Practice Assessment for Exam AZ-900-2 Flashcards
An Azure RBAC role is applied to a scope
An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to. Resource locks prevent the accidental change or deletion of a resource. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Policies enforce different rules across resource configurations so that the configurations stay compliant with corporate standards.
Defense in Depth
A defense in depth strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data. The principle of least privilege means restricting access to information to only the level that users need to perform their work. A DDoS attack attempts to overwhelm and exhaust an application’s resources. The perimeter layer is about protecting an organization’s resources from network-based attacks.
What can you use to sync identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra tenant?
Microsoft Entra Connect syncs user identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra. Microsoft Entra Connect allows you to use features such as single sign-on (SSO), MFA, and self-service password reset (SSPR) in both systems. SSPR prevents users from using known compromised passwords.
What are two basic services provided by all cloud providers?
All cloud providers provide compute and storage services. Colocation is when a business rents space in a shared physical datacenter. Application development is the responsibility of the customer and is typically done either in-house or through a third party.
Agility
Agility means that you can deploy and configure cloud-based resources quickly as app requirements change.
Elasticity
Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours.
Agility refers to the ability to deploy new applications and services quickly.
High availability refers to the ability to ensure that a service or application remains available in the event of a failure.
Geo-distribution makes a service or application available in multiple geographic locations that are typically close to your users.
geo-distribution
You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. This is referred to as geo-distribution.
———– is the deployment and management service for Azure.
ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment.
What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?
Service endpoints are used to expose Azure services to a virtual network, providing communication between the two.
ExpressRoute is used to connect an on-premises network to Azure.
NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines.
Peering allows you to connect virtual networks together.
Which cloud service model is used by Microsoft Office 365?
SaaS
where Microsoft Entra User Accounts are created?
These are not created as part of an Azure subscription but rather managed within Microsoft Entra (Azure AD).
