Practice Assessment for Exam AZ-900: Microsoft Azure Fundamentals Flashcards

1
Q

Select the answer that correctly completes the sentence.

[Answer choice] are physically separate datacenters within an Azure region.

Availability zones
Geographies
Region pairs
Resource groups

A

Availability zones
- Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Select the answer that correctly completes the sentence.

In a region pair, a region is paired with another region in the same [answer choice].

Select only one answer.

availability zone

datacenter

geography

resource group

A

geography
- Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an Azure Storage account named storage001 an example of?

Select only one answer.

a resource

a resource group

a resource manager

a subscription

A

a resource
- A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which Azure component allows you to replicate resources across a geography to ensure business continuity during a natural disaster at the primary site?

Select only one answer.

availability sets

availability zones

Azure Virtual Machine Scale Sets

region pairs

A

region pairs
- Region pairs allow the replication of Azure resources across geographies to help ensure that a secondary region is available in case of any disaster at the primary region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which resource can you use to manage access, policies, and compliance across multiple subscriptions?

Select only one answer.

administrative units

management groups

resource groups

A

management groups
- Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions.

Resource groups can be used to organize Azure resources. Administrative units are used to delegate the administration of Microsoft Entra resources, such as users and groups.Accounts are used to provide access to resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You need to allow resources on two different Azure virtual networks to communicate with each other.

What should you configure?

Select only one answer.

a network security group (NSG)

a point-to-site VPN

peering

service endpoints

A

peering
- You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?

Select only one answer.

ExpressRoute

network security groups (NSGs)

peering

service endpoints

A

service endpoints
- Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines. Peering allows you to connect virtual networks together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which two services can you use to establish network connectivity between an on-premises network and Azure resources? Each correct answer presents a complete solution.

Select all answers that apply.

Azure Bastion

Azure Firewall

Azure VPN Gateway

ExpressRoute

A

Azure VPN Gateway

ExpressRoute

  • ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure virtual machines by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are two services that allow you to run applications in containers? Each correct answer presents a complete solution.

Select all answers that apply.

Azure Container Instances

Azure Functions

Azure Logic Apps

Azure Kubernetes Service (AKS)

A

Azure Container Instances
Azure Kubernetes Service (AKS)
- Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you do not manage the operating system for a container.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which storage service should you use to store thousands of files containing text and images?

Select only one answer.

Azure Blob storage

Azure Disk Storage

Azure Queue Storage

Azure Table storage

A

Azure Blob storage
- Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which Azure Blob storage tier stores data offline and offers the lowest storage costs and the highest costs to access data?

Select only one answer.

Archive

Cool

Hot

A

Archive
- The Archive storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data. The Hot storage tier is optimized for storing data that is accessed frequently. Data in the Cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which two scenarios are common use cases for Azure Blob storage? Each correct answer presents a complete solution.

Select all answers that apply.

hosting ASPX files for a website

mounting a file storage share to be accessed as a virtual drive on multiple virtual machines

serving images or documents directly to a browser

storing data for backup and restore

A

serving images or documents directly to a browser

storing data for backup and restore

  • Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports mounting file storage shares.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which Azure Blob storage service tier has the highest storage costs and the fastest access times for reading and writing data?

Select only one answer.

Archive

Cool

Hot

A

Hot

  • The Hot tier is optimized for storing data that is accessed frequently. The Cool access tier has a slightly lower availability SLA and higher access costs compared to hot data, which are acceptable trade-offs for lower storage costs. Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which two protocols can be used to access Azure file shares? Each correct answer presents a complete solution.

Select all answers that apply.

HTTP

FTP

Network File System (NFS)

Server Message Block (SMB)

A

Network File System (NFS)

Server Message Block (SMB)

  • Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can you use to ensure that a user can only access applications from compliant devices?

Select only one answer.

Conditional Access

hybrid identity

multi-factor authentication (MFA)

single sign-on (SSO)

A

Conditional Access
- Conditional Access is a feature that Microsoft Entra uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To which object or level is an Azure role-based access control (RBAC) role applied?

Select only one answer.

policy

resource lock

resource tag

scope

A

scope
- An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to. Resource locks prevent the accidental change or deletion of a resource. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Policies enforce different rules across resource configurations so that the configurations stay compliant with corporate standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which two services are provided by Microsoft Entra? Each correct answer presents a complete solution.

Select all answers that apply.

authentication

data encryption

name resolution

single sign-on (SSO)

A

authentication
single sign-on (SSO)
- Microsoft Entra provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which Microsoft Entra feature can you use to ensure that users can only access Microsoft Office 365 applications from approved client applications?

Select only one answer.

Azure role-based access control (RBAC)

Conditional Access

multi-factor authentication (MFA)

single sign-on (SSO)

A

Conditional Access
- Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What can you use to sync identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra tenant?

Select only one answer.

Microsoft Entra Connect

Azure Key Vault

Azure Resource Manager (ARM)

Conditional Access

A

Microsoft Entra Connect
- Microsoft Entra Connect syncs user identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra. Microsoft Entra Connect allows you to use features such as single sign-on (SSO), MFA, and self-service password reset (SSPR) in both systems. SSPR prevents users from using known compromised passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You need to compare the costs of running an application in an on-premises datacenter with the costs of running the application in Azure.

What should you use to assist you?

Select only one answer.

Azure Advisor

Azure Cost Management

Azure Pricing calculator

Total Cost of Ownership (TCO) Calculator

A

Total Cost of Ownership (TCO) Calculator
- The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day.

What should you do to minimize costs but preserve the associated hard disks and data?

Select only one answer.

Deallocate the virtual machine when it is not needed

Delete the virtual machine when it is not needed

Implement Privileged Identity Management.

Resize the virtual machine to smaller size.

A

Deallocate the virtual machine when it is not needed
- If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You need to associate the costs of resources to different groups within an organization without changing the location of the resources.

What should you use?

Select only one answer.

administrative units

resource groups

resource tags

subscriptions

A

resource tags
- Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Your organization plans to deploy several production virtual machines that will have consistent resource usage throughout the year.

What can you use to minimize the costs of the virtual machines without reducing the functionality of the virtual machines?

Select only one answer.

Azure Monitor alerts

Azure Reservations

spending limits

A

Azure Reservations
- Azure Reservations offers discounted prices on certain Azure services. Azure Reservations can save you up to 72 percent compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance. Spending limits can suspend a subscription when the spend limit is reached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What can be applied to a resource to prevent accidental deletion?

Select only one answer.

a resource lock

a resource tag

a policy

an Azure Reservation

A

a resource lock
- A resource lock prevents resources from being accidentally deleted or changed. Resource tags offer the custom grouping of resources. Policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards. An initiative is a way of grouping related policies together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What can you use to ensure that new and existing Azure resources stay in compliance with corporate standards?

Select only one answer.

Azure Advisor

Azure Policy

resource locks

resource tags

A

Azure Policy
- Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. These policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You need to recommend a solution for Azure virtual machine deployments. The solution must enforce company standards on the virtual machines.

What should you include in the recommendation?

Select only one answer.

Microsoft Intune compliance policy

Azure Cost Management

Azure Lock

Azure Policy

A

Azure Policy
- Azure policies will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery. By using Azure Policy and role-based access control (RBAC) assignments, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the virtual machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

You need to ensure that multi-factor authentication (MFA) is enabled on accounts with write permissions in an Azure subscription.

What should you implement?

Select only one answer.

Azure Policy

resource locks

resource tags

Cloud Adoption Framework

A

Azure Policy
- Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What can you use to restrict the deployment of a virtual machine to a specific location?

Select only one answer.

Microsoft Defender for Cloud

Azure Policy

resource groups

resource locks

A

Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of virtual machines to a specific location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What can you use to define the resources you want to provision in a declarative JSON format?

Select only one answer.

Azure CLI

Azure PowerShell

Azure Repos

Azure Resource Manager (ARM) templates

A

Azure Resource Manager (ARM) templates
- By using ARM templates, you can describe the resources you want to use in a declarative JSON format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which two tools are accessible via Azure Cloud Shell to manage an Azure environment?

Select all answers that apply.

Azure CLI

Azure PowerShell

Azure Repos

Azure Resource Manager (ARM) templates

A

Azure CLI
Azure PowerShell
- Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What can you use to create resources in Azure and includes a validation step to ensure all resources are created in a specific order based on dependencies, in parallel and idempotent?

Select only one answer.

Azure CLI

Azure PowerShell

Azure Resource Manager (ARM) templates

Azure REST API

A

Azure Resource Manager (ARM) templates
- ARM templates define an application’s infrastructure requirements for a repeatable deployment that is done in a consistent manner. A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel and idempotent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What provides recommendations to reduce the cost of Azure resources?

Select only one answer.

Azure Advisor

Azure Dashboard

Azure Service Health

Microsoft Defender for Cloud

A

Azure Advisor
- Azure Advisor analyzes the account usage and makes recommendations based on its set and configured rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration.

What should you recommend?

Select only one answer.

Azure Blueprint

Azure CLI

Azure Powershell
This answer is incorrect.

Azure Resource Manager (ARM) template

A

Azure CLI
- Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

You need to review the root cause analysis (RCA) report for a service outage that occurred last week.

Where should you look for the report?

Select only one answer.

Azure Advisor

Azure Monitor

Azure Service Health

Log Analytics

A

Azure Service Health
- After an outage, Service Health provides official incident reports called root cause analysis (RCA), which you can share with stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand.

What should you include in the solution?

Select only one answer.

Application insights

Azure Advisor

Azure Monitor

Azure Service Health

A

Azure Monitor
- Azure Monitor is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What can you use to find information about planned maintenance for Azure services that are critical to your organization?

Select only one answer.

Azure Advisor

Azure Monitor

Azure Service Health

Log Analytics

A

Azure Service Health
- You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which two attributes are characteristics of the private cloud deployment model? Each correct answer presents a complete solution.

Select all answers that apply.

Applications can be provisioned and deprovisioned quickly.

Hardware must be purchased.

Organizations only pay for what they use.

The company has complete control over physical resources and security.

A

Hardware must be purchased.

The company has complete control over physical resources and security.

  • In a private cloud, hardware must be purchased for start up and maintenance. In a private cloud, organizations control resources and security. Quick provisioning is a characteristic of the public cloud deployment model. Paying only for what is used is a characteristic of the public cloud deployment model.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which two characteristics are common advantages of cloud computing? Each correct answer presents a complete solution.

Select all answers that apply.

elimination of horizontal scaling

geo-distribution

high availability

physical access to servers

A

geo-distribution
high availability

  • Cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong. You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. Apps in cloud computing can scale vertically and horizontally. In a public cloud model, you do not get physical access to servers, as they are managed by the cloud provider.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Why is cloud computing often less expensive than on-premises datacenters?

Select only one answer.

Cloud service offerings have limited functionality.

Network bandwidth is free.

Services are only offered in a single geographic location.

You are only billed for what you use.

A

You are only billed for what you use.
- Renting compute and storage services and being billed for only what you use often lowers operating expenses. Depending on the service and the type of network bandwidth, charges can be incurred. Cloud service offerings often provide functionality that can be difficult or cost-prohibitive to deploy on-premises, especially for smaller organizations. Major cloud providers offer services around the world. Making it easy and relatively inexpensive to deploy services close to where your users reside.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which cloud deployment model are you using if you have servers physically located at your organization’s on-site datacenter, and you migrate a few of the servers to the cloud?

Select only one answer.

hybrid cloud

private cloud

public cloud

A

A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Select the answer that correctly completes the sentence.

Deploying and configuring cloud-based resources quickly as business requirements change is called [answer choice].

Select only one answer.

agility

elasticity

high availability

scalability

A

Agility means that you can deploy and configure cloud-based resources quickly as app requirements change. Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration. Elasticity means that you can configure cloud-based apps to take advantage of autoscaling, so apps always have the resources they need. High availability means that cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

42
Q

Select the answer that correctly completes the sentence.

An example of [answer choice] is automatically scaling an application to ensure that the application has the resources needed to meet customer demands.

Select only one answer.

agility

elasticity

geo-distribution

high availability

A

Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours. Agility refers to the ability to deploy new applications and services quickly. High availability refers to the ability to ensure that a service or application remains available in the event of a failure. Geo-distribution makes a service or application available in multiple geographic locations that are typically close to your users.

43
Q

Which cloud service model provides you with the most control over the hardware that runs applications?

Select only one answer.

infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

infrastructure as a service (IaaS)
- IaaS is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs applications. Users do not control the operating system and do not configure the underlying servers in PaaS. With SaaS, you are using as-is software hosted in the cloud, instead of creating a platform to host a software yourself.

44
Q

In a platform as a service (PaaS) model, which two components are the responsibility of the cloud service provider? Each correct answer presents a complete solution.

Select all answers that apply.

information and data

operating system

physical network

user access

A

operating system
physical network
- In PaaS, the cloud provider is responsible for the operating system, physical datacenter, physical hosts, and physical network. In PaaS, the customer is responsible for accounts and identities.

45
Q

Which type of cloud service model is typically licensed through a monthly or annual subscription?

Select only one answer.

Infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use.

46
Q

In which cloud service model is the customer responsible for managing the operating system?

Select only one answer.

Infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS.

47
Q

Your organization is building a custom application.

You need to focus on application development rather than configuration and management of servers.

Which cloud service model should you use?

Select only one answer.

infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

platform as a service (PaaS)
- With PaaS, users can focus on application development because the cloud provider handles all the platform management. In SaaS, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. IaaS is the closest service model to managing physical servers.

48
Q

Which cloud service model is used by Microsoft Office 365?

Select only one answer.

infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

SaaS allows users to connect to and use cloud-based apps over the internet. Common examples are email, calendaring, and Office tools, such as Office 365.

49
Q

Which cloud service model is used by Azure SQL Database?

Select only one answer.

infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

Azure SQL Database is a PaaS database engine.

50
Q

Which type of cloud service are virtual networks?

Select only one answer.

infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

infrastructure as a service (IaaS)
- IaaS helps you reduce the cost and complexity of maintaining a physical server and its datacenter infrastructure. Virtual networks are part of the IaaS cloud service.

51
Q

Which two components are created in an Azure subscription? Each correct answer presents a complete solution.

Select all answers that apply.

Microsoft Entra user accounts

management groups

resource groups

resources

A

resource groups
resources
- Resources can only be associated with a single subscription. Subscriptions may be grouped into management groups. An account may be associated with multiple subscriptions.

52
Q

Which scenario is a use case for a VPN gateway?

Select only one answer.

communicating between Azure resources

connecting an on-premises datacenter to an Azure virtual network

filtering outbound network traffic

partitioning a virtual network’s address space

A

connecting an on-premises datacenter to an Azure virtual network
- A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed to a dedicated subnet of a virtual network. You can use them to connect on-premises datacenters to virtual networks through a Site-to-Site (S2S) VPN connection.

53
Q

What can you use to provide Mac and Android users with access to a Windows environment that will run Windows-based applications?

Select only one answer.

Azure Container Instances

Azure Functions

Azure Logic Apps

Azure Virtual Desktop

A

Azure Virtual Desktop
- Azure Virtual Desktop is a desktop and application virtualization service that runs in the cloud. It enables your users to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices such as Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access Remote Desktops and apps. You can also use most modern browsers to access Azure Virtual Desktop-hosted experiences.

54
Q

Which storage service offers fully managed file shares in the cloud that are accessible by using Server Message Block (SMB) protocol?

Select only one answer.

Azure Disk Storage

Azure Files

Azure Queue Storage

Azure Table storage

A

Azure Files
- Azure Files offers fully managed file shares in the cloud with shares that are accessible by using Server Message Block (SMB) protocol. Mounting Azure file shares is just like connecting to shares on a local network.

55
Q

Which Azure Storage service should you use to store unstructured files, such as images, that will be served on webpages?

Select only one answer.

Azure Blob storage

Azure Disk Storage

Azure Queue Storage

Azure Table storage

A

Azure Blob storage
- Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

56
Q

What is the purpose of defense in depth?

Select only one answer.

to enable you to locate and act on resources that are associated with specific workloads, environments, business units, and owners

to evaluate resources and make recommendations to help improve reliability and performance

to manage policies that control or audit resources so that the configurations stay compliant with corporate standards

to use several layers of protection to prevent information from being accessed by unauthorized users

A

The objective of defense in depth is to use several layers of protection to prevent information from being accessed or stolen by unauthorized users.

57
Q

What enables a user to sign in one time and use that credential to access multiple resources and applications from different providers?
Conditional Access

device management

multi-factor authentication (MFA)

single sign-on (SSO)

A

single sign-on (SSO)

  • SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Conditional Access is a tool that Microsoft Entra uses to allow or deny access to resources based on identity signals. Microsoft Entra supports the registration of devices.
58
Q

What can you use to allow a user to manage all the resources in a resource group?

Select only one answer.

Azure Key Vault

Azure role-based access control (RBAC)

resource locks

resource tags

A

Azure role-based access control (RBAC)
- Azure RBAC allows you to assign a set of permissions to a user or group. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Resource locks prevent the accidental change or deletion of a resource. Key Vault is a centralized cloud service for storing an application secrets in a single, central location.

59
Q

What can you use to ensure that users authenticate by using multi-factor authentication (MFA) when they attempt to sign in from a specific location?

Select only one answer.

administrative units

Azure role-based access control (RBAC)

Conditional Access.

single sign-on (SSO)

A

Conditional Access can use signals to determine information about authentication attempts, and then determine whether to block access or require additional verifications, such as MFA.

60
Q

Which two factors affect Azure costs? Each correct answer presents a complete solution.

Select all answers that apply.

availability zone selection

date and time of use

resource location

resource usage

A

resource location
resource usage

  • Usage meters, such as CPU time, disk size, and write operations, are used to calculate your bill for an Azure resource. Deleting or deallocating a resource means that you will no longer be billed for it. Different regions can have different associated prices. Resources cost the same no matter the time of day or the day of the week.
61
Q

Which are two common scenarios for using resource tags? Each correct answer presents a complete solution.

Select all answers that apply.

associating costs with different environments

categorizing costs by department

identifying lower cost regions

resizing underutilized virtual machines

A

associating costs with different environments

categorizing costs by department

  • You can use tags to categorize costs by department, such as human resources, marketing, or finance, or by environment, such as test or production. Resizing underutilized virtual machines is a good cost saving measure and provisioning resources in lower cost regions is a good practice, but resource tags do not help with this.
62
Q

You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day.

What should you do to minimize costs but preserve the associated hard disks and data?

Select only one answer.

Deallocate the virtual machine when it is not needed

Delete the virtual machine when it is not needed

Implement Privileged Identity Management.

Resize the virtual machine to smaller size.

A

Deallocate the virtual machine when it is not needed

  • If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.
63
Q

You need to associate the costs of resources to different groups within an organization without changing the location of the resources.

What should you use?

Select only one answer.

administrative units

resource groups

resource tags

subscriptions

A

Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.

64
Q

Which two actions can be performed by using Azure portal? Each correct answer presents a complete solution.

Select all answers that apply.

Change the availability zone of a virtual machine.

Create new resources.

Assign deny permission on a resource group

Create Microsoft Entra user

A

Create new resources.
Create Microsoft Entra user
- The Azure portal provides a GUI to view all the services you are using, create new services, configure your services, and view reports.

65
Q

What can you use to manage servers across third party cloud platforms and on-premises environments?

Select only one answer.

Azure Arc

Azure CLI

Azure Monitor

Azure PowerShell

A

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

66
Q

Which Azure service evaluates Azure resources and makes recommendations to help improve reliability, security, performance, and cost reduction?

Select only one answer.

Azure Advisor

Azure Monitor

Azure Service Health

Log Analytics

A

Azure Advisor
- Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

67
Q

What should you proactively review and act on to avoid service interruptions, such as service retirements and breaking changes?

Select only one answer.

application insights

Azure Monitor

health advisories

service issues

A

Health advisories
- Health advisories are issues that require that you take proactive action to avoid service interruptions, such as service retirements and breaking changes. Service issues are problems such as outages that require immediate actions.

68
Q

Which Azure service can generate an alert if virtual machine utilization is over 80% for five minutes?

Select only one answer.

Azure Advisor

Azure Monitor

Azure Policy

Azure Service Health

A

Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based on metrics. Azure Monitor can log data from an entire Azure and on-premises environment.

69
Q

What can you use to find information about planned maintenance for Azure services that are critical to your organization?

Select only one answer.

Azure Advisor

Azure Monitor

Azure Service Health

Log Analytics

A

Azure Service Health
- You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime

70
Q

What can you apply to an Azure virtual machine to ensure that users cannot change or delete the resource?

Select only one answer.

a lock

a tag

a user-assigned managed identity

Conditional Access

A

Incorrect: A user-assigned managed identity –– Adding an identity will not add the ability to change or delete the resource.

Correct: A lock –– A resource lock will meet both requirements.

Incorrect: A tag –– A tag will not meet the requirements.

Incorrect: Conditional Access –– Conditional Access will not meet the requirements.

71
Q

What are two basic services provided by all cloud providers? Each correct answer presents a complete solution.

Select all answers that apply.

application development

colocation

compute

storage

A

compute
storage
- All cloud providers provide compute and storage services. Colocation is when a business rents space in a shared physical datacenter. Application development is the responsibility of the customer and is typically done either in-house or through a third party.

72
Q

What is an advantage of cloud computing compared to on-premises deployments?

Select only one answer.

You can scale more quickly.

You can work from multiple workstations.

You have full access in case of internet outage.

You own your CPUs.

A

You can scale more quickly.

73
Q

Select the answer that correctly completes the sentence.

Increasing compute capacity for an app by adding RAM or CPUs to a virtual machine is called [answer choice].

Select only one answer.

disaster recovery

high availability

horizontal scaling

vertical scaling

A

vertical scaling

You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

74
Q

What are cloud-based backup services, data replication, and geo-distribution features of?

Select only one answer.

a cost reduction plan

a disaster recovery plan

a hybrid cloud deployment

an elastic application configuration

A

a disaster recovery plan
- Disaster recovery uses services, such as cloud-based backup, data replication, and geo-distribution, to keep data and code safe in the event of a disaster.

75
Q

What is high availability in a public cloud environment dependent on?

Select only one answer.

capital expenditures

cloud-based backup retention limits

the service-level agreement (SLA) that you choose

the vertical scalability of an app

A

Different services have different SLAs. Sometimes different tiers of the same service will offer different SLAs, which can increase or decrease the promised availability.

76
Q

Select the answer that correctly completes the sentence.

Increasing the capacity of an application by adding additional virtual machine is called [answer choice].

Select only one answer.

agility

high availability

horizontal scaling

vertical scaling

A

horizontal scaling
- Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Agility refers to the ability to deploy new applications and services quickly. High availability minimizes downtime when things go wrong.

77
Q

In which two deployment models are customers responsible for managing operating systems that host applications? Each correct answer presents a complete solution.

Select all answers that apply.

infrastructure as a service (IaaS)

on-premises

platform as a service (PaaS)

software as a service (SaaS)

A

infrastructure as a service (IaaS)
on-premises

  • Operating systems are managed by customers when using IaaS or an on-premises deployments. The operating systems are not accessible in PaaS and SaaS deployments.
78
Q

What are two characteristics of the public cloud deployment model? Each correct answer presents a complete solution.

Select all answers that apply.

Computing resources are used exclusively by users from one organization.

Hardware is physically located in an organization’s on-site datacenter.

Servers and storage are owned and operated by a third-party cloud service provider.

Services are offered over the internet and are available to anyone who wants to purchase them.

A

Servers and storage are owned and operated by a third-party cloud service provider.
This answer is correct.

Services are offered over the internet and are available to anyone who wants to purchase them.

  • In a public cloud, services are offered over the internet and are available to anyone who wants to purchase them. A private cloud is limited to a single organization. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider and delivered over the internet. A private cloud consists of computing resources used exclusively by users from one business or organization.
79
Q

What is the customer responsible for in a software as a service (SaaS) model?

Select only one answer.

data and access

storage

runtime

virtual machines

A

data and access
- SaaS allows you to pay to use an existing application on hardware managed by a third party. You supply data and configure access. Customers are only responsible for storage in a private cloud. Customers are responsible for virtual machines and runtime in IaaS and the private cloud.

80
Q

You plan to build a new solution in Azure that will use platform as a service (PaaS) products.

What should you use to estimate the monthly costs?

Select only one answer.

Azure Advisor

Azure Cost Management

Azure Pricing calculator

Total Cost of Ownership (TOC) Calculator

A

Azure Pricing calculator
- The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

81
Q

Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account?

Select only one answer.

Azure CLI

Azure management groups

Azure Resource Manager (ARM)

Azure Sphere

A

Azure Resource Manager (ARM)
- ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure account.

82
Q

What should you use to access Azure Cloud Shell?

Select only one answer.

a web browser

Azure Resource Manager (ARM)

Microsoft Visual Studio Code

the command-line on a local computer

A

a web browser
- Cloud Shell is an interactive, browser-accessible shell for managing Azure resources.

83
Q

You need to be notified when there are new recommendations for reducing Azure costs.

Which tool should you use?

Select only one answer.

Azure Advisor

Azure Monitor

Azure Service Health

Log Analytics

A

Azure Advisor
- Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

84
Q

What can you use to automatically detect performance anomalies for web apps?

Select only one answer.

Azure Advisor

Azure Application Insights

Azure Cognitive Services

Azure DevOps

A

Azure Application Insights
- Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.

85
Q

What can you use to get notification about an outage in a specific Azure region?

Select only one answer.

Azure Advisor

Azure Monitor

Azure Support + Troubleshooting

Azure Service Health

A

Azure Service Health
- Service Health notifies you of Azure-related service issues, such as region-wide downtime.

86
Q

Select the answer that correctly completes the sentence.

[Answer choice] refers to upfront costs incurred one time, such as hardware purchases.

Select only one answer.

A consumption-based model

Capital expenditures

Elasticity

Operational expenditures

A

Capital expenditures
- Capital expenditures are one-time expenses that can be deducted over time. Operational expenditures are billed as you use services and a do not have upfront costs.

87
Q

Select the answer that correctly completes the sentence.

In cloud computing, [answer choice] allows you to deploy applications to regional datacenters around the world.

Select only one answer.

disaster recovery

elasticity

geo-location

high availability

A

geo-location
- You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. This is referred to as geo-distribution.

88
Q

Your organization is building a custom application.

You need to focus on application development rather than configuration and management of servers.

Which cloud service model should you use?

Select only one answer.

infrastructure as a service (IaaS)

platform as a service (PaaS)

software as a service (SaaS)

A

platform as a service (PaaS)
- With PaaS, users can focus on application development because the cloud provider handles all the platform management. In SaaS, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. IaaS is the closest service model to managing physical servers.

89
Q

What uses the infrastructure as a service (IaaS) cloud service model?

Select only one answer.

Azure App Services

Azure Cosmos DB

Azure virtual machines

Microsoft Office 365

A

Azure virtual machines
- Azure Virtual Machines is an IaaS offering. The customer is responsible for the configuration of the virtual machine as well as all operating system configurations. Azure App Services and Azure Cosmos DB are PaaS offerings. Microsoft Office 365 is a SaaS offering.

90
Q

Select the answer that correctly completes the sentence.

[Answer choice] is the logical container used to combine and organize Azure resources.

Select only one answer.

a management group

a resource group

Azure Resource Manager (ARM)

an Azure region

A

a resource group
- Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts, are deployed and managed.

91
Q

Select the answer that correctly completes the sentence.

[Answer choice] is the deployment and management service for Azure.

Select only one answer.

Microsoft Entra

Azure API Management

Azure Monitor

Azure Resource Manager (ARM)

A

Azure Resource Manager (ARM)
- ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment.

92
Q

Which Azure resource is a software emulation of a physical computer that includes a virtual processor, memory, storage, and networking resources?

Select only one answer.

a container

a function

a virtual machine

an App Service

A

a virtual machine
- Virtual machines are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. Virtual machines host an operating system, and you can install and run software just like on a physical computer.

93
Q

Which Azure compute service can you use to deploy and manage a set of identical virtual machines?

Select only one answer.

availability sets

availability zones

Azure Container Instances

Azure Virtual Machine Scale Sets

A

Azure Virtual Machine Scale Sets
- Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage and scale a set of identical virtual machines.

94
Q

Which feature in the Microsoft Purview governance portal should you use to manage access to data sources and datasets?

Select only one answer.

Data Catalog

Data Estate Insights

Data Policy

Data Sharing

A

Data Policy
- Incorrect: Data Catalog –– This enables data discovery.

Incorrect: Data Sharing –– This shares data within and between organizations.

Incorrect: Data Estate Insights –– This accesses data estate health.

Correct: Data Policy –– This governs access to data.

95
Q

For which resource does Azure generate separate billing reports and invoices by default?

Select only one answer.

accounts

management groups

resource groups

subscriptions

A

subscriptions

96
Q

Which two Azure resources can make use of availability zones? Each correct answer presents a complete solution.

Select all answers that apply.

Azure SQL databases

Azure subscriptions

resource groups

virtual machines

A

Azure SQL databases
virtual machines
- Availability zones are primarily for virtual machines, managed disks, load balancers, and SQL databases.

97
Q

What can you use to execute code in a serverless environment?

Select only one answer.

Azure Container Instances

Azure Functions

Azure Logic Apps

Azure Virtual Desktop

A

Azure Functions
- Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure. Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code.

98
Q

Which two services are provided by Microsoft Entra? Each correct answer presents a complete solution.

Select all answers that apply.

authentication

data encryption

name resolution

single sign-on (SSO)

A

authentication
single sign-on (SSO)
- Microsoft Entra provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.

99
Q

What Microsoft Entra feature can you use to configure security authentication that requires users to use their mobile phone to sign in?

Select only one answer.

Azure Information Protection (AIP)

Microsoft Defender for Cloud

Microsoft Entra Verified ID

multi-factor authentication (MFA)

A

multi-factor authentication (MFA)
- MFA is the concept of requiring something more than only a password to sign in to an application. You can use the mobile phone to receive a phone call, text, or a code to get authenticated.

100
Q

Which two tools can you use to create a new Azure virtual machine from a mobile device that runs Android? Each correct answer presents complete solution.

Select all answers that apply.

PowerShell in Azure Cloud Shell

Remote Desktop

SSH

the Azure portal

A

PowerShell in Azure Cloud Shell
the Azure portal
- The Azure portal can run on devices that have the Android operating system installed. The browser can be any type, such as Internet Explorer 11, Chrome, Firefox, or Safari (all the latest versions). When you visit the portal, you will see Cloud Shell. Users can then access Bash and PowerShell from within Cloud Shell. You can use Bash and PowerShell to create Azure virtual machines.

101
Q
A