Practice 6 (Udemy) Flashcards
The Cool storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.
A. True
B. False
B. False
Explanation:
From the Official Azure Documentation:
Azure Storage offers different access tiers for your blob storage, helping you store object data in the most cost-effective manner. The available access tiers include:
Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website). Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers). Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).
The following considerations apply to the different access tiers:
Only the hot and cool access tiers can be set at the account level. The archive access tier isn't available at the account level. Hot, cool, and archive tiers can be set at the blob level, during upload or after upload. Data in the cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data. For cool data, a slightly lower availability service-level agreement (SLA) and higher access costs compared to hot data are acceptable trade-offs for lower storage costs. Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.
You can enforce Azure AD Multi-Factor Authentication for all users via the Microsoft Authenticator app, phone call, or SMS code.
A. Yes
B. No
B. No
Explanation:
From the Official Azure Documentation:
Azure AD Multi-Factor Authentication is a Microsoft service that provides multifactor authentication capabilities. Azure AD Multi-Factor Authentication enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification.
The Azure Active Directory free edition enables Azure AD Multi-Factor Authentication for administrators with the global admin level of access, via the Microsoft Authenticator app, phone call, or SMS code. You can also enforce Azure AD Multi-Factor Authentication for all users via the Microsoft Authenticator app only, by enabling security defaults in your Azure AD tenant.
Which of the following would you recommend for these given requirements?
1) Create thousands of identical virtual machines in minutes
2) Deploy across availability zones to protect against datacenter failures
A. Azure Resource Groups
B. Azure Virtual Machines
C. Azure Kubernetes
D. Azure Blueprints
E. Azure Container Instance
F. Azure Virtual Machine Scale Sets
F. Azure Virtual Machine Scale Sets
Explanation:
According to the official website :
Azure Virtual Machine Scale Sets is Automated virtual machine scaling that helps you cost-effectively simplify the deployment, management, and availability of your applications.
Reference : https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/
Which of the following is an example of an Azure Application Platform?
A. Azure App Service
B. Azure Load Balancer
C. Azure DNS
D. Azure Cache for Redis
E. Azure Firewall
A. Azure App Service
Explanation:
From the Official Azure Documentation:
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. For Linux-based environments, see App Service on Linux.
Using Azure App Service, it is also possible to scale apps on an enterprise grade platform:
Reference : https://docs.microsoft.com/en-us/azure/app-service/overview
A new startup needs to control its cloud environment so that it complies with several industry standards, but it’s not sure where to start. They have existing business requirements, and understand how these requirements relate to their on-premises workloads. These requirements also must be met by any workloads they run in the cloud.
Which of the following can help them in this case?
A. The Cloud Adoption Framework for Azure
B. The Azure Blueprint for Cloud
C. Microsoft Defender for Cloud
D. The Proven Roadmap for Azure
A. The Cloud Adoption Framework for Azure
Explanation:
From the Official Azure Documentation:
The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud.
Cloud Adoption Framework consists of tools, documentation, and proven practices. The Cloud Adoption Framework includes these stages:
Define your strategy. Make a plan. Ready your organization. Adopt the cloud. Govern and manage your cloud environments.
Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/9-accelerate-cloud-adoption-framework
All the resources residing in a Resource Group must belong to the same Region.
A. No
B. Yes
A. No
Explanation:
From the Official Azure Documentation:
Azure resources deployed to a single resource group can be located in different regions. The resource group only contains metadata about the resources it contains.
When creating a resource group, you need to provide a location for that resource group. You may be wondering, “Why does a resource group need a location?
And, if the resources can have different locations than the resource group, why does the resource group location matter at all?”
The resource group stores metadata about the resources. When you specify a location for the resource group, you’re specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.
When you form a cloud center of excellence team or a cloud custodian team, that team can use Azure _______________ to scale their governance practices throughout the organization.
A. Compliance
B. Blueprints
C. Subscriptions
D. Resource Groups
B. Blueprints
Explanation:
From the Official Azure Documentation:
When you form a cloud center of excellence team or a cloud custodian team, that team can use Azure Blueprints to scale their governance practices throughout the organization.
Implementing a blueprint in Azure Blueprints involves these three steps:
Create an Azure blueprint. Assign the blueprint. Track the blueprint assignments.
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.
Blueprints are also versioned. Versioning enables you to track and comment on changes to your blueprint.
A unique characteristic of Azure Files from files on a corporate file share is that you cannot access the files from anywhere in the world, it has to be from a specific location.
A. No
B. Yes
A. No
Explanation:
From the Official Azure Documentation:
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.
One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world, by using a URL that points to the file. You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time.
Here’s an example of a service SAS URI, showing the resource URI and the SAS token:
Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-storage-fundamentals/azure-file-storage
Azure Pay-As-You-Go pricing is an example of Capex.
A. No
B. Yes
A. No
Explanation:
From the Official Azure Documentation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operational expenditure (paying for service as you use it).
An Azure Web App that queries an on-prem Oracle SQL Database is an example of a ____________________ cloud architecture.
A. Public
B. Private
C. Hybrid
D. Multi-Vendor
C. Hybrid
Explanation:
Since you are using both Azure, as well as on-prem resources ( A combination of both ) -> This is an example of a hybrid cloud!
From the Official Azure Documentation:
Reference: https://azure.microsoft.com/en-in/overview/what-is-hybrid-cloud-computing/
Yes or No:
Purchasing your own infrastructure and deploying it in your own data center is an example of CapEx.
A. No
B. Yes
B. Yes
Explanation:
Deploying your own datacenter is definitely an example of CapEx. This is because you need to purchase all the infrastructure upfront before you can use it.
____________________ notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.
A. Azure Service Health
B. Azure Monitor
C. Azure Active Directory
D. Azure Trust Center
A. Azure Service Health
Explanation:
From the Official Azure Documentation:
Azure Service Health provides personalised alerts and guidance for Azure service issues.
Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. You can also configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.
IMPORTANT!
Reference: https://azure.microsoft.com/en-ca/features/service-health/
Which of the following is not a cost saving solution?
A. Deleting unused resources
B. Using spending limits to restrict your spending
C. Choosing low cost locations and regions
D. Using Azure Reservations to prepay
E. Resize underutilized virtual machines
F. Shutting down Virtual Machines at Night
G. Using Azure Hybrid Benefit to repurpose software licenses on Azure
F. Shutting down Virtual Machines at Night
Explanation:
Shutting down Virtual Machines at night is not a cost saving solution.
Reference: https://docs.microsoft.com/en-ca/learn/modules/plan-manage-azure-costs/6-manage-minimize-total-cost
Which of the following would you use to deploy and manage containerised applications to provide an integrated continuous integration and continuous delivery (CI/CD) experience and enterprise-grade security and governance.
A. Azure Functions
B. Azure Container Instances
C. Azure Kubernetes
D. Azure Batch
C. Azure Kubernetes
Explanation:
From the Official Azure Documentation:
You can deploy and manage containerised applications more easily with a fully managed Kubernetes service. Azure Kubernetes Service (AKS) offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience and enterprise-grade security and governance. You can also unite your development and operations teams on a single platform to rapidly build, deliver and scale applications with confidence.
Reference: https://azure.microsoft.com/en-in/services/kubernetes-service/#features
Which of the following categories does Azure VPN Gateway belong to?
A. SaaS
B. PaaS
C. IaaS
D. Naas
C. IaaS
Explanation:
You have an on-premises infrastructure and would like to extend its capabilities by making use of Azure services. Which type of cloud deployment is this an example of?
A. A hybrid cloud
B. A public cloud
C. An internal cloud
D. A private cloud
A. A hybrid cloud
Explanation:
From the Official Azure Documentation:
A hybrid cloud is a combination of a private cloud and a public cloud.
A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.
Hybrid cloud
Provides the most flexibility. Organizations determine where to run their applications. Organizations control security, compliance, or legal requirements.
_____________ helps you estimate the cost savings of operating your solution on Azure over time compared to operating in your on-premises datacenter.
A. Azure Advisor
B. Azure TCO Calulator
C. Azure Pricing Calculator
D. Azure Blueprints
B. Azure TCO Calculator
Explanation:
From the Official Azure Documentation:
The TCO Calculator helps you estimate the cost savings of operating your solution on Azure over time compared to operating in your on-premises datacenter.
The term total cost of ownership is used commonly in finance. It can be hard to see all the hidden costs related to operating a technology capability on-premises. Software licenses and hardware are additional costs.
With the TCO Calculator, you’ll enter the details of your on-premises workloads. Then you can review the suggested industry-average cost (which you can adjust) for related operational costs. These costs include electricity, network maintenance, and IT labor. You’re then presented with a side-by-side report. Using the report, you can compare those costs with the same workloads running on Azure.
Reference: https://docs.microsoft.com/en-ca/learn/modules/plan-manage-azure-costs/2-compare-costs-tco-calculator
Which of the following solutions is the BEST to store web app user data, device information and other metadata?
A. Azure SQL Databases
B. Azure Cache for Redis
C. Azure Table Storage
D. Azure Cosmos DB
C. Azure Table Storage
Explanation
Which of the following options would meet these requirements?
1) SDKs for popular languages, APIs for SQL, MongoDB, Cassandra and more
2) Guaranteed speed at any scale with instant and limitless elasticity, fast reads, and multi-region writes anywhere in the world
3) The ability to work with NoSQL data
A. Azure Table Storage
B. Azure Queues
C. Azure Cosmos DB
D. Azure Files
C. Azure Cosmos DB
Explanation
Which of the following is NOT a compute service available in Azure?
A. Azure CosmoDB
B. Azure Kubernetes
C. Azure Functions
D. Azure App Service
A. Azure CosmoDB
Explanation:
CosmosDB is a Database and not a compute option in Azure.
From the Official Azure Documentation:
Azure offers a number of ways to host your application code. The term compute refers to the hosting model for the computing resources that your application runs on. The following flowchart will help you to choose a compute service for your application.
If your application consists of multiple workloads, evaluate each workload separately. A complete solution may incorporate two or more compute services.
Azure Reserved VM Instances are an example of Opex.
A. Yes
B. No
B. No
Explanation:
A reserved instance is where you pay upfront for the use of a virtual machine for a period of time (1 or 3 years). This can save you money as you receive a discount on the cost of a VM if you pay upfront for a reserved instance.
However, as this is an upfront payment, it will be classed as CapEx, not OpEx.
Simple way to remember : Upfront payment = Capex, Pay as you go = Opex!
An Azure service is said to be available to all Azure customers when it is in ______________.
A. general availability
B. public preview
C. fixed preview
D. private preview
B. public preview
Explanation:
From the Official Azure Documentation:
Public preview means that the service is available to everyone with an Azure subscription but the normal SLAs don’t apply. This is different from general availability when the service is available to all Azure customers with SLA backed guarantees!
Example -
Reference: https://azure.microsoft.com/en-ca/support/legal/preview-supplemental-terms/
____________ provides disks for Azure virtual machines. Applications and other services can access and use them as needed, similar to how they would in on-premises scenarios.
A. Blob Storage
B. SSD Storage
C. File Storage
D. Disk Storage
D. Disk Storage
Explanation:
Disk Storage provides disks for Azure virtual machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk.
Which of the following is an excellent choice if you want to run multiple instances of an application on a single host machine?
A. Functions
B. Blueprints
C. Containers
D. Scale Sets
C. Containers
Explanation:
While virtual machines are an excellent way to reduce costs versus the investments that are necessary for physical hardware, they’re still limited to a single operating system per virtual machine. If you want to run multiple instances of an application on a single host machine, containers are an excellent choice.
What are containers?
Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you don’t manage the operating system for a container. Virtual machines appear to be an instance of an operating system that you can connect to and manage, but containers are lightweight and designed to be created, scaled out, and stopped dynamically. While it’s possible to create and deploy virtual machines as application demand increases, containers are designed to allow you to respond to changes on demand. With containers, you can quickly restart in case of a crash or hardware interruption. One of the most popular container engines is Docker, which is supported by Azure.
Containers are managed through a container orchestrator, which can start, stop, and scale out application instances as needed. There are two ways to manage both Docker and Microsoft-based containers in Azure: Azure Container Instances and Azure Kubernetes Service (AKS).
Which of the following can an application retrieve security tokens from? Choose the Best possible answer.
A. Azure Active Directory (AD)
B. A Certificate Store
C. An Azure SQL Database
D. An Azure Key Vault
A. Azure Active Directory (Azure AD)
Explanation:
Please note that the question asks us “To retrieve security tokens”. You might be thinking about Azure Key Vaults here.
A service such as Azure Key Vault can keep security token, however to access/retrieve something from the Key Vault , we need to be authenticated to retrieve them. To authenticate, we can use “managed identity” that gives Azure services an automatically managed identity in Azure AD. So the answer is Azure AD.
Remember that Azure AD provides access tokens. Azure Key vault is used to securely store passwords, secrets, certificates and tokens.
Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Which of the following can you recommend?
A. Azure Advisor
B. Policies
C. Azure Security Center
D. Tags
E. Blueprints
D. Tags
Explanation:
From the Official Azure Documentation:
Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for the following reasons:
Resource management: Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management. Operations management: Visibility for the operations management team about business commitments and SLAs is an important aspect of ongoing operations. For operations to be managed well, tagging for mission criticality is required. Security: Classification of data and security impact is a vital data point for the team, when breaches or other security issues arise. To operate securely, tagging for data classification is required.
Your team is planning to build a set of REST-based web APIs by using your choice of language and framework. The produced apps should be consumable from any HTTP or HTTPS based client.
Which of the following would be a great fit for this use case?
A. Azure Virtual Desktops
B. Azure Functions
C. Azure App Service
D. Azure Kubernetes Service
F. Azure Container Instances
C. Azure App Service
Explanation:
From the Official Azure Documentation:
App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. This platform as a service (PaaS) environment allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications.
API apps
Much like hosting a website, you can build REST-based web APIs by using your choice of language and framework. You get full Swagger support and the ability to package and publish your API in Azure Marketplace. The produced apps can be consumed from any HTTP or HTTPS based client.
Which of the following is an event driven, compute-on-demand service , with capabilities to implement code triggered by events occurring in Azure or third party service as well as on-premises systems?
A. Azure Kubernetes
B. Azure Serverless
C. Azure CosmosDB
D. Azure Functions
D. Azure Functions
Explanation:
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
You focus on the pieces of code that matter most to you, and Azure Functions handles the rest.
Which of the following categories does Azure Kubernetes service belong to?
A. IaaS
B. Platform as a Service
C. Software as a Service
D. DaaS
A. IaaS
Explanation:
Remember that Virtual Machines, Containers and Kubernetes are considered Compute Services, and fall under IaaS!
Azure Kubernetes Service (AKS) offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance. Unite your development and operations teams on a single platform to rapidly build, deliver, and scale applications with confidence.
As part of its modernization strategy, your company has decided to move all its operations to the Azure cloud. It is looking for an advanced modernization, and optimization service for Azure with a wide range of tools for assessment.
Which of the following would you recommend?
A. Azure Data Box
B. Azure Advisor
C. Azure Migrate
D. Azure Cloud Adopter
C. Azure Migrate
Explanation:
From the Official Azure Documentation:
Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate’s extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases. It provides the following:
Unified migration platform: A single portal to start, run, and track your migration to Azure. Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Azure Migrate: Discovery and assessment and Azure Migrate: Server Migration. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings.
A Senior Security Engineer in your company has enforced MFA for all users. How does MFA enhance security?
A. It uses two passwords
B. It requires a Social Insurance Number and a password
C. It requires password complexity
D. It requires a password and a code through the Microsoft Authenticator App
D. It requires a password and a code through the Microsoft Authenticator App
Explanation:
From the Official Azure Documentation:
Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.
Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:
1) Something you know, typically a password.
2) Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key.
3) Something you are - biometrics like a fingerprint or face scan.
Users can register themselves for both self-service password reset and Azure AD Multi-Factor Authentication in one step to simplify the on-boarding experience. Administrators can define what forms of secondary authentication can be used. Azure AD Multi-Factor Authentication can also be required when users perform a self-service password reset to further secure that process.
A __________________ contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
A. Domain Name Service
B. Route Filter
C. Network Gateway
D. Network Security Group (NSG)
D. Network Security Group (NSG)
Explanation:
From the Official Azure Documentation:
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
Network security group security rules are evaluated by priority using the 5-tuple information (source, source port, destination, destination port, and protocol) to allow or deny the traffic. A flow record is created for existing connections. Communication is allowed or denied based on the connection state of the flow record. The flow record allows a network security group to be stateful. If you specify an outbound security rule to any address over port 80, for example, it’s not necessary to specify an inbound security rule for the response to the outbound traffic. You only need to specify an inbound security rule if communication is initiated externally. The opposite is also true. If inbound traffic is allowed over a port, it’s not necessary to specify an outbound security rule to respond to traffic over the port.
________________ is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
A. Azure Key Vault
B. Microsoft Defender for Cloud
C. Azure Arc
D. Azure Sentinel
D. Azure Sentinel
Explanation:
From the Official Azure Documentation:
Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system. A SIEM system aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response.
Azure Sentinel is Microsoft’s cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
Azure Sentinel enables you to:
Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds. Detect previously undetected threats Minimize false positives by using Microsoft's comprehensive analytics and threat intelligence. Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft. Respond to incidents rapidly Use built-in orchestration and automation of common tasks.
An unlimited number of resources can be added to a Subscription.
A. True
B. False
B. False
Explanation:
From the Official Azure Documentation:
At the beginning of any cloud governance implementation, you identify a cloud organization structure that meets your business needs. This step often involves forming a cloud center of excellence team (also called a cloud enablement team or a cloud custodian team). This team is empowered to implement governance practices from a centralized location for the entire organization.
Teams often start their Azure governance strategy at the subscription level.
Subscriptions also have some resource limitations. For example, the maximum number of network Azure ExpressRoute circuits per subscription is 10. Those limits should be considered during your design phase. If you’ll need to exceed those limits, you might need to add more subscriptions. If you hit a hard limit maximum, there’s no flexibility to increase it.
Management groups are also available to assist with managing subscriptions. A management group manages access, policies, and compliance across multiple Azure subscriptions. You’ll learn more about management groups later in this module.
Reference: https://docs.microsoft.com/en-ca/learn/modules/build-cloud-governance-strategy-azure/10-create-subscription-governance-strategy
Each Azure subscription can contain multiple account administrators.
A. No
B. Yes
A. No
Explanation:
It is possible to assign multiple administrators to a particular subscription, however there is ONLY 1
account administrator.
From the Official Azure Documentation:
To manage access to Azure resources, you must have the appropriate administrator role. Azure has an authorization system called Azure role-based access control (Azure RBAC) with several built-in roles you can choose from. You can assign these roles at different scopes, such as management group, subscription, or resource group. By default, the person who creates a new Azure subscription can assign other users administrative access to a subscription (account Admin).
Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator
________________ help to enforce organizational standards, to assess compliance at-scale and implementing governance for resource consistency, regulatory compliance, security and management.
A. Templates
B. Policies
C. Resource Groups
D. Resource Locks
B. Policies
Explanation:
Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.
Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started.
A startup is planning to use multiple Azure SQL Databases. Which of the following will help them to reduce costs if the databases have unpredicatable usage demands?
A. Azure Blueprints
B. Elastic Pools
C. Azure Policies
D. Scale Sets
B. Elastic Pools
Explanation:
Just like Azure VM Scale Sets are best friends with Azure VMs, for Azure SQL Databases, we have Azure SQL Database elastic pools . These are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a set number of resources at a set price.
Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.
Which of the following is NOT an Azure Subscription type?
A. Pay as you Go
B. Member offers
C. Pay for a year
D. Free Trial
C. Pay for a year
Explanation:
You probably know that an Azure subscription provides you with access to Azure resources such as virtual machines (VMs), storage, and databases. The types of resources you use affect your monthly bill.
Azure offers both free and paid subscription options to fit your needs and requirements. They are:
Free trial A free trial subscription provides you with 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free. Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription. Pay-as-you-go A pay-as-you-go subscription lets you pay for what you use by attaching a credit or debit card to your account. Organizations can apply for volume discounts and prepaid invoicing. Member offers Your existing membership to certain Microsoft products and services might provide you with credits for your Azure account, and reduced rates on Azure services. For example, member offers are available to Visual Studio subscribers, Microsoft Partner Network members, Microsoft for Startups members, and Microsoft Imagine members.
To begin using Azure Storage, you first create an Azure ________________ to store your data objects.
A. Resource Group
B. Storage Selection
C. DNS
D. Storage Account
D. Storage Account
Explanation:
From the Official Azure Documentation:
Azure Storage is a service that you can use to store files, messages, tables, and other types of information. Clients such as websites, mobile apps, desktop applications, and many other types of custom solutions can read data from and write data to Azure Storage. Azure Storage is also used by infrastructure as a service virtual machines, and platform as a service cloud services.
To begin using Azure Storage, you first create an Azure Storage account to store your data objects. You can create an Azure Storage account by using the Azure portal, PowerShell, or the Azure CLI. Your storage account will contain all of your Azure Storage data objects, such as blobs, files, and disks.
Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-storage-fundamentals/azure-storage-accounts
You plan to deploy an SQL database to Azure. One of the major requirements is resource isolation, i.e this database should not be accessible to other your other resources on Azure.
Which of the following can help with this?
A. Use an Azure ExpressRoute circuit
B.Deploy the SQL Database to a different Virtual Network
C. Setup custom rules in Azure Policies
D. Setup custom rules in Azure Blueprints
B. Deploy the SQL Database to a different Virtual Network
Explanation:
Deploy the SQL Database to a different Virtual Network explains network segmentation. You can deploy the SQL database to a new Virtual Network and filter any traffic using a Network Security Group on top of it.
From the Official Azure Documentation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
Communicate between Azure resources
You’ll want to enable Azure resources to communicate securely with each other. You can do that in one of two ways:
Virtual networks Virtual networks can connect not only VMs but other Azure resources, such as the App Service Environment for Power Apps, Azure Kubernetes Service, and Azure virtual machine scale sets. Service endpoints You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. This approach enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources.
Filter network traffic
Azure virtual networks enable you to filter traffic between subnets by using the following approaches:
Network security groups A network security group is an Azure resource that can contain multiple inbound and outbound security rules. You can define these rules to allow or block traffic, based on factors such as source and destination IP address, port, and protocol. Network virtual appliances A network virtual appliance is a specialized VM that can be compared to a hardened network appliance. A network virtual appliance carries out a particular network function, such as running a firewall or performing wide area network (WAN) optimization.
