Practice Assessment for Exam AZ-900: Microsoft Azure Fundamentals Flashcards
Select the answer that correctly completes the sentence.
[Answer choice] are physically separate datacenters within an Azure region.
Availability zones
Geographies
Region pairs
Resource groups
Availability zones
- Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
Select the answer that correctly completes the sentence.
In a region pair, a region is paired with another region in the same [answer choice].
Select only one answer.
availability zone
datacenter
geography
resource group
geography
- Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away.
What is an Azure Storage account named storage001 an example of?
Select only one answer.
a resource
a resource group
a resource manager
a subscription
a resource
- A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.
Which Azure component allows you to replicate resources across a geography to ensure business continuity during a natural disaster at the primary site?
Select only one answer.
availability sets
availability zones
Azure Virtual Machine Scale Sets
region pairs
region pairs
- Region pairs allow the replication of Azure resources across geographies to help ensure that a secondary region is available in case of any disaster at the primary region.
Which resource can you use to manage access, policies, and compliance across multiple subscriptions?
Select only one answer.
administrative units
management groups
resource groups
management groups
- Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions.
Resource groups can be used to organize Azure resources. Administrative units are used to delegate the administration of Microsoft Entra resources, such as users and groups.Accounts are used to provide access to resources.
You need to allow resources on two different Azure virtual networks to communicate with each other.
What should you configure?
Select only one answer.
a network security group (NSG)
a point-to-site VPN
peering
service endpoints
peering
- You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other.
What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?
Select only one answer.
ExpressRoute
network security groups (NSGs)
peering
service endpoints
service endpoints
- Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines. Peering allows you to connect virtual networks together.
Which two services can you use to establish network connectivity between an on-premises network and Azure resources? Each correct answer presents a complete solution.
Select all answers that apply.
Azure Bastion
Azure Firewall
Azure VPN Gateway
ExpressRoute
Azure VPN Gateway
ExpressRoute
- ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure virtual machines by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks.
What are two services that allow you to run applications in containers? Each correct answer presents a complete solution.
Select all answers that apply.
Azure Container Instances
Azure Functions
Azure Logic Apps
Azure Kubernetes Service (AKS)
Azure Container Instances
Azure Kubernetes Service (AKS)
- Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you do not manage the operating system for a container.
Which storage service should you use to store thousands of files containing text and images?
Select only one answer.
Azure Blob storage
Azure Disk Storage
Azure Queue Storage
Azure Table storage
Azure Blob storage
- Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.
Which Azure Blob storage tier stores data offline and offers the lowest storage costs and the highest costs to access data?
Select only one answer.
Archive
Cool
Hot
Archive
- The Archive storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data. The Hot storage tier is optimized for storing data that is accessed frequently. Data in the Cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data.
Which two scenarios are common use cases for Azure Blob storage? Each correct answer presents a complete solution.
Select all answers that apply.
hosting ASPX files for a website
mounting a file storage share to be accessed as a virtual drive on multiple virtual machines
serving images or documents directly to a browser
storing data for backup and restore
serving images or documents directly to a browser
storing data for backup and restore
- Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports mounting file storage shares.
Which Azure Blob storage service tier has the highest storage costs and the fastest access times for reading and writing data?
Select only one answer.
Archive
Cool
Hot
Hot
- The Hot tier is optimized for storing data that is accessed frequently. The Cool access tier has a slightly lower availability SLA and higher access costs compared to hot data, which are acceptable trade-offs for lower storage costs. Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.
Which two protocols can be used to access Azure file shares? Each correct answer presents a complete solution.
Select all answers that apply.
HTTP
FTP
Network File System (NFS)
Server Message Block (SMB)
Network File System (NFS)
Server Message Block (SMB)
- Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols.
What can you use to ensure that a user can only access applications from compliant devices?
Select only one answer.
Conditional Access
hybrid identity
multi-factor authentication (MFA)
single sign-on (SSO)
Conditional Access
- Conditional Access is a feature that Microsoft Entra uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.
To which object or level is an Azure role-based access control (RBAC) role applied?
Select only one answer.
policy
resource lock
resource tag
scope
scope
- An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to. Resource locks prevent the accidental change or deletion of a resource. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Policies enforce different rules across resource configurations so that the configurations stay compliant with corporate standards.
Which two services are provided by Microsoft Entra? Each correct answer presents a complete solution.
Select all answers that apply.
authentication
data encryption
name resolution
single sign-on (SSO)
authentication
single sign-on (SSO)
- Microsoft Entra provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.
Which Microsoft Entra feature can you use to ensure that users can only access Microsoft Office 365 applications from approved client applications?
Select only one answer.
Azure role-based access control (RBAC)
Conditional Access
multi-factor authentication (MFA)
single sign-on (SSO)
Conditional Access
- Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.
What can you use to sync identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra tenant?
Select only one answer.
Microsoft Entra Connect
Azure Key Vault
Azure Resource Manager (ARM)
Conditional Access
Microsoft Entra Connect
- Microsoft Entra Connect syncs user identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra. Microsoft Entra Connect allows you to use features such as single sign-on (SSO), MFA, and self-service password reset (SSPR) in both systems. SSPR prevents users from using known compromised passwords.
You need to compare the costs of running an application in an on-premises datacenter with the costs of running the application in Azure.
What should you use to assist you?
Select only one answer.
Azure Advisor
Azure Cost Management
Azure Pricing calculator
Total Cost of Ownership (TCO) Calculator
Total Cost of Ownership (TCO) Calculator
- The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.
You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day.
What should you do to minimize costs but preserve the associated hard disks and data?
Select only one answer.
Deallocate the virtual machine when it is not needed
Delete the virtual machine when it is not needed
Implement Privileged Identity Management.
Resize the virtual machine to smaller size.
Deallocate the virtual machine when it is not needed
- If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.
You need to associate the costs of resources to different groups within an organization without changing the location of the resources.
What should you use?
Select only one answer.
administrative units
resource groups
resource tags
subscriptions
resource tags
- Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.
Your organization plans to deploy several production virtual machines that will have consistent resource usage throughout the year.
What can you use to minimize the costs of the virtual machines without reducing the functionality of the virtual machines?
Select only one answer.
Azure Monitor alerts
Azure Reservations
spending limits
Azure Reservations
- Azure Reservations offers discounted prices on certain Azure services. Azure Reservations can save you up to 72 percent compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance. Spending limits can suspend a subscription when the spend limit is reached.
What can be applied to a resource to prevent accidental deletion?
Select only one answer.
a resource lock
a resource tag
a policy
an Azure Reservation
a resource lock
- A resource lock prevents resources from being accidentally deleted or changed. Resource tags offer the custom grouping of resources. Policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards. An initiative is a way of grouping related policies together.
What can you use to ensure that new and existing Azure resources stay in compliance with corporate standards?
Select only one answer.
Azure Advisor
Azure Policy
resource locks
resource tags
Azure Policy
- Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. These policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards.
You need to recommend a solution for Azure virtual machine deployments. The solution must enforce company standards on the virtual machines.
What should you include in the recommendation?
Select only one answer.
Microsoft Intune compliance policy
Azure Cost Management
Azure Lock
Azure Policy
Azure Policy
- Azure policies will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery. By using Azure Policy and role-based access control (RBAC) assignments, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the virtual machine.
You need to ensure that multi-factor authentication (MFA) is enabled on accounts with write permissions in an Azure subscription.
What should you implement?
Select only one answer.
Azure Policy
resource locks
resource tags
Cloud Adoption Framework
Azure Policy
- Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources.
What can you use to restrict the deployment of a virtual machine to a specific location?
Select only one answer.
Microsoft Defender for Cloud
Azure Policy
resource groups
resource locks
Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of virtual machines to a specific location.
What can you use to define the resources you want to provision in a declarative JSON format?
Select only one answer.
Azure CLI
Azure PowerShell
Azure Repos
Azure Resource Manager (ARM) templates
Azure Resource Manager (ARM) templates
- By using ARM templates, you can describe the resources you want to use in a declarative JSON format.
Which two tools are accessible via Azure Cloud Shell to manage an Azure environment?
Select all answers that apply.
Azure CLI
Azure PowerShell
Azure Repos
Azure Resource Manager (ARM) templates
Azure CLI
Azure PowerShell
- Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.
What can you use to create resources in Azure and includes a validation step to ensure all resources are created in a specific order based on dependencies, in parallel and idempotent?
Select only one answer.
Azure CLI
Azure PowerShell
Azure Resource Manager (ARM) templates
Azure REST API
Azure Resource Manager (ARM) templates
- ARM templates define an application’s infrastructure requirements for a repeatable deployment that is done in a consistent manner. A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel and idempotent.
What provides recommendations to reduce the cost of Azure resources?
Select only one answer.
Azure Advisor
Azure Dashboard
Azure Service Health
Microsoft Defender for Cloud
Azure Advisor
- Azure Advisor analyzes the account usage and makes recommendations based on its set and configured rules.
You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration.
What should you recommend?
Select only one answer.
Azure Blueprint
Azure CLI
Azure Powershell
This answer is incorrect.
Azure Resource Manager (ARM) template
Azure CLI
- Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.
You need to review the root cause analysis (RCA) report for a service outage that occurred last week.
Where should you look for the report?
Select only one answer.
Azure Advisor
Azure Monitor
Azure Service Health
Log Analytics
Azure Service Health
- After an outage, Service Health provides official incident reports called root cause analysis (RCA), which you can share with stakeholders.
You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand.
What should you include in the solution?
Select only one answer.
Application insights
Azure Advisor
Azure Monitor
Azure Service Health
Azure Monitor
- Azure Monitor is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling.
What can you use to find information about planned maintenance for Azure services that are critical to your organization?
Select only one answer.
Azure Advisor
Azure Monitor
Azure Service Health
Log Analytics
Azure Service Health
- You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime
Which two attributes are characteristics of the private cloud deployment model? Each correct answer presents a complete solution.
Select all answers that apply.
Applications can be provisioned and deprovisioned quickly.
Hardware must be purchased.
Organizations only pay for what they use.
The company has complete control over physical resources and security.
Hardware must be purchased.
The company has complete control over physical resources and security.
- In a private cloud, hardware must be purchased for start up and maintenance. In a private cloud, organizations control resources and security. Quick provisioning is a characteristic of the public cloud deployment model. Paying only for what is used is a characteristic of the public cloud deployment model.
Which two characteristics are common advantages of cloud computing? Each correct answer presents a complete solution.
Select all answers that apply.
elimination of horizontal scaling
geo-distribution
high availability
physical access to servers
geo-distribution
high availability
- Cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong. You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. Apps in cloud computing can scale vertically and horizontally. In a public cloud model, you do not get physical access to servers, as they are managed by the cloud provider.
Why is cloud computing often less expensive than on-premises datacenters?
Select only one answer.
Cloud service offerings have limited functionality.
Network bandwidth is free.
Services are only offered in a single geographic location.
You are only billed for what you use.
You are only billed for what you use.
- Renting compute and storage services and being billed for only what you use often lowers operating expenses. Depending on the service and the type of network bandwidth, charges can be incurred. Cloud service offerings often provide functionality that can be difficult or cost-prohibitive to deploy on-premises, especially for smaller organizations. Major cloud providers offer services around the world. Making it easy and relatively inexpensive to deploy services close to where your users reside.
Which cloud deployment model are you using if you have servers physically located at your organization’s on-site datacenter, and you migrate a few of the servers to the cloud?
Select only one answer.
hybrid cloud
private cloud
public cloud
A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.