C. Archive
D. Efficient
E. Luke Warm

Answer 36

B. Cool

Explanation:
The keyword here is ‘cost-effective’.

From the Official Azure Documentation:

When your data is stored in an online access tier (either Hot or Cool), users can access it immediately. The Hot tier is the best choice for data that is in active use, while the Cool tier is ideal for data that is accessed less frequently, but that still must be available for reading and writing.

Example usage scenarios for the Hot tier include:

Data that's in active use or is expected to be read from and written to frequently.

Data that's staged for processing and eventual migration to the Cool access tier.

Usage scenarios for the Cool access tier include:

Short-term data backup and disaster recovery.

Older data sets that aren't used frequently, but are expected to be available for immediate access.

Large data sets that need to be stored in a cost-effective way while additional data is being gathered for processing.

Question 37

You have deployed a new Azure SQL Database in a VNet and want to restrict the ports, as well as allow or deny communication based on the connection state of the flow record.

A. Azure Network Security Group
B. Azure Active Directory Role
C. An Azure DNS Record
D. An Azure ExpressRoute
E. An Azure Policy
F. An Azure Blueprint

Answer 37

A. Azure Network Security Group

Explanation:
Restricting Internet access to your VMs in Azure can be achieved by making use of Azure Network Security Groups.

From the Official Azure Documentation:

We can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Question 38

Which of the following is designed for enterprise big data analytics and includes a hierarchical namespace to Blob storage?

A. Azure Data Lake Storage Gen2
B. Azure Files
C. Azure Stack Edge
D. Azure Data Box Gateway
F. Azure Blog Storage

Answer 38

A. Azure Data Lake Storage Gen2

Explanation:
Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob Storage. Data Lake Storage Gen2 converges the capabilities of Azure Data Lake Storage Gen1 with Azure Blob Storage.

Designed for enterprise big data analytics

Data Lake Storage Gen2 makes Azure Storage the foundation for building enterprise data lakes on Azure. Designed from the start to service multiple petabytes of information while sustaining hundreds of gigabits of throughput, Data Lake Storage Gen2 allows you to easily manage massive amounts of data.

A fundamental part of Data Lake Storage Gen2 is the addition of a hierarchical namespace to Blob storage. The hierarchical namespace organizes objects/files into a hierarchy of directories for efficient data access.

Data Lake Storage Gen2 builds on Blob storage and enhances performance, management, and security in the following ways:

Performance is optimized because you do not need to copy or transform data as a prerequisite for analysis. Compared to the flat namespace on Blob storage, the hierarchical namespace greatly improves the performance of directory management operations, which improves overall job performance.

Management is easier because you can organize and manipulate files through directories and subdirectories.

Security is enforceable because you can define POSIX permissions on directories or individual files.

Question 39

There is no programmatic access to the Blob, Queue, Table, and File services in Azure, though you can access VMs using API calls.

A. True
B. False

Answer 39

B. False

Explanation:
From the Official Azure Documentation:

The REST APIs for the Microsoft Azure storage services offer programmatic access to the Blob, Queue, Table, and File services in Azure or in the development environment via the storage emulator.

All storage services are accessible via REST APIs. Storage services may be accessed from within a service running in Azure, or directly over the Internet from any application that can send an HTTP/HTTPS request and receive an HTTP/HTTPS response.

Important:

The Azure storage services support both HTTP and HTTPS; however, using HTTPS is highly recommended.

Storage Account

All access to storage services takes place through the storage account. The storage account is the highest level of the namespace for accessing each of the fundamental services. It is also the basis for authorization.

The REST APIs for storage services expose the storage account as a resource.

Question 40

Which of the following would be ideal to store flexible datasets like user data for web applications, address books, device information, or other types of metadata your service requires?

A. Azure Queue Storage
B. Azure Table Storage
C. Azure SQL Database
D. Azure Data Lake Storage Gen2
E. Azure Data Lake Storage Gen1
F. Azure File Sync

Answer 40

B. Azure Table Storage

Explanation:
From the Official Azure Documentation:

Azure Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design. Because Table storage is schemaless, it’s easy to adapt your data as the needs of your application evolve. Access to Table storage data is fast and cost-effective for many types of applications, and is typically lower in cost than traditional SQL for similar volumes of data.

You can use Table storage to store flexible datasets like user data for web applications, address books, device information, or other types of metadata your service requires. You can store any number of entities in a table, and a storage account may contain any number of tables, up to the capacity limit of the storage account.

Table storage contains the following components:

Note: The Cosmos DB Table API offers higher performance and availability, global distribution, and automatic secondary indexes. It is also available in a consumption-based serverlessmode. There are some feature differences between Table API in Azure Cosmos DB and Azure table storage. For more information, see Azure Cosmos DB Table API

Question 41

Azure Synapse Analytics is an analytics service that brings together data integration, enterprise data warehousing and big data analytics

A. Yes
B. No

Answer 41

A. Yes

Explanation:
Azure Synapse Analytics was previously called Azure SQL Data Warehouse!

Azure Synapse Analytics is a limitless analytics service that brings together data integration, enterprise data warehousing and big data analytics. It gives you the freedom to query data on your terms, using either serverless or dedicated resources at scale. Azure Synapse brings these worlds together with a unified experience to ingest, explore, prepare, manage and serve data for immediate BI and machine-learning needs.

Reference: https://azure.microsoft.com/en-ca/services/synapse-analytics/#updates-announcements

Question 42

You can use _________________ to create private connections between Azure datacenters and infrastructure on your premises or in a colocation environment.

A. Azure ExpressRoute
B. Azure network security groups
C. Azure Firewall
D. Azure DNS

Answer 42

A. Azure ExpressRoute

Explanation:

Question 43

______________ enables centralizing your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server.

A. Azure File Sync
B. Azure File Manager
C. Azure Resource Manager
D. Azure Arc
E. Azure Data Box Gateway

Answer 43

A. Azure File Sync

Explanation:
Azure File Sync enables centralizing your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server. While some users may opt to keep a full copy of their data locally, Azure File Sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

Azure file shares can be used in two ways: by directly mounting these serverless Azure file shares (SMB) or by caching Azure file shares on-premises using Azure File Sync. Which deployment option you choose changes the aspects you need to consider as you plan for your deployment.

Direct mount of an Azure file share: Since Azure Files provides SMB access, you can mount Azure file shares on-premises or in the cloud using the standard SMB client available in Windows, macOS, and Linux. Because Azure file shares are serverless, deploying for production scenarios does not require managing a file server or NAS device. This means you don't have to apply software patches or swap out physical disks.

Cache Azure file share on-premises with Azure File Sync: Azure File Sync enables you to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms an on-premises (or cloud) Windows Server into a quick cache of your Azure file share.

Question 44

__________________ provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.

A. Azure Resource Groups
B. Azure Management Groups
C. Azure Policy
D. Azure Conditional Access and MFA
E. Azure Subscriptions

Answer 44

C. Azure Policy

Explanation:
Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.

Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started.

All Azure Policy data and objects are encrypted at rest. For more information, see Azure data encryption at rest.

Question 45

Availability zones are implemented in all Azure regions.

A. Yes
B. No

Answer 45

B. No

Explanation:
This might actually come as a shock to you, but not all Azure regions support Availability zones.

Question 46

Your company wants to copy blobs or files to or from a storage account and is looking for a command-line utility to accomplish this. Which of the following is the right choice?

A. Azure AzCopy
B. Azure FileSync
C. Azure Bash
D. Azure PowerShell
E. Azure Storage Explorer

Answer 46

A. Azure AzCopy

Explanation:
From the Official Azure Documentation:

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10

Question 47

Your company is looking for a tool that can help with the following:

1) Upload, download and manage Azure Storage blobs, files, queues and tables, as well as Azure Data Lake Storage entities.

2) Configure storage permissions and access controls, tiers and rules.

Which of the following is the right choice?

A. Azure AzCopy
B. ARM Templates
C. Azure Storage Explorer
D. Azure VM Scale Sets
E. Azure Policy
F. Azure Blueprint
G. Azure Data Box Gateway

Answer 47

C. Azure Storage Explorer

Explanation:
From the Official Azure Documentation:

Azure Storage Explorer is a free tool to conveniently manage your Azure cloud storage resources from your desktop. You can easily use it to do the following - Upload, download and manage Azure Storage blobs, files, queues and tables, as well as Azure Data Lake Storage entities and Azure Managed Disks. Configure storage permissions and access controls, tiers and rules.

Reference: https://azure.microsoft.com/en-ca/features/storage-explorer/#overview`

Question 48

Which of the following are like a physical disk in an on-premises server but, virtualized?

A. Azure Blobs
B. Azure SQL Databases
C. Azure Virtual Machines
D. Azure Managed Disks
E. Azure Tapes

Answer 48

D. Azure Managed Disks

Explanation:
From the Official Azure Documentation:

Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. Managed disks are like a physical disk in an on-premises server but, virtualized. With managed disks, all you have to do is specify the disk size, the disk type, and provision the disk. Once you provision the disk, Azure handles the rest.

The available types of disks are ultra disks, premium solid-state drives (SSD), standard SSDs, and standard hard disk drives (HDD). For information about each individual disk type, see Select a disk type for IaaS VMs.

Question 49

Your company is building a mission critical application and wants asynchronous message management for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices. They also expect sudden bursts of requests and are looking to prevent servers from being overwhelmed.

Which of the following is the right choice?

A. Azure Table Storage
B. Azure FileSynx
C. Azure Queue Storage
D. Azure Async Manager
E. Azure Files
F. Azure Data Box Gateway

Answer 49

C. Azure Queue Storage

Explanation:
From the Official Azure Documentation:

You can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices

You can also use Queue Storage to rightsize your service deployment. Applications absorb unexpected traffic bursts, which prevents servers from being overwhelmed by a sudden flood of requests. Monitor queue length to add elasticity to your application, and deploy or hibernate additional worker nodes based on customer demand

Reference: https://azure.microsoft.com/en-ca/services/storage/queues/#features

Question 50

Which of the following can be leveraged for transferring data to the cloud such as cloud archival, disaster recovery, or if there is a need to process your data at cloud scale?

A. Azure Data Box Gateway
B. Azure File Sync
C. Azure CosmosDB
D. Azure Arc
E. Azure Sentinel

Answer 50

A. Azure Data Box Gateway

Explanation:
From the Official Azure Documentation:

Azure Data Box Gateway is a storage solution that enables you to seamlessly send data to Azure. This article provides you an overview of the Azure Data Box Gateway solution, benefits, key capabilities, and the scenarios where you can deploy this device.

Data Box Gateway is a virtual device based on a virtual machine provisioned in your virtualized environment or hypervisor. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files.

Use cases:

Data Box Gateway can be leveraged for transferring data to the cloud such as cloud archival, disaster recovery, or if there is a need to process your data at cloud scale. Here are the various scenarios where Data Box Gateway can be used for data transfer.

Cloud archival - Copy hundreds of TBs of data to Azure storage using Data Box Gateway in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios.

Continuous data ingestion - Continuously ingest data into the device to copy to the cloud, regardless of the data size. As the data is written to the gateway device, the device uploads the data to Azure Storage.

Initial bulk transfer followed by incremental transfer - Use Data Box for the bulk transfer in an offline mode (initial seed) and Data Box Gateway for incremental transfers (ongoing feed) over the network.